The Game

You have a lot of faith in the public. Usually each household has 1 person who knows a little about PC's & Networking and that's it. They can follow simple and basic instructions to get the net working or install windows. If your router asks you for the wep/wpa key and you as an average user want to use the internet, your going to trust that the router wants your wpa/wep key and think nothing of it. As for hot spots, well again you put faith in the public. Imagine you make your own hotspot page that looks similar to the hotels website, with pictures, contact numbers etc and ask them to put in say # Room Number # Credit Card # First Name # Last Name And then say that it will be 5$/hour or something, 2 or 3 out of 10 people will actually do that...

Why would it not have one? You can use options to make the access point have a key, but its fake and it gets sent in clear text. My understanding is you can make it look like anything, a router login, a wep/wpa login or a hotspot login Look at Step #3 and go down to Picture C http://fadzilmahfodh.blogspot.com/2009/07/...dictionary.html

Is there a reason why you have made a windows version? I mean you cant capture the file unless your on linux.

This is very poor practice on there behalf. I actually work as a security technician. (Cameras, Card Readers, Wireless Duress etc) and never ever have i seen cameras been taken over Wifi. It would be so stupid. Anyone can disconnect the entire network with a simple deauth attack and DOS all day if they wanted to. As for cracking it, well if you got a good dictionary and they are stupid to have a lame password like "Security1" then it would be a matter of minutes before someone is in. Agreed. We use axis network cameras and some people leave them as there default password "root" & "admin" all you need is to get your IP setup and its just that simple.

Linux my friend.

Anyone is welcome to correct me. I have cracked my own home WEP & WPA Network. Only PSK can be cracked ( Pre-Shared Keys). - Deauth a client - Capture 4 way handshake as he reconnects - Download a good dictionary file (eg passwords.txt) The handshake is salted with the essid, so you can use a tool like airolib-ng to build your own database from your passwords.txt file and your targets essid. In turn instead of cracking at a rate of ~500keys/sec we can get to well over 100,000keys/sec & up to 300,000/sec has been reported. My pc does 1 million keys in about 5-10 seconds compared to an hour the normal way. Bottom line, if the password isn't in the dictionary it just doesn't work. With TKIP its my understanding you can only inject packets, i think its 7 in total. But they could be malicious if someone was to be so devious. You cannot get a key form this. Other methods? What about Rogue AP. Setting up a fake access point to imitate the targets own, once they enter the key it gets passed in clear text because its not encrypted in anyway. I havent tried this yet, but looks promising, Cracking WPA Without a Dicitonary

Better of running up a linux vmware ie backtrack. Save you alot of hassle. Its like 5 steps to get this working, Very simple. Sends everything in clear text to a logfile. Ive had no issues with it.

Once you set your proxy up as 127.0.0.1 and your hamster.txt file is being populated with cookie data you should see all those cookies in hamster under an IP. Refresh the page every 1min or so and they will update with new cookies that IP has been visiting. You need to look for the right cookie. Gmail is http://mail.google.com/mail or something like that Steam Games is https://store.steampowered.com/login/ even tho its HTTPS its not secure on the other side so its vulnerable Or... https://addons.mozilla.org/en-US/firefox/addon/13793 is a great cookie editor. Open Hamster.txt and find the login cookie for a website and recreate it in the cookie editor, and you should be able to steal the session that way. You need to test it with someone just going to one website, so you can learn what to look for and what cookies you need. I found it works best when you capture someones cookies right from when they login instead of halfway through. Going back to my question Myspace & Hotmail are causing me some problems, i can get the hotmail cookie to save the email address but it still asks me for a password to login, is there some cookie that i need to use in conjunction with the login cookie? Or a browser issue ie me on firefox and my pc on IE ? Any help would be much appreciated as ive been testing this for days with my laptop and my home pc right next to each other and still cant get it to work.

Ive just started using network hacking tools such as cain to do ARP Poisining & nmap/wireshark for scanning and sniffing so this question might be and easy answer Ive been using Ferret & Hamster to sidejack cookies and steal sessions on my home network, ive browsed to Facebook, Gmail, Steam Games website, Ebay etc and so far the only ones that work are - Face book - Steam Powered - Gmail Why doesn't Ebay & MySpace work? MySpace doesn't have any SSL on it at all from what i can see, Ebay has an SSL login but the pages after that use some sort of .dll in the page header. Is there something different that these sites do that stop me from side jacking them ? Also tried Cain to sniff passwords but they dont appear in cleartext and i cant send them to the cracker im assuming because they are passwords actually on the internet and not on my home network ?