Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: Public Hotspot Security

  1. #11
    Senior Member
    Join Date
    Jan 2006
    Posts
    1,334

    Default

    I agree, it's the "between a rock and a hard place" scenario.
    Some are more forthcoming with help than others.

    Perhaps if you were to research your issue more thoroughly first, and then post requesting specific help with specific issues you would find a better response.
    Unfortunately, your "chosen subject" is perhaps a sensitive one and your generic question, which really does boil down to "how can I hack a public hotspot from scratch" is going to be seen as a little suspicious.
    After all, there is already available plenty of information upon the subject, scattered around the www.

    If you study your spare "setup" in lab conditions, and gain a working understanding of it, I'm sure it'll become clearer as to how to approach your problem.
    Some simple research will turn up plenty of methods and tools.
    And then from there, as I said, specific help for specific questions may be more forthcoming.

    Personally, I still think that if they are implementing this system with the intention of employees carrying out sensitive work related tasks, then I'm sure that the cleartext issue alone would be enough to raise an eyebrow or two

    No offense intended, but if you have no grounding in the subject, why have they tasked you with this? Perhaps if this is a widely implemented system within your organisation, it would be an ideal opportunity to bring up the possibility of being sent on a course or two? Starting with the off-sec wifu course

  2. #12
    Member
    Join Date
    Jan 2006
    Posts
    90

    Default

    Thanks Re@ality.

    I guess at times I get this idea in my head, and the first thing I do is make a post (bad habit maybe) becuase I want to get the info as fast as I can.

    What I wanted out of this thread to start off with was basically anubis style posts. He mentioned wifizoo, so I look it up and see what it does, then I'll try use it and gather informartion that way.

    When I say I have no grounding, I mean I have taken upon this project myself, becuase this is a great way of learning for me. At the very end of the day they can throw my presentation away and continue having fun with their open access, but I'll still be better off

  3. #13
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    I will post this for every one to read. IMHO opinion the way to get a answer to a taboo type question is this.(at least from me)

    Most attacks require a series of tools used in conjunction with each other. In my experience its not to hard to find out the names of the tools and sometimes the order in which the should be implemented in the attack. Once you have gained this knowledge you can go on to inquire about each tool individually. Once you have done that then it would be up to you to implement the tools in the attack.

    This works for me simply because the request is to use one tool and not "How do I hack this" or whatever the case may be.

    Just a side note not pertaining to this thread but it is also a good idea to form complete and grammatically correct sentences if you expect a intelligent response.

  4. #14
    Member
    Join Date
    Jan 2006
    Posts
    90

    Default

    Thank you for your insight

  5. #15
    Junior Member
    Join Date
    Jan 2007
    Posts
    97

    Default

    Just a pointer: 802.1x, it integrates readily with RADIUS servers such as FreeRADIUS, and can secure the types of scenarios you are contemplating. The landing page would come after a secure over-the-air session has been established.

    Cheers,

    Mother
    In God we trust, all others we monitor

  6. #16
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Believe me, I understand your dilemma. Also, I agree with pureh@te; if you want help with problems with a particular tool, I'm willing to help if it's something I'm knowledgeable about and you can articulate along the lines of "The XYZ tool is giving me an 'Error 21', but according to the readme the inputs are correct. Do I need to change the config file to a different location?"

    If you're truly in the dark on this, there are a number of books to start you off on the subject. This is one of my favorites, but then again I'm prejudiced.

    WarDriving and Wireless Penetration Testing

    Disclaimer: I'm one of the authors. No, you don't have to buy it, read it at the library if you want. There are no royalties on this one for me.

    The book's target audience is security professionals. If you You will need a solid grounding in penetration testing and wireless to understand many of the concepts in the book.
    Thorn
    Stop the TSA now! Boycott the airlines.

  7. #17
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by pureh@te View Post
    Just a side note not pertaining to this thread but it is also a good idea to form complete and grammatically correct sentences if you expect a intelligent response.


    Sorry, I had to point it out



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  8. #18
    Senior Member
    Join Date
    Feb 2008
    Posts
    681

    Default

    Quote Originally Posted by ShadowKill View Post


    Sorry, I had to point it out
    You're evil
    [FONT=Courier New][SIZE=2][FONT=Courier New]hehe...
    [/FONT][/SIZE][/FONT]

  9. #19
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    @ hongman

    This may help guide you as far as MITM attacks are concerned. This link goes into great detail as far as how to set up the attack.

    There are a lot of guides in this link that may be of some help to you. As far as I know, airsnarf will be your best tool, although I know not how to completely "bypass" a captive portal without hijacking someones credentials or paying for an account yourself,...but I do know however, that this guide will show you how easy it is for a hacker to trick you into spilling your username and password.

    Most of the "good" articles and videos can be found here>>

    Just click on one of the names and it will take you to thier collection of articles and videos.


    And like Mother has said, Radius reaLLY IS THE BEST PROTECTION FROM THESE TYPES OF ATTACKS. mOST RADIUS SERVERS REQUIRE A DIAL UP CONNECTION for authentication (Sorry caps locked) and this is where you get your extra security.

    Hope my links help you out.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  10. #20
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by .lonewolf View Post
    You're evil
    lol I know, it's all about the love



    BTW, I've always been a big fan of EH. Loads of very good information on their side....



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •