Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

getting caught wifi hacking


ghost's Avatar
0 0

I was wondering if it is possible to get caught wifi hacking if after you connect to the access point and are using their internet and you go to yahoo.com and your session is still on from the last time you logged in. Will the email or session be logged by the router in anyway?

Like say your email was dickflyingcunts@yahoo.com, you log in and then use another internet access point and when you go back to yahoo.com your still logged into that same account is that bad?


ghost's Avatar
0 0

No, cookies and sessions are stored on your computer, but while connected they can see who is connected through the router and block you or more, so be carefull.


ghost's Avatar
0 0

Coder Disaster wrote: No, cookies and sessions are stored on your computer, but while connected they can see who is connected through the router and block you or more, so be carefull. session ids and cookies arent stored on the router but they are definitely stored on your computer. Also the router will store mac / dhcp / etc information about your computer, and it can still be viewed even after you are off their network.

Edit: I just realized what you were poorly trying to communicate to an even more poorly written thread by the op. Other computers on the network you are on, do not get/keep cookies/session IDs.

@Op I wouldn't go wardriving anytime soon. The more you dont know, the more likely you are to do something stupid and get caught.


ghost's Avatar
0 0

Configure browser settings to automatically remove cookies, session ids, cache, history. You know, the works. Also if theres logs, which there are… Make them disappear or just clear them.


ghost's Avatar
0 0

I think your questions/replies are more and more showing how little you understand about how computers and the internet work.

If you log into yahoo.com you will receive session ids and cookies. 1 of the many reasons for this, is a time based authentication. This is so you dont have to re log in every time you change a page. These cookies are stored on your machine and sent to the server with your requests. They are generally not stored by every computer that's on the network.

For more info please read: http://en.wikipedia.org/wiki/HTTP_cookie


ghost's Avatar
0 0

[quote]apescanfly223 wrote: I was wondering if it is possible to get caught wifi hacking.."

Hell yes, it's easy to get caught if the host has any wits. Like say, all they'd have to do is browse the network for a sec or open processing servers and you're caught. Even if you delete cookies and all that shit, like dude said..it's still visible after the session has ended. I wifi hack occasionally and it's ok to, just don't make it a habit because isp's are actually cracking down on it now.


spyware's Avatar
Banned
0 0

"If I steal this car, will the owner know that it's gone?"


ghost's Avatar
0 0

chronicburst wrote: Configure browser settings to automatically remove cookies, session ids, cache, history. You know, the works. Also if theres logs, which there are… Make them disappear or just clear them.

Alright… you do realize that having your browser clear all of that crap has nothing to do with the danger of being caught wifi-hacking, right? Those things are localized to your machine.

About the logs… wow. Just wow. Someone share this magical crack smoke that I'm missing out on, because you guys really come up with some amazing bullshit. Let me see this one again…

Also if theres logs, which there are… Make them disappear or just clear them.

You seem quite confused in your logic. Have someone help you learn how to construct sentences that actually have meaning. Also, "just clear them" makes it sound as if you just have to go click a button on your computer… you do realize that the logs you'd need to worry about would be on the WAP / wireless-capable router, right?

COD3 wrote: Hell yes, it's easy to get caught if the host has any wits.

You should've stopped here. No one ever does, though… you felt the need to prattle on like a moron for a few more sentences.

Like say, all they'd have to do is browse the network for a sec or open processing servers and you're caught. Even if you delete cookies and all that shit, like dude said..it's still visible after the session has ended. I wifi hack occasionally and it's ok to, just don't make it a habit because isp's are actually cracking down on it now.

Umm… first, wtf is an open processing server? Or is it the act of opening a processing server… in which case, what is that? Either way, that sounds like jargon from the craptacular "Hackers" movie from the mid-90's.

"Browsing the network" isn't how they'd catch you… that's how they'd access a network file share or a networked printer… or even an intranet web server. I believe the word you were looking for was "scanning".

You wifi hack occasionally? How on Earth do you manage that? Do you ask them politely for the key, but use SE (so it's a hack to you)? stdio hit the nail on the head… the people that have no idea what they're talking about have no reason to be replying to real questions.


ghost's Avatar
0 0

Logs are stored on both machines. Local and the remote machine. So lets say I were to go wardriving and I crack a WEP and get in the network. Would cracking the WEP show as anything in the logs? I am assuming no but it will log you accessing the remote machine. And everything you do will mostly be logged and stored in cache, cookies. So if I delete logs, cache, cookies then I am not in the clear you are saying, correct? So what else can store your entry and modifications. On route to google as well.


ghost's Avatar
0 0

Ok generally speaking where is what the security logs look like when you connect to a LAN. Either through a wireless access point, or land line.

Note it logs your attempts log onto the network and several scanning detections as well. It also logs the dhcp clients connecting through the gateway.


ghost's Avatar
0 0

chronicburst wrote: Logs are stored on both machines. Local and the remote machine. So lets say I were to go wardriving and I crack a WEP and get in the network. Would cracking the WEP show as anything in the logs? I am assuming no but it will log you accessing the remote machine. And everything you do will mostly be logged and stored in cache, cookies. So if I delete logs, cache, cookies then I am not in the clear you are saying, correct? So what else can store your entry and modifications. Zephyr_Pure wrote: <snip> … you do realize that the logs you'd need to worry about would be on the WAP / wireless-capable router, right?


ghost's Avatar
0 0

Dont 'hack' your neighbours wifi, dont sit on the wall outside a house you are trying to 'hack', use a MAC spoofer and you are unlikey to get caught, common sense


ghost's Avatar
0 0

SO spoofing another mac makes you appear to be some other machine, therefore you are safe…er. Okay well cracking a router is a harder step. Unless theres default passwords but other than that it must be a pain in the ass.


ghost's Avatar
0 0

chronicburst wrote: SO spoofing another mac makes you appear to be some other machine, therefore you are safe…er. Okay well cracking a router is a harder step. Unless theres default passwords but other than that it must be a pain in the ass.

Yes… because WAPs behave like switches when directing their packets. Thus, the transmissions are guided by MAC address to the connected wireless computers. Unfortunately, a WAP acts more like a hub in the way that it protects transmitted packets… which is why it is possible to pick up other transmissions with a sniffer. This could make it A LOT easier to get at the router.


ghost's Avatar
0 0

So other than an MITM attack, brute forcing, and trying default passwords, getting access to a router can be quite difficult. Well there's also social engineering, but that isn't always the answer.


ghost's Avatar
0 0

Well my thinking was more along the lines of someone calling their ISP and saying "an unauthorized user was connecting to my WAP and doing horrible things to other hosts on my network" then it being investigated and the ISP who finds out you were logged into a yahoo account. Then uses the requests made to find out your yahoo account.

I do not know how much they log at an ISP but if they log enough they can see the GET requests you have made and can use use these along with other information to find out what account you were using and on and on it goes.

I do not know how much they actually investigate a thing like that but you never know.

I was not thinking the person who notices someone on their network would be able to look at the client side cookies and track you down.


Infam0us's Avatar
Member
0 0

stdio wrote: [quote]Coder Disaster wrote: No, cookies and sessions are stored on your computer, but while connected they can see who is connected through the router and block you or more, so be carefull. session ids and cookies arent stored on the router but they are definitely stored on your computer. [/quote]

Well believe it or not your cookies are accessible to others on your LAN. If I get into your wireless network and you log into HBH, Gmail, Yahoo, Bank of America, Ebay whatever I can piggy back on that session and be logged into your account also. As a matter of fact I'm gonna write a thread about how to do this.

EDIT: actually Im not gonna write an article on how to do this, I dont want a bunch of skids running around "hacking" wifi's and stealing email accounts…


ghost's Avatar
0 0

I read a report about the ISP's and they log everything for up to 12 months i think ,so yes they could phone up the isp and say someone was piggybacking my interenet.


ghost's Avatar
0 0

chronicburst wrote: So other than an MITM attack, brute forcing, and trying default passwords, getting access to a router can be quite difficult. Well there's also social engineering, but that isn't always the answer.

Routers have vulnerabilities, too, as do the machines behind them. Some routers run services on them (like web servers, FTP, SSH, etc.), a vast majority have a web interface that is normally only allowed access from inside the network (which you would be if you connected to their WAP), and a large number of them are guarding a dedicated server (like an actual web server machine on the internal network). Some are not configured correctly to respond as vaguely as possible in the case of an error… and, thus, give you information disclosure opportunities to apply to a plan of attack.

There are always possibilities… you just have to stop convincing yourself that something is too difficult.


ghost's Avatar
0 0

Well believe it or not your cookies are accessible to others on your LAN. If I get into your wireless network and you log into HBH, Gmail, Yahoo, Bank of America, Ebay whatever I can piggy back on that session and be logged into your account also. As a matter of fact I'm gonna write a thread about how to do this.

Hey, when you write this I would like to read this. Are you pretty much saying that if I am at computer B and another user is at computer A and they log into a… lets say. Web email client, for example, then I can intercept, or retrieve the cookie and then log in via that login. However that would only be a temporary cookie so I would have to keep the session active or am I far from correct..?


ghost's Avatar
0 0

lolz,

EDIT: actually Im not gonna write an article on how to do this, I dont want a bunch of skids running around "hacking" wifi's and stealing email accounts…


ghost's Avatar
0 0

Well I appreciate it.


ghost's Avatar
0 0

Infam0us wrote: [quote]stdio wrote: [quote]Coder Disaster wrote: No, cookies and sessions are stored on your computer, but while connected they can see who is connected through the router and block you or more, so be carefull. session ids and cookies arent stored on the router but they are definitely stored on your computer. [/quote]

Well believe it or not your cookies are accessible to others on your LAN. If I get into your wireless network and you log into HBH, Gmail, Yahoo, Bank of America, Ebay whatever I can piggy back on that session and be logged into your account also. As a matter of fact I'm gonna write a thread about how to do this.

EDIT: actually Im not gonna write an article on how to do this, I dont want a bunch of skids running around "hacking" wifi's and stealing email accounts…[/quote]

Yeah its very easy to hack to hack computers on LAN's. I believe I said GENERALLY they are not tracked on other computers. They are also not tracked in your router. So Im not sure what point you were trying to prove quoting my post.

Edit: actually amusing story. Someone in my neighborhood did hack into my WAP. I actually knew he when he got on, and set up a mitm attack on him, and gathered his email username and password while he was emailing his friends to say how leet he was before I finally kicked him off and sent him an email and some photos of his account. Made my day.


Infam0us's Avatar
Member
0 0

stdio wrote: [quote]Infam0us wrote: [quote]stdio wrote: [quote]Coder Disaster wrote: No, cookies and sessions are stored on your computer, but while connected they can see who is connected through the router and block you or more, so be carefull. session ids and cookies arent stored on the router but they are definitely stored on your computer. [/quote]

Well believe it or not your cookies are accessible to others on your LAN. If I get into your wireless network and you log into HBH, Gmail, Yahoo, Bank of America, Ebay whatever I can piggy back on that session and be logged into your account also. As a matter of fact I'm gonna write a thread about how to do this.

EDIT: actually Im not gonna write an article on how to do this, I dont want a bunch of skids running around "hacking" wifi's and stealing email accounts…[/quote]

Yeah its very easy to hack to hack computers on LAN's. I believe I said GENERALLY they are not tracked on other computers. They are also not tracked in your router. So Im not sure what point you were trying to prove quoting my post.[/quote]

You are completely right. I wasnt quoting it to prove a point to you, I just saw that as a good time to bring up the idea that just because something is client side doesn't mean it isnt passed over the network and therefore public. I shouldnt have said "believe it or not", that sounded kinda jerk offish. Sorry didnt mean to try and prove you wrong or anything, just wanted to add my 2 cents :happy:


ghost's Avatar
0 0

No worries, just curious/grumpy today. =)


ghost's Avatar
0 0

Oh no, its not that I believe that things can be too difficult. I just know that I do not know about the topics so I ask minor questions to gain a very vague idea about such topics. I have no background of hanking really. All I have been doing is learning the information. Not too much but not too little. Just enough to start. Years to come. I actually need to get learning more on XSS because thats how I plan on getting into a network.


ghost's Avatar
0 0

chronicburst wrote: I actually need to get learning more on XSS because thats how I plan on getting into a network.

Umm… wow, you suck. That makes no sense.

Years to come.

That's obvious. Keep at it.


ghost's Avatar
0 0

chronicburst wrote: I actually need to get learning more on XSS because thats how I plan on getting into a network.

Studying XSS for network hacking? Who the hell gave you that idea?

Is devolution actually taking place in the Homo sapien sapien species?


ghost's Avatar
0 0

Not a network. Theres a web site. And well I guess XSS is become more popular. Around 23% of the time. But then again, the other like 45% is "unknown."


ghost's Avatar
0 0

My favorite statistic:

50% of people have less then average intelligence.