Saturday, September 15, 2007

The Joy Of Hacking Wireless

I was on my dad's laptop, which has Vista on it and has a quite wide range of wireless. I was on the laptop yestarday morning when I noticed a new wireless connection, unsecured. That is the same as saying please use me.

And I did. I surfed the internet a bit. It was quite fast even though the internet range was a bit low. But I wasn't going to stop there. I was up for a challenge, of trying to log in to the router. I opened up a map of the links. Good old Vista showed me everything, including the IP address of the router.

I went for it and typed the IP in my browser. Now the hard part - the thing needs a username and password. I thought that I could try the factory defaults, the normal user and pass that comes with the router. I went and searched on Google for the defaults of Linksys routers, and I found them. Feeling lucky, I typed them in and hit OK. I hit the jackpot, I was in.

Now from here, I could do anything. I was able to see his username and password for his ADSL connection. It seems he's using Wanadoo (which is now Orange). Now this is not a worry, but what is...

I could password encrypt his router and wireless connection. This would mean that only I could use his connection whenever I wanted. The only solution to this problem is to reset the router, but poor old Jordanians don't know that.

But then again, I'm a good guy and I won't do this. I wait until after Ramadan. >=)


  1. People are really dumb, If I haven't said this a million times, I probably said it more! But, people just don't listen
    They really need to secure their stupid infrastructure, and it's freaking simple, but are they doing it? Noooo they just think it's secure by default. And then they blame EVERYTHING else in the world but their own stupidity!

    Read my tips here

    A word of advice, don't think Hacking is a good thing, it's not! Trust me on this one. It's not

  2. New visitors! Hi Qwaider

    Yes, i think routers should make people at least secure the admin part of router rather than leaving them to the defaults.

    As for hacking, I am a white hat hacker. Ethical hacking is all I do. I do like it, I did a few JS challenges using XSS exploits on a website as well as SQL Injections, but I can't remember its name.

  3. Yes, I love taking a laptop/PDA somewhere and finding someone has shared thier wireless with other people! =)

  4. A question, is the ip of the router is the same ip as the gateway?

  5. Actually, this is called "Invading people's privacy"! It definitely not ethical, and is Haram also. Be careful.

  6. IRC: Yes, usually this is the case unless something else happened. XP usually gives you both the IP of the port and the gateway, and usually they are the same.

    Bilal: Come on, lighten up! This isn't invading privacy because I was just trying out security settings. I wish I could go and tell the person but they'd probably say "Your too young, go away."

    By the way, from the name of the wanadoo username, I found out that it was W. Akraas. The flat next to us has the family Akraas, and the father's name is Wael. But I'm not going to tell them, because I don't know them anyway. =P

  7. Qwaider, you're being too tough on the none-technical people out there. Its not their fault, because if they're that none-technical, then they probably hired someone to set it up for them, and its that person who ripped them off. Leaving the default password is very foolish.

    Personally I don't enable encryption on my network, but I do use MAC filtering. So that only a specific list of PC's that I specify in the configuration software can get on the network. I am aware that MAC addresses can be spoofed, but I don't see how anyone can know which MAC addresses to spoof, and there are just far too many combinations for them to brute force it.

    Khaled, I would tell your neighbour, and offer them to fix it for a small fee :)

  8. Haha...Probably Mr. Al-Akras is reading this post now and he will be waiting for you in a dark alley when are going back home, be careful, carry your gun with you always:)
    On a side issue, that means that i can buy Wireless router and out in Haitham's apartment and still can get a very good signal, right??

  9. Hani: MAC Filtering is good, but it still stops someone from coming to your house and using your internet connection (like a guest that has a laptop). I prefer passwords (or keys, as they're called) since they can be used by anyone and can be saved easily so you don't need to type them all the time. You can also try private SSIDs, which is like a wireless network that can't be discovered. You have to add it manually, because an SSID is basically the name of the network (eg. linksys or WLAN). By the way, I'm not really keen on telling him, because I don't know him and he'd probably think I was joking or wouldn't understand what I was talking about.

    Bilal: Yes, I'm carrying my AK-47 with me all the time, and am going to hire five personal bodygaurds. I may aswell hire Agent 47 to kill him... Anyway, do you mean that amo Haitham will get the internet and you will pick up the signal? You should usually be able to get a strong signal most of the time, since he is under you, but you might have to go under the room that the router is in. Remember to get a 802.11g router and adapter because they are the most powerful and common ones yet.

  10. This is just too wrong!

    Anyways, if you are using only an ADSL modem, should you log into the modem config. webpage and create an admin user/pass as well?

  11. Only an ADSL modem? Well, one - you can't. Two, you can only use the modem from your computer that has the user and pass. Three, nobody can use it without a username and password, AND a direct (cable) link to the modem. The problem with routers and wireless stuff is that routers store your username and password and are connected to the internet all the time. Wireless signals can be used from anywhere, like Bluetooth signals.

  12. Can anyone recommend the best Network Monitoring system for a small IT service company like mine? Does anyone use or How do they compare to these guys I found recently: N-able N-central remote pc access software
    ? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!