Scribd
Upload
22 views1 page

Gray Hat Hacking 114

The document outlines a gray hat hacking technique involving the installation of an unauthorized wireless access point (WAP) on a corporate network through a face-to-face meeting with a target. It details a method for gaining access by creating a pretext for the meeting and using deception to install the WAP discreetly. The attack is described as low-tech, inexpensive, and often successful, requiring minimal tools and preparation.

Uploaded by

digapo7593
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
22 views1 page

Gray Hat Hacking 114

The document outlines a gray hat hacking technique involving the installation of an unauthorized wireless access point (WAP) on a corporate network through a face-to-face meeting with a target. It details a method for gaining access by creating a pretext for the meeting and using deception to install the WAP discreetly. The attack is described as low-tech, inexpensive, and often successful, requiring minimal tools and preparation.

Uploaded by

digapo7593
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Gray Hat Hacking, The Ethical Hacker’s Handbook, Third Edition

86
off but still wants to use the U3 features. Alternatively, you can place on the USB device
a document file with an appealing name that contains an exploit, in an attempt to en-
tice the target to open it. As with most gray hat attacks, this one is limited only by your
imagination.

The Meeting
The goal of this attack is to place an unauthorized wireless access point (WAP) on the
corporate network.
This attack requires face-to-face contact with the target. A pretext for a meeting is
required, such as a desire to purchase goods or services on a level that requires a face-
to-face meeting. Set the meeting time for just after lunch and arrive about 30 to 45
minutes before your meeting, with the goal of catching your victim away at lunch. Ex-
plain to the receptionist that you have a meeting scheduled after lunch but were in the
area on other business and decided to come early. Ask whether it is okay to wait for the
person to return from lunch. Have an accomplice phone you shortly after you enter the
building, act slightly flustered after you answer your phone, and ask the receptionist if
there is some place you can take your call privately. Most likely you’ll be offered a con-
ference room. Once inside the conference room, close the door, find a wall jack, and
install your wireless access point. Have some Velcro or double-sided sticky tape handy
to secure it out of view (behind a piece of furniture, for instance) and a good length of
cable to wire it into the network. If you have time, you may also want to clone the MAC
address of a computer in the room and then wire that computer into your access point
in the event they’re using port-level access control. This ruse should provide enough
time to set up the access point. Be prepared to stay in the room until you receive con-
firmation from your team that the access point is working and they have access to the
network. Once you receive notification that they have access, inform the receptionist
that an emergency has arisen and that you’ll call to reschedule your appointment.
The beauty of this attack is that it is often successful and usually only exposes one
team member to a single target employee, a receptionist in most cases. It’s low tech and
inexpensive as well.
In our example, we’re going to use a Linksys Wireless Access Point and configure it
for MAC cloning. For this example, you’ll need

• A Linksys Wireless Access Point


• Double-sided Velcro tape or sticky tape
• A 12-inch or longer CAT5 patch cable

Have the WAP ready with double-sided tape already stuck to the desired mounting
surface. You’ll want to be prepared for unexpected configuration problems such as a
long distance between the network wall jack or power outlet and a suitable hiding
place. A few simple tools such as a screwdriver, utility knife, and duct tape will help you
deal with unexpected challenges. It’s also wise to have any adapters you may need. De-
pending on which area of the country you’re working in, some older buildings may not
have grounded outlets, in which case you’ll need an adaptor. In addition to physical

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy