How I cracked my neighbor's WiFi password without breaking a sweat

Discussion in 'Security' started by Chiefcrowe, Aug 28, 2012.

  1. weovpac

    weovpac Golden Member

    Joined:
    Apr 12, 2000
    Messages:
    1,381
    Likes Received:
    0
  2. VirtualLarry

    VirtualLarry Lifer

    Joined:
    Aug 25, 2001
    Messages:
    33,337
    Likes Received:
    26
    Interesting read, perhaps I should change my WiFi passwords!
     
  3. ichy

    ichy Diamond Member

    Joined:
    Oct 5, 2006
    Messages:
    6,939
    Likes Received:
    0
    Interesting. I was expecting it to be yet another article about how WEP is a joke.
     
  4. VirtualLarry

    VirtualLarry Lifer

    Joined:
    Aug 25, 2001
    Messages:
    33,337
    Likes Received:
    26
    Verizon still deploys FIOS installs with a wifi router pre-configured for WEP, with the passcode printed on the bottom of the router.
     
  5. Chiefcrowe

    Chiefcrowe Diamond Member

    Joined:
    Sep 15, 2008
    Messages:
    4,302
    Likes Received:
    2
    The last 2 people I saw with FIOS who just got it recently, had it preconfigured for WPA2, so I think they are finally getting the idea..
     
  6. codyray10

    codyray10 Senior member

    Joined:
    Apr 14, 2008
    Messages:
    803
    Likes Received:
    2
    Interesting read. Would have been better if he was able to do it using free pcap software as opposed to a $2,500 piece of software
     
  7. ichy

    ichy Diamond Member

    Joined:
    Oct 5, 2006
    Messages:
    6,939
    Likes Received:
    0
    Ha, that must be why I see so many WEP networks in my neighborhood.
     
  8. ussfletcher

    ussfletcher Platinum Member

    Joined:
    Apr 16, 2005
    Messages:
    2,569
    Likes Received:
    0
    Only made easier by WPS.
     
  9. MrColin

    MrColin Platinum Member

    Joined:
    May 21, 2003
    Messages:
    2,394
    Likes Received:
    1
    I just slip my neighbor a $10 every month.
     
  10. lxskllr

    lxskllr Lifer

    Joined:
    Nov 30, 2004
    Messages:
    44,391
    Likes Received:
    36
    Or leave it open as a community service ;^)
     
  11. VirtualLarry

    VirtualLarry Lifer

    Joined:
    Aug 25, 2001
    Messages:
    33,337
    Likes Received:
    26
    I did, until the neighbors started torr3nting, and I couldn't even use my own DSL connection.
     
  12. lxskllr

    lxskllr Lifer

    Joined:
    Nov 30, 2004
    Messages:
    44,391
    Likes Received:
    36
    DSL's a meager resource to share. I wouldn't be as inclined to leave it open on DSL. Setting aggressive QOS on the router could help, but DSL's barely acceptable for one person, much less multiple people.
     
  13. seepy83

    seepy83 Platinum Member

    Joined:
    Nov 12, 2003
    Messages:
    2,132
    Likes Received:
    0
    That's a pretty bold statement to make. I get between 10 and 20 Mbps on VDSL (att Uverse)...I don't see how that's "barely acceptable".
     
  14. lxskllr

    lxskllr Lifer

    Joined:
    Nov 30, 2004
    Messages:
    44,391
    Likes Received:
    36
    I haven't been following the tech that closely, and didn't know DSL went that fast. Might be due to my local experience. I think it tops out around 3mbps around here.
     
  15. Paperlantern

    Paperlantern Platinum Member

    Joined:
    Apr 26, 2003
    Messages:
    2,188
    Likes Received:
    0
    20 is petty robust. I use cable and only just recently bumped from 8Mbps up to 15Mbps, though for some reason they doubled my upstream which was nice for my FTP and Minecraft servers. My old D-Link only supports WPA. I've been looking at current models recently. I'm taking CISSP soon and it's opened my eyes and interesting this type of stuff. I had a really terrible setup before. I would only deter he people that stop trying when they see the lock icon, lol
     
  16. Jeffg010

    Jeffg010 Diamond Member

    Joined:
    Feb 22, 2008
    Messages:
    3,438
    Likes Received:
    0
    So the moral of the story is not to use Wireless? I run all wire in my house.

    and below was a comment that states it does not even matter what your passkey is.

    "This is all well and good, but one thing to keep in mind: if you have WiFi Protected Setup (WPS) enabled on your router (and you likely do if you bought a router in the past 4-5 years), it makes no difference how long or complex your WPA/WPA2 passkey is. If it is enabled, WPS can be easily cracked within 24 (or less in many cases) hours by breaking down the 8-character PIN into 2 halves, and cracking those halves. The 8th digit is actually a checksum of the first 7, so really you only have to guess the first 7. This amounts to 11,000 (!) possible combinations. Once cracked, your program of choice can request the full, unencrypted, plaintext WPA/WPA2 passkey, without ever having to touch it.

    Oh, and this can all be done with free, open-source, readily available software, and requires very little hardware power.

    Edit: Also, looking at the screen cap of the list of APs - many of them show WPS(ON). This makes an even stronger case for WPS cracking, as it takes less time, and you don't have to buy expensive software or spend lots of money on renting out EC2 servers to crack the WPA passkey."
     
  17. PrincessFrosty

    PrincessFrosty Platinum Member

    Joined:
    Feb 13, 2008
    Messages:
    2,089
    Likes Received:
    3
    It's up to 24Mbit in the UK on ADSL2, but it depends on line quality and you need to be a few hundred meters from the exchange or less to get max speed, it drops off really fast, even inner city folks get pretty lame speeds of 10-15Mbit.

    Fibre is the way to go, or what I have which is hybrid fibre coax cable from Virgin Media, 50mbit soon to be 120Mbit.
     
  18. bononos

    bononos Diamond Member

    Joined:
    Aug 21, 2011
    Messages:
    3,197
    Likes Received:
    1
    I don't think there are problems with WPA2, its only WPS that needs to be turned off.
     
  19. MrColin

    MrColin Platinum Member

    Joined:
    May 21, 2003
    Messages:
    2,394
    Likes Received:
    1
    It is crackable with freely available software. Using paid software and services it takes less time.
     
  20. bononos

    bononos Diamond Member

    Joined:
    Aug 21, 2011
    Messages:
    3,197
    Likes Received:
    1
  21. ch33zw1z

    ch33zw1z Lifer

    Joined:
    Nov 4, 2004
    Messages:
    13,767
    Likes Received:
    0
    The passwords he captured were all lower case, plain jane type passwords. I'd like to see what he does with something we can think up.

    something like: .:p@ssw0rd:1s:N0t:Th3:p@ssw0rd:.

    FYI, that's not one of my passwords :)
     
  22. PrincessFrosty

    PrincessFrosty Platinum Member

    Joined:
    Feb 13, 2008
    Messages:
    2,089
    Likes Received:
    3
    Password complexity is irrelevant with the WPS weakness, you don't attack the password you attack the unique WPS ID of the router which is essentially a 7 length numeric only key, it's something like 11,000 different combinations, once you've got it the auth info is sent directly back to you.
     
  23. ch33zw1z

    ch33zw1z Lifer

    Joined:
    Nov 4, 2004
    Messages:
    13,767
    Likes Received:
    0
    I read it as though he wasn't attacking WPS, but the authentication itself.
     
  24. bononos

    bononos Diamond Member

    Joined:
    Aug 21, 2011
    Messages:
    3,197
    Likes Received:
    1
    I only mentioned WPS because the previous poster in my OP mentioned that wireless was risky which it isn't, well relatively speaking.

    The article in the OP did not reveal any major problems in the WPA/WPA2 protocol, it was talking about cloud cracking WPA/WPA2 12 and 14 char (all lowercase) passwords in seconds. The passwords were weak because they used common words in the dictionary. WPA2 is quite secure since it uses salting and key stretching, its not that great now (with gpgpu and cloud cracking) but should be reasonably secure with long passwords which it supports - up to 63 or 64 char. I'd be worried if routers truncate long passwords in the encryption but that is a different matter.