Network hacking is a practice that takes on many forms. One example is when people piggyback on another person’s internet connection so they can surf the web for free. The other side of the coin is worse – now that you are inside a network you can scan the network and find some unsecured network device such as a computer or some other portable device that is connected to it. You can then try to access the information remotely. One example of that is when you have logged into a WiFi network in a local café you can open your Windows explorer and click on Network. If file sharing and network discovery is turned on in that particular network then you can look for a connected computer or device and try to access the files contained in it. In this chapter we’ll dive into the basics of network hacking.
If you want to learn about the old school ways of hacking into another person’s network then war
dialing should satisfy your craving. This hacking method takes advantage of vulnerabilities in another
person’s telephone system. Yes, some people are still using dial up internet connections. Some
network administrators even keep the old dial up connections as some sort of backup in case their
main internet service goes down.
The tools of the trade in war dialing of course are war dialing software. Hackers can detect repeat
dial tones. They can then enter a password at the dial tone and make calls anywhere – for free. They
can also access voice mail, especially for phone systems that use PBX switches.
Network Structure Vulnerabilities
Computer networks have vulnerabilities. Even low level vulnerabilities can be avenues for hacking
exploits. The very tools you use to hack networks are also the same tools that can be used to detect
any vulnerability in your network.
You need network scanners that can perform trace routes, DNS lookups, and other network queries.
Some scanners can also do port scanning and ping sweeps. There are those that can also do SMTP
relay testing. You will also need a scanner that can do operating system fingerprinting and host port
probing. There are network scanners that can also test firewalls.
Port scanners can tell you what devices are on your network. They’re pretty easy to use and you can
test any system with one. All of the commonly hacked ports make use of TCP protocols but some of
them use UDP as well. The most common ports and the services associated with them include 23
(Telnet), 22 (SSH), 7 (Echo), 53 (DNS), 21 (FTP control), 80 (HTTP), 25 (SMTP), 443 (HTTPS),
19 (Chargen), 1433 (Microsoft SQL Server), and 20 (FTP data) among many others.
Breaking Into WiFi Networks
Wireless networks that are run in the home, office, cafes, and pretty much anywhere are also avenues
Back in the day, WiFi networks were kept open. That means if you had any device that could connect
to the internet via a wireless connection, then all you needed to do was to search the area for some
free open networks. Back then, when you bought a wireless router, the default configuration was
open, which meant anyone could get on and piggyback on your internet.
Of course that caused a lot of problems. The more devices that are connected to your wireless
connection the slower the service goes. Back in the day the only thing keeping hackers off your
connection was the range of the signal coming from your WiFi router.
The common tools of the trade back then included directional antennas and signal amplifiers. Some of
the more expensive tools can fish out your WiFi signal from miles away.
Back in the day, the only security available to WiFi router owners was WEP (Wireless Encryption
Protocol). It worked for a time but it was poorly designed. Anyone can monitor your router’s
communication and eventually crack the WEP code.
Nowadays, users don’t set limits to their WiFi signals, which is a good thing since you won’t need to
buy those crazy antennas. Most routers have a range of 1,500 feet nowadays (about 500 meters). The
only different thing they’re doing today is that the newer routers use WPA (WiFi Protected Access)
and WPA2 (WiFi Protected Access 2) as their type of security protocols.
Theoretically, these new security protocols are much better than WEP – and they are. The old
monitoring and WiFi cracking software tools will now take several days or even months to crack
those codes. However, with the improvement in today’s wireless security protocols, come
improvements in the way wireless networks are hacked.
Nowadays, if you want to hack into your neighbor’s wireless connection, you should monitor the
wireless activity and catch the data (i.e. pocket capture) as their computer or any other authorized
device is logging into the router or access point. Now, that may seem like a hard thing to come by
given the fact that most people just keep their computers connected to their routers almost 24/7.
The good news is that there is a workaround this tough hurdle. All you need is to send out a deauth
frame. What is that? Those are packets that you send to the access point (e.g. the wireless router) that
de-authorizes other devices that are already connected to the network. Simply put, send those packets
and all connected devices will be forced to login again. Since those devices will have to login again
you have a chance to capture the login information.
Tools for Hacking Into Wireless Connections
The tools for hacking into wireless connections are available today. You will have to pay for the
really good ones but there are open source (i.e. free) ones out there that will also do a decent job.
You will have to look up and download what is known as penetration testing software (e.g. Aircrackng among many others). Some of these programs will cost you hundreds if not thousands of dollars. If
that isn’t a price you’re comfortable with then you can just go with open source variants. They work
too but they have their limits.
Wireless penetration testing programs can send deauth frames. After that they will capture pcap files
for you (pcap = packet capture). Capturing the pcaps will take an hour or so. The next question is
what do you do with the pcap files? Some penetration testing software can examine the data for you.
However, if the functionality of your hacking tool is limited (since it’s free) then you will have to get
another tool to crack the pcap files – they’re called password crackers.
Again, some password crackers are free and others are paid. Some of them you have to install onto
your computer while others are online applications. The basic operation of these password crackers
is that they check the pcap files against a database consisting of millions of possible passwords.
Sometimes it only takes seconds before these software programs can crack the passwords.
One secret is that many routers nowadays still have WiFi Protected Setup enabled. Cracking software
will usually break down the PIN into a couple of equal halves. The pin actually has 8 characters.
Note that the last character of that pin is nothing more than a checksum. This means that the only
digits/characters that need to be cracked are the first seven.
You may have encountered routers that do not broadcast its SSID, the name assigned by the user to the
wireless network. You can figure it out using a war driving stumbler program. Some routers also
have MAC filtering, which only allows listed devices to access the wireless network. That may also
sound secure, however, MAC addresses on this list can also be captured in the same way that pcap
files are captured. You can then copy or use the captured MAC addresses as your own, which is
called spoofing. Yes, there are software tools that can spoof MAC addresses for you or you can do
that by yourself by editing the registry.
What's Your Reaction?