Or just make it easy: http://theplugbot.com/
-- Rob Fuller | Mubix Certified Checkbox Unchecker Room362.com | Hak5.org On Wed, Aug 25, 2010 at 6:57 PM, Bacon Zombie <[email protected]> wrote: > A few good idea: > > #Use UTF 8 characters to set the SSID to something that look like the > Company standard one. > > #If you are going to leave port 80 open on the AP, put a reverse-binding > trojan on the homepage of the AP's GUI since they will probably want a > screenshot of the web GUI. > > #Open a few fake ports open that just replay a Telnet banned with one of > the follow - { "Never Gonna Give You Up" lyrics, ASCII Goatse, shell code > [rm -rf *], SQL injection,etc } > > #Hide the AP like this > > [image: the image] <http://i.imgur.com/i4Sm9.jpg> > > * > BaconZombie > > ☣ ☣ ☣ ☣ ☠ ☠ ☠ ☠ ☢ ☢ ☢ ☢ > > ….all text in this mail is double-rot13 encrypted. ...* > > ☣ ☣ ☣ ☣ ☠ ☠ ☠ ☠ ☢ ☢ ☢ ☢ > > **** > On 25 August 2010 22:40, Chris Merkel <[email protected]> wrote: > >> Yeah, that does just about everything I need. I'm still going to drop a >> big ugly pix and ghetto AP for the fun of it. >> >> Aside from this all-in-wonderful pwnage device, anyone else have tips for >> stealthy AP usage? >> >> - Chris >> >> >> On Wed, Aug 25, 2010 at 2:19 PM, Andrew Johnson <[email protected] >> > wrote: >> >>> Have you seen this? >>> http://grep8000.blogspot.com/2010/07/introducing-pwn-plug.html >>> >>> <http://grep8000.blogspot.com/2010/07/introducing-pwn-plug.html>-A >>> >>> On Wed, Aug 25, 2010 at 10:54 AM, Chris Merkel <[email protected]>wrote: >>> >>>> Question directed to fellow pen-test / red-teaming ninjas: >>>> >>>> Have a test coming up, and want to place a rogue AP. I fully expect that >>>> a vanilla AP/router will be detected. I'm thinking about dropping a Cisco >>>> PIX 501 with the rogue AP sitting on the other side of the NAT gateway, and >>>> turning off all remote PIX management as well (if possible, it's been >>>> awhile >>>> since I admin'ed these.), maybe even turn off ICMP echo replies. >>>> >>>> My guess is that this isn't going to be detected... My question is: >>>> anyone gone to that level of evil to evade detection on a network? If so, >>>> could you share any tips or gotchas you encountered along the way? >>>> >>>> (BTW, you can get a PIX 501 on ebay for under 100 bucks... so well >>>> within the reach of an attacker...) >>>> >>>> -- >>>> - Chris Merkel >>>> >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>>> >>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> >> >> -- >> - Chris Merkel >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
