Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: Stealing NT passwords through WiFi?
From: Ugen (ugenxonix.com)
Date: Wed May 19 2004 - 16:13:07 CDT
> But that requires the user to either have his TCP/IP protocol enabled
> by default in the WiFi card settings [in which case Win will
> automatically try to connect to any and all APs it finds] or to have
> the network in his/her Preferred Networks list to automatically join.
> The second case is more likely knowing that most users will just
> enable the option to save themselves time... But, with that happening,
> the scenario sounds... sense-full.
The second case is something I am seeing in reality. The reasoning is that
"users arent savvy enough to play with settings" and at the same time
is to have their machines come on line "automatically" once they get
coverage area of organization APs.
I got some tool recommendations and will follow up on these. One thing
found is a ready made "cracking" tool for MS-CHAP encrypted passwords.
scenario is real threat - I need to make sure we don't end up doing this
and the only way of convincing is by demo at this point.