#!# So you thought you where safe //www/wifi

Greetings all, this is another guide to staying safe on the interwebz.

About this guide::
In this guide I will show you how your system could be used against you. I will not tell you how to replicate these attacks. I will show you how simply using public wifi could be dangerous to YOU.​

<guide>

So you're on an open network minding your own business, practicing good internet safety.

What if I said your computer could be used as a recruiter, or turned into a zombie? With the following guide I'll show you just how flawed 802.11 security really is, and what you can do to help keep yourself safe from such attacks.

802.11 was never designed with security in mind, but exactly how bad is it? How about open headers. (Is this bad?) Can be, yea. Open headers allows an attacker to take your sequence number. When a sequence number has been obtained the attacker could use TCP injection to dominate your browser, even your system altogether. This is a lasting attack, when you shut your computer off, take it off the network, it doesn't matter; you are still "under the influence".

An attacker could write custom filters to control your traffic. This is not desired to be a bad phishing technique, this is MUCH MORE SEVERE than that. When the attacker has control over your HTTP connections, he also has control over your browser. HTML, Javascript? How about javascript! Those lovely bits of js could be edited and have their expirations set to years down the road. And if the attack targeted at js caches (i.e. Google) it could influence your connections on hundreds of sites.

From there the attacker could attempt drive-by attacks, view your passwords, edit your web pages, even swap paypal movements, and even alter DNS queries. And it all takes a script that could be written in 10-15 minutes and applied as a filter.

​

The attacker could use vulnerabilities or drive-by attacks to set your system up with a RAT, rootkit, or even a script to attack other systems on a network. It isn't fantasy, this is.. 802.11 security. TCP injection mind you is not an easy feat to perform. But open headers bring this difficult attack to a vicious reality.

Your traffic can be seen
Your traffic can be predicted
Your traffic can be manipulated
Your browser can then be manipulated
Your operating system, can then, be manipulated​

What can you do to prevent this attack? Although there isn't a whole lot, aside from a good firewall and keeping your browsers up to date. What you CAN do is to always remember to manually clear your cache and cookies. That isn't enough, you must understand that when you are using wifi you are quite literally throwing your personal information up in the air. All somebody needs is.. a net. I strongly encourage you all to be conscientious of what you are doing when you are on a shared network, and to never use an open network to submit personal/credit about yourself or others. You should always use a trusted/secured network for these duties!
</guide>

That concludes a simple guide on internet security, 1ce​

 

Were*

But nice guide. Not for the newbies, but still, good knowledge.

 

most my guides aren't targeted at newbies. But I figure anybody is capable of not submitting personal information over a wireless network.

 

I had no idea it was that dangerous to use an unsecured network, thanks for the guide.

 

Oooh yea.. there are plenty of people who will just move around finding good networks to snoop so they could start jackin personal info.

*shakes head*

Safety first!

 

Use a vpn and problem is solved.

 

hardly... that statement literally made no sense :x

 

Explain how the statement makes no sense. :x

 

Because you'd be targetting traffic headed out of the gateway, rather than networking traffic altogether. And even if you wanted to do a mitm the security isn't usually that strong, you don't need to crack it, just decrypt it.

You could go through a whole list of things, honeypots, vpns, but everything headed out of the gateway won't be encrypted and could easilly be scrubbed..

Furthermore if you infected one of the vpn hosts you could easily just use that to compromise the whole thing, apply packet filters etc.

yet again; that would only secure transmissions to the vpn in the first place, it's not going to provide you with 100% protection assuming the vpn security was insanely good.

//

If for any reason that failed, (what I would do) Is I'd just phlash the router and have it start broadcasting itself as a different IP acting as a pdos out of sheer frustration. But the odds aren't in your favor because most of you probably use windows and there are enough ways to tweak that to my advantage, such as exploiting your vpn, netware simulations/attacks, etc.

A vpn really isn't going to do much for you.. and can typically be resolved using bpf devices and and custom ettercrap filters and airpwn scripts.

The neat thing about freebsd is I have the resources to create virtual hardware simulations, they can act as another networking device, other hosts, i.e. a fake windows computer, routers, etc. It's excrutiating work (but not impossible) to spoof the hosts you'd be trying to set up with the vpn in the first place, but creating the daemons and redirecting your traffic.

=x hope that's a little more insightful, my previous post was a little dull.

 

But vpn secures that...

 

omfg... did you read my previous post at all? A vpn doesn't do jack shit for you.. all a vpn attempts to do is secure 1 single frackin connection. What the hell is stopping me from redirecting your vpn to a device running a virtual host I redirect the dns request. From there I can do whatever I want to your shitty vpn including jacking the key, which I can use to decrypt your messages.

Stop looking at it from a windows perspective and look at it through my eyes for a moment: A vpn does you ABSOLUTELY NO GOOD.

It's just another connection amongst many others.

 

dude u cant redirect a secure vpn host

 

wow.. I didn't know anything of this and I am currently on a wifi net without a password (it's my hotel's wifi)

 

Care to show us this top secret reality defying information you have that bends the rules of all networking standards?

Pretty sure I just did it in under 5 minutes.

If the connection is there I need only to be on the same network and I can do nearly anything imaginable to it.

Here's how I'd do it::

First I'd terminate your existing vpn connection, then I'd redirect all of your traffic to a virtual router that will give me read/write access to your connections. ( at the same time having wireshark open ) When you attempt to reconnect I'll forward your dns information to one of my spoof'd hosts and jack the security information you sent to my virtual netware. Which.. I'll have wireshark pick up for me. I again kill that connection and apply a filter that decrypts it for injection.

A vpn is really pretty useless.

 

I highly doubt you can terminate a connection to vpn.

 

.... god you're so daft, give me a few minutes I'll show you.

First I use my wireless card to spam adress resolution protocol packets to fool your computer into thinking I'm the router. Then I will inject ACK/RST packets into the connection. Screeny in a second.

​

Cool.. hijacked/killed a connection using a gui in less than 3 minutes...

Rather than challenging me, and sounding like a dumb ass, (don't mean to be condescending but I know more than you do,.. a LOT more than you do..) Try bringing something intelligent to the guide rather than attempt to belittle it with your own misunderstandings..


To thinks that a vpn or programs like etter cap are 'top secret hacking tools/elitest security objects' is not only silly, but borderlines retarded. I don't wish to embarrass you, actually that isn't my goal. Giving you the benefit of the doubt that you aren't trolling, check this out:

RFC 826 - Address Resolution Protocol
​

It's pretty cut and dry, you can take the RFCs as the fabric of truth themselves, more so than the divine word of god.
I hope that clears up any doubts.

Thanks, 1ce​

 

dude you have to hax the router first!!1 Which is almost impossible nowdays.

 

@Poyzon *BANNED* :: This is not a hacking guide, stop trying to make it one.

And for the record, routers can easily be 'hax'd'; but that's to be expected as their primary focus isn't on security in the first place. Not that there is anything wrong with 'hacking' it's really just a matter of perspective/which side you pick. None-the-less it is better not to influence members of a website that's composed predominatly of 12-16 year olds who are likely to take in information and use it to do abusively stupid shit.

If anybody out there has a question that isn't related to 'hacking' but rather a sincere comment about internet related security feel free to ask. Mind you sythe does have rules against illegal activity and their moderators aren't experts in the field so the line is both thin and very blurry, However I will answer as best as I can.

Don't be shy, leave a comment, 1ce

 

So even with a password on wifi it's quite easy to manipulate or only the ones that don't require passwords? If this is the case my whole family's going back onto direct data cable connections as of whenever I can be bothered going under my house an terminating cat5 fml...


When you say you fooled the computer to think it was a router what is the "it" you are referring to another computer or program or what. If you don't want to answer the question as it is semi leading to a hacking tutorial it's fine, personally just like to know what I'm up against to better protect myself.

 

Better protecting yourself is EXACTLY what this guide is about, I will answer your question, that much I can do. However I cannot show/tell you how to replicate the attacks.

When I say 'it' I'm referring to using a computer to target hosts on a network, at which point the attacking computer emulates the router and the victim pc sends its traffic to the attacking pc, and the router sends the victims downlink traffic to the attacking pc. This is called a Man In The Middle attack. It's 1 way to skin a cat, using wireless security prevents mitm attacks fairly well. Not only because it prevents access on the network in the first place but also encrypts the traffic in the first place allowing for an additional level of security.

Here is how a mitm works:
You --> Me --> Real router
You <-- Me <-- Real router

You don't 'need' to do an ethernet, you could secure your wireless network, and setup an access list for your router. Although it isn't perfect, it's a good start.

However, you can still use promiscuous listening to obtain the net key, even with an access list that can still leave you vulnerable because although you can't be victimized by a man in the middle you can still have your traffic injected.

I will point out, in the above scenerio I gave you it is fully possible, but completely impracticable to go through that much effort to invade a home network, and it is really a pretty advanced attack.

Securing your wireless connections and setting up an access list will solve your troubles, I'm confidant of that much. If you are not willing to take the risk feel free and set it up with CATs

Sincerely, 1ce​