Announcement

Collapse
No announcement yet.

WiFi PSA

Collapse
X
Collapse
 
  • Page of 6
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 6 template Next
  • #1

    WiFi PSA

    How this geek spent today during his vacation: Seeing if I could crack my neighbour's WPA2 wireless password and gain access to his network. Very educational - I learned all about 802.1x, EAPOL, etc. It was surprisingly easy with all of the free tools out there now. Knowing what I know now, I could probably crack 50% of people's WPA2 passwords in an hour or so (using some premium cloud compute services, though). The scariest part is - my neighbour had a really good password. Mixed case, 12 chars long, letters & numbers. He's also a senior systems administrator for a very large web-based company, so he knew his security stuff in general.

    The problem was it still was based on a dictionary word.

    If you care about your wireless security (and you should!), make sure you are using WPA2 (not WEP, which can be cracked in under a minute with the click of a button) and ensure that it's not based on dictionary words. It's only going to get easier to crack as computers become more powerful.
    "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
    Ben Kenobi: "That means I'm doing something right. "
    Tags: None
  • #2
    What if you have mac address filtering turned on?

    Comment

    • #3
      interesting
      Socrates: "Good is That at which all things aim, If one knows what the good is, one will always do what is good." Brian: "Romanes eunt domus"
      GW 2013: "and juistin bieber is gay with me and we have 10 kids we live in u.s.a in the white house with obama"

      Comment

      • #4
        Originally posted by ricketyclik View Post
        What if you have mac address filtering turned on?
        I hacked the password without ever joining the network. It had a hidden SSID, too. I just passively watched traffic over the network until my tools recorded the WPA auth handshake. Then I took the hash from that and ran a dictionary-based attack on the hash until I found a match. I could then join the network...

        What MAC address filtering would've required me to do is also spoof my MAC address before joining (which is also trivial).

        MAC address filters, like cloaked/unbroadcast SSIDs, are just trivial inconveniences to people wanting to break into your network.
        "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
        Ben Kenobi: "That means I'm doing something right. "

        Comment

        • #5
          Excuse me for not being terribly concerned about my house on a culdesac in suburbia surrounded by people who also have their own wifis being hacked. Yeah, my wifi password's probably a dictionary word. But unlike Asher I don't think my neighbors are the kind of people who go around breaking into people's wifi for shits.
          If there is no sound in space, how come you can hear the lasers?
          ){ :|:& };:

          Comment

          • #6
            Also if you broke into the hash you'd need a ****ing huge rainbow table. Where'd you get your hands on that? I'm assuming you didn't generate that ***** yourself. I've done it before, it's a pain in the ass and takes up tons of hard drive space even for something like md5.

            And hidden SSID is meaningless. The computer won't display the SSID on the list of networks simply out of politeness. It still gets transmitted.
            If there is no sound in space, how come you can hear the lasers?
            ){ :|:& };:

            Comment

            • #7
              Pff, PSK. Next exercise: hack 802.11x

              Comment

              • #8
                Oh yeah, one more thing. If you just want to **** with someone's WiFi it's as simple as getting a function generator and an antenna to transmit in 2.4 GHz band and completely jam the spectrum.
                If there is no sound in space, how come you can hear the lasers?
                ){ :|:& };:

                Comment

                • #9
                  Or pick up an old cordless telephone

                  Comment

                  • #10
                    That too.
                    If there is no sound in space, how come you can hear the lasers?
                    ){ :|:& };:

                    Comment

                    • #11
                      Originally posted by Hauldren Collider View Post
                      Excuse me for not being terribly concerned about my house on a culdesac in suburbia surrounded by people who also have their own wifis being hacked.
                      Who do you think would be the target of most?

                      If I were looking for targets, wealthy suburban Virginians with a quaint sense of security would probably be high on the list.
                      "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
                      Ben Kenobi: "That means I'm doing something right. "

                      Comment

                      • #12
                        Okay, if I see a white paneled van outside my house for an hour and it isn't a handiman, I'll know it's an Albertan with way too much time on his hands.

                        Seriously, I can barely get a reception in my bedroom with my wireless router in the basement next to the cable modem. I know from experience that you can't pick up the signal from the neighbor's yard. So you'd have to be on my lawn with your laptop out. On a culdesac that isn't off of an arterial road.
                        If there is no sound in space, how come you can hear the lasers?
                        ){ :|:& };:

                        Comment

                        • #13
                          Originally posted by Hauldren Collider View Post
                          Oh yeah, one more thing. If you just want to **** with someone's WiFi it's as simple as getting a function generator and an antenna to transmit in 2.4 GHz band and completely jam the spectrum.
                          Apparently you don't know the ramifications of gaining access to a local network in 2013.

                          Have you ever used Wireshark before? It also puts you in prime position to perform other hacks that could give you some useful information...bank account credentials and info, tax info, etc...

                          Hell, my neighbour (who is a techy) has some Philips HUE lights and a Nest thermostat. I could turn this furnace off when he goes to China for a month and his house would be completely ****ed (frozen pipes bursting, etc) when he returns. I could turn on and off his lights from my place if I wanted. His home alarm provided provides internet-based arming/disarming services. Snoop into that and you could disarm his alarm when he was away. You know only more and more things are going to be net-enabled...

                          It's a password you type in a handful of times and that's it. It's one of those things you should just make intelligently the first time. Quit being stupid about it.
                          "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
                          Ben Kenobi: "That means I'm doing something right. "

                          Comment

                          • #14
                            Originally posted by Asher View Post
                            Apparently you don't know the ramifications of gaining access to a local network in 2013.

                            Have you ever used Wireshark before? It also puts you in prime position to perform other hacks that could give you some useful information...bank account credentials and info, tax info, etc...

                            Hell, my neighbour (who is a techy) has some Philips HUE lights and a Nest thermostat. I could turn this furnace off when he goes to China for a month and his house would be completely ****ed (frozen pipes bursting, etc) when he returns. I could turn on and off his lights from my place if I wanted. His home alarm provided provides internet-based arming/disarming services. Snoop into that and you could disarm his alarm when he was away. You know only more and more things are going to be net-enabled...

                            It's a password you type in a handful of times and that's it. It's one of those things you should just make intelligently the first time. Quit being stupid about it.
                            Well my house doesn't have any of that fancy crap. And my neighbors aren't *******s. Or particularly adept with technology. Or have access to Amazon cloud services. You still haven't explained where you got your hands on that rainbow table...

                            Yes I've used wireshark. I know quite a bit about networks and network security. I know that when it comes to wifi, it's mostly about being more secure than the other guys. Considering half the wifis in my neighborhood are WEP or just plain unencrypted, I'm having trouble giving half a ****.

                            Look, the bottom line is that you need to be in proximity to the network to cause any trouble. Also, if I DID have anything like my home alarm on the network, I would put that on a virtual network separate from the wireless.
                            If there is no sound in space, how come you can hear the lasers?
                            ){ :|:& };:

                            Comment

                            • #15
                              Originally posted by Hauldren Collider View Post
                              Well my house doesn't have any of that fancy crap. And my neighbors aren't *******s. Or particularly adept with technology. Or have access to Amazon cloud services. You still haven't explained where you got your hands on that rainbow table...
                              I didn't use a rainbow table.

                              I used a GPU-hosted dictionary-based attack with a 15GB wordlist.

                              If that had failed, I could have used a 4.2B-entry table with results in under 2 hours for about $130 using a cloud service. It's as simple as uploading a file and specifying the SSID. Then it emails you the password.
                              "The issue is there are still many people out there that use religion as a crutch for bigotry and hate. Like Ben."
                              Ben Kenobi: "That means I'm doing something right. "

                              Comment

                              Previous 1 2 3 4 5 6 template Next
                              Working...
                              X