[Article]-Free WiFi in Airports and Public Hotspots

Viewing 18 reply threads
  • Author
    Posts
    • #1271
      Don Donzal
      Keymaster

      Another great addition to the growing number of works by Brian Wilson here on EH-Net.

      Permanent Link: [Article]-Free WiFi in Airports and Public Hotspots

      By Brian Wilson, CCNA, CCSE, CCAI, MCP, Network+, Security+, JNCIA

      Recently while traveling I noticed a hot spot and wanted to surf the internet. Once I connected to the AP I had seen that they wanted to charge me $8 per day to surf the internet. I thought that was just too much money for a quick internet connection, and my layover between flights was about 3 hours. I decided to see what I could access while connected to there AP.

      Disclaimer: This paper and the topics covered in the paper are just for educational purposes and should not be tried on a network without the permission from the owner of the network you plan on testing. I hold no responsibility for any actions or damage that might accrue if you try anything explained in this paper. “Do not do this at home kids” hacking/cracking/pen testing might be harmful to your health.

      Feel free to add your comments,
      Don

    • #12399
      Don Donzal
      Keymaster

      Hey All,

      Help Brian get some well-deserved attention for his work by digging his article here:

      http://www.digg.com/security/Hack_Your_Way_Into_Free_WiFi_in_Airports_and_Public_Hotspots

      Thanks,
      Don

    • #12400
      Cutaway
      Participant

      In the News on Mike Rothman’s blog: http://securityincite.com/TDI-2007-04-23#TBP1

      Cutaway

    • #12401
      Don Donzal
      Keymaster

      Nice find. Always good to know where we show up.  8)

      Thanks,
      Don

    • #12402
      Anonymous
      Participant

      yeah brian!

    • #12403
      slimjim100
      Participant

      Wow I am a stud now. Just kidding I am very thankful to everyone that supports my work and this community. You guys here are the reason I write the papers and want to be active in the community. Anyway Let me know if you would like anything else covered with a paper or video I am sure that Chris G., Myself, or any other members here would be happy to whip somthing up.

      Thanks,

      Brian

    • #12404
      greymore57
      Participant

      Hey Brian,
                    Nice article, thanks for that, I am just a little confused about the use of Cain as a network sniffer, I understood that Cain would only sniff ethernet networks and not wireless, do you have a different version?

      On a different note, and this is where I don my fireproof coveralls, and stick my tongue firmly in my cheek 🙂 you said in the article –

      I wanted to do this just to see if it could be done and to gage the security of this network.

      And even though:

      Please note I did pay for service after testing the AP, and I was not cracking anything.

      Does this not break the code of ethical hacking 🙂

      As I said tongue firmly in cheek and fireproof coveralls on so please don’t flame me!  🙂

    • #12405
      slimjim100
      Participant

      greymore57,

      1) Cain & Able can sniff on Ethernet over wireless once you have connected to the AP if it is not encrypted or if you have the WEP/WPA key. To crack the WEP key you need a special WiFi dongle with cain but if you are on the network you sniff just as if your connection is a 10/100 Ethernet connection.

      2) I would say that since I paid for the service I feel my actions where not too dark but yes the test I did would fall into a gray area. On the other hand I never said I that the MAC address I barrowed to surf was not my other laptop. So If I already paid for service with one laptop and then changed the MAC on my other laptop to see if it would surf; was I in the wrong if in the end I did pay for service on both laptops? Anyway alot of time the ethics you are faced with depend on what your personal ethics are. I do not believe I broke any ethics or hurt anything. By the actions I performed I was able to see how my computer worked on this network. Now if I was to enable the Password filters on Cain and start capturing other users sensitive information while doing my test i would of crossed the line. I do know that the state I was in when testing this AP I broke no laws. If you would like a link to the computer access/hacking laws for different states go here: http://www.ncsl.org/programs/lis/cip/hacklaw.htm

      Thanks,

      Brian

      P.S. Nice 1st post and welcome to the forums feel free to PM me if you would like more information on this test I did or you can post your questions and comments here.

    • #12406
      Anonymous
      Participant

      who cares if he paid for it or not…

      the point is the weak authentication and control schemes used and that basing full access on a MAC is not a secure means of access control.

      the whole idea of hacking any type of OS or system usually entails breaking license agreements and EULA but everyone loves their 0-days so i guess we overlook that?

    • #12407
      Anonymous
      Participant

      I dont know of an “ethical hacker” that wouldnt have done what Slimjim did.

    • #12408
      1slorunner
      Participant

      “1) Cain & Able can sniff on Ethernet over wireless once you have connected to the AP if it is not encrypted or if you have the WEP/WPA key. To crack the WEP key you need a special WiFi dongle with cain but if you are on the network you sniff just as if your connection is a 10/100 Ethernet connection.”

      I am a little confused and need some clarification on this.  I thought that you must purchase AirPCap with USB adapter to accomplish this.  Can someone please elaborate on this?

      Thanks in Advance.

      Joe

    • #12409
      slimjim100
      Participant

      Correct to use Cain to Break WEP you do need the USB AirPcap device but if you are on a non-secure AP you do not need to crack wep. Also there is alot of other tools you can use to crack WEP/WPA like Aircrack-NG (http://anti-hacker.info/video/Aircrack/Aircrack.html). Once you are on the network wired or wireless you can use all the tools in Cain & Able. Let me know if you need more info.

      Thanks,

      Brian

      aka Slimjim100

    • #12410
      1slorunner
      Participant

      Brian —
      Thanks for the info but I am still need some clarification. 

      “Once you are on the network wired or wireless you can use all the tools in Cain & Able”

      I can associate with an AP but I am not able to use the full functionality of Cain and Able and I was told that this was not possible without purchasing the airPCap adapter and software.  Am I wrong or just doing something incorrectly?  I have no issues using Cain & Able wired but wireless I have no functionality.  Thoughts? Ideas?

    • #12411
      Anonymous
      Participant

      what specifically are you not able to do?

      also, is the AP giving you an IP or are you just connected?  sometimes you can can “connect” but not send packets because of the encryption

    • #12412
      1slorunner
      Participant

      Chris —
      I am trying to do ARP Poisoning via wireless.

      Joe

    • #12413
      slimjim100
      Participant

      You need to have a IP off of the access point to APR Poison. Use Cain & Able and scan for host off of your wifi nic and see if you are on that subnet 1st.

      Brian

    • #12414
      1slorunner
      Participant

      Brian —
      I am associated with an AP and I have an IP address.  I fire up Cain and Start the Sniffer and choose the Sniffer tab and Select the + Symbol and select all hosts in my subnet.  It scans but finds nothing.  It should find wireless devices connected to the same subnet, correct?  I try this wired and I have no issues. 

      Joe

    • #12415
      slimjim100
      Participant

      Make sure you have promiscuous more turned off (this is under configure). Now I have seen some wifi cards not work on the sniffer tab in Cain but 90% of wifi NIC’s I have used worked fine. Also not to pwan you off on a help file but the help document in Cain is super well writen and will teach you so much. Let me know if this helps.

      Brian

    • #12416
      1slorunner
      Participant

      To All —
      I finally got it working after changing one setting, in the configuration-ARP Tab, I selected “Use Real IP and MAC addresses” and it worked.  I must have changed this setting some time ago and never changed it back.  I would like to thank all for your patience and assistance, great website and forum.

      Thanks Again,
      Joe

Viewing 18 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?