whizkid
JF-Expert Member
- Aug 2, 2010
- 357
- 240
I like to experiment whenever I get spare time. It should explain my avatar on the left. ;-) So one dull morning, about a month ago, I took a backpack and in it was one Toshiba fully loaded with Backtrack. I took a daladala ride to Posta, and started walking around various areas and offices of the city. They call this warwalking, wardriving on foot if you may. You are probably wondering, what the hell am I talking about? Oh, you are also wondering how I hacked you right? Let me explain.
The experiment:
I wanted to find out how many wireless networks are available all the way between Masaki and the Posta region. What kinds of encryption are used on each network, and all sorts of things. Off the book. I wasn't really trying to retrieve sensitive data from anyone or hack into networks, but unfortunately my laptop wouldn't resist doing exactly that! Read on to find out what actually happened! :smile:
The Tools:
My laptop unlike many out there, is plain evil! It has stuff running on it that could steal money from all the banks and send us all back to stone age, Die Hard 4.0 style! Okay, am obviously joking. Lemme be serious now. Ever heard about Backtrack, the OS? If you know it well, you might wanna skip some paragraphs. Otherwise, read on!
Backtrack is an operating system. A linux distribution designed for network penetration testing. That is, allowing a security expert to test if one could penetrate a computer network and access some services/data on a networked device. It does a lot of things. It has numerous tools/programs to do various tasks as far as penetration testing is concerned. The current version, Backtrack 4, is based on Ubuntu and this is exactly what I had/have running on my laptop. So I used some tools, spoofed my wireless card with a fake mac address so that the fingerprints I leave behind when I sniff on networks, won't really identify me. Anonymity stuff. I will just assume that you understand what a mac address is and its role in networking. Think of it as a "license plate" of some kind, for any network device. So I was walking with something the "mac police" could only falsely recognize.
Now, there is one powerful tool found within Backtrack's mighty arsenal. It is called Kismet. So what does Kismet do here? How powerful is it? Well, Kismet basically listens on all wireless signals that the card can detect and dumps them in a raw packet-capture file. The wireless card is set on the so called promiscuous mode (the swahili for this should be funny!), allowing it to hop on all available wireless channels and capture all the raw wireless data that it detects. More than that, it logs details about names and number of wireless networks available, the clients connected to each network, the wireless encryption method used, signal strength and other technical data. If you have a GPS device, it also logs the location at which each network was detected. And that is just the nitty-gritty! So powerful right? Oh, Kismet how I love thee!
Analysis:
After moving around town for like 3 hours, moving in and out office buildings, finally my battery drained down to zero. Damn! Wish I had a bigger battery. So I couldn't do much about it, returned home where the rest of the drama was set to unfold. I powered the laptop on, and copied all the logs and dump files to a usb flash disk. Was something like 100mb worth of sniffed packets! The size of the pcap file, those dumped packets, was so intimidating that I forgot my original experiment and my evil mind suddenly took charge. Muhuhuhaha! So what I do? Put the flash disk on my overclocked desktop (8GB Ram, 3.6Ghz C2D), fired up the mighty Wireshark (a network analysis tool) and opened up the pcap file from the flash drive. Waited for the captured data to load, and quickly started typing my usual filters. I watched in awe seeing how much data I actually had with me. Not just the quantity, but the quality of data materializing before me! I found emails, passwords, session cookies and all sorts of things. I was actually laughing at my screen, looking at the data like Dracula eying a fat man! :smile:
Checking on Kismet logs, I found over 200 networks! Funny enough, I found several corporate networks secured only with WEP. Several others were completely unsecured! I found several interesting networks, with names like Barclays, CRDB and so on... but these were seemingly safe, secured with WPA2. Well, you should know that WEP is so easy to crack so always go for WPA2 and always use a strong password! Never use dictionary words. If you do, you better hope I am not near that network! Why? Read on!
On my desktop, I had a virtual machine running backtrack 4. A replica of what I had on my laptop. So I loaded the pcap file in it. There is a set of wireless tools made by some brilliant programmers, the Aircrack suite! With it, comes a nifty tool called aircrack-ng. This is a WEP and WPA/WPA2-PSK cracker! I had a good set of wordlists, around 50mb of text spread on various categories! So I fired up aircrack-ng, choosing my favorite dictionary files, selected the network that I wanted to crack and left the sneaky beast spitting out a fire of passwords at an average speed of 600 words per second! I minimized it, left it running for like 2 hours while I enjoyed a good movie! Naturally, I wasn't expecting to get the password as I normally expect corporate networks to be properly secured. Oh, I was so wrong! I actually GOT the password! Since I am not a black-hat hacker, I had no malicious ideas really
Conclusion?
I believe many people don't fully understand the risks involved when browsing the internet especially on public WiFi hotspots. Internet cafe? The same story! Digital data, as sensitive as it is, have many vulnerabilities that could potentially expose your information. The way networks operate, in the design itself, lies some fatal flaws. Some "IT guys" in many organizations don't even realize the extent at which their networks are compromised. Consequently, they end up exposing sensitive information to the prying eyes of guys like me, and the malicious hackers out there, the "bad guys"!
So what do we do from here? Knowing the basic security facts about wireless hotspots can pretty much guide you on what you should and should not do when on a public wireless hotspot. Just in case it isn't obvious, here are a few to get you started.
DOs
These are some examples of things you can do without any privacy fears:
DON'Ts
These are some DON'Ts when on a public wireless hotspot:
That is all I had for today. Looking forward to reading your candid replies.
PS: :nono: Don't hunt me down, I shredded all the evidence! :tonguez:
The experiment:
I wanted to find out how many wireless networks are available all the way between Masaki and the Posta region. What kinds of encryption are used on each network, and all sorts of things. Off the book. I wasn't really trying to retrieve sensitive data from anyone or hack into networks, but unfortunately my laptop wouldn't resist doing exactly that! Read on to find out what actually happened! :smile:
The Tools:
My laptop unlike many out there, is plain evil! It has stuff running on it that could steal money from all the banks and send us all back to stone age, Die Hard 4.0 style! Okay, am obviously joking. Lemme be serious now. Ever heard about Backtrack, the OS? If you know it well, you might wanna skip some paragraphs. Otherwise, read on!
Backtrack is an operating system. A linux distribution designed for network penetration testing. That is, allowing a security expert to test if one could penetrate a computer network and access some services/data on a networked device. It does a lot of things. It has numerous tools/programs to do various tasks as far as penetration testing is concerned. The current version, Backtrack 4, is based on Ubuntu and this is exactly what I had/have running on my laptop. So I used some tools, spoofed my wireless card with a fake mac address so that the fingerprints I leave behind when I sniff on networks, won't really identify me. Anonymity stuff. I will just assume that you understand what a mac address is and its role in networking. Think of it as a "license plate" of some kind, for any network device. So I was walking with something the "mac police" could only falsely recognize.
Now, there is one powerful tool found within Backtrack's mighty arsenal. It is called Kismet. So what does Kismet do here? How powerful is it? Well, Kismet basically listens on all wireless signals that the card can detect and dumps them in a raw packet-capture file. The wireless card is set on the so called promiscuous mode (the swahili for this should be funny!), allowing it to hop on all available wireless channels and capture all the raw wireless data that it detects. More than that, it logs details about names and number of wireless networks available, the clients connected to each network, the wireless encryption method used, signal strength and other technical data. If you have a GPS device, it also logs the location at which each network was detected. And that is just the nitty-gritty! So powerful right? Oh, Kismet how I love thee!
Analysis:
After moving around town for like 3 hours, moving in and out office buildings, finally my battery drained down to zero. Damn! Wish I had a bigger battery. So I couldn't do much about it, returned home where the rest of the drama was set to unfold. I powered the laptop on, and copied all the logs and dump files to a usb flash disk. Was something like 100mb worth of sniffed packets! The size of the pcap file, those dumped packets, was so intimidating that I forgot my original experiment and my evil mind suddenly took charge. Muhuhuhaha! So what I do? Put the flash disk on my overclocked desktop (8GB Ram, 3.6Ghz C2D), fired up the mighty Wireshark (a network analysis tool) and opened up the pcap file from the flash drive. Waited for the captured data to load, and quickly started typing my usual filters. I watched in awe seeing how much data I actually had with me. Not just the quantity, but the quality of data materializing before me! I found emails, passwords, session cookies and all sorts of things. I was actually laughing at my screen, looking at the data like Dracula eying a fat man! :smile:
Checking on Kismet logs, I found over 200 networks! Funny enough, I found several corporate networks secured only with WEP. Several others were completely unsecured! I found several interesting networks, with names like Barclays, CRDB and so on... but these were seemingly safe, secured with WPA2. Well, you should know that WEP is so easy to crack so always go for WPA2 and always use a strong password! Never use dictionary words. If you do, you better hope I am not near that network! Why? Read on!
On my desktop, I had a virtual machine running backtrack 4. A replica of what I had on my laptop. So I loaded the pcap file in it. There is a set of wireless tools made by some brilliant programmers, the Aircrack suite! With it, comes a nifty tool called aircrack-ng. This is a WEP and WPA/WPA2-PSK cracker! I had a good set of wordlists, around 50mb of text spread on various categories! So I fired up aircrack-ng, choosing my favorite dictionary files, selected the network that I wanted to crack and left the sneaky beast spitting out a fire of passwords at an average speed of 600 words per second! I minimized it, left it running for like 2 hours while I enjoyed a good movie! Naturally, I wasn't expecting to get the password as I normally expect corporate networks to be properly secured. Oh, I was so wrong! I actually GOT the password! Since I am not a black-hat hacker, I had no malicious ideas really
Conclusion?
I believe many people don't fully understand the risks involved when browsing the internet especially on public WiFi hotspots. Internet cafe? The same story! Digital data, as sensitive as it is, have many vulnerabilities that could potentially expose your information. The way networks operate, in the design itself, lies some fatal flaws. Some "IT guys" in many organizations don't even realize the extent at which their networks are compromised. Consequently, they end up exposing sensitive information to the prying eyes of guys like me, and the malicious hackers out there, the "bad guys"!
So what do we do from here? Knowing the basic security facts about wireless hotspots can pretty much guide you on what you should and should not do when on a public wireless hotspot. Just in case it isn't obvious, here are a few to get you started.
DOs
These are some examples of things you can do without any privacy fears:
- Browse the Internet so long as what you look at or do doesn't involve divulging personal or private information. For example, you might just be doing article searches, reading the news, or just viewing some videos.
- Do use secure web sites or Internet applications. Sites that use "HTTPS://" or SSLencrypt their data payload which keeps your data private.
- Do configure your wireless network interface so that it doesn't automatically connect to any unsecured wireless network. This will prevent accidental exposure.
DON'Ts
These are some DON'Ts when on a public wireless hotspot:
- Don't communicate private or confidential information on non-secure web sites or Internet applications; these are sites where the URL starts with "HTTP://" or "FTP://".
- Don't log in to web sites that do not use secure protocols like HTTPS . If you log in to unsecured web sites, your log in credentials are exposed to anyone who could be snooping on the hotspot.
- Don't use email though your Outlook Express or other email client programs because these programs use non-secure Internet protocols like POP and SMTP.
- Don't connect to unsecured wireless hotspot automatically; configure your computer not to automatically connect to a wireless network; this will prevent you from accidentally exposing private/confidential information because you might think you were on a secure network when in fact you are not.
That is all I had for today. Looking forward to reading your candid replies.
PS: :nono: Don't hunt me down, I shredded all the evidence! :tonguez: