Wardriving with Professional Hackers!
Vložit
- čas přidán 29. 08. 2024
- Ethical hackers Kevin Cardwell and Wayne Burke demonstrate "WarDriving" and show us just how easy it is to hack into a network protected with WEP. This segment is an excerpt from Kevin's CAST course "Advanced Network Defense" and Wayne's CAST course "Advanced Mobile Hacking and Forensics." Presented exclusively by EC-Council. For more information, head to: iclass.eccounci...
Same phone I use for mobile pentesting. N900's are beasts!
Ahh, I use a Pi-Top with VNC in it. I like your method 😎
hey buddy its been 7 years how are the kids
3G lol
WEP is less and less frequent. That said, it's amazing how weak WPA2 passwords are.
They do the same key in batches of 40 50 in the factory. We know this cos it tells you this in the MTA cyber security fundamentals. There are batches in orders with the exact same passwords on most routers. And your average SOHO.
The company I work for still runs 128 bit WEP. Dozens of employees have their phones connected to it.
There are also many wireless routers that employees brought in and set up on their own active.
Our IT department is a joke.
Sounds like a mess.
give me the ip ill sort this out
I bloody love a good joke!
Have you ever laughed so much that you WEP'd?
LOLOLOLOL
RFI-Crypto Lab he he what's your company called
As someone who is fully aware of these exploits, I was still a victim of a MiTM attack when buying credits over wifi for the most popular jukebox at a bar. They bought $250 worth of male strippers, or maybe it was a company front, and then $300 worth of Bose speakers. Account alerts is the only thing that stopped them from getting my money.
I'd use that proof of purchase on my CC statement and get me some new Bose speakers (every cloud..silver lining.. etc etc... )
that's hilarious lol
I find that WEP is in use in rural areas. When I went down to the veterans cemetery where my father is buried, I turn on Wigle on my cell phone, and when I got home and opened the file in Google Earth, I found that WEP is common in rural areas. Most WEP users are farmers, who are likely clueless on computer security. They may know farming, but don't know anything about computer security.
I think Kevil Caldwell would be shocked at just how many WEP networks are in use on farms in the farm belt near here.
WEP is not very uch in use in the city. but is in use in rural areas around where I live.
Wardriving can have other purposes. I do wardriving to find places to eat, since I like to eat out a lot. I find restaurants by find the SSID of their Wifi access points.
SSID can actually be a good advertising tool for businessess, and bring in more potential customers.,
that's not real wardriving if you aren't hacking into the bank mainframe or the NSA. ;]
Haha was shocked to see an N900. Haven't seen anyone else with one but me for a long time !
I had one back in 2010 such an awesome phone! Saw this video 12 months ago and wanted another! They are expensive these days though... I want that Alienware M11X more :D
I got mine quite cheap on eBay! Only £140 don't know how much in dollars but Nokia need to make another version !
Yeahh thats expensive for old device today though and now that you get backtrack on android its even better and I agree id love to see a newer N900 :)
WEP is or at least was the default encryption scheme in my area on FiOS and Time Warner so I see about 70% are still WEP in 2014.
Anyone else think of breaking bad at the beginning of the video because he said albacurky New Mexico.....
I've always said it that way how is it supposed to be pronounced??
Haha there's nothing wrong with the way you say it! :D It just reminds me of Breaking Bad because that's where it takes place! :D
Ha OK cool I thought by the comment that it was being said wrong.
whats the name of the tool that you guys used for the mobile that looks even better than the laptop running kali its always better going completely portable
They're running kismet. They've probably SSH'd into the laptop running Backtrack. kismet is installed by default on backtrack, or you can install on any other linux install with "apt-get install kismet"
Gaz Jones
thank you for your help great to know that would you know how to ssh,d from my mobile to my system
Looks like they installed Linux on the phone, it would be pretty useless to ssh into a laptop right in front of ypu
The Alfa USB Wifi device he is using has a lot of power. When I go to Caples Lake campground in the SIerra Nevadas, I can use one of VolcanoVisions for-pay hotspots in Kirkwood, 7 miles away., So he made a good choice for high-powered USB WiFI adapters,
when you intercept traffic say a user logging into PayPal...how does one see username and password? Does it appear via command prompt on the hacker's side or can you actually shoulder surf the user? Like see exactly what they are seeing.
Good video
So you cracking keys is perfectly legal as long as you dont do anything with them?
Correct. The second you log in its a felony.
@@Josh-vu4sb what about deauthing to initiate handshakes, ur actively kicking ppl off the internet which they paid for just to get their passwords
That's why i still own N900 :)
Hey is there a wardriving app or program that doesn't upload to a server?
I don’t think kismet does but I could be wrong
I wish I've seen a wep network
I have seen a lot in my country xD
Even in the stores. Thats really shocking
you don't really get them anymore
this is very informative
Thanks @hermesmercuriustrismegistu4841 for taking the time to share your thoughts and feedback with us. We’re grateful that you find it interesting and insightful. and we’re glad you feel we’re on the right track!
>pda
>wep
How the hell old is this video?
the Pwnphone is from 2011
What OS is that on his phone?
***** How is using the N900 and Pwnphone? is it worth buying one now and using it? Or is it not worth the time and $$$ and wait for the "ubuntu phone" and wait for that to be turned into a Kali phone, lol. Since the internals are old, I heard its unbearingly slow. But pretty cool that the built in wifi is capable of Mon0 and Packet injection. I drooled over this phone when it came out lol. so its stirring my nostalgia and now seeing that its capable of so much more.
Whaat can I run on a droid max
I have 3
Mill Lumine there are android apps that are good for pen testing(when you're in the network you want to test) like dSploit. Its a gui for a lot of scanning, and vulnerability testing on found targets, using metasploit
Mill Lumine
well the android phones by themselves do not have the ability to put their wifi into monitor mode. But you can do some LAN based network hacking on the Android phone/tablet using dSploit as well as a list of other exploit tools for android. OR you can find a Nokia N900 and download the PwnPhone Community Edition. which is more or less the same thing as the phone they are using
Well.. I had fun. Goodnight x
Ryan Fanning FUCK YOU
What software do you use to scan for wireless networks?
aircrack-ng on linux
Technically its airodump-ng ;)
I know it's part of Aircrack-ng, I''m just being a smartass ;)
Backtrack has nothing to do with Ubuntu, it's built on Debian.
James Jeffery BackTrack was built on Ubuntu, Kali (BackTrack's rebuild) was built on Debian
Scott Kelly And now we have Cyborg Hawk Linux.
Ubuntu is a fork from Debian.
Haha these guys are obviously jelous of us radio engineers but I see this as childs play that I literally did when I was a child when backtrack first came out. People who use words like advanced network or advanced hacking or even professional hacker sound really silly to actual experts.
Maybe a little :). Notice the difference between these guys and serious people like: watch?v=xCf5JFpOkDs
kevin cardwell....attended his class in mauritius.. OOOOhhhhh hhhaaa
Wayne is South African WoooT!
nice.
He says penetration tester and stuff like that. If your not one thing then what are you lol. Ooooonllly joking maaate. Na but I do understand everything else he's saying.
south african represent
I respect the message these guys are trying to spread, to improve your security. However, they are far from professional. Some examples:
- Guy is constantly checking "Basic WEP cracking with aircrack-ng"
- They didn't redact the WEP key OR the MAC of the cracked network, and since they were wardriving the whole time, I was able to go on WiGLE and find the network by MAC in 10 seconds (the ESSID is "Rogers" and it's in Albuquerque)
- BackTrack is based off Knoppix, a derivative of pure Debian - not Ubuntu
- It doesn't matter if they're getting old. The Aircrack-ng suite has some of the most easy and memorable commands and switches of any Linux program. They should not have to use a GUI for anything!
And the Oscar goes to....
Haha , awesome video
Kali Linux!
Not a tutorial, fer shure...
Wich is the PC used?
+staskertube alienware laptop
Greg thx
+staskertube I studied this video for that exact same answer, It appears to be an M11x
Ok
It's not about a PC. You can do it even with that Nokia he had. What is important what distro to use and some basic white hacking knowledge. Read about Kali distro and what it contains. Wardriving is good to find free internet spots and not only, I am sure phones nowadays are still vulnerable so image wardriving around the city sniffing up on cellphones. lol
Any user above nub knows everything happens from CLI "chopchop" "coffelatte" "commands"? I didn't know the simple preset options were so complex, if that's professional then we all must be at God level - Lame
Penetration testers would not be looking at the options in Air-crack for WEP encryption they would make a simple script and run it. The commands should run through their finger tips from memory.
They certainly would not rely on Fern as it has delivered very inaccurate results in my experience
Might not have been his work machine or maybe he mostly does jobs for big corps which have their own IT teams and don't run WEP so he doesn't get to use them. I'm not saying that these guys were the best on their field, but you are also spewing some straight up non-sense.
from scapy.all import * ..... enough said.
I'm not a pen-tester but I easily cracked WEP with bootable www.Slitaz.com and Alfa USB external WiFi module having a Realtek chip to do the injection.
well when a guy says he can read your https traffic simply by routing your data to him is not to be taken seriusly
Proffesional Hackers? sounds more like the promotion of script kiddies. watch from 3:40 - 3:55. he even says " so you don't have to set up a bunch of stuff yourself" pretty much entitling to use someone elses program instead of making your own... not very proffesional in my mind.
Exactly!
great point my boy...this is hacking for pussies...who can't explore a bit of python. Fake computer science..and fake hacking...super disappointed that this would be a youtube vid from a fawking teacher
If you are testing security for clients and getting paid for it e.g. you are a professional you do not make your own tools, why would you? You are not getting paid to write and use your own tools, sure if you find a new exploit you do write it but otherwise you use what is easiest to get running and has large user base. You optimize for common attacks.
Of course it's best practice to know how and why the software works, but it just plain stupid to say: "you are not pen tester because you aren't running 100% your own code"
Guys...i'm not discounting that they know what they are doing...when it comes to the tools...I am not discounting that they may be pretty dayum good at it when it comes to using those tools...but insofar as they cannot understand how those tools do what they do...they're not really hackers. Penetration testers are becoming unnecessary....security measures implemented by modern computers and operating systems....make using elementary methods like those he outlined in that video futile. My first point in this video was that really nobody uses WEP protocol anymore..and hacking WPA2 is virtually impossible even if they're using preshared keys..and it seems to be the case that WPA2 is the predominant wifi security system used nowadays....there is no progress in cyber security...if they can't sit and rewrite tools to work for more advanced technology...they're basically script kiddies....infatutaed and impressed with tools they don't understand..and couldn't customize if they needed to
Script kiddies can't survive the next wave of technology...that'll look to shut out all of their beloved tools capabilities....the only ones who will survive this next era are the ones who understand how to write some code to achieve some objective.
My main point is that they can't call themselves professional HACKERS and they aren't able to get dirty with some code....that's a huge misnomer and overstatement of their qualifications...just because I can use airmon-ng ...... doens't render me a professional on hacking...
"professional" at 6:04 is sending deauth request like he is just DOSing as site => New definition of skidie
You realize you deauth an AP to get a handshake right?
Of course, i do, but you don't have to keep sending the deauth requests over n over again to kill the connection and grab the handshake. you could do it with just a single deauth packet transmission.
Not all the time, sometimes you have to send several
Glen Carbon thats true, i agree, but not too many of em, it's not professional and its not efficient, judging by the title of this video.
Yea, they did send a lot. 5-10 is usually the most ill use
Are these guys White Hackers?
Technically 'Caucasian' Hackers
Ryan Fanning No......
White Hackers is an actual term. I'm not referring to their skin color, my friend.
Blake Walker ohh you must mean White Hat Hackers? ;-)
You look familiar Say I dont suppose you've ever been to Sark Chasm? Ever heard of it?
Definitely white hat.
Their business is to find network vulnerabilities with consent to help businesses with their security. Grey hat is pretty much anyone that uses the internet in the modern age and don't wish to be taken advantage of as consumers when it comes to software. Black hat hackers are there to mess with your data and/or hold it hostage while demanding payment.
Majatek I know the classifications but I was confused after watching the video. I'm glad they're White Hackers.