07-06-2022, 07:42 PM
For all of you who use technology in this day and age, I don't envy you, like, at all. You see with wireless technology comes serious security risks. The kind of risks people don't think about until it happens to them.
Let me give you a scenario. You're at a Starbucks and you need to get some work done on your laptop. You buy a donut or a sandwich, sit down with your comestible, and open your laptop putting down the password you were given by being a paying customer. A login page pops up asking you to accept the terms and services to access the wi-fi network. the page refreshes and you have to click the OK button again then you have access and go on your merry way not realizing that you've just given someone complete access over your web browser.
This is called a Man in the middle attack and combined with software like BEEF that exploits a browser for simply visiting a page it's an incredibly powerful method to hack which doesn't require sitting down for ours trying to crack a singular password. You were likely one of any number of people at that Starbucks that day who had BEEF load an exploit onto their computer, their phone, their tablet, whatever. And none of them know what's going on until it's too late.
Here's how this actually works. You have a person with a computer, it's usually within about 200 feet of the access point you're trying to spoof, that is you're overpowering and acting like a mimic towards that access point. your laptop is likely loaded with Kali linux or something similar such as Parrot OS. And you have an unlocked wi-fi antenna that can be put into all sorts of special modes including broadcast and receiving mode. Alternatively You've setup a wi-fi pineapple or similar device in the restaurant, probably in a bag in the corner hidden in plain sight.
Either way you now have a device which is jamming the original signal and telling everybody that you are the Starbucks wi-fi hotspot. So they connect to you and you have a web server running which acts like the hotspot and loads a web page setup by BEEF, a web scripting tool, which uses code injection to gain access by you simply loading the page. Now you have access to their password file, their web history, you can actually monitor where they go on the web. If they use something like Gmail a web based email client? you can know the details of that too. And all because someone simply connected to what they thought was the Starbucks wi-fi.
Sounds like a work of fiction? It's not. I've tested this in my personal home lab setup. What's scarier is a lot of phones and devices default to connecting to open networks meaning you don't even need to use something like the starbucks wi-fi. There's a variation to something called war driving, where you go around scanning for wi-fi networks... instead I propose war phishing, where you go around as an open network and seeing how many people connect to your portable open network without knowing it because their phone decided to connect automatically to "improve signal".
What's worse is that by giving you access to their browser you can load malware into their temp folder as part of a webpage. All of a sudden you have a RAT or Remote Administration Tool loaded on their PC. Or a worm that waits until they connect to another network and starts poking around looking for vulnerable targets and spreading.
No Decryption, or "hacking" as you see it in the movies. It's more like watchdogs. just a one click I win button that with a little patience can give you access to everything on anyone. And it's not just Skiddies, Crackers, and High tech low lifes who use these tools. I know here in the states the NSA, CIA, and other organizations use similar tools on dedicated targets. They are real and this has been going on for the better part of two decades.
These are the easy ways people can gain access to you. Completely anonymous, and only being in your general vicinity. So I'm passing on the info, to tell everyone to be aware of the situation. Make sure your devices don't connect to open networks. Make sure you double check when you connect to public wi-fi. Because if you don't... it could mean the difference between someone being kept out of your personal life, and someone having access to everything like some kind of Cyber Voyeur.
This is not meant to scare people, just be mindful, and be cautious. Because as long as you know about it. It's a lot harder for you to be caught in their net. And believe me, it's a wide net.
Let me give you a scenario. You're at a Starbucks and you need to get some work done on your laptop. You buy a donut or a sandwich, sit down with your comestible, and open your laptop putting down the password you were given by being a paying customer. A login page pops up asking you to accept the terms and services to access the wi-fi network. the page refreshes and you have to click the OK button again then you have access and go on your merry way not realizing that you've just given someone complete access over your web browser.
This is called a Man in the middle attack and combined with software like BEEF that exploits a browser for simply visiting a page it's an incredibly powerful method to hack which doesn't require sitting down for ours trying to crack a singular password. You were likely one of any number of people at that Starbucks that day who had BEEF load an exploit onto their computer, their phone, their tablet, whatever. And none of them know what's going on until it's too late.
Here's how this actually works. You have a person with a computer, it's usually within about 200 feet of the access point you're trying to spoof, that is you're overpowering and acting like a mimic towards that access point. your laptop is likely loaded with Kali linux or something similar such as Parrot OS. And you have an unlocked wi-fi antenna that can be put into all sorts of special modes including broadcast and receiving mode. Alternatively You've setup a wi-fi pineapple or similar device in the restaurant, probably in a bag in the corner hidden in plain sight.
Either way you now have a device which is jamming the original signal and telling everybody that you are the Starbucks wi-fi hotspot. So they connect to you and you have a web server running which acts like the hotspot and loads a web page setup by BEEF, a web scripting tool, which uses code injection to gain access by you simply loading the page. Now you have access to their password file, their web history, you can actually monitor where they go on the web. If they use something like Gmail a web based email client? you can know the details of that too. And all because someone simply connected to what they thought was the Starbucks wi-fi.
Sounds like a work of fiction? It's not. I've tested this in my personal home lab setup. What's scarier is a lot of phones and devices default to connecting to open networks meaning you don't even need to use something like the starbucks wi-fi. There's a variation to something called war driving, where you go around scanning for wi-fi networks... instead I propose war phishing, where you go around as an open network and seeing how many people connect to your portable open network without knowing it because their phone decided to connect automatically to "improve signal".
What's worse is that by giving you access to their browser you can load malware into their temp folder as part of a webpage. All of a sudden you have a RAT or Remote Administration Tool loaded on their PC. Or a worm that waits until they connect to another network and starts poking around looking for vulnerable targets and spreading.
No Decryption, or "hacking" as you see it in the movies. It's more like watchdogs. just a one click I win button that with a little patience can give you access to everything on anyone. And it's not just Skiddies, Crackers, and High tech low lifes who use these tools. I know here in the states the NSA, CIA, and other organizations use similar tools on dedicated targets. They are real and this has been going on for the better part of two decades.
These are the easy ways people can gain access to you. Completely anonymous, and only being in your general vicinity. So I'm passing on the info, to tell everyone to be aware of the situation. Make sure your devices don't connect to open networks. Make sure you double check when you connect to public wi-fi. Because if you don't... it could mean the difference between someone being kept out of your personal life, and someone having access to everything like some kind of Cyber Voyeur.
This is not meant to scare people, just be mindful, and be cautious. Because as long as you know about it. It's a lot harder for you to be caught in their net. And believe me, it's a wide net.
Awesome Site's I'm a part of.
-------------------------------------------------------------
-------------------------------------------------------------
Spooky's General guide to wires and cables.
We are dreamers, shapers, singers, and makers. We study the mysteries of laser and circuit, crystal and scanner, holographic demons and invocation of equations. These are the tools we employ, and we know many things.
My Items