Hey All,

Help Brian get some well-deserved attention for his work by digging his article here:

http://www.digg.com/security/Hack_Your_Way_Into_Free_WiFi_in_Airports_and_Public_Hotspots

Thanks,
Don

Nice find. Always good to know where we show up. 

Thanks,
Don

Wow I am a stud now. Just kidding I am very thankful to everyone that supports my work and this community. You guys here are the reason I write the papers and want to be active in the community. Anyway Let me know if you would like anything else covered with a paper or video I am sure that Chris G., Myself, or any other members here would be happy to whip somthing up.

Thanks,

Brian

greymore57,


1) Cain & Able can sniff on Ethernet over wireless once you have connected to the AP if it is not encrypted or if you have the WEP/WPA key. To crack the WEP key you need a special WiFi dongle with cain but if you are on the network you sniff just as if your connection is a 10/100 Ethernet connection.

2) I would say that since I paid for the service I feel my actions where not too dark but yes the test I did would fall into a gray area. On the other hand I never said I that the MAC address I barrowed to surf was not my other laptop. So If I already paid for service with one laptop and then changed the MAC on my other laptop to see if it would surf; was I in the wrong if in the end I did pay for service on both laptops? Anyway alot of time the ethics you are faced with depend on what your personal ethics are. I do not believe I broke any ethics or hurt anything. By the actions I performed I was able to see how my computer worked on this network. Now if I was to enable the Password filters on Cain and start capturing other users sensitive information while doing my test i would of crossed the line. I do know that the state I was in when testing this AP I broke no laws. If you would like a link to the computer access/hacking laws for different states go here: http://www.ncsl.org/programs/lis/cip/hacklaw.htm


Thanks,

Brian

P.S. Nice 1st post and welcome to the forums feel free to PM me if you would like more information on this test I did or you can post your questions and comments here.

 I dont know of an "ethical hacker" that wouldnt have done what Slimjim did.

Correct to use Cain to Break WEP you do need the USB AirPcap device but if you are on a non-secure AP you do not need to crack wep. Also there is alot of other tools you can use to crack WEP/WPA like Aircrack-NG (http://anti-hacker.info/video/Aircrack/Aircrack.html). Once you are on the network wired or wireless you can use all the tools in Cain & Able. Let me know if you need more info.

Thanks,

Brian

aka Slimjim100

what specifically are you not able to do?

also, is the AP giving you an IP or are you just connected?  sometimes you can can "connect" but not send packets because of the encryption