Dismiss Notice
You are browsing this site as a guest. It takes 2 minutes to CREATE AN ACCOUNT and less than 1 minute to LOGIN

Wireless Dar: How I hacked you!

Discussion in 'Tech, Gadgets & Science Forum' started by whizkid, Aug 5, 2010.

  1. whizkid

    whizkid Senior Member

    #1
    Aug 5, 2010
    Joined: Aug 2, 2010
    Messages: 168
    Likes Received: 4
    Trophy Points: 35
    I like to experiment whenever I get spare time. It should explain my avatar on the left. ;-) So one dull morning, about a month ago, I took a backpack and in it was one Toshiba fully loaded with Backtrack. I took a daladala ride to Posta, and started walking around various areas and offices of the city. They call this warwalking, wardriving on foot if you may. You are probably wondering, what the hell am I talking about? Oh, you are also wondering how I hacked you right? Let me explain.

    The experiment:

    I wanted to find out how many wireless networks are available all the way between Masaki and the Posta region. What kinds of encryption are used on each network, and all sorts of things. Off the book. I wasn't really trying to retrieve sensitive data from anyone or hack into networks, but unfortunately my laptop wouldn't resist doing exactly that! Read on to find out what actually happened! :smile:


    The Tools:

    My laptop unlike many out there, is plain evil! It has stuff running on it that could steal money from all the banks and send us all back to stone age, Die Hard 4.0 style! Okay, am obviously joking. Lemme be serious now. Ever heard about Backtrack, the OS? If you know it well, you might wanna skip some paragraphs. Otherwise, read on!

    Backtrack is an operating system. A linux distribution designed for network penetration testing. That is, allowing a security expert to test if one could penetrate a computer network and access some services/data on a networked device. It does a lot of things. It has numerous tools/programs to do various tasks as far as penetration testing is concerned. The current version, Backtrack 4, is based on Ubuntu and this is exactly what I had/have running on my laptop. So I used some tools, spoofed my wireless card with a fake mac address so that the fingerprints I leave behind when I sniff on networks, won't really identify me. Anonymity stuff. I will just assume that you understand what a mac address is and its role in networking. Think of it as a "license plate" of some kind, for any network device. So I was walking with something the "mac police" could only falsely recognize.

    Now, there is one powerful tool found within Backtrack's mighty arsenal. It is called Kismet. So what does Kismet do here? How powerful is it? Well, Kismet basically listens on all wireless signals that the card can detect and dumps them in a raw packet-capture file. The wireless card is set on the so called promiscuous mode (the swahili for this should be funny!), allowing it to hop on all available wireless channels and capture all the raw wireless data that it detects. More than that, it logs details about names and number of wireless networks available, the clients connected to each network, the wireless encryption method used, signal strength and other technical data. If you have a GPS device, it also logs the location at which each network was detected. And that is just the nitty-gritty! So powerful right? Oh, Kismet how I love thee!

    Analysis:

    After moving around town for like 3 hours, moving in and out office buildings, finally my battery drained down to zero. Damn! Wish I had a bigger battery. So I couldn't do much about it, returned home where the rest of the drama was set to unfold. I powered the laptop on, and copied all the logs and dump files to a usb flash disk. Was something like 100mb worth of sniffed packets! The size of the pcap file, those dumped packets, was so intimidating that I forgot my original experiment and my evil mind suddenly took charge. Muhuhuhaha! So what I do? Put the flash disk on my overclocked desktop (8GB Ram, 3.6Ghz C2D), fired up the mighty Wireshark (a network analysis tool) and opened up the pcap file from the flash drive. Waited for the captured data to load, and quickly started typing my usual filters. I watched in awe seeing how much data I actually had with me. Not just the quantity, but the quality of data materializing before me! I found emails, passwords, session cookies and all sorts of things. I was actually laughing at my screen, looking at the data like Dracula eying a fat man! :smile:

    Checking on Kismet logs, I found over 200 networks! Funny enough, I found several corporate networks secured only with WEP. Several others were completely unsecured! I found several interesting networks, with names like Barclays, CRDB and so on... but these were seemingly safe, secured with WPA2. Well, you should know that WEP is so easy to crack so always go for WPA2 and always use a strong password! Never use dictionary words. If you do, you better hope I am not near that network! Why? Read on!

    On my desktop, I had a virtual machine running backtrack 4. A replica of what I had on my laptop. So I loaded the pcap file in it. There is a set of wireless tools made by some brilliant programmers, the Aircrack suite! With it, comes a nifty tool called aircrack-ng. This is a WEP and WPA/WPA2-PSK cracker! I had a good set of wordlists, around 50mb of text spread on various categories! So I fired up aircrack-ng, choosing my favorite dictionary files, selected the network that I wanted to crack and left the sneaky beast spitting out a fire of passwords at an average speed of 600 words per second! I minimized it, left it running for like 2 hours while I enjoyed a good movie! Naturally, I wasn't expecting to get the password as I normally expect corporate networks to be properly secured. Oh, I was so wrong! I actually GOT the password! Since I am not a black-hat hacker, I had no malicious ideas really

    Conclusion?


    I believe many people don't fully understand the risks involved when browsing the internet especially on public WiFi hotspots. Internet cafe? The same story! Digital data, as sensitive as it is, have many vulnerabilities that could potentially expose your information. The way networks operate, in the design itself, lies some fatal flaws. Some "IT guys" in many organizations don't even realize the extent at which their networks are compromised. Consequently, they end up exposing sensitive information to the prying eyes of guys like me, and the malicious hackers out there, the "bad guys"!

    So what do we do from here? Knowing the basic security facts about wireless hotspots can pretty much guide you on what you should and should not do when on a public wireless hotspot. Just in case it isn't obvious, here are a few to get you started.

    DOs

    These are some examples of things you can do without any privacy fears:

    • Browse the Internet so long as what you look at or do doesn't involve divulging personal or private information. For example, you might just be doing article searches, reading the news, or just viewing some videos.
    • Do use secure web sites or Internet applications. Sites that use "HTTPS://" or SSLencrypt their data payload which keeps your data private.
    • Do configure your wireless network interface so that it doesn't automatically connect to any unsecured wireless network. This will prevent accidental exposure.

    DON'Ts

    These are some DON'Ts when on a public wireless hotspot:

    • Don't communicate private or confidential information on non-secure web sites or Internet applications; these are sites where the URL starts with "HTTP://" or "FTP://".
    • Don't log in to web sites that do not use secure protocols like HTTPS . If you log in to unsecured web sites, your log in credentials are exposed to anyone who could be snooping on the hotspot.
    • Don't use email though your Outlook Express or other email client programs because these programs use non-secure Internet protocols like POP and SMTP.
    • Don't connect to unsecured wireless hotspot automatically; configure your computer not to automatically connect to a wireless network; this will prevent you from accidentally exposing private/confidential information because you might think you were on a secure network when in fact you are not.

    That is all I had for today. Looking forward to reading your candid replies.

    PS: :nono: Don't hunt me down, I shredded all the evidence! :tonguez:
     
  2. Baba_Enock

    Baba_Enock JF-Expert Member

    #2
    Aug 5, 2010
    Joined: Aug 21, 2008
    Messages: 6,724
    Likes Received: 61
    Trophy Points: 145
    Copy and Paste!
     
  3. whizkid

    whizkid Senior Member

    #3
    Aug 5, 2010
    Joined: Aug 2, 2010
    Messages: 168
    Likes Received: 4
    Trophy Points: 35
    Meaning?
     
  4. Amoeba

    Amoeba JF-Expert Member

    #4
    Aug 5, 2010
    Joined: Aug 20, 2009
    Messages: 3,328
    Likes Received: 53
    Trophy Points: 0
    You sound like some badass netguru. You were doing it just bcause you can! Good.
     
  5. JS

    JS JF-Expert Member

    #5
    Aug 5, 2010
    Joined: Sep 29, 2009
    Messages: 2,065
    Likes Received: 10
    Trophy Points: 135
    Careful kiddo you could run into trouble you never know..........mark my words
     
  6. Steve Dii

    Steve Dii JF-Expert Member

    #6
    Aug 5, 2010
    Joined: Jun 25, 2007
    Messages: 6,414
    Likes Received: 40
    Trophy Points: 145
    You could still be asked to hand in your laptop by powers that be!!!

    Such a good read I must say, funny and all too!

    However, u best keep in mind what happened to Google when they ventured into similar wifi data collection adventure in Germany. (Google relents, to give WiFi data to Germany, France, Spain)
     
  7. alsaidy

    alsaidy JF-Expert Member

    #7
    Aug 5, 2010
    Joined: Feb 23, 2009
    Messages: 317
    Likes Received: 2
    Trophy Points: 35
    Very Good man!!

    It's an excellent lesson to know how to protect yourself and be aware of the risk you are facing!!

    Be blessed Bro to let our eyes open!!

    Bravo!!!!!!
     
  8. whizkid

    whizkid Senior Member

    #8
    Aug 5, 2010
    Joined: Aug 2, 2010
    Messages: 168
    Likes Received: 4
    Trophy Points: 35
    Thanks for noting this out. I am very much aware of this. I am careful. Though, I get careless at times and I don't care. Well, if you speak of the legal argument the whole issue automatically becomes a very interesting subject! As decided in the US of A, accessing an open network is actually LEGAL. But attempting to crack any passwords to access a secure network, is ILLEGAL and punishable according to the law. American law that is. I have no idea how the laws of Tanzania dictate about the subject. Lawyers, help me out here! While I might have broken some serious laws here, which I don't think so, I know I didn't really disclose any sensitive information to implicate me or anyone for that matter. Nevertheless, I made zero attempts to penetrate any network on site. So nothing malicious here. No damages whatsoever. I don't think anyone would be interested in prosecuting me! But for anyone out there, you should note that: Cracking anyone's password be a network or not, without that person's direct permission is a serious offense in many countries, undoubtedly in Tanzania as well. So while at it, watch out for the "Big Brother!". :spy:
     
  9. Mtazamaji

    Mtazamaji JF-Expert Member

    #9
    Aug 5, 2010
    Joined: Feb 29, 2008
    Messages: 5,972
    Likes Received: 27
    Trophy Points: 0
    Nadhani pia kwa kuendeleza experiment inabidi watu wajue not all Wireless Networdk card can give the best result. Nilipata shida kuhack my own wirelessIli nijue how weak and vulnerable it is. Baada ya kusoma soma niligundua Wireless NIC yangu Atheros Ar50000G haiwezi kufanikisha zoezi. Ilibidi nijaribu kadi ya Dlink.

    Hope kuna Wirelss card nyingine nyingi zinakubali lakini pia kuna nyingine nyingi zinaweza kuwa kikwazo ukitaka kujaribu kufanya zoezi kama la mtaalam hapo juu
     
  10. whizkid

    whizkid Senior Member

    #10
    Aug 5, 2010
    Joined: Aug 2, 2010
    Messages: 168
    Likes Received: 4
    Trophy Points: 35
    Thanks Steve. Just read that article, interesting stuff indeed! Where it says Google grabbed some 600GB worth of payload data, I can't help it but laugh at my 100mb! Anyway, this sparked some idea about some hypothetical project. Something to add to my previous post, just for the fun of writing. Let me post it on a new thread, watch out for a post titled WifiLeaks: Hypothesis
     
  11. Kiranga

    Kiranga JF-Expert Member

    #11
    Aug 5, 2010
    Joined: Jan 29, 2009
    Messages: 34,583
    Likes Received: 5,634
    Trophy Points: 280
    Very nice piece. I searched the web to see if this was copy pasted from somewhere (as someone alleged) and could not easily verify that assertion.

    In your list of Do's and Dont's I would expect to see advice on how users must configure their own access points ( e.g, wireless routers) to be secure, and with the proper encryption too, and some info on WPA/ WEP and what is the difference. This would limit an end users access point too, closing an open door to all sorts of security risks.

    You seem to have focused on the surfing habits of the user (and what to look for when making connection outside of your own environment) and left the user's own access point system vulnerable.

    Ni kama vile unasema "usiingie/ lale nyumba ya jirani kama nyumba ya jirani haina mlango" halafu huwaambii watu "hakikisha umefunga mlango wa nyumba yako mwenyewe"

    I would think if everybody had their access point secured the risk would be greatly reduced automatically, at least on the wireless end - not speaking of FTP and HTTP of course-.
     
  12. whizkid

    whizkid Senior Member

    #12
    Aug 5, 2010
    Joined: Aug 2, 2010
    Messages: 168
    Likes Received: 4
    Trophy Points: 35
    Good point. But actually in your case, Atheros should have been working right out of the box. It is a well supported chipset, if you were working on linux. I used Atheros for my system, the same series as yours. Just avoid anything Broadcom if you wanna attempt these tests.
     
  13. T

    Taso JF-Expert Member

    #13
    Aug 5, 2010
    Joined: Jun 12, 2010
    Messages: 1,394
    Likes Received: 120
    Trophy Points: 160
    you ain't hacked squat! tech guru wannabe lying to some wide-eyed tech-challenged Tanzanians.

    True hackers demonstrate the vulnerability of tested systems by publishing credentials they cracked and info they gleaned so that others can test them. Then you really raise eyebrows. Mongo mkubwa. Weka hapa password ulizo crack tujaribu.
     
  14. Steve Dii

    Steve Dii JF-Expert Member

    #14
    Aug 5, 2010
    Joined: Jun 25, 2007
    Messages: 6,414
    Likes Received: 40
    Trophy Points: 145
    Taso, hapa nafikiri unataka kubeza tu mtu kama ilivyo kawaida yako bila sababu ya maana yoyote ile. Kwenye red, ni wapi kuna hiyo rule of thumb or any written guideline that hackers have to demonstrate walichofanya kwa kukipost?? Yaani mtu kaweka adventures zake kwenye field anayosomeka kuielewa na kuipenda, halafu wewe unamwita mwongo.
     
  15. T

    Taso JF-Expert Member

    #15
    Aug 5, 2010
    Joined: Jun 12, 2010
    Messages: 1,394
    Likes Received: 120
    Trophy Points: 160
    Uuuuuwiii! jamani jamani Watanzania, tuache kuwa gullible kwa kila kitu. Sio kila anaesema ye mtaalam basi mtaalam! Mdomo/keyboard mali yake, anaweza kuwa anabwabwaja tu, tusiingie ingie mikenge!

    Nisamehe lakini mimi nimeharibika kwa kupata bahati ya kuishi Magharibi ambapo nimejifunza kwamba watu hawaamini amini vitu ovyo ovyo tu. Ukisema ume hack into NASA's website, kwa mfano, watu watakwambia weka credentials za NASA hapa tujaribu. Huwezi kujiongelea ongelea tu. Sio formula ya kwenye kitabu, ni utamaduni wa watu kuwa makini na madai ovyo ovyo ya watu.
     
  16. Steve Dii

    Steve Dii JF-Expert Member

    #16
    Aug 5, 2010
    Joined: Jun 25, 2007
    Messages: 6,414
    Likes Received: 40
    Trophy Points: 145
    Sawa ni vyema watu kutokuwa gullible. Lakini kwangu mimi kwa jinsi nilivyomsoma na kumwelewa, plus from what I know or understand, mengi aliyoyasema hapo juu yanawezekana na yako within principle za network. Believe me or not, kama kuna kitu ambacho baada ya kusoma ningeona analeta u-Shy, bila shaka ningeli muuliza.

    Nilichojaribu kukitafutia haki kwenye post yangu ni namna tunavyoleta counterargument zetu. It's true that everyone has their own writing style and way of engaging others. But katika kuhojiana kokote tunakotaka kuleta hapa, kuheshimiana katika hoja zetu ni jambo la busara kwa wote. Kwani kumwita mtu ni mwongo outright kwa maoni yangu, ni kumkosea heshima mtu huyo. Kama unavyosisitiza umuhimu wa watu kuwa makini, vivyohivyo ni muhimu watu kuheshimiana kwenye hoja zao.
     
  17. Richard

    Richard JF-Expert Member

    #17
    Aug 5, 2010
    Joined: Oct 23, 2006
    Messages: 6,862
    Likes Received: 2,374
    Trophy Points: 280
    Dear Mr Whizkid,

    You've just missed Black Hat hacker conference which was held in Las Vegas -USA between 24th and 29 July 2010. There were a similar demonstration made by Mr Samy Kamkar who hacked into google street map database. His aim wa spot many security failings.

    It was very interesting to see how you could also show the dos and don'ts which are quite cool.

    But also be aware of you been noticed by very micky mouse systems out there which will let you in and enjoy yourself but you wouldn't feel you are still out of firewall.
     
  18. Abdulhalim

    Abdulhalim JF-Expert Member

    #18
    Aug 6, 2010
    Joined: Jul 20, 2007
    Messages: 16,463
    Likes Received: 16
    Trophy Points: 135
    Ohh Dilunga keshaingia = annoying
     
  19. BrainPower

    BrainPower Senior Member

    #19
    Aug 6, 2010
    Joined: May 19, 2009
    Messages: 149
    Likes Received: 0
    Trophy Points: 33
     
  20. K

    Kimwe Member

    #20
    Aug 6, 2010
    Joined: Feb 26, 2009
    Messages: 26
    Likes Received: 0
    Trophy Points: 3
    the real hackers don't brag!!!!!
     
Loading...