I get scared at times….not of cliche things like of the dark or of being shot by the cops because I come from one of those neighborhoods.What scares me most is cyber attack….This is going to be a tech post so if you not into that kind of thing please click here>>>>
That being said let me dive head fist into the contents.I am a wi-fi junkie… I spend more time online than I do with my girlfriend,Wi-fi has been good to me(when its not that time of the month when it gets all hormonal)…So why am I afraid???
Well lets just take it from the top…I share an access point with some 100 or so guys at peak and 4-5 at off peak,the commonest site visited is Facebook, YouTube and probably Yahoo(I didn’t mention Google coz it goes without say).Peak time is usually from 7-10Pm and off peak ranges from there..The wi-fi network is protected with a WPA2 security pass and AES encryption format(not TKIP)..The network is behind a proxy server that runs SQUID..and what do we all know about squid??? Squid sacks at HTTPS (ad rather go for an ISA server but then again am not JKUAT,i only go to school there)
Sasa Jaymo ju umetuambia hii yote,how does an attack occur?.kwanza this is purely for educational purposes.one of the easiest attacks is using a lilttle known tool called firesheep.Ok firesheep is fa***** easy to use,.Primarily coz its not a stand alone software rather a firefox addon…With this nifty addon you can do a tonne of things to rookie web users…wanna hear like what?
Supposing student x logs on to an acess point say RUNDA wireless connection.The DHCP awards him a renewable 1 hour lease on an IP(all without him knowing) and he establishes an Internet connection.He is just from chatting with this fresha chic who gave him her Facebook handle,so student X wants to snoop…He launches his Mozilla and types the URL,seconds later the login page appears,he logs in and continues doing his thing…pretty standard right???? Well across the yard Hacker X launches his Firesheep and begins this hack..he notices Student X is logged onto Facebook via HTTP instead of HTTPS..and decides to steal his session…does kidogo of this and that….minutes later he has the exact facebook session as student X..while he is at it he even decides to go through this nygas Inboxes to see if he is still dating that gorgeous chic of his…If thats not scary enough,he goes to Facebook settings,changes the backend Email adress and Facebook password..logs out and kicks Student X out of his own fa**** facebook page….awsome.
How is this being done…session Hijacking…What all WI-FI networks have in common is that people will acess them to browse(daaaaaa) and when they do some one can easily steal unencrypted cookie sessions.session hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server(SQUID in my case)
Hiyo ni moja..next bucket-brigade attack…aka man-in-the-middle-attack.This is what good old wikipedia has to say about bucket bridge attack. This is an attack where the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle).
And since am in a good mood today am going to give you a proff of concept that I actually tried out….First Am usually working on a linux distro called Bactrack….(sorry windows slaves,windows cant hack..f*** what you see in the movies).
So open up a shell and get the tools you want primarily we are going to be doing arpspoof poisoning and so we need to get driftnet and dsniff.
So on bash run:-sudo apt-get install driftnet dsniff. next we enable packetforwading…echo 1> /proc/sys/net/ipv4/ip_foward then cat /proc/sys/net/ipv4/ip_foward this is to allow the traffic on the network to flow via your machine…then we begin the arpspoff poisoning
sudo arpspoof -t <your ip> <router ip> split your screen and do the reverse sudo arpspoof -t <router ip> <your ip> . And that’s it,you are primarily the man in the middle here.Now you can have fun with this attack…
an easy one is:
msgsnarf -i etho, where etho is the name of the network interface..you can listen to all the instant message services running,am talking MSN,gtalk…any instant messanger.so you can watch someone chatting.
urlsnarf -i -etho, Listens to port 8080,80,3128,if you in JKUAT and you use wi-fi then you must know what port 3128 is.This one obviously listens to URL that are being sent.
If you are intersted in password then we can go back to dsniff and do that
sudo dsniff -i eth0, this will listen to any password being sent.
Now if you want to see what Student X is viewing online,kama picha hivi then we switch back to driftnet
sudo drifnet -i -eth0, this will give you a visualization of activity on the network
Bassss thats why i get afraid…but no biggie…In my next post i will tell you how to protect yourself from and of the above attacks….wacha nikasomee CAT ya fluidmechanics