Guest Deleted_Account Posted December 17, 2010 Posted December 17, 2010 So at my house I have two routers one for normal private use (WPA2-AES) and an old one for some other stuff (WEP ONLY). Now this older one is basically there because of my really old set-top box that only supports WEP (Thanks shaw). Basically this skiddy or at best some one that doesn't really know what they are doing keeps cracking my my old router and trying to use metasploit and wireshark. He has been rather unsuccessful and I have been changing the WEP key every day now but he seems to be doing it at around 3 am so I am not really wanting to hunt him :P Right now I have Mac filtering in place and it seems to have slow him down for the moment but my question is what would be the Leagality of setting up a Karmetasploit AP with the same WEP key and all? I mean technically he is hacking my AP and has no right to be there so it is not my responsibility if he gets "hacked". This would be easy and because I already have one setup for testing I could just changed the SSID and leave it up for a day or two. Provided I do this and the exploits work I would only leave a TXT file telling him to F*** off (nicely of course). Any ideas? Legal or no? I have asked around and my Lawyer friends says that it should be perfectly legal as he has A) no right to expect privacy on my network B) No right to be on it C) No right to expect it to be safe. Thanks any comments are appreciated. X942 P.S before anyone says I should buy a new set top box I know... But Shaw Cable keeps wanting to charge $399 or so for it and Cutting cable wont do because here in Canada we don't have OTA anymore :( Quote
Infiltrator Posted December 18, 2010 Posted December 18, 2010 (edited) 1. Changing the wep key is not going to make much difference, its only a matter of capturing enough packets to crack the key. 2. Mac address filtering may slow him down, but its not near as effective for preventing someone access to the AP. 3. Have you checked for firmware update for your router? If your router is supported, you may even be able to flush its firmware with DD-WRT or tomato. That should allow you to enable WPA instead of WEP. Edit: I've been doing a bit of thinking, and if you had a Karmetasploit AP set up, you could do a bit of research on this guy, find out what he is trying to do, perhaps by sniffing his traffic and then recording all his activities for proof, if you plan on taking him to a court. Edited December 18, 2010 by Infiltrator Quote
hexophrenic Posted December 18, 2010 Posted December 18, 2010 Legality depends on jurisdiction. Most states (US), I suspect, would consider retaliatory hacking (Karmetasploit included) illegal. Quote
Guest Deleted_Account Posted December 18, 2010 Posted December 18, 2010 Legality depends on jurisdiction. Most states (US), I suspect, would consider retaliatory hacking (Karmetasploit included) illegal. I live in Canada so I am going to assume it will be close to the same which is kind of stupid because if you hack into a computer and get infected the owner doesn't get arrested but the person who hacked in does... so shouldn't it be the same? He has no right to be there and as such no right to expect to not be hit with something on a foreign network. Ah well I will go the legal route then. As for The other reply when i mean old i mean OLD this thing is running some odd chipset that doesn't seem to exist any more and checking for alternate FW yields no results sadly. Any other options? Maybe set-up some kind of Deauth so only my Set-top box can connect to that AP but that would be just as good as mac filtering... I have captured allot of packets and it seems all he does is browse facebook and upadate metasploit before more IDS goes crazy detecting attacks. For now I put it behind a switch in hopes that he can't access anything of value. I also setup a Shell script to change the WEP Key randomly at random times using the website front end. It then emails me the new key. Hopefully this will confuse him for now. I am considering turning my smart phone into a hotspot when ever I want to use internet on the set-top box that way it is only good for about 50 ft or so... Anyone have experience hacking cable box's? I read somewhere (will post link) that Shaw "locks down" WPA functionality of the wifi card through software means. Everywhere I find is out-of-date and wont work for me sadly. Quote
Vodmya Posted December 18, 2010 Posted December 18, 2010 In Canada any computer counterattack is still illegal. The law is the law is the ... 2 wrongs don't make .... blah blah. Unfortunately you're gonna have to limit your range like you said or spend some bucks. Good luck. Quote
Trip Posted December 18, 2010 Posted December 18, 2010 yeah dude wep is ooooooooold now .... upgrade it wont cost u much id setup a 'fake' server with loads of rubbish on it all infected with malware, virus's and some reverse tcp fun :) hack the hacker rules are there to be boring ... have some fun ;) you never know hack the hacker n u might get a job with the fbi or what ever u have in canada :D Quote
Sparda Posted December 18, 2010 Posted December 18, 2010 The most defense you can do: Limit range of single Limit direction of signals (between the two devices) Turn off SSID broadcasting Use mac address filtering Turn off your client device when you aren't using it (no client, nothing he can do) All this requires no new any things. With new stuff you could do some thing like detect when the network is been flooded with ARP requests then turn off wireless on the router. This could be done with a snort rule or similar. Of course, then it's basically a DoS on your self, so perhaps not the best solution. The ultimate solution: Get some thing you can install DDWRT on, use it as a bridge between WPA2 wireless and wired ethernet. I assume your box thing has a ethernet port. Quote
555 Posted December 18, 2010 Posted December 18, 2010 If he is cracking your WIFI that means he is close by your house, just go out there and kick his ass and tell him to stop fucking with your computer. Quote
Infiltrator Posted December 18, 2010 Posted December 18, 2010 Or find out where he lives, and then mail him a nice letter, saying I know its you, who is hacking my wireless, if you don't stop I will call the cops. Quote
mux Posted December 18, 2010 Posted December 18, 2010 So wait...I could be legally held responsible if I setup a test environment on a wireless network that infects someone's computer that they used to hack into my network? Quote
Infiltrator Posted December 18, 2010 Posted December 18, 2010 In Canada any computer counterattack is still illegal. The law is the law is the ... 2 wrongs don't make .... blah blah. Unfortunately you're gonna have to limit your range like you said or spend some bucks. Good luck. That's the law in Canada, how about other countries, would that still be considered illegal. I am not sure here in Australia though. Quote
Dragon.Knight Posted December 18, 2010 Posted December 18, 2010 I live in Canada so I am going to assume it will be close to the same which is kind of stupid because if you hack into a computer and get infected the owner doesn't get arrested but the person who hacked in does... so shouldn't it be the same? He has no right to be there and as such no right to expect to not be hit with something on a foreign network. Ah well I will go the legal route then. As for The other reply when i mean old i mean OLD this thing is running some odd chipset that doesn't seem to exist any more and checking for alternate FW yields no results sadly. Any other options? Maybe set-up some kind of Deauth so only my Set-top box can connect to that AP but that would be just as good as mac filtering... I have captured allot of packets and it seems all he does is browse facebook and upadate metasploit before more IDS goes crazy detecting attacks. For now I put it behind a switch in hopes that he can't access anything of value. I also setup a Shell script to change the WEP Key randomly at random times using the website front end. It then emails me the new key. Hopefully this will confuse him for now. I am considering turning my smart phone into a hotspot when ever I want to use internet on the set-top box that way it is only good for about 50 ft or so... Anyone have experience hacking cable box's? I read somewhere (will post link) that Shaw "locks down" WPA functionality of the wifi card through software means. Everywhere I find is out-of-date and wont work for me sadly. You say this guy is messing with his facebook so I'd have fun with that. I'd change his FB password everyday or two just to piss him off and make sure to change his status a few times putting up some kind of really ridiculous shit that don't make any sense. Eventually he might figure out what's going on and leave you alone. But of course none of what i said is legal and probably should not be done. Quote
Alias Posted December 18, 2010 Posted December 18, 2010 (edited) Or turn everything upside down. Edited December 18, 2010 by Alias Quote
cykio Posted December 18, 2010 Posted December 18, 2010 Since he is nearby find out who he is and train him as your padawan apprentice. Bring him away from the the skiddy darkside Quote
c0r Posted December 18, 2010 Posted December 18, 2010 (edited) Hmm monitor everything he does for a month...then get him back! Delete every account you have passwords from... No need for the "law" here.. c Edited December 18, 2010 by c0r Quote
Vodmya Posted December 18, 2010 Posted December 18, 2010 Wififofum on a mobile and find him/her and leave a polite f/u cease and desist or get pwned note on their door. Quote
justapeon Posted December 18, 2010 Posted December 18, 2010 Set up a honeypot with a fake highly secret government web site with all kinds of stuff to keep him busy for a while. Make a directional wifi antenna lock in on the offender. Even better, Find a friend with a plain black car, dress up in black suits, and go to the offending abode with your directional antenna and laptops to scare the crap out of them. If nothing else, it will make people aware something fishy is going on there. Quote
Guest Deleted_Account Posted December 18, 2010 Posted December 18, 2010 In Canada any computer counterattack is still illegal. The law is the law is the ... 2 wrongs don't make .... blah blah. Unfortunately you're gonna have to limit your range like you said or spend some bucks. Good luck. Well that sucks. (not saying your statements wrong but in general) I don't get why this is a "CounterAttack" he hacked into a deliberately compromised network and got compromised himself. I do get why it would be illegal however it just seems like this would quite easily get thrown out of court... that said I am not doing it now I know for sure it is illegal :P yeah dude wep is ooooooooold now .... upgrade it wont cost u much id setup a 'fake' server with loads of rubbish on it all infected with malware, virus's and some reverse tcp fun :) hack the hacker rules are there to be boring ... have some fun ;) you never know hack the hacker n u might get a job with the fbi or what ever u have in canada :D That could be seriously entertaining and would be quite easy to deny if they tried pressing charges just say that you didn't know it was infected or its a test bed for pentesting. Landing a job with the RCMP (FBI) as a result would be awesome I've heard of this type of thing happening and being in school for computer forensics that would be awesome! The most defense you can do: Limit range of single Limit direction of signals (between the two devices) Turn off SSID broadcasting Use mac address filtering Turn off your client device when you aren't using it (no client, nothing he can do) All this requires no new any things. With new stuff you could do some thing like detect when the network is been flooded with ARP requests then turn off wireless on the router. This could be done with a snort rule or similar. Of course, then it's basically a DoS on your self, so perhaps not the best solution. The ultimate solution: Get some thing you can install DDWRT on, use it as a bridge between WPA2 wireless and wired ethernet. I assume your box thing has a ethernet port. I have now done the following: Range is limited down to (I think) 50ft or so, Mac filtering is on, Shell script that randomizes the password, and the last two you posted don't work on my router both cause it to freeze up and I have to reboot.. Ah well. I am looking into getting a router for the DDWRT route but when I tried this on my debian laptop bridging did not work. Then again my only unused ethernet cable may be damaged so will try again with said router. If he is cracking your WIFI that means he is close by your house, just go out there and kick his ass and tell him to stop fucking with your computer. In my case yes he has to be close and I mean CLOSE my router on full barely extends to my drive way. So he would have to be one of my neighbors on either side. although that said I have personally hacked WEP from 2 blocks away from the AP so its not always the case. Or find out where he lives, and then mail him a nice letter, saying I know its you, who is hacking my wireless, if you don't stop I will call the cops. That is what I should do now that I know for sure my method would have been illegal. I should write up a cease and desist order and send it to him. So wait...I could be legally held responsible if I setup a test environment on a wireless network that infects someone's computer that they used to hack into my network? Apparently yes. This is kind of sad and stupid but I am sure it depends on the circumstance. For example if you call the AP "TESTING" and set it up with WEP and it is running karmetasploit I am fairly certain no one in their right mind would prosecute you when someone else hacked in to it. Or turn everything upside down. lol I should do this just to screw with him. Wififofum on a mobile and find him/her and leave a polite f/u cease and desist or get pwned note on their door. I only have an ipod touch and a Blackberry right now sadly my Droid X is in for repairs. Any apps can work on these devices? Set up a honeypot with a fake highly secret government web site with all kinds of stuff to keep him busy for a while. Make a directional wifi antenna lock in on the offender. Even better, Find a friend with a plain black car, dress up in black suits, and go to the offending abode with your directional antenna and laptops to scare the crap out of them. If nothing else, it will make people aware something fishy is going on there. Ha I could do this too I have a Black '92 BMW! just throw the ol'suit on and scare the crap out of this guy. Quote
psydT0ne Posted December 19, 2010 Posted December 19, 2010 Honeypot?? http://www.atomicsoftwaresolutions.com/honeybot.php Quote
Trip Posted December 19, 2010 Posted December 19, 2010 infected puss oozing festering honey pot ;0) mmmmm nice :) Quote
Guest Deleted_Account Posted December 21, 2010 Posted December 21, 2010 Honeypot?? http://www.atomicsoftwaresolutions.com/honeybot.php Hmm.. looks interesting. A honeypot is a device placed on a computer network specifically designed to capture malicious network traffic. The logging capability of a honeypot is far greater than any other network security tool and captures raw packet level data even including the keystrokes and mistakes made by hackers. The captured information is highly valuable as it contains only malicious traffic with little to no false positives. That could be useful information to have as evidence too. I have got to work setting one up. My question is how can I, if possible, triangulate the attacker? I mean some one mentioned some WiFi tools should I do something like set up an ad-hoc WEP network with the same name and use a directional antenna to figure out is approximate where abouts or is there a better way? I know he has to be within one or two houses. Quote
justapeon Posted December 21, 2010 Posted December 21, 2010 (edited) laptop + usb wifi adapter + usb extension cable + plastic salad bowl (from the dollar store) covered in foil with a tight hole for the usb wifi adapter (sort of directional antenna). I will let you figure out the rest. Edited December 21, 2010 by inventoman Quote
Guest Deleted_Account Posted December 22, 2010 Posted December 22, 2010 (edited) Thanks for the tip! I used that with an Alpha along side with a WiSpy and a second laptop with my Directional antenna. I then discovered this page: CLICKY and went to work making my own Trilateration script for linux (Fedora 14 specifically). So far the tool is buggy at best but has worked somewhat giving me multiple Locations. (I have been tracking a Karmetasploit AP he is broadcasting on his laptop/computer after I matched the MAC of the two). My script is very alpha however and seeing as I get allot of "false data" (off by 5 meters +/-) I am trying to make it better. Anyone have any experience with this? Math is not my favorite and I am mostly using stuff I found online and wrapping it into my C++ script. The script basically takes the outputs (signal strength and SSID) from my gathering tool (a very simple wavemon like tool that just grabs signal strength and SSID and BSSID) and uses the strengh from two outputs (the two laptops) and tries to find the location through trilateration. Unlike the wispy ssm tool I posted a link too mine uses two laptops to find one AP instead of one laptop and multiple AP's. I could also, theoretically do the same with two cards but I found the location was off even more. Thanks for all the help! Edited February 23, 2011 by x942 Quote
justapeon Posted December 22, 2010 Posted December 22, 2010 (edited) If this is done in the middle of the night, Just see whose light is on at that time of night and point the antenna towards it. One thing you have to consider is if that particular system was hacked remotely, then things get even more interesting.Worst case scenario is to file a complaint with the FCC. They have the equipment to find them. Edited December 22, 2010 by inventoman Quote
Guest Deleted_Account Posted December 22, 2010 Posted December 22, 2010 (edited) If this is done in the middle of the night, Just see whose light is on at that time of night and point the antenna towards it. One thing you have to consider is if that particular system was hacked remotely, then things get even more interesting.Worst case scenario is to file a complaint with the FCC. They have the equipment to find them. True and another good idea. Some how I doubt the system was remotely hacked for several reasons: 1) OS Detection from NMAP says it's running linux. Further investigation shows he is running BT4 (R1?). I pulled this by setting up a captive portal with some javascript to grab his OS and other useful information. 2) Wouldn't you notice if your laptop suddenly was running karmetasploit? I mean assuming it is a laptop then batter drain would be crazy If it is a hacked system this would be more interesting but I just can't see it happening like this. The victim would have had to already been running BT4, presumably on the hard drive because if it were a live disk a simple reboot would kill any malware, and the attacker would have to hack into his system which would probably be through a web page or trojan as, again presumably, he is behind a router and not directly plugged into a modem without any protection. The attacker would then have to run all tools in the background where the victim couldn't see it (the easiest part of the whole ordeal) and then they pulled off one great anonymous attack that's for sure! EDIT: Is the FCC the same as the CRTC in Canada? Or what is our inequivalent of the FCC? Edited December 22, 2010 by x942 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.