cracking a login wireless

Viewing 10 reply threads
  • Author
    Posts
    • #3333
      bazpaul
      Participant

      Hi, Im just wondering is it possible to crack wireless where you have to login via a website. Like in a hotel or cafe where they give you a password and the webpage defaults to a login screen.

      Thanks!!!

    • #22094
      Don Donzal
      Keymaster

      Yes. It is based on MAC address, so spoof that, and voila… I think there may be a post or 2 on this forum about that. Let me see if I can find it.

      BTW – Being the “Ethical” Hacker Network, you are doing this as part of a pen test with permission from the hotel, right?

      Don

    • #22095
      jason
      Participant

      Google is your friend. Try something along the lines of ‘wireless mac security’.

    • #22096
      SynJunkie
      Participant

      Bazpaul

      Not sure if its any use to you but did a blog post on bypassing mac address filtering a while back.

      i’m sure there are better guides but it might be of use.

      http://synjunkie.blogspot.com/2007/12/bypass-hidden-ssid-mac-address-filter.html

      Regards

      Syn

    • #22097
      jason
      Participant

      Nice post Syn. Always helpful to have pretty pictures 🙂

    • #22098
      SynJunkie
      Participant

      Thanks, i aim to please 🙂

    • #22099
      Vertigo
      Participant

      It not so easy to crack login in some cases… some ISP’s use ssl secured login with unique passwd. MAC address change in this cases will not help  :-

      ==============
      GCIH, Security+

    • #22100

      i don’t know much about it, but I believe Dan Kaminsky had done something with DNS and tunneling to get through those sorts of things.

    • #22101
      hayabusa
      Participant

      I did a test, not long ago, for a hotel chain that was using such login screens and ssl.  I used a combination of ARP spoofing / MITM (to catch the login credentials,) and then MAC spoofing and was able to gain access pretty quickly.

      You simply need to take your time, and work out each piece of the puzzle, methodically, before you start hacking away, to make sure you have a good feel for how to get by each measure of security.  SSL, when used with a webpage login, is extremely vulnerable to the MITM attacks, particularly where you’re dealing with either hotel visitors or hotel staff (who generally are NOT well-versed in security, and who will readily click on SSL certificate messages, without thinking.

      And, as Don says, however, you ARE doing this for legit purposes, correct?

    • #22102
      Kev
      Participant

      This is one of those times when a windows tool can do the job nicely. Cain and Abel is a great tool for Mitm, arp poison routing and good ole network sniffing. I have found it does a great job testing the security for most hotel login screens.

    • #22103
      Soolari
      Participant

      Wht…about a wireless that askin 4 security before it connect how do i bypas that plz any hlp

Viewing 10 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?