20 replies to this topic

[dual]

bland and I have been working on spoofing the MAC address of an Orinoco Silver NIC. So far it breaks any network access, but monitor/promiscuous mode works fine. mut3 says the NIC may need a firmware downgrade, from the current 8.13 to 6.16. bland thinks he may need the latest pcmcia-cs. I have no idea (read: We've found nothing on Google). I've wrote this script, originally just to assign a random MAC for stealthy network access. Since that didn't work, I just made it change the MAC and set up monitor mode for Kismet (which is kinda pointless).

Does anyone know what is needed to spoof the MAC and not screw up regular network access? Again, this is an Orinoco silver running on debian. Btw, the program MAC Changer didn't work either.

#!/usr/bin/perl

# warmac.pl - by dual_parallel
# and bland_inquisitor on the hardware
#
# Sets up your Orinoco for wardriving with
# a random MAC address and monitor mode.
#
# Usage: # perl warmac.pl eth[X]
#
####################################################

system("clear");

if ($#ARGV < 0) {
	print "> Error - no interface specified\n\n";
	print "> Usage: # perl warmac.pl eth[X]\n\n";
	exit(-1);
}

$if = $ARGV[0];
$count = 0;

print "warmac.pl - Sets up random MAC and monitor mode\n";
print "            for Orninoco NICs\n";
print "----------------------------------------------------------------\n\n";

# Generate random MAC
while ($count < 6) {
	$rand = rand(255);
	if ($rand < 16) {
  $rand += 16;
  $hex = sprintf("%X", $rand);
	}
	else {
  $hex = sprintf("%X", $rand);
	}
	$mac[$count] = $hex;
	$count++;
}

print "New MAC address = @mac\n";

# Set up NIC
system("ifconfig $if down");
system("sleep 3");
system("ifconfig $if hw ether $mac[0]:$mac[1]:$mac[2]:$mac[3]:$mac[4]:$mac[5]");
system("ifconfig $if up");
system("sleep 3");
#system("ifconfig $if");
system("kismet_monitor -H");

print "\nSet up complete\n\n";

[kid_e]

What are you using to make your wireless connection?

Something like, 'iwconfig eth1 mode Managed essid default' ?

I've played with this a little using a Gold card. Using ifconfig to initiate a hardwired connection using my internal nic with the attributes you list works. Setting the wireless port with ifconfig and then making the connection with iwconfig kills it for me.

[dual]

How have you been setting up the wi-fi connection in debian, bland?

I think it's time I ditch my Cisco card and set up the Orinoco again.

[bland_inquisitor]

setting it up like kid_e except i use an ssid of "" to associate with any wap i come across

[kid_e]

I've been playing around with this today. Maybe it was an update somewhere, but I am able to get a little further along.

ifconfig eth1 hw ether 01:02:03:04:05:CC up

iwconfig eth1 mode Managed essid myssid

dhcpcd eth1

This connects me to my WAP. The WAP even shows a DHCP lease to the new Mac, however, I can't ping a single thing.

[bland_inquisitor]

w00t! thats still one step closer than i got..
lets keep on tryng

[StankDawg]

If you connect to somebody's average Wifi network (lets assume windows based os's all around). Would something log your MAC if you connected to it from the outside? Does windows keep a track of what people connected to your network?

if they have logging turned on, then YES! They absolutely do have a log of your MAC address. The logs can be customized, but almost always they include the MAC address by deafult...thus the interest in "spoofing" the MAC address.

[kid_e]

Hey Dual,

I didn't want you to think I had forgotten. Classes started last week and I needed to wrap up all of my side projects.

I've played with the Perl script a couple times. The first time I ran it I thought I had broken my card. It was a weird settings issue.

Anyway, I will play with it a little more before posting. Found a couple public networks I wanna try it on.

[semen]

hey, if you need any help or something, or even win32 ports of this, i could do that. I've spoofed orinoco hwaddr through the registry on windows95. But, i'm really here, because i myself need patched orinoco drivers for my laptop. I have rh7.3 on a desktop, but there's no floppy. I'm running WRP (wireless router project) based on the LRP (linux router project) with wavemon 'n such, but doesn't support ap-list scanning. So, i need patched drivers, i'll throw dsniff on the laptop and i'll be able to wardrive hardcore, from my old 586 since i recently hosed my Windows 95 partition. So, if possible, do one of you wanna give me the compiled, patched orinoco drivers for a 2.4.20 kernel ? i'll need orinoco_cs.o orinoco.o hermes.o. thanks, much luv binrev & rfa.

[bland_inquisitor]

wget http://ozlabs.org/pe...co-0.13e.tar.gz

wget http://airsnort.shmo....13e-patch.diff

download both of these to your home dir

<home@box> tar -zxf orinoco-0.13e.tar.gz
<home@box> patch -p0 < orinoco-0.13e-patch.diff


cd orinoco <tab>

make

su -

make install

[semen]

no no no, i have no gcc on my box or anything. i just need to mount fd0 and then i'll just import them. If i had gcc gmake/nmake/pmake or anything, i'd make them myself. But i don't have the resources. so, that's why i need them all compiled.

[dual]

kid_e,

I've finished the script and it works great. You can get it at

http://www.oldskoolp...es/macninja.txt

and it has been linked at

http://www.wardriving.com/.

Let me know how it works and what distro(s) you've used it on. Thanks.

[semen]

**SENSORED BY THE US GOVERNMENT OR THOSE TRYING TO BE*** give me those compiled drivers already. i'm itching to get wavemon working properly, and then some tcpdump after monitor mode is on. come on, upload them somebody, just rip them from your /lib and 'hookabrotha up'


Mental note: Next time you post please keep your composure.

[bland_inquisitor]

come on jerks, give me those compiled drivers already.

dude... just don't

[Zapperlink]

If you want someones help.. its not wise to call them a jerk.

[semen]

tut tut, no need to always be so serious. you guys seem so helpful 'n all on rfa and binrev, but apart from zapper idling on Yahoo, this is the easiest way to contact you, all of you. and is there really a need to 'censore' my post ? like, wtf, seriously. if you weren't gonna help me out with some simple drivers, that no doubt most of you have, you could have just said no. taken, you probably won't give them up now, but whatever. i think you might have actually turned me off of binrev radio, i only listen to rfa cause dual has such a k-rad voice, oh and the h/p part, but yeah. so, take it how you want. JERKS.

[hacnslash]

dude, the post was censored because you acted like a fucknut, there was no smilie, no indication that you were kidding and voice tone does NOT transmit very well thru the internet, please make you post intentions clearer next time so there are no more such altercations.

[bland_inquisitor]

here, they're patched with the shmoo patch to allow monitor mode

crybaby.tar.gz

[Admin]

tut tut, no need to always be so serious. you guys seem so helpful 'n all on rfa and binrev, but apart from zapper idling on Yahoo, this is the easiest way to contact you, all of you. and is there really a need to 'censore' my post ? like, wtf, seriously. if you weren't gonna help me out with some simple drivers, that no doubt most of you have, you could have just said no. taken, you probably won't give them up now, but whatever. i think you might have actually turned me off of binrev radio, i only listen to rfa cause dual has such a k-rad voice, oh and the h/p part, but yeah. so, take it how you want. JERKS.

I just checked the admin logs and no one from DDP edited you post. Only one other person has the authority to change your post...

You did.