Pages

Wednesday, December 11, 2013

Hacking Neighbour's Wifi (Password) | Hacking Neighbor's Wireless (Internet) | Step by Step How To

Written by Pranshu Bajpai |  | LinkedIn

Disclaimer: For educational purposes only: This is meant merely to exhibit the dangers of using Poor wireless security. Please note that prior to beginning the test you should seek explicit consent from the owner if the access point does not belong to you.

Hacking into a Neighbor's Wifi access point

OS: Kali Linux
Test Subject: Neighbor's WiFi Access Point
Encryption: WEP

I noticed 4 wireless Access Points in the vicinity. 3 of these were using WPA / WPA2 and I was in no mood for a dictionary attack on WPA handshake, since it takes a long time and success isn't guaranteed. I found one access point using WEP Security and as you know it is an outdated protocol with poor security.

I tested penetrating this WEP access point using the same Aircrack-ng Suite of tools as I have mentioned in this previous post.

Step 1: Discovered the WEP AP having SSID 'dlink'  (Notice the weak signal power from neighbor's house to mine)




Step 2: Collected the required number of Data Packets from the WEP Network. Meanwhile, I used 'aireplay-ng --arpreplay' to increase the data rate since I am not a Patient soul.



Step 3: Saved the data packets in a file called 'neighbor-01.cap' and cracked the password using 'Aircrack-ng'


The Key for the Neighbor's Wifi turned out to be: "1234567890"   -    (An easily guessable Password, just what I expected from someone using WEP Security in 2014)

Step 4: I connected to the wifi using the decrypted key, it allocated an IP to me using DHCP (192.168.0.102)



Note: If you want a better step by step on how to hack a WiFi, check out my previous post here.

5: I was connected to the Internet.

6: Since I was part of their network now, curiosity got the better of me and I decided to scan the network and see who else is connected. I found 3 devices in the network:

One was my Laptop
Another one was my cellphone (I connected my cellphone to the network earlier)
And third was the Dlink router itself (192.168.0.1)
None of the neighbor's own devices were connected to the network at the time.

nmap told me that the dlink router had an open port 80, which reminded me to check out the control panel of this dlink device.

Step 7: So I fired up my browser and went to '192.168.0.1:80' which opened the login panel for dlink access point control panel



Step 8:  Quick google search revealed that defaults for login on dlink devices are:
username: 'admin' and password:blank
Step 9: A tried logging in with defaults and got access to the control panel.




(Again BAD security practice: leaving defaults unchanged!)




Step 10: I was getting weak power from the AP and decided to upgrade their firmware and see if it made a difference.

The Current firmware of the neighbor's wifi was '5.10'

I checked for latest Firmware available. It was '5.13'



I downloaded the upgrade on my machine ("DIR********.bin")

Step 11: I made a backup of the configuration of the Access point before upgrading. I saved backup 'config.bin' to my laptop from the neighbor's wifi

Step 12: I went ahead and upgraded the Firmware. I uploaded the DIR****.bin from my laptop to the access point and it went for a reboot.



I lost access to the WiFi after the upgrade.

I figured the new upgraded firmware changed the Password for the WiFi now and I couldn't connect to it anymore. Moreover, since I lost access to the Internet now along with the WiFi, I couldn't Google the default password for the upgraded firmware anymore.

And I couldn't crack it either because this time no one--not even the neighbor himself--would be able to authenticate to the WiFi with the new unknown password after the firmware upgrade and hence no data packets would be generated and I will have nothing to crack.

Step: I fired up 'Airodump-ng' again and noticed that the firmware upgrade simply changed the access point security to "open", ie, no password is required to connect to it.

Step: I connected to the "Open" wifi and restored the Configuration settings using the 'config.bin' backup I made earlier.

I manually selected WPA2 security and provided the same password as used earlier by my neighbor ("1234567890")

Disclaimer: Please note that I had explicit consent from the owner before commencing this test. If you do not have such permission, please try it on your own access point. Failing to do so will result in illicit activities.


13 comments:

  1. Thank you kind sir

    ReplyDelete
  2. Sir,
    Currently I am using windows 10 and I want to install kali Linux in the same laptop. Can you give me some information or procedure for installing Kali Linux on laptop with running windows 10.
    And if that is not possible then which windows can run with Kali Linux; Windows 8.1, Windows 8.

    ReplyDelete
    Replies
    1. You have to use a virtual machine software.

      Delete
  3. almost everyone uses WPA or version of, the chances of your neighbor using WEP is remote. 5 years ago maybe not but now your dreaming.

    ReplyDelete
    Replies
    1. That is correct. WEP is outdated. I wrote another page about handshake capture and dictionary attacks on WPA2. If the WPS is available, and vulnerable, then you need a maximum of 11,000 brute force attempts to get in.

      Delete
  4. is there any softwares in windows 7 that hacks wifi password...

    ReplyDelete
    Replies
    1. Look for distro sites...the best one outhere is Backtrack release by Linux...you also going to need a virtual machine software to use it in Windows platform.

      Delete
  5. How can i find my conected wifi pasword at my mobile pleas tell me simple step....

    ReplyDelete
  6. My dlink WiFi connected with cisco router. cisco router gateway ip is 192.168.xx.x.

    Now i have to find dlink wifi ip address how can i find that ip??

    Anyone assist????

    ReplyDelete
  7. how to instal virtual machine software

    ReplyDelete
    Replies
    1. download virtualboax
      download .iso of kali linux
      install virtualbox
      load .iso in virtual box
      hack

      Delete