Jump to content


Photo
- - - - -

WiFi Hacking


  • Please log in to reply
8 replies to this topic

#1 shadow0780

shadow0780

    the 0ne

  • Members
  • 1 posts
  • Gender:Male

Posted 18 October 2009 - 10:22 PM

Hey, i was wondering if it was possible to hack into someone PC via there wifi internet. The PC is a laptop with no virus protection, and it is very important that i get their hotmail password. It is connected through a wirless internet connection, can anyone please explain any way/s i could do this, thanks :)

#2 sojourner

sojourner

    H4x0r

  • Members
  • 35 posts
  • Gender:Male

Posted 18 October 2009 - 11:14 PM

Hey, i was wondering if it was possible to hack into someone PC via there wifi internet. The PC is a laptop with no virus protection, and it is very important that i get their hotmail password. It is connected through a wirless internet connection, can anyone please explain any way/s i could do this, thanks :)



Yes it is possible.

Check out aircrack-ng.org to read more on how to crack into someones wifi internet.

Once connected to their access point check out wireshark.org to find out how to get the hotmail password.

Hope this helped.

#3 phasma

phasma

    Hakker addict

  • Members
  • 527 posts
  • Country:
  • Gender:Male
  • Location:Pennsylvania

Posted 20 October 2009 - 08:54 AM

Hey, i was wondering if it was possible to hack into someone PC via there wifi internet. The PC is a laptop with no virus protection, and it is very important that i get their hotmail password. It is connected through a wirless internet connection, can anyone please explain any way/s i could do this, thanks :)

It depends on what you mean by "hack" their computer. You can crack the encryption that they're using to sniff all of the sensitive data like website credentials. And that's if hotmail isn't using HTTPS. Make sure you are what you're doing is ethical.

#4 Kool-Aide

Kool-Aide

    SCRiPT KiDDie

  • Members
  • 25 posts
  • Gender:Male
  • Location:Arkansizzle

Posted 24 October 2009 - 02:21 AM

2 ways of doing it.

1. Crack their WEP/WPA encryption and once you're on their network you can try to log into their computer via the network.

2. Crack their WEP/WPA encryption and once you're on their network you can use ettercap to capture their passwords being transferred across the LAN.

But for your sake I am not going to tell you how to do that. I am going to let you research on how to do it. I will just supply the idea that you need to do it. ;)
Look into downloading Backtrack 3.

#5 Silence

Silence

    Will I break 10 posts?

  • Members
  • 7 posts
  • Country:
  • Gender:Male

Posted 26 October 2009 - 02:37 PM

Like sojourner said, first step is to use aircrack-ng to get into their wireless network, then sniff the packets coming from their computer. However, Hotmail uses SSL (https). So even if you do capture the network traffic, you won't be able to decrypt his password without Hotmail's private key (which you won't be able to get).

One of the ways I can think of for getting his Hotmail password is to set up a keylogger on his computer. Social engineering will come in handy here.

Another option would be to set up your own Hotmail spoof site. Host this on your laptop using Apache, then change the HOSTS file on his computer to redirect hotmail.com to your laptop's IP (this is after using aircrack to get into his network).

Finally, you could just social engineer the password from him, no Wi-Fi hacking required. Remeber that you don't necessarily have to social engineer the password itself, the answer to his recovery question is going to be sufficient. It's a lot easier to ask someone "What was your favourite teacher's name?" than "What's your Hotmail password?". I believe Hotmail also requires their postal code, which shouldn't be too hard to get.

#6 trevelyn

trevelyn

    mad 1337

  • Members
  • 125 posts
  • Location:Pittsburgh, Pa

Posted 26 October 2009 - 10:46 PM

He/She doesn't mention encryption at all, why would you all jump to that conclusion? If there is no encryption at all, you can skip all of those steps and simply use WiFiZoo

http://community.cor...izoo/index.html

That my friend Hernan made, it sniffs cookies then creates a local proxy to set those cookies into your browser and use them.

IF there is encryption, it would be illegal for you to break it without their consent. IF you can crack it with Aircrack-NG, it would be illegal for you to get their Hotmail passwd without their consent.

IF there is WPA, you will need a LOOOONG word list to test with. and you will need a WiFi card that has a drive which is patched for injection.

http://www.aircrack-...ibility_drivers

(Which must have just changed yesterday... wow completely different layout)

Once your driver is right you will need to deauthenticate a wireless client using the AP. (Or theoretically you could just wait until he/she logs off an on again). And you capture a "handshake" in a "pcap" file. Which is a binary file, do not "cat" that file! heh

Then you use aircrack-ng and the word list.

If you have WPA2 or - you can use CowPatty versions 4.0+ to do the same procedure practically. If you have WPA2 Enterprise, with say a RADIUS server, you will have to just resort to Social engineering. Or be very artistic with Email Address lists and hash tables...

Once on the network, you can MITM (Man IN The Middle) the target by using Tools that come with the Dsniff Suite. (or Ettercap of course) With Dsniff though, you just use: (enable packet forwarding on your 443,80 ports)

Arpspoof, DNSspoof, WebMITM (creates fake certificate), and fragrouter.

Then you can use Wireshark to sniff a "cap" file. Once you have the cap file you can use the "fake" certificate from webmitm you made before (hopefully they accepted it), and decrypt the cap file using ssldump.

The Phishing thing works too, just change what the action will be once the person clicks login, to run, say a PHP script that takes the input into a file and redirects them to the site setting (hopefully) their already set cookie (seamlessly attaching them to a session).

I implemented that in WeakNet Linux in "Web Hacking Portal." You can use it, but I don;t have a Hotmail Phisher, only Gmail, FaceBook, PhotoBucket, and MySPace. I believe one of the guys from Secure-State ReL1k? is implementing a Phisher soon that uses that cool stacked iframes method. (I Think Hackin9 magazine called it "Click Jacking" (Haven't read that article in ages) Very Cool - Almost INSANE. I'd recommend reading into that.

Other than Phishing and packet manipulation and shit like that, I'd say go the route of Metasploit Framework to exploit services (most likely SMB or some streaming media thing) on the targets machine. FastTrack is amazing for this as you dont have to do much, but using FastTrack makes you miss out on a lot of cool stuff. Meterpreter can allow you to do stuff like upload files to the targets machine, run those files, take screenshots / etc without the target knowing (usually). It port scans the target machine then, matches all open ports against an almost-Microsoft-Like-Jet-like driven SQL server PostgreSQL database that has each exploit matched to each open port. Awesome Idea, I think, as I am a HUGE SQL freak maniac.. Love it!

I don't know why all those other newbskates posting before me tried to teach you anything, but if you're tryin to impress a chick by showing her Email, you might as well just make a fake html page that looks like Gmail and just say it's hers. - save you a lot of time reading and actually learning...

EDIT:: oh yeah, all of these methods are quite NOISY to any good System Administrator.. but if your target is someone who only checks their email all day long, i suppose he/she won't know. AND SERIOUSLY, YOU NEED PERMISSION. THIS IS SERIOUS STUFF.

Edited by trevelyn, 26 October 2009 - 10:48 PM.


#7 m_101

m_101

    Will I break 10 posts?

  • Members
  • 4 posts
  • Gender:Not Telling

Posted 03 November 2009 - 10:12 PM

This sure is serious stuff that you are asking about.
I hope you have the autorization to do this.

Anyway as trevelyn said, there are many ways to get the hotmail session but there is something that bothers me ...
Since with Wireless we have data flying through air ... why would we need arp spoofing (with ettercap or arpspoof or other) to intercept data?

For the tools, there also is airpwn which can be handy ;) .
For the techniques, surf jacking might be useful (I don't know if Hotmail is vulnerable to it though).

m_101

Edited by m_101, 03 November 2009 - 10:14 PM.


#8 BoogY

BoogY

    SCRiPT KiDDie

  • Members
  • 22 posts
  • Country:
  • Gender:Male

Posted 25 November 2009 - 08:48 AM

You can hack in 2 the Wifi using the aircrack-ng and after use Wireshark for network surveillance and use metasploit to hack in to the PC

Edited by BoogY, 25 November 2009 - 08:48 AM.


#9 p0is0n

p0is0n

    Will I break 10 posts?

  • Members
  • 9 posts
  • Country:
  • Gender:Male
  • Location:Pune

Posted 13 December 2009 - 02:17 PM

aircrack-ng to crack wifi internet
wireshark to get the hotmail password . .is d way to go. . .

I suggest you to use back track 4 Live cd . .
go on hacking wifi n hotmail in your town . . lol




BinRev is hosted by the great people at Lunarpages!