Monday, October 24, 2005

[REVS] How-To: Hack NetStumbler 0.4.0 to Enable Wireless Zero Configuration

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

How-To: Hack NetStumbler 0.4.0 to Enable Wireless Zero Configuration
------------------------------------------------------------------------

SUMMARY

Israel Torres discovered a way to enable Microsoft Windows Wireless Zero
Configuration Utility when running NetStumbler.

DETAILS

It is a known fact that NetStumbler disables Microsoft Windows Wireless
Zero Configuration Utility when starting up NetStumbler. This is
purposeful as wardriving has nothing to do with connecting to foreign
Access Points at any time during the wardrive. The author of NetStumbler
Marius Milner enabled this restriction with good intention. However Marius
did not provide an option for those that used their machines for more than
wardriving while NetStumbler is active. Such projects may be remote
systems running wardriving systems where foreign APs and authorized APs
may mix. Marius constructed a wall so that no one may accidentally connect
to a legal access point while NetStumbler is running. After a few hours of
tinkering with NetStumbler a flaw was located in how this "wall" was being
devised during NetStumbler startup. Using the modified version as depicted
below disables this wall. In essence we are disabling the disabler from
loading correctly. It is transparent to the user other than just plain not
seeing the "Please Wait (While WZC is being disabled) Screen".

* The tutorial requiers NetStumbler 0.4.0

The complete tutorial on how to enable Microsoft Windows Wireless Zero
Configuration can be found at:
<http://www.chroniclesofawardriver.org/How-To_Hack_NSv4.4.0_Enable_WZC.html> http://www.chroniclesofawardriver.org/How-To_Hack_NSv4.4.0_Enable_WZC.html

ADDITIONAL INFORMATION

The original article can be found at:
<http://www.chroniclesofawardriver.org/How-To_Hack_NSv4.4.0_Enable_WZC.html> http://www.chroniclesofawardriver.org/How-To_Hack_NSv4.4.0_Enable_WZC.html

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

1 comment:

  1. Unfortunately, re-enabling WZC makes NetStumbler's results inaccurate (and, for some hardware, nonexistent).

    ReplyDelete