Jump to content

How To Scare Off An Annoying Skiddy?


Guest Deleted_Account

Recommended Posts

+1 for a honeypot/pineapple. Here's my idea: make a login page that appears for users outside of your MAC whitelist(like a guest login at a public hotspot) where the skiddy has to agree to the terms and conditions. then state in the terms and conditions that by agreeing to them, he agrees to let you access any information on his computer. nobody ever reads the terms, especially someone who thinks theyre uber l33t and all.

Or if you ever find out the perp's name, just make your SSID named something like "Michael Im calling the cops!"

Also, in my opinion, any kid who is popping WEP access points will probably never call the cops if you hack him back. His wrong-doing will probably scare him into not calling for fear that he will get in trouble too.

You can also be indirect. I had my neighbor connect to my wifi before. and the dummy had a shared printer connected via USB. I knew his name, and i knew he was 16 with very religious parents, so I waited until 1 in the morning, and printed out 300 full color pages of porn! No hacking required, since he connected to my network and gave me(and "everyone") permission to use his shared printer. Needless to say, I never saw him on my network again!

Anyways, if the punk ever takes you to court, you could always say that you prefer an active security instead of a passive security. I'm sure a lawyer could muster up a good defense playing along the lines of "the best defense is a good offense."

Edited by eovnu87435ds
Link to comment
Share on other sites

Guest Deleted_Account

+1 for a honeypot/pineapple. Here's my idea: make a login page that appears for users outside of your MAC whitelist(like a guest login at a public hotspot) where the skiddy has to agree to the terms and conditions. then state in the terms and conditions that by agreeing to them, he agrees to let you access any information on his computer. nobody ever reads the terms, especially someone who thinks theyre uber l33t and all.

Or if you ever find out the perp's name, just make your SSID named something like "Michael Im calling the cops!"

Also, in my opinion, any kid who is popping WEP access points will probably never call the cops if you hack him back. His wrong-doing will probably scare him into not calling for fear that he will get in trouble too.

You can also be indirect. I had my neighbor connect to my wifi before. and the dummy had a shared printer connected via USB. I knew his name, and i knew he was 16 with very religious parents, so I waited until 1 in the morning, and printed out 300 full color pages of porn! No hacking required, since he connected to my network and gave me(and "everyone") permission to use his shared printer. Needless to say, I never saw him on my network again!

Anyways, if the punk ever takes you to court, you could always say that you prefer an active security instead of a passive security. I'm sure a lawyer could muster up a good defense playing along the lines of "the best defense is a good offense."

That sounds awesome! I am going to do research on this! My router is old Trendnet TEW-432BR and I cant find any custom firmware to flash so how would I go about making a captive portal? Make it redirect to a server on my network? My only experience with captive portals is with Routers that have built in functionality so sorry if that question sounds dumb. One thing I did find was a tool that lets you change the webpage at 192.168.1.1 (my router) to what ever you want. So I may just do that and make it say something like "By connecting to this WiFi network (Access Point) you are accepting the fact that your computer, data, etc. may be accessed, monitored, deleted or modified without notification. If you do not agree disconnect now!" but it wouldnt show up instantly sadly. Maybe just use BT4 R2 and make my own Fake AP with a captive page similar to Karmetasploit. or just fire up Airpwn / ettercap and make all traffic my page :)

Link to comment
Share on other sites

That sounds awesome! I am going to do research on this! My router is old Trendnet TEW-432BR and I cant find any custom firmware to flash so how would I go about making a captive portal? Make it redirect to a server on my network? My only experience with captive portals is with Routers that have built in functionality so sorry if that question sounds dumb. One thing I did find was a tool that lets you change the webpage at 192.168.1.1 (my router) to what ever you want. So I may just do that and make it say something like "By connecting to this WiFi network (Access Point) you are accepting the fact that your computer, data, etc. may be accessed, monitored, deleted or modified without notification. If you do not agree disconnect now!" but it wouldnt show up instantly sadly. Maybe just use BT4 R2 and make my own Fake AP with a captive page similar to Karmetasploit. or just fire up Airpwn / ettercap and make all traffic my page :)

I never looked into it myself, but if you do find a way, i think it would be a bit more fun to have it say that you agree to the Terms and Conditions and have that linked to the page saying how you can break his OS. it has an even smaller chance of your target reading it, which translates into more of a chance for you to have fun.

Some googling brought me to this: http://nocat.net/ and this http://www.publicip.net/. Apparently dd-wrt and open-wrt have it built in with wifidog. DD-WRT says that it supports the 411 and the 511 is a work in progress, so no guarantees there. you can always use an extra computer with a wifi card(or even a VM with a dedicated wifi card like the alfa) and put router software on it. With a whole computer, it should be very easy!

Have fun!!

Link to comment
Share on other sites

Guest Deleted_Account

I never looked into it myself, but if you do find a way, i think it would be a bit more fun to have it say that you agree to the Terms and Conditions and have that linked to the page saying how you can break his OS. it has an even smaller chance of your target reading it, which translates into more of a chance for you to have fun.

Some googling brought me to this: http://nocat.net/ and this http://www.publicip.net/. Apparently dd-wrt and open-wrt have it built in with wifidog. DD-WRT says that it supports the 411 and the 511 is a work in progress, so no guarantees there. you can always use an extra computer with a wifi card(or even a VM with a dedicated wifi card like the alfa) and put router software on it. With a whole computer, it should be very easy!

Have fun!!

Thanks for the info! I will try to throw something together tonight. As for DD-WRT and Open-WRT I have tried all of the trendnet FW "bin" files and none work. Some say to SFTP in and stuff but this router doesn't have that functionality AFAIK. I guess I am stuck with a VM/Computer as a router. WIll post back with progress! :D

Link to comment
Share on other sites

Thanks for the info! I will try to throw something together tonight. As for DD-WRT and Open-WRT I have tried all of the trendnet FW "bin" files and none work. Some say to SFTP in and stuff but this router doesn't have that functionality AFAIK. I guess I am stuck with a VM/Computer as a router. WIll post back with progress! :D

If you're gonna do something to the punk, try and screencast it LOL!

Link to comment
Share on other sites

Guest Deleted_Account

If you're gonna do something to the punk, try and screencast it LOL!

Never done it before but I will look into it and try! lol I will also post some screenshots of my portal and agreement/TOS. For those interested this is happening tonight! Updates to come shortly :)

Link to comment
Share on other sites

Guest Deleted_Account

Never done it before but I will look into it and try! lol I will also post some screenshots of my portal and agreement/TOS. For those interested this is happening tonight! Updates to come shortly :)

UPDATE:

My TOS:

Terms of Use

Welcome X942's WiFi HotSpot (ShadowLand) . If you continue to browse and use this Hotspot you are agreeing to comply with and be bound by the following terms and conditions of use, which together with our privacy policy govern X942's relationship with you in relation to this Hotspot.The term ‘X942’ or ‘us’ or ‘we’ refers to the owner of the HotSpot The term ‘you’ refers to the user or viewer of our Hotspot (Access Point). The use of this hotspot is subject to the following terms of use:

    * The use of this hotpot/Access point is restricted to authorised persons ONLY. Any unauthorised access is punishable to the fullest extent permited by the law. 
    * Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the hotspot for any particular purpose. You acknowledge that such information and materials may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors  to the fullest extent permitted by law.
    * Your use of this hotspot (Access Point) is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to ensure that any security risks, data damage or other unwanted side-effects do not occur. In the even of data loss, virus/malware infection, or any other cyber attack occurs we are not liable or responsible to the fullest extent permitted by law.
    * This hotspot has a "captive portal" which contains material which is owned by or licensed to us. This material includes, but is not limited to, the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
     * Unauthorised use of this Hotspot may give rise to a claim for damages and/or be a criminal offence.

    * You may not Use this Hotspot without X942’s prior written consent.
    * Your use of this Hotspot and any dispute arising out of such use of the hotspot is subject to the laws of Canada.
Privacy Policy

This privacy policy sets out how X942 uses and protects any information that you give x942 when you use this Hotspot.X942 is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. X942 may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 2nd of January, 2011.
*All data transmited to and from this hotspot can and will be logged.
*By agreeing to the term's of Service and Privacy Policy you are giving consent to us to, if necessary, access your Laptop, computer, or other wifi enabled device connected to our HotSpot through any means, including, but not limited to, backdoors, packet sniffing, Deep Packet Inspection (DPI), Exploits, and other methods of remote access.
*We also reserve the right to modify, remove, and create data on any device of yours connected to our hotspot. 

What do you think? Also using Untangle as the "router". This shall be fun :) BT4 is standing by for the attack!

Link to comment
Share on other sites

*By agreeing to the term's of Service and Privacy Policy you are giving consent to us to, if necessary, access your Laptop, computer, or other wifi enabled device connected to our HotSpot through any means, including, but not limited to, backdoors, packet sniffing, Deep Packet Inspection (DPI), Exploits, and other methods of remote access.

*We also reserve the right to modify, remove, and create data on any device of yours connected to our hotspot.

I love this x942. I think I'm gonna set somethin up like this on my router :)

Link to comment
Share on other sites

Guest Deleted_Account

I love this x942. I think I'm gonna set somethin up like this on my router :)

Haha I had to do that lol and my cousin (a lawyer said it is perfectly legal too :) )

VIDEO: tomorrow as I have to compress it :/ left my camera on 720p and the 19 minuet video is 1.3 GB :(

Link to comment
Share on other sites

Guest Deleted_Account

Haha I had to do that lol and my cousin (a lawyer said it is perfectly legal too :) )

VIDEO: tomorrow as I have to compress it :/ left my camera on 720p and the 19 minuet video is 1.3 GB :(

Video still to come but I thought I would post what happened:

About 10 min's after setting up the AP and Captive Portal/TOS the punk/skiddy/kid connected to me and began surfing the web.

Soo.. I pull his ip from my router (192.168.0.102) and start nmap. What comes up?(He is running Linux 2.6 and as i know he is cracking my WEP network and was using BT4 before I assumed he was again) Well oddly enough SSH is running and so is VNC.. on their DEFAULT PORTS too!! So that was a nice break but it gets better (this is were the video kicks in as the first part failed to record).

I connect to SSH and try BT's default root password of "toor" and sure enough the skiddy never changed it.. so much for needing to hack in or metasploit or anything. Now I am root I run

vncrack -C /root/.vnc/passwd

it reveals the VNC password is "hackergo" (Assuming it was supposed to be "hackergod" as VNC drops it to 8 Chars.)

Try to connect through vnc but wont work either do to my router's firewall or he was already connected to it. Anyways I then decided "screw it let's kill his machine" and run a

 rm -rf / --no-preserve-root 

and boom no more connections from him so far LOL. ( In the video I stopped the first "rm" and tried a dd of the drive but it started freaking out so I ended up going back to just "rm-ing" the filesystem :))

After the delete finished I pinged him and it timed out... so hes screwed and lets hope that taught him a thing or too! (Also for the record the TOS I posted earlier can be used by any who wants them! So feel free if you want to mess with skiddys or people on your network without legal troble!)

Link to comment
Share on other sites

Guest Deleted_Account

Well I wonder if they learned their lesson or not lol. how long you think it'll be before they get back on?

hopefully never but probably as soon as they reinstall BT4 on their computer LOL.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...