.

Dont' Steal My Wifi

<<

d1spat3r

User avatar

Newbie
Newbie

Posts: 28

Joined: Mon Dec 04, 2006 10:13 am

Location: Wisconsin

Post Tue Apr 03, 2007 1:08 pm

Dont' Steal My Wifi

Has anyone looked into this?  I plan on checking it out later this week but thought this group might be interested in the information.

http://www.dontsteal.net/dontsteal/index.htm
CISSP, GSEC, GCFA
<<

LSOChris

Post Tue Apr 03, 2007 2:47 pm

Re: Dont' Steal My Wifi

my wireless router does this free...

turn WPA on, turn mac filtering on, then regularly look at the DHCP table and see who has been connecting...

an SSID of BUY_YOUR_OWN_INTERNET should be a pretty good hint too
<<

d1spat3r

User avatar

Newbie
Newbie

Posts: 28

Joined: Mon Dec 04, 2006 10:13 am

Location: Wisconsin

Post Tue Apr 03, 2007 3:33 pm

Re: Dont' Steal My Wifi

According to their little video it will also allow your to see all of their activity including viewing inside of their hotmail (webmail) accounts. 

http://dontsteal.net/dontsteal/video/all.html
CISSP, GSEC, GCFA
<<

heffnercj

EH-Net Columnist
EH-Net Columnist

Posts: 69

Joined: Thu Mar 15, 2007 2:45 pm

Post Tue Apr 03, 2007 5:42 pm

Re: Dont' Steal My Wifi

Well that can be easily done with free tools too...but if anyone is dumb (naive?) enough to access sensitive information over an unencrypted connection using unsecured wireless, then they deserve whatever they get.

A far more interesting (and malicious...and cheaper!) way to catch people trying to leech off your wireless is to set up a fake AP to glean user names and passwords from various sites and services they use and redirect their Google searches to nasty sites. Not that I would ever condone such a thing...but it would be fun fun fun till the FBI takes the T-bird away.  ::)
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Tue Apr 03, 2007 10:13 pm

Re: Dont' Steal My Wifi

Here is a link to a thread on Airsnare... cool stuff

http://www.ethicalhacker.net/component/ ... ic,1124.0/
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

jimbob

Post Wed Apr 04, 2007 6:09 am

Re: Dont' Steal My Wifi

I downloaded airsnare, a nice bit of software. When I ran the updater it triggered the signature Win32:Trojan-Gen in Avast! Antivirus. Is this a false positive, since the code is designed to update the program?

Jimbob
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Wed Apr 04, 2007 7:28 am

Re: Dont' Steal My Wifi

I use AVG and I have never see any kind of virus or trojan in Airsnare. I am not sure why your anti-virus responded that way but it could be because Airsnare dose sniff and detect spoofing so some of the code could be simpler to password catching programs. I would say keep an eye on it and uninstall if you do not feel safe with it. I have ran if for while and never had issue with it.

Brian
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

jimbob

Post Wed Apr 04, 2007 7:58 am

Re: Dont' Steal My Wifi

Airsnare itself didn't trigger the AV scanner. I ran the "AirSnare Updator" link from the start menu and the file downloaded (update.exe) set off the alarm. Strange.

Jimbob
<<

t0lomp

Newbie
Newbie

Posts: 7

Joined: Wed Apr 04, 2007 1:19 pm

Post Wed Apr 04, 2007 1:33 pm

Re: Dont' Steal My Wifi

ChrisG wrote:my wireless router does this free...

turn WPA on, turn mac filtering on, then regularly look at the DHCP table and see who has been connecting...

an SSID of BUY_YOUR_OWN_INTERNET should be a pretty good hint too


Actually your wireless router does not do this.  Your wireless router can provide you the MAC id of someone connecting to your network, which would not enable you to determine the identity of the person accessing your wireless network.

The program that this fellow listed - dontstealmywifi (and thanks for listing it) provides you with the identity of the person who is tapping into your wireless connection.  it also allows you to send and receive new email from their webmail account.  I tried it today and it works for yahoo classic mail, yahoo beta mail, hotmail classic and hotmail lite live mail.  It is supposed to work for other webmail accounts as well, although I have not tried it.

This is, in fact interesting, because you are actually able to log to the account, which means that it has somehow circumvented SSL, but what is even more interesting is the other program on the same website called dontstealmysecrets.  With it you can do the same thing WITH ONLY THE WIRELESS TRAFFIC.  You do not have to be monkey-in-the-middle to do so.  It also works for wired traffic, and I tried this also (you have to perform the playback from the same network).

You said that you know of other programs that can do this (enable you to send and receive email from an account where the login occurs wirelessly, with only capturing the traffic).  Could you name them please?
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Wed Apr 04, 2007 2:22 pm

Re: Dont' Steal My Wifi

You can replay with Airsnare because it will record the traffic in an ethereal format. Also you can do a Man in The Middle Attach with a lot of tools.. Cain & able comes to mind for me and I can do more than just open there e-mail I would have there passwords too. It's a cool idea but depending on what State or country you live in just because someone trespasses on your network it dose not give you the legal right to steel there credentials and log in to there personal accounts. I guess some of this would go back to if you need this software you have already failed to secure your network and logging into someone’s e-mail without there permission can bring up some ethical questions...

Brian
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

heffnercj

EH-Net Columnist
EH-Net Columnist

Posts: 69

Joined: Thu Mar 15, 2007 2:45 pm

Post Wed Apr 04, 2007 2:30 pm

Re: Dont' Steal My Wifi

Actually your wireless router does not do this.


You're right, this program does do more than the average WAP as far as traffic analysis goes, but as far as actively protecting you, I don't think it does much more (I havn't used it as you have though, so please correct me if this is wrong).

You said that you know of other programs that can do this (enable you to send and receive email from an account where the login occurs wirelessly, with only capturing the traffic).  Could you name them please?


Ethereal, tcpdump, or any other packet sniffer.

This is, in fact interesting, because you are actually able to log to the account, which means that it has somehow circumvented SSL


I seriously doubt that...it has probably captured the session cookie and is using that to impersonate the user. Most Web mail does not use SSL after the initial log in, so no SSL circumvention is necessary.

Still an interesting app though.
<<

t0lomp

Newbie
Newbie

Posts: 7

Joined: Wed Apr 04, 2007 1:19 pm

Post Thu Apr 05, 2007 2:19 am

Re: Dont' Steal My Wifi

You're right...but as far as actively protecting you, I don't think it does...

Its purpose is to help identify the person who is logging into your wireless network.  It downloads every mail message in their account and builds a searchable database to help you, and it enables you to log into their account.

Ethereal, tcpdump, or any other packet sniffer.

Packet sniffers and tcpdump do not enable you to log into an attacker's account.

I seriously doubt that...it has probably captured the session cookie and is using that to impersonate the user. Most Web mail does not use SSL after the initial log in, so no SSL circumvention is necessary....

I expired the cookie by logging out, but the program could still log me to the accounts.  That is surprising, to say the least.

...an interesting app...

I would say so.
<<

t0lomp

Newbie
Newbie

Posts: 7

Joined: Wed Apr 04, 2007 1:19 pm

Post Thu Apr 05, 2007 5:33 am

Can & Able not appropriate

slimjim100 wrote:Cain & able comes to mind for me and I can do more than just open there e-mail I would have there passwords too.


Cain & Able might "come to mind" but it wouldn't work here - the authentication for these webmail providers is transmitted using SSL and Cain cannot sniff SSL traffic. 

slimjim100 wrote:It's a cool idea but depending on what State or country you live in just because someone trespasses on your network it dose not give you the legal right to steel there credentials and log in to there personal accounts. I guess some of this would go back to if you need this software you have already failed to secure your network and logging into someone’s e-mail without there permission can bring up some ethical questions...


Many routers cannot be upgraded from WEP.  Also, a substantial percentage of WPA sites can be cracked with a rainbow table.  The dontstealmywifi appears to be designed for use WITH an encrypted connection.  It appears to be for companies or individuals that are worried that someone is hacking their ENCRYPTED wireless network.

As you said, you should not use it on an unsecured wireless network.

d1spat3r - thanks for bringing this program to my attention.
<<

heffnercj

EH-Net Columnist
EH-Net Columnist

Posts: 69

Joined: Thu Mar 15, 2007 2:45 pm

Post Thu Apr 05, 2007 7:43 am

Re: Dont' Steal My Wifi

Packet sniffers and tcpdump do not enable you to log into an attacker's account.


They do if the logon is transmitted in plain text (obviously), but I was under the assumption that the application in question was using cookies to hijack a user's session, which a packet sniffer would enable you to do.

I expired the cookie by logging out, but the program could still log me to the accounts.  That is surprising, to say the least.


Indeed it is! Does this program perform some type of MITM attack? If not, then it is definately more interesting than I first thought...
<<

heffnercj

EH-Net Columnist
EH-Net Columnist

Posts: 69

Joined: Thu Mar 15, 2007 2:45 pm

Post Thu Apr 05, 2007 9:13 am

Re: Dont' Steal My Wifi

The program doesn't like my wireless card so it refuses to run, but based on the information/error messages I recieved during setup, here's how I think it works:

It mentioned setting up a new wireless router using the PC's wireless and ethernet connections. I assume that what it is doing is setting up a second WAP via the wireless card and bridging the connection to the ethernet connection. If this is the case, then it doesn't actually protect/monitor your current wireless network, so anyone who connects to the original WAP rather than this new one would remain unaffected. If it is setting up a new WAP, then I suspect it using MITM techniques to glean the logon information from various sites.

I know that dontstealmysecrets was mentioned earlier in this thread too (it didn't want to run for me either unfortunately), and that t0lomp said specifically that it doesn't use MITM techniques and can still provide access to email accounts accessed via SSL. It would be interesting to see if dontstealmysecrets is sniffing the cookies and using those, or if it still provides account access after the session has expired like dontstealmywifi does.

t0lomp, now that you've got me interested in how this thing works any input on the above would be appreciated. I'm going to have to see if I can get either of these programs running on my computer when I get home tonight. :)
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software