[Article]-Free WiFi in Airports and Public Hotspots

This topic contains 18 replies, has 6 voices, and was last updated by  1slorunner 12 years, 1 month ago.

  • Author
    Posts
  • #1271
     Don Donzal 
    Keymaster

    Another great addition to the growing number of works by Brian Wilson here on EH-Net.

    Permanent Link: [Article]-Free WiFi in Airports and Public Hotspots

    By Brian Wilson, CCNA, CCSE, CCAI, MCP, Network+, Security+, JNCIA

    Recently while traveling I noticed a hot spot and wanted to surf the internet. Once I connected to the AP I had seen that they wanted to charge me $8 per day to surf the internet. I thought that was just too much money for a quick internet connection, and my layover between flights was about 3 hours. I decided to see what I could access while connected to there AP.

    Disclaimer: This paper and the topics covered in the paper are just for educational purposes and should not be tried on a network without the permission from the owner of the network you plan on testing. I hold no responsibility for any actions or damage that might accrue if you try anything explained in this paper. “Do not do this at home kids” hacking/cracking/pen testing might be harmful to your health.

    Feel free to add your comments,
    Don

  • #12399
     Don Donzal 
    Keymaster

    Hey All,

    Help Brian get some well-deserved attention for his work by digging his article here:

    http://www.digg.com/security/Hack_Your_Way_Into_Free_WiFi_in_Airports_and_Public_Hotspots

    Thanks,
    Don

  • #12400
     Cutaway 
    Participant

    In the News on Mike Rothman’s blog: http://securityincite.com/TDI-2007-04-23#TBP1

    Cutaway

  • #12401
     Don Donzal 
    Keymaster

    Nice find. Always good to know where we show up.  8)

    Thanks,
    Don

  • #12402
     Anonymous 
    Participant

    yeah brian!

  • #12403
     slimjim100 
    Participant

    Wow I am a stud now. Just kidding I am very thankful to everyone that supports my work and this community. You guys here are the reason I write the papers and want to be active in the community. Anyway Let me know if you would like anything else covered with a paper or video I am sure that Chris G., Myself, or any other members here would be happy to whip somthing up.

    Thanks,

    Brian

  • #12404
     greymore57 
    Participant

    Hey Brian,
                  Nice article, thanks for that, I am just a little confused about the use of Cain as a network sniffer, I understood that Cain would only sniff ethernet networks and not wireless, do you have a different version?

    On a different note, and this is where I don my fireproof coveralls, and stick my tongue firmly in my cheek 🙂 you said in the article –

    I wanted to do this just to see if it could be done and to gage the security of this network.

    And even though:

    Please note I did pay for service after testing the AP, and I was not cracking anything.

    Does this not break the code of ethical hacking 🙂

    As I said tongue firmly in cheek and fireproof coveralls on so please don’t flame me!  🙂

  • #12405
     slimjim100 
    Participant

    greymore57,

    1) Cain & Able can sniff on Ethernet over wireless once you have connected to the AP if it is not encrypted or if you have the WEP/WPA key. To crack the WEP key you need a special WiFi dongle with cain but if you are on the network you sniff just as if your connection is a 10/100 Ethernet connection.

    2) I would say that since I paid for the service I feel my actions where not too dark but yes the test I did would fall into a gray area. On the other hand I never said I that the MAC address I barrowed to surf was not my other laptop. So If I already paid for service with one laptop and then changed the MAC on my other laptop to see if it would surf; was I in the wrong if in the end I did pay for service on both laptops? Anyway alot of time the ethics you are faced with depend on what your personal ethics are. I do not believe I broke any ethics or hurt anything. By the actions I performed I was able to see how my computer worked on this network. Now if I was to enable the Password filters on Cain and start capturing other users sensitive information while doing my test i would of crossed the line. I do know that the state I was in when testing this AP I broke no laws. If you would like a link to the computer access/hacking laws for different states go here: http://www.ncsl.org/programs/lis/cip/hacklaw.htm

    Thanks,

    Brian

    P.S. Nice 1st post and welcome to the forums feel free to PM me if you would like more information on this test I did or you can post your questions and comments here.

  • #12406
     Anonymous 
    Participant

    who cares if he paid for it or not…

    the point is the weak authentication and control schemes used and that basing full access on a MAC is not a secure means of access control.

    the whole idea of hacking any type of OS or system usually entails breaking license agreements and EULA but everyone loves their 0-days so i guess we overlook that?

  • #12407
     Anonymous 
    Participant

    I dont know of an “ethical hacker” that wouldnt have done what Slimjim did.

  • #12408
     1slorunner 
    Participant

    “1) Cain & Able can sniff on Ethernet over wireless once you have connected to the AP if it is not encrypted or if you have the WEP/WPA key. To crack the WEP key you need a special WiFi dongle with cain but if you are on the network you sniff just as if your connection is a 10/100 Ethernet connection.”

    I am a little confused and need some clarification on this.  I thought that you must purchase AirPCap with USB adapter to accomplish this.  Can someone please elaborate on this?

    Thanks in Advance.

    Joe

  • #12409
     slimjim100 
    Participant

    Correct to use Cain to Break WEP you do need the USB AirPcap device but if you are on a non-secure AP you do not need to crack wep. Also there is alot of other tools you can use to crack WEP/WPA like Aircrack-NG (http://anti-hacker.info/video/Aircrack/Aircrack.html). Once you are on the network wired or wireless you can use all the tools in Cain & Able. Let me know if you need more info.

    Thanks,

    Brian

    aka Slimjim100

  • #12410
     1slorunner 
    Participant

    Brian —
    Thanks for the info but I am still need some clarification. 

    “Once you are on the network wired or wireless you can use all the tools in Cain & Able”

    I can associate with an AP but I am not able to use the full functionality of Cain and Able and I was told that this was not possible without purchasing the airPCap adapter and software.  Am I wrong or just doing something incorrectly?  I have no issues using Cain & Able wired but wireless I have no functionality.  Thoughts? Ideas?

  • #12411
     Anonymous 
    Participant

    what specifically are you not able to do?

    also, is the AP giving you an IP or are you just connected?  sometimes you can can “connect” but not send packets because of the encryption

  • #12412
     1slorunner 
    Participant

    Chris —
    I am trying to do ARP Poisoning via wireless.

    Joe

  • #12413
     slimjim100 
    Participant

    You need to have a IP off of the access point to APR Poison. Use Cain & Able and scan for host off of your wifi nic and see if you are on that subnet 1st.

    Brian

  • #12414
     1slorunner 
    Participant

    Brian —
    I am associated with an AP and I have an IP address.  I fire up Cain and Start the Sniffer and choose the Sniffer tab and Select the + Symbol and select all hosts in my subnet.  It scans but finds nothing.  It should find wireless devices connected to the same subnet, correct?  I try this wired and I have no issues. 

    Joe

  • #12415
     slimjim100 
    Participant

    Make sure you have promiscuous more turned off (this is under configure). Now I have seen some wifi cards not work on the sniffer tab in Cain but 90% of wifi NIC’s I have used worked fine. Also not to pwan you off on a help file but the help document in Cain is super well writen and will teach you so much. Let me know if this helps.

    Brian

  • #12416
     1slorunner 
    Participant

    To All —
    I finally got it working after changing one setting, in the configuration-ARP Tab, I selected “Use Real IP and MAC addresses” and it worked.  I must have changed this setting some time ago and never changed it back.  I would like to thank all for your patience and assistance, great website and forum.

    Thanks Again,
    Joe

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?