Learning to be an evil hacker...

I was a bit bored last week so I started to learn a bit more about computing. In particular, learning the UNIX OS and brushing up on my programming. Then I looked into breaking WPA PSK password protected networks which seemed a fun thing to do.

I live in an apartment building with maybe 6 other apartments, most with wifi routers, so I thought it might be fun to hack everyones passwords and then let them know what they needed to do to make their network more secure. Kind of like being a good neighbour.

Turns out the only person with any password sense is me!! I have a 13 digit password mixture of random letters and numbers. Totally impossible to hack. They have passwords like 'password' and 'me' and 'kuwait' and 'secret22'. My dictionary attack, after I'd sniffed the handshake to the router, took a maximum of 2 minutes for any of them. I let them all know the importance of long passwords with mixtures of caps, lowercase and numbers, at least 9 characters long....same for banking passwords.

Next job is to hack into my colleges management system BEFORE they open a student portal next year, just to show them how insecure their network is. As we become very dependent on the network and the system, I think it's pretty important they know the weaknesses. I'm pretty sure, it will amount to the same thing though...pathetic password practice from the user base.

Have you read "Surely, you are joking Mr Feynman"? Feynman discovered he could easily open any cabinet in the base, including those with the most sensitive information about the atomic bomb because workers left the drawers open, showing the mechanism and the first two numbers of the combination for the drawer on top.

The director just sent everyone a note saying "Don't allow Feynman to get close to your drawers".

Yes, I have read that. Social engineering hacking is, of course, the easiest type to do. Call up someone in the company, tell them you're from IT and that you are testing security so you need their access codes. This is easily the commonest type of hacking (outside opening attachments that say things like 'look at this amusing cat video').

PS In case I forget, FUCK THATCHER, the most divisive British politician of the 20th Century. My grandparents, who were working class but very right wing (racist and everything) only hated one group more than Thatcher and that was the IRA. They hated them even more when they failed to assassinate her. Not only were they terrorists but they were incompetent terrorists!!

Pretty sure in the USA that good intentions don't make hacking someones network any less illegal.

Good job I don't live in the USA then!!

Using WPA or WEP today is insane. I'm surprised routers still use it. WPA2 with AES with WPS disabled is the only way to go.

All of the routers I cracked today had WPA with AES (btw that is WPA2). No one was using WEP and I didn't even look for WPS as I assume everyone here is using new routers where that option is not available anyway. I certainly don't have the option to enable WPS on my router.

The weakness is always the password. Doesn't matter what the encoding is, if you have a password less than 8 (or so) characters, your router can be hacked (although most wouldn't spend the time to hack an 8 char password). Like I say, here the norm is 4 chars, at best. Two minutes max to find it.

ThirstyMan wrote: PS In case I forget, FUCK THATCHER, the most divisive British politician of the 20th Century. My grandparents, who were working class but very right wing (racist and everything) only hated one group more than Thatcher and that was the IRA. They hated them even more when they failed to assassinate her. Not only were they terrorists but they were incompetent terrorists!!

With all of her tax cuts to the rich, can one of them afford to cut off her head, stuff her neck with garlic, and bury her in a spruce box on hallowed ground?

SaMoKo wrote: With all of her tax cuts to the rich, can one of them afford to cut off her head, stuff her neck with garlic, and bury her in a spruce box on hallowed ground?

My old man offered to do that to Richard Nixon's corpse for free. First words out of his mouth when ol' Dick's funeral telecast started was: "How the fuck can we be sure he's dead with a closed casket? I need to see the stake!"

I'm surprised they didn't disinter Reagan's corpse so they could shove Lady Iron Britches' head back up his ass, this time to stay for all eternity.

Have since found out, from friends, that some routers come with a factory generated 16 char code which you don't need to change. Does anyone know if these are truly random and different for all users? Seems like it might be expensive for the company to hardcode a different password into every model. Maybe my friends misunderstood. Would there be any reason for someone to change that password? I didn't encounter any passwords as long as this in my 'travels' (I know that because I found all the passwords). Just interested.

Number one on the UK hit parade at the moment is 'Ding Dong The Witch is Dead' from Wizard of Oz. The BBC are refusing to play more than 5s of this song, at any one time, on the grounds that 'it is divisive and shows lack of respect for the dead'.