Wireless Network Hacking and Spying Made Simple
The last two weeks I have been moving into my new apartment, which is why I haven’t been able to write many articles recently. Last night after finishing the last of the unpacking I sat down, had a few beers and decided to have a little fun with my apartment’s wireless network. Here’s a quick and simple guide on how to get on to so called “secure” networks as well as a few things you can do to amuse yourself after you are in. Enjoy!
Finding the network
Most wireless networks are configured to broadcast their SSID (Service Set Identifier), when looking for a network to have some fun with I like to start with these if they are available. If they are broadcasting the SSID there is a little bit less work required, and you can bet that those who have SSID broadcasting turned off have also taken other steps to lock down the network.
If you know that a network exists but you don’t see a SSID in your available networks, or are just curious to see if any are out there, there are a few tools that will get this job done for you.
For Linux users I recommend:
- AirJack- A lightweight program. The only drawback is that it is not very user-friendly to those who are not experienced with these type of programs.
- Kismet- Unquestionably the most powerful wireless program. Kismet does require you to compile it but if you can manage to get through the install this program will do just about anything you want.
For Windows users I recommend:
- AirSnort- Another program that is a pain to get installed, but like Kismet if you can get it installed it will find networks for you.
- AirMagnet- To be honest, I haven’t used this one in a while, but I remember that the full version was too resource hungry to run on my laptop- luckily they do have a version for non-servers.
Bypassing WEP or WPA
Let me start this section by saying that WEP encryption is a joke. The only thing turning on WEP does is add some extra information to the packets. I would also like to pre-disclose that there are several different types of WPA (WPA-PSK, WPA2, WPA-TKIP, ect) and the tool I am discussing is limited to WPA-PSK; there are no tools to my knowledge that can crack WPA2 yet.
.
Aircrack is a free Windows/Linux tool that can break both WEP and WPA-PSK. The installation requires you to change your wifi drivers and install their program, guides on how to do this can be found on their website. Once installed Aircrack will attempt to brute force it’s way into a network, the time this takes is dependent on the length and complexity of the passphrase.
Modifying the network
It never fails to surprise me how many routers are left configured to the default admin password and username- if this is the case you can easily hijack an entire network. Most routers can be accessed by typing in 192.168.x.x in your browser, try different combinations of 0, 1 and 2 to find the router. Once you have found the router look around for logos to identify the brand then head on over to the default router password list to find the default credentials.
.
If the default credentials work, you can easily change the passphrase, SSID or completely turn off the router. Since my apartment network was running a little slowly I got on the router and changed the SSID from Appartment5 to Appartment29. I chose to kick users off this way rather than simply changing the passphrase to be a little sneakier. If I changed the passphrase people would still see the network and their password would be rejected- this would surly cause them to go complain to the apartment staff and lead to the router being reset and/or locked down. Since I changed the SSID people will just not see the network there anymore, most people will probably assume the network “when down” and just try to get back on at a later time. By then, all my torrents should have completed and I will have reset the router back to Appartment5.
Spying on Connected Users
On a wireless network, the router effectively screams out requested information from any computer to the whole broadcast radius. This means that you can use a program to eavesdrop on other users on the network. The tools you will need for this are simple- a packet sniffer and a packet compiler. Packet sniffer/recompiler programs are very powerful, they can be used to recreate webpages, AIM conversations, emails and even some downloads. There are some programs that do both, while others only do one function. There are MANY programs available to do this, my favorite is Packet Sniffer SDK, a simple Google search for “packet sniffer” will yield many results, just do this and find one that works for your platform.
There is still lots of fun to be had on the network, I had some fun using “net send” commands to send stupid messages to me neighbors who come over to tell me about the strange pop-ups that they were getting on their machine. While wireless network security has gotten better in recent years, there are still some gaping vulnerabilities, have fun with other’s networks- but don’t get yourself into trouble!
Did you like this? If so, please bookmark it,