WET11 cracks WPA2???

Discussion in 'General Discussion' started by Anonymous, Mar 14, 2006.

  1. Anonymous

    Anonymous Guest

    Hi Folks!

    Something weird happened today.

    First of the Basics:

    - o got a pretty cheap brandnew WET11 v.2 on Ebay. (Firmware 2.0.3)
    - i wanted to combine it with an wireless-router for a setup, that allows to have an LAN/WLAN-Subnet within a bigger WiFi-Network.
    (I'm in a german WiFi-Community, kind of scoial networkig, education and mostly intra- and internet. Kind of fun for a Nerd like me. Home of DD-WRT! ^^)

    So i wanted to test this Setup at our Community-Central. We'vo got an WRT54GS there, wich provides the Rooms with WLAN, its unencrypted and works with Radius Authetification.

    So registered the WET11-MAC and hooked the thing on a Laptop.
    Conifg is pretty easy.. i scanned for Networks and found our Router, typed the SSID in the Config-Menu and rebootet the WET11.

    Yeah.. instantly i got an IP and tried to connect but no Net. Hmm.. wtf.. i got an IP!! Our WRT makes 10.30.0.xyz!! Where is my WET11 hanging in?

    So again Site Survey and no new APs.. just our WRT, wich is correctly entered in Conifg-Menu. Nevertheless... the WET11 is somwhere else, cause our WRT war running fine at the Moment with lots of happy Clients.

    So netxt Thing => (The common Subnet for our Members.) and Tatdaa... Password check! And it was "admin"! Its an WRT54G!! But not Ours!

    Yeah! Lots of fun for all, when Geeks find an Open Hotspot with Standard-Login!

    The more we looked in the config of that WRT, the more weird it got.

    First off.. that Ting had connection to our Net and the Internet (as it should) but i couldnt connect to anything else than the Router.

    Next thing.. is was WPA2-encrypted!! Really.. i could even see the Key in the Menu and it was definitley turned on! (i've seen lots of WRT-Webinterfaces and this one was running and configured well, exept of the standard-PW)

    Why could i connect to an WPA2-Encrypted AP with an Client, that does only know WEP??

    And the next weird thing... we could not find the SSID, wich was set in the Web-Menu. We've tried it with 12 dBi Yagis (Our usual Measure-Equipment.. over 1 km outdoort performance!) but they couldn't find the AP. But the WET11 with that small 5 dbi Antenna was connected!! And no.. the SSID was not hidden!

    We took a Look in our Database and found the Owner.. he lives 4 Floors Higher with LOTS of Concrete between my WET11. Usually impossible.. especially with the antennas of both WET and WRT in normal Position and directly over another.

    So finally we went up and took the WRT for examination, after only changing some minor Settings and changing them Back to normal the WRT did kind of die. We only got an connection with WEP or no Encryption. With WPA or WPA2 (PSK, TKIP, AES.. tried all combinations exept Radius).

    So what was that?
    Did the WPA die on that Thing? Why did the WET connect to this AP, why did it even got any Signal at all, especially when the AP it was configured to work with was only a few metres away?
    Why could only this WET get any Signal from up there?

    Confused Greetings,
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice