Hey guys, here we go again.
In the last post I talked about setting up a website that you can harvest passwords from. The term there is Captive Portal. While I used Facebook as an example (a bad example at that) it’d be more ideal to get something more unknown spoofed. For example, have you ever been to a hotel, airport, or even grocery store that lets you connect to their “open” wifi but also requires some kind of unique identifier (read: password)? The best example is a hotel where you have to put in your room number, last name, and/or some other very simple identifier.
Let’s get malicious. Actually, first let’s get technical. How does wifi work? Signals, proximity, science, magnets, blah blah blah. I pride myself on blogging to a point. For about $30 you can get yourself a mini router that you can make the signal named (SSID) whatever you want. At a hotel? Identify (now we’re getting malicious) the standard wifi name and duplicate it. Let’s pretend it’s ATTWIFI… ya know for fun and simplicity… you take that little router and broadcast a network WITH THE SAME NAME! NO WAY! Bad news hotel goers, if that new access point (AP) is setup with the same security (ideally open) then you’ll connect automatically if you’re closer (proximity). Go computers! Now you’ve got people connecting to your AP and ideally that AP is going out to the internet so they don’t get suspicious. Intercept their data and take over the world.
Ok take a step back. What if it isn’t open?! Well my friend let’s re-introduce the term Captive Portal. If you know how to do it then set up an open network with the secured network’s SSID, provide a portal requesting the password, harvest it, connect to the wifi and restart as if it were open. If you don’t know how to pull that off, stay tuned for the next posting.
If you’re really lost then drop me a comment, email, or whatever and we’ll get ya rockin. After this saga you can expect a video series to tie it all together on YouTube.
I have a class on this very topic coming up through the MCPA-SA. I’ll keep ya posted. Either way, stay tuned in!