A few good idea:
#Use UTF 8 characters to set the SSID to something that look like the
Company standard one.
#If you are going to leave port 80 open on the AP, put a reverse-binding
trojan on the homepage of the AP's GUI since they will probably want a
screenshot of the web GUI.
#Open a few fake ports open that just replay a Telnet banned with one of the
follow - { "Never Gonna Give You Up" lyrics, ASCII Goatse, shell code [rm
-rf *], SQL injection,etc }
#Hide the AP like this
[image: the image] <http://i.imgur.com/i4Sm9.jpg>
*
BaconZombie
☣ ☣ ☣ ☣ ☠ ☠ ☠ ☠ ☢ ☢ ☢ ☢
….all text in this mail is double-rot13 encrypted. ...*
☣ ☣ ☣ ☣ ☠ ☠ ☠ ☠ ☢ ☢ ☢ ☢
****
On 25 August 2010 22:40, Chris Merkel <[email protected]> wrote:
> Yeah, that does just about everything I need. I'm still going to drop a big
> ugly pix and ghetto AP for the fun of it.
>
> Aside from this all-in-wonderful pwnage device, anyone else have tips for
> stealthy AP usage?
>
> - Chris
>
>
> On Wed, Aug 25, 2010 at 2:19 PM, Andrew Johnson
> <[email protected]>wrote:
>
>> Have you seen this?
>> http://grep8000.blogspot.com/2010/07/introducing-pwn-plug.html
>>
>> <http://grep8000.blogspot.com/2010/07/introducing-pwn-plug.html>-A
>>
>> On Wed, Aug 25, 2010 at 10:54 AM, Chris Merkel <[email protected]> wrote:
>>
>>> Question directed to fellow pen-test / red-teaming ninjas:
>>>
>>> Have a test coming up, and want to place a rogue AP. I fully expect that
>>> a vanilla AP/router will be detected. I'm thinking about dropping a Cisco
>>> PIX 501 with the rogue AP sitting on the other side of the NAT gateway, and
>>> turning off all remote PIX management as well (if possible, it's been awhile
>>> since I admin'ed these.), maybe even turn off ICMP echo replies.
>>>
>>> My guess is that this isn't going to be detected... My question is:
>>> anyone gone to that level of evil to evade detection on a network? If so,
>>> could you share any tips or gotchas you encountered along the way?
>>>
>>> (BTW, you can get a PIX 501 on ebay for under 100 bucks... so well within
>>> the reach of an attacker...)
>>>
>>> --
>>> - Chris Merkel
>>>
>>> _______________________________________________
>>> Pauldotcom mailing list
>>> [email protected]
>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>> Main Web Site: http://pauldotcom.com
>>>
>>
>>
>> _______________________________________________
>> Pauldotcom mailing list
>> [email protected]
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
>>
>
>
>
> --
> - Chris Merkel
>
> _______________________________________________
> Pauldotcom mailing list
> [email protected]
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com