Be warned people who still use standard router passwords
-
- Moderator Emeritus
- Posts: 5547
- Joined: 21 Dec 2002, 02:00
- Processor: i7 3770k
- Motherboard: ASUS P8P67-Pro
- Graphics card: 2xNvidia GTX670
- Memory: 16 GB Gskill Sniper
- Location: In SQL Space inserting 'null' on purpose
- Contact:
Be warned people who still use standard router passwords
I did something the past two days , I scanned remote IP's, for open ports - came to some router login screens - strangely enough out of the 250 open ports - I found people with the standard usernames and passwords still on their routers
I had one lady that left her
1.ID book on her FTP directory,
2.Her usernames for all her ftp directories + websites and emails +
3. Bank account numbers and pins 8O 8O 8O 8O 8O <<THIS WAS SCARY
Boys and girls of PCF - secure your stuff, because I am just a friendly reminder of what some script kiddie can do if he needs to get his /her daily fix.
1. I vote all the security experts of PCF recommend some tips / trick to secure your stuff
2. I vote I not be banned , because I warned you
This was not a "hugely complicating procedure - it was VERY easy
How secure are you ???
I had one lady that left her
1.ID book on her FTP directory,
2.Her usernames for all her ftp directories + websites and emails +
3. Bank account numbers and pins 8O 8O 8O 8O 8O <<THIS WAS SCARY
Boys and girls of PCF - secure your stuff, because I am just a friendly reminder of what some script kiddie can do if he needs to get his /her daily fix.
1. I vote all the security experts of PCF recommend some tips / trick to secure your stuff
2. I vote I not be banned , because I warned you
This was not a "hugely complicating procedure - it was VERY easy
How secure are you ???
Last edited by Anthro on 18 Dec 2006, 11:09, edited 5 times in total.
You think thats bad.
I was sitting outside a "Computer Corporation" I fired up kismet and found a SSID that was "CC_(shopping center name)" - it was secured with WEP. So as always, before beginning to crack this, I decided to try my two favorite stupid keys: "12345" and "abcde". Well, first one didnt work, but abcde did.
So naturally, I phone yellow pages get the number for the company and phone them from a pre-payed sim card.
They were totally uninterested in the fact that I had just gained access to their network..... so what to do what do... sitting in the car park, laptop on lap, internet on laptop Of course what I did was email an entire list of their directory of folders - next time i went back they had changed the key, but it was still on wep... sigh some people dont learn.
I do not condone malicious intent but I dont like stupidity.
I was sitting outside a "Computer Corporation" I fired up kismet and found a SSID that was "CC_(shopping center name)" - it was secured with WEP. So as always, before beginning to crack this, I decided to try my two favorite stupid keys: "12345" and "abcde". Well, first one didnt work, but abcde did.
So naturally, I phone yellow pages get the number for the company and phone them from a pre-payed sim card.
They were totally uninterested in the fact that I had just gained access to their network..... so what to do what do... sitting in the car park, laptop on lap, internet on laptop Of course what I did was email an entire list of their directory of folders - next time i went back they had changed the key, but it was still on wep... sigh some people dont learn.
I do not condone malicious intent but I dont like stupidity.
There are a few legit web sites that will scan your ports (you have to enter your ip) and tell you if you are safe or not. I just recently organised ADSL at home, and the vulnerability was my biggest fear, luckily after installing spybot and the updates, all important ports were closed, and even organising a friend to try and hack me proved that I was safe from a casual hacker (I'm still worried about those clever asian people, professional hackers )
neon_chameleon wrote:
Im 22 next week and I cant commit to what Im going to eat for breakfast. I mean cereal is so boring but its quick, and eggs take forever to make and theres the toast to make sure you dont burn....
Im 22 next week and I cant commit to what Im going to eat for breakfast. I mean cereal is so boring but its quick, and eggs take forever to make and theres the toast to make sure you dont burn....
which app? kismet? kismet is an inactive wifi scanner, where as net-stumbler is an active one. Kismet is a linux tool. Its brilliant for finding wifi nodes with SSID broadcasting disabled.
For cracking wep, there are tons of them, both for windows and linux - so google it
my last few wpa keys were:
I change them every sunday and every wednesday. I have mac filtering enabled.
The keys are generated using a quick program I wrote in C#.
For cracking wep, there are tons of them, both for windows and linux - so google it
my last few wpa keys were:
Code: Select all
S8(U2@F6#K2&C4@L0#G3*K4%I0$T7#S4@Y7$E6!D0(P1@
W7*B7(T5&Y1$M6!G6%M7(T0#D4!I1#B1*A8%S6(U2&C1@
P7%F0%V0*Y8&D3#V6(B4(H0$G7!P3&K1%L1%Y1$X1!J5^
The keys are generated using a quick program I wrote in C#.
I could post some Stuff that would help people learn lots about security.
But unfortunately it's a bit hectic and can learn you more then what people would want you to know.
The best way to be secure is to know how to break security.
So mods i can send you a PM first before posting?
Dont wana be blamed for promoting hacking or cracking or what ever its called
But unfortunately it's a bit hectic and can learn you more then what people would want you to know.
The best way to be secure is to know how to break security.
So mods i can send you a PM first before posting?
Dont wana be blamed for promoting hacking or cracking or what ever its called
This being a really nice oneNinjaTic wrote:There are a few legit web sites that will scan your ports (you have to enter your ip) and tell you if you are safe or not. I just recently organised ADSL at home, and the vulnerability was my biggest fear, luckily after installing spybot and the updates, all important ports were closed, and even organising a friend to try and hack me proved that I was safe from a casual hacker (I'm still worried about those clever asian people, professional hackers )
Anthropoid wrote:I am not malicious, I sent mails to the respective owners - will se what they say in a moment ??/
That's not a good idea.Anthropoid wrote:PM me link to that app . . .PHR33K wrote: I do not condone malicious intent but I dont like stupidity.
o the stupidity is hectic - I believ that if you wnt to be safe you need the best equip, the longest keys, most suspicious net admin
Its like you leaving your cell phone on your desk un attended and I come along take it off your desk
and then come back to you in lets say 2 days telling you I,ve got your cell phone and don't leave it there again.
You wont be impressed. You could actually take me to court for it.
So can the person you snoop around with.
I also think making people security wise is a good idea , but your method is just wrong.
Rather build a combined document around what you noticed and send it to them via e-mail
You can PM me if you like.SBSP wrote:I could post some Stuff that would help people learn lots about security.
But unfortunately it's a bit hectic and can learn you more then what people would want you to know.
The best way to be secure is to know how to break security.
So mods i can send you a PM first before posting?
Dont wana be blamed for promoting hacking or cracking or what ever its called
-
- Registered User
- Posts: 2618
- Joined: 26 Apr 2007, 02:00
- Location: Westcliff, Johannesburg
- Contact:
I have mac filtering on my router (non wireless) with an auto drop of packets if pinged from an WAN (aka the internetz) source so it looks like its a dead end. It basically doesnt respond to ping commands from WAN sources.
Another hectic programe is 'cain and able' but it's so dodgey and I have not the foggiest on how to use it.
It's sooo stupid the wireless setups in the world-My mates neighbour in the UK has no password or WEP/WAP enabled so his ADSL is open to all.
But then again tis uncapped, so no worryz.
Another hectic programe is 'cain and able' but it's so dodgey and I have not the foggiest on how to use it.
It's sooo stupid the wireless setups in the world-My mates neighbour in the UK has no password or WEP/WAP enabled so his ADSL is open to all.
But then again tis uncapped, so no worryz.
Soon Google will know everything...including how to divide by zero
-
- Registered User
- Posts: 200
- Joined: 12 Dec 2005, 02:00
- Location: In The Middle of Space...
- Contact:
Its scary how easy it is to spoof a mac address...So that alone wont keep you safe...Frozenfireside wrote: I have mac filtering on my router (non wireless) with an auto drop of packets if pinged from an WAN (aka the internetz) source so it looks like its a dead end. It basically doesnt respond to ping commands from WAN sources.
Another hectic programe is 'cain and able' but it's so dodgey and I have not the foggiest on how to use it.
Yes, what about spoofing out passwords and personal data...??!!Frozenfireside wrote: It's sooo stupid the wireless setups in the world-My mates neighbour in the UK has no password or WEP/WAP enabled so his ADSL is open to all.
But then again tis uncapped, so no worryz.
More points than you!
-
- Registered User
- Posts: 2618
- Joined: 26 Apr 2007, 02:00
- Location: Westcliff, Johannesburg
- Contact:
-
- Registered User
- Posts: 2618
- Joined: 26 Apr 2007, 02:00
- Location: Westcliff, Johannesburg
- Contact:
Oh and a friendly word of advice-If you want to connect to an airport terminal with internet connection they sometimes use MAC filtering to give access to peoples machines.
You can duplicate a MAC address in the network and then set your own I.P. and there will usually be no conflics and you should be able to get free internet.
This is illegal and I have read about this on the internet but not done this myself.
You can duplicate a MAC address in the network and then set your own I.P. and there will usually be no conflics and you should be able to get free internet.
This is illegal and I have read about this on the internet but not done this myself.
Soon Google will know everything...including how to divide by zero
-
- Registered User
- Posts: 2618
- Joined: 26 Apr 2007, 02:00
- Location: Westcliff, Johannesburg
- Contact:
Oh god please I have had enough of WPA/WEP differences from Varsity.
Exams covered these alot. I am doing N+ with S+/servers/buisiness all rolled into one .
Yeah I will and I know WEP is not as good as WPA but is more popular in routers but WPA is becomming mainstream.
Oh noooo that reminds me-I go back to Varsity on monday.Oh well I was working during my hols so no biggie I guess.
Exams covered these alot. I am doing N+ with S+/servers/buisiness all rolled into one .
Yeah I will and I know WEP is not as good as WPA but is more popular in routers but WPA is becomming mainstream.
Oh noooo that reminds me-I go back to Varsity on monday.Oh well I was working during my hols so no biggie I guess.
Soon Google will know everything...including how to divide by zero