EH-Net

Ethical Hacking Discussions and Related Certifications => Wireless => Topic started by: str8jack3t on June 29, 2011, 11:54:35 AM


Title: Stealthing the Ether
Post by: str8jack3t on June 29, 2011, 11:54:35 AM
A friend of mine was complaining about how he thinks somebody is tapped into his Wi-Fi.  I found out after looking into it, that he's using WEP...that's sad in itself.  Secondary he's got the default admin/password on his router admin page, not so smart, but not surprising.

When I logged into his router admin, I noticed several PC's named the same as his...I guess masking them on first glance?? Obviously the MAC addresses were different.  So I assume he is getting tapped for free Wi-Fi, but it got me to thinking:

1) What would you do to mask yourself in this scenario?
2) Was naming the PC the same as his an attempt to mask?

I'm new in this type of arena and now I'm interested like crazy and would love to put myself in their shoes to see the angle...like reverse engineering.  Let me know how you would cover your tracks or post links referencing this scene.

Thank you all in advance!!

Title: Re: Stealthing the Ether
Post by: El33tsamurai on June 29, 2011, 12:01:35 PM
Someone once told me they can tell me and I will remember for 10 minutes or they can tell me to go look it up and I will remember it forever, so I going to tell you the same hit up google and do some research on how to mask yourself and come back and tell us about it.

Title: Re: Stealthing the Ether
Post by: lorddicranius on June 29, 2011, 12:12:05 PM
You can also modify the MAC address to match another machine on the network.  This will hide your presence, making it look like a machine that the wifi owner believes is supposed to be on the network.  This also has the added bonus of bypassing MAC filtering, if configured.

Title: Re: Stealthing the Ether
Post by: El33tsamurai on June 29, 2011, 12:15:34 PM
Take the next step and you have arp poisoning.

Title: Re: Stealthing the Ether
Post by: packet.Wire on June 29, 2011, 12:23:00 PM
Changing your mac address to something that doesn't look suspicious is one of the ways that you'd do it. You wouldn't want to change it to 00:11:22:33:44:55 because that'd stand out too much. Most home users, and corporate for that matter, don't keep track of mac addresses in their possession.

Title: Re: Stealthing the Ether
Post by: El33tsamurai on June 29, 2011, 12:25:01 PM
O but they should.

Title: Re: Stealthing the Ether
Post by: str8jack3t on June 29, 2011, 01:53:48 PM
El33tsamurai - HAHAHA, love it!  I will take your advice boss! Thank you.

packet.Wire - Excellent.  I have a couple PC's I can play with.  Will do some research and see how it goes.  Thank you!

lorddicranius - Thank you for that!!!

Time to rake the net!!

Title: Re: Stealthing the Ether
Post by: El33tsamurai on June 29, 2011, 02:00:44 PM
With an answer like that you will do well in this field!  If a person say WTF was that, so stupid! Will go no where in this field.


Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com