Many people don't know it, but they are open to getting free highspeed internet. This is simply due to the fact that they have a neighbor that is using wireless networking and has not properly secured there connection. With a few simple tools you can tap into your neighbor's wireless connection and begin taking advantage of free high speed internet connection. Only one warning, it is not legal to hack into other people's computers and steal stuff, SheerBoredom.net does not condone the use of these tools for hacking. These tools are only here to better help secure your wireless network.
Essential Items:
- Get a good browser, I prefer Firefox. Firefox is not only a good browser for surfing the web, but it is more secure and allows you to customize your browser with various add-ins.
- You will need a wireless network card. Any card should do fine, most networks are G, so a 802.11g card would be the best route to go, also probably the cheapest.
Thats all the items you need to get started. The rest of the items are found below and links to them are found right above the picture of them.
Finding Wireless Networks
Locating a wireless network is the first step in trying to exploit it. There are two tools that are commonly used in this regard:
Network Stumbler a.k.a NetStumbler – This Windows based tool easily finds wireless signals being broadcast within range – A must have. It also has ability to determine Signal/Noise info that can be used for site surveys. I actually know of one highly known public wireless hotspot provider that uses this utility for their site surveys.
Kismet – One of the key functional elements missing from NetStumbler is the ability to display Wireless Networks that are not broadcasting their SSID. As a potential wireless security expert, you should realize that Access Points are routinely broadcasting this info; it just isn’t being read/deciphered. Kismet will detect and display SSIDs that are not being broadcast which is very critical in finding wireless networks.
Attaching to the Found Wireless Network
Once you’ve found a wireless network, the next step is to try to connect to it. If the network isn’t using any type of authentication or encryption security, you can simply connect to the SSID. If the SSID isn’t being broadcast, you can create a profile with the name of the SSID that is not being broadcast. Of course you found the non-broadcast SSID with Kismet, right? If the wireless network is using authentication and/or encryption, you may need one of the following tools.
Airsnort – This is a very easy to use tool that can be used to sniff and crack WEP keys. While many people bash the use of WEP, it is certainly better than using nothing at all. Something you’ll find in using this tool is that it takes a lot of sniffed packets to crack the WEP key. There are additional tools and strategies that can be used to force the generation of traffic on the wireless network to shorten the amount of time needed to crack the key, but this feature is not included in Airsnort.
CowPatty – This tool is used as a brute force tool for cracking WPA-PSK, considered the “New WEP” for home Wireless Security. This program simply tries a bunch of different options from a dictionary file to see if one ends up matching what is defined as the Pre-Shared Key.
ASLeap – If a network is using LEAP, this tool can be used to gather the authentication data that is being passed across the network, and these sniffed credentials can be cracked. LEAP doesn’t protect the authentication like other “real” EAP types, which is the main reason why LEAP can be broken.
Sniffing Wireless Data
Whether you are directly connected to a wireless network or not, if there is wireless network in range, there is data flying through the air at any given moment. You will need a tool to be able to see this data.
Ethereal – While there has been much debate on the proper way to pronounce this utility, there is no question that it is an extremely valuable tool. Ethereal can scan wireless and Ethernet data and comes with some robust filtering capabilities. It can also be used to sniff-out 802.11 management beacons and probes and subsequently could be used as a tool to sniff-out non-broadcast SSIDs.
The aforementioned utilities, or similar ones, will be necessities in your own wireless security toolkit. The easiest way to become familiar with these tools is to simply use them in a controlled lab environment. And cost is no excuse as all of these tools are available freely on the Internet.
BackTrack is the most top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. It's evolved from the merge of the two wide spread distributions -Whax and Auditor Security Collection. By joining forces and replacing these distributions, BackTrack has gained massive popularity and was voted in 2006 as the #1 Security Live Distribution by insecure.org. Security professionals as well as new-comers are using BackTrack as their favorite toolset all over the globe.
Protecting Against These Tools
Just as it’s important to know how to utilize the aforementioned tools, it is important to know best practices on how to secure your Wireless Network Against these tools.
NetStumbler – Do not broadcast your SSID. Ensure your WLAN is protected by using advanced Authentication and Encryption.
Kismet – There’s really nothing you can do to stop Kismet from finding your WLAN, so ensure your WLAN is protected by using advanced Authentication and Encryption
Airsnort – Use a 128-bit, not a 40-bit WEP encryption key. This would take longer to crack. If your equipment supports it, use WPA or WPA2 instead of WEP (may require firmware or software update).
Cowpatty – Use a long and complex WPA Pre-Shared Key. This type of key would have less of a chance of residing in a dictionary file that would be used to try and guess your key and/or would take longer. If in a corporate scenario, don’t use WPA with Pre-Shared Key, use a good EAP type to protect the authentication and limit the amount of incorrect guesses that would take place before the account is locked-out. If using certificate-like functionality, it could also validate the remote system trying to gain access to the WLAN and not allow a rogue system access.
ASLeap – Use long and complex credentials, or better yet, switch to EAP-FAST or a different EAP type.
Ethereal – Use encryption, so that anything sniffed would be difficult or nearly impossible to break. WPA2, which uses AES, is essentially unrealistic to break by a normal hacker. Even WEP will encrypt the data. When in a Public Wireless Hotspot (which generally do not offer encryption), use application layer encryption, like Simplite to encrypt your IM sessions, or use SSL. For corporate users, use IPSec VPN with split-tunneling disabled. This will force all traffic leaving the machine through an encrypted tunnel that would be encrypted with DES, 3DES or AES.
Subscribe to this comment's feed
written by Matt , March 25, 2009
written by Jack , March 25, 2009
written by Matt , March 28, 2009
written by R.H. , April 01, 2009
written by neil , April 18, 2009
written by needinhelp , July 21, 2009
but its got security on it, what would be the easyest
way to get acsess to it?
written by NJM16 , August 16, 2009
written by J , August 17, 2009
written by Jake , January 02, 2010
written by Woj , January 09, 2010
have anybody managed to get that working?
written by sergu , January 19, 2010
written by ali , January 28, 2010
written by harry , April 09, 2010
written by greatfuldead , May 30, 2010
written by Sagar , July 12, 2010
written by yogurt , July 20, 2010
2 go to the control on the computer, etc. Why is this so difficult to give instructions. Many are waiting for basic instructions, not all of you to sell your junky programs...
written by prince , August 27, 2010
can i use my frnds brodband internet connection
written by Brother Mathias , August 30, 2010
written by Brother Mathias , August 30, 2010
written by Seire Bricker , September 03, 2010
written by Panda , September 03, 2010
written by newklear , November 22, 2010
Otherwise awesome guide
written by Defcon Hacker , January 24, 2011
shell 1 airmon-ng
*list interface
airmon-ng start "interface"
airodump-ng mon0
*find a WEP encrypted wifi
shell 2 airodump-ng -c "channel" -w "dump" --bssid "bssid" "interface
shell 3 aireplay-ng -1 0 -a "bssid" "interface"
*make sure u associate and get a smile face
*if this doesnt work try aireplay-ng -9 "interface" to see if your injecting if your not you need to install drivers for your wifi card
shell 4 aireplay-ng -3 -b "bssid" "interface"
*watch data climb in shell 2 when data hits around 20,000 start aircrack
shell 5 aircrack-ng dump-01.cap
wait for it to crack the key
written by Defcon Hacker , January 24, 2011
ex if password was 12:34:65:23:43
the password would be 1234652343
written by Defcon Hacker , January 25, 2011
Guids from
*Nmap Scanning -types of scans saving scans to import XML
*Metasploit - exploiting vulnerable computers, Meterpreter, Pivioting to extended networks now reached through the exploited computer.
*Man In The Middle attacks - Ettercap, Arp poisioning, port stealing/redirect ect
*SSL Strip - reading user names and passwords through (encrypted https web pages) facebook hotmail banking, using SSL Strip with Ettercap, ect
*Wireshark - filters, get passwords, read MSN, ect
*aircrack-ng suit
*pyrit / cowpatty passthrough - Time / Memory trade off for cracking WPA/WPA2
*Hydra - password cracking
*immunity debugger -- making your own exploits / buffer overflows, with and without the help of metasploit
*python / Perl / Ruby -- Programing
*AND MUCH MUCH MORE* ask if you want to learn something else
written by Defcon Hacker , January 25, 2011
written by Defcon Hacker , January 25, 2011
*Nessus *Both Vulnerbility Scanners
written by DEFCON , June 20, 2011
If you donwload Backtrack (live CD) you can boot linux right off the cd with no install when you turn the computer on just dont save a file and expect it to be there after you power off. Backtrack if a Professional Auditing OS. It has over 100+ hacking programs ect. half these programs would come up as viruses if they were on windows.
Take nc (Netcat - The TCP/IP Swiss Army Knife ) is a great tool that is used to connect to a box, use as a chat program, use as a backdoor ect. But this downloaded in windows is a virus just because its mostly used for wrong doings.
written by Mritunjoy Mushahary , June 29, 2011
written by Richard , July 21, 2011
written by nick , August 10, 2011
written by Stevo , August 17, 2011
Pretty good guide though... I think I've read this before though (around when it was first written) but I'm not much into wireless security (in the scope of this article.)
written by Confused..Truly , August 20, 2011
written by Hacker Chick , September 11, 2011
written by eden , November 02, 2011
please can ANY one KINDLY advise in easy step by step how to really get free broadband connection,
but in easy step by step OR to advise of any software to buy or website to visit or easy program to downoad.
AND/OR
HOW TO SPEED UP MY SLOW INTERNET AND YOUTUBE DOWNLOAD FOR MOVIES, VIDOES, ONLINE TV. MY SPEED GOES DOWN AFTER I CONSUME MY MONTHLY ALLOWANCE OF 8 GB, WHICH IS ENOUGH FOR ONLY ONE WEEK DOWNLOADING.
CAN ANYONE ADVISE OF ANY PROGRAM OR SOFTWARE OR WEBSITE TO VISIT IN ORDER TO GET GOOGL EARTH IN REAL TIME. I MEAN TO WATCH ANY PLACE ON THE GOLBE LIVE, IN REAL TIME LIKE LIVE TV OR LIKE LIVE SATTELITE..
ANY HELP IS MUCH APPRECIATED
PLEASE EMAIL ME .. STEP BY STEP
THANKS SO MUCH
written by Andrea , January 23, 2012
Good luck lay people!
