TechTalkz.com Logo Ask the Experts!

Go Back   TechTalkz.com Technology & Computer Troubleshooting Forums > Tech World > Computer Security

Can't remember your WiFi password?

Computer Security

 
Reply
Thread Tools Display Modes
Unread 22-06-2010, 03:43 AM   #1
Advanced Member (250+)
Thread Starter
 
Join Date: Jun 2010
Location: United States
Posts: 252
Thanks: 6
Thanked 29 Times in 21 Posts
Rep Power: 85 Zenexer is on a distinguished road


Windows XP Windows Server 2003 / Windows Server 2008 Windows 7 Linux


Post Can't remember your WiFi password?

IMPORTANT NOTICE

Remember, there are two types of hackers: white hat and black hat. The difference is in the motive. Do not go around hacking wireless networks because you can. I purposely designed this method so that it will stand out in any logs. Any decent AP will have an exact copy of your MAC address, meaning that your activities can easily be traced. Hacking a wireless network without permission is classified as illegal wire-tapping. I cannot stress enough that these methods, while relatively easy, purposely transmit a unique ID that traces back to your computer. If you hack illegally, you will get caught, and you will go to jail. I have personally witnessed this happening to people. Reflect on your intentions and reasons for accessing a wireless network before you press that Enter key, because once you start, there is no going back.

INTRODUCTION

If you are as addicted to your laptop as I am, you probably carry it around everywhere. Chances are also good that you have also visited friends and family who, to your great inconvenience, have absolutely no idea what their WiFi password is. Of course, you cannot be without your Internet access--that would be obsurd--so you and your friend go hunting through bills, files, and anything else that could possibly contain that pesky password.

With an increasing number of ISPs offering free installation of wireless access points, more and more people are hosting wireless networks without the slightest idea how they work--and, like a typical person, do not really care. I could go on and on about why this is a problem, but that is a topic for another post. For now, let us focus on what is most important: you being able to check your e-mail every five minutes.

<Tip: ISP is short for Internet Service Provider--that company you pay each month for your Internet access.>

THE SCENARIO

So, let us set the scene: you are visiting your distant relatives for a cookout, and you get the sudden urge to see the xkcd comic of the day. You see a nearby wireless network named "EX101," but it's encrypted. You ask around for the key, but nobody seems to know it. And naturally, nobody wants to spend their time searching for that info card with the hasty scribbles of a Verizon techie.

<Tip: xkcd is a popular comic amongst computer enthusiasts, and is published via a website, rather than in print (also known as a "webcomic"). Verizon is a popular ISP is the U.S., and often installs wireless routers with a default name consisting of five random letters and numbers.>

Your fingers begin to tremble from eWithdrawal. Whatever will you do without Internet access? Suddenly, you remember that you brought along your trusty flash drive with a copy of BackTrack. In a matter of minutes, you boot into BackTrack, decrypt the wireless passkey, and boot back into Windows, just in time to place a final bid on that piece of junk you want on ebay.

THE SETUP: A MESSY NIGHTMARE

Sounds cool, doesn't it? It's exactly like the movies, where the local nerd hiding in his dark cellar tinkers around with all sorts of wires and cool blue lights, hacking whatever he wants. Luckily for you, all the "nerds" got together and published their tricks, just for people like you.

So, here's what you'll need:
  • A blank USB flash drive--anything bigger than 2 GB will do. Any files on it will be erased.
  • A laptop designed to run Windows
  • A WiFi adapter compatible with the aircrack-ng suite (you can find a list of supported hardware here)
  • A moderate understanding of computers
  • Preferably a little experience with Linux

<Tip: Not sure if you meet all the requirements? Give it a shot anyway; who knows, it may work. The best way to learn is to make mistakes--and lots of them. The two unavoidable requirements are the flash drive and a non-Mac computer with a WiFi adapter. If you can't figure out whether your WiFi adapter is compatible, give it a shot; it'll either work or it won't.>

In addition, you will need to download a few files:
The files are all free to use, and with the exception of MagicDisc, free to modify and distribute.

While all that is downloading, format your flash drive as FAT32. If you are unsure how to do this, you may want to think twice before continuing, as things are about to get a lot trickier. If you want to give it a shot anyway, go to My Computer (Computer in Vista/7), right-click on your flash drive, and choose Format. Leave the default options, but be sure to select FAT32 as the file system.

Once everything is downloaded (that part could take a while), insert your flash drive, then run UNetbootin. We manually downloaded our BackTrack ISO, just in case something goes wrong the first time; we don't want to download that 2 GB file all over again. As such, switch from "Distribution" to "Diskimage." Make sure ISO is selected from the dropdown, then click the elipsis button and select the BackTrack ISO that you just downloaded. You can ignore the Kernel, Initrd, and Options fields--we won't be customizing them. Make sure you select your flash drive from the dropdown at the very bottom. If you choose the wrong letter, you could end up erasing an entire drive. If your flash drive letter does not appear in the list, you may have forgotten to insert it before starting UNetbootin, or it may not be done formatting (see the above paragraph); double-check that your flash drive is inserted and functioning, close UNetbootin, then try the above steps again. If you still have no luck, you probably have faulty flash drive or a problem with Windows; let me know and I will try to help.

Double-check all of your settings in UNetbootin:
  • "Diskimage" is checked
  • "ISO" is selected from the dropdown menu to the right of "Diskimage"
  • To the right of that is the path to the BackTrack ISO file you downloaded, ending with ".iso"
  • "Show All Drives (Use with Care)" is NOT checked
  • "Type" is set to "USB Drive"
  • "Drive" is set to the freshly-formatted USB flash drive

If everything looks good, click OK. UNetbootin should copy the files, then ask you if you would like to reboot. You can either let UNetbootin restart your computer for you, or you can do it yourself; either one works. If you performed the above steps on a computer other than the one you will be using to crack wireless keys, choose not to reboot, safely remove the flash drive, and insert it into the cracking computer.

As your laptop reboots, you need to ensure that it boots from the flash drive, not from the hard drive. This varies from computer to computer, but usually a boot screen or device select screen can be activated by pressing a function key (e.g., F2, F10, etc.) on startup. Again, the exact key varies, but it is usually printed at the bottom of the BIOS screen as your computer first starts to boot. If you are already booting into Windows, you missed it; the opportunity usually only lasts between 1 and 5 seconds, so reboot and try again.

Upon entering the device select menu, you should see an option such as "External Hard Drive," "External Device," or "USB." Select the appropriate option, and choose to boot. Again, the exact process varies from computer to computer, so if you are having trouble, post the options that are presented to you, and I'll see what I can do.

Hang in there, the messy part is almost over. Let the system boot; you should see all sorts of text fly past you, and even be presented with several options. Always press enter to select the default option. This is the moment of truth: either it will boot or it won't. Welcome to Linux. Things either work, or they don't. You may see an error or two pop up on the screen here and there; you can ignore most of them. However, if the entire process stops for an extended period of time on a specific error, chances are good that your computer and Linux are disagreeing on something. Post the error message over in the Linux forums, and be sure to specify that you are using BackTrack. Hopefully, it will be relatively easy to resolve; sometimes, though, Linux just won't run on a computer as it currently stands. Gotta love Linux.

Done. The tricky part is over. You're in BackTrack, and you're running it from a flash drive, so nothing you do should affect your computer. Simply press the power button on your computer to reboot at any time; reboot, remove the flash drive, and you're back in Windows. Should anything really crazy happen, consider that your escape route. Power button, remove flash drive. Back in Windows.

You should see a lot of nonsense on your screen, a dragon-like background image (the BackTrack logo), a welcome notice, and a prompt where you can enter text. If you are missing any of that, do not panic, unless it is the prompt that is missing--then you can panic (in other words, take the "escape route"--see the above paragraph).

The prompt should look something like "root@bt:~# _" with some pretty coloring. Yay, you're there.

WELCOME TO LINUX

In case you haven't already figured it out, you are using Linux now. Linux is (sort of) an operating system, like Mac or Windows. The difference is that it is free. Well, mostly. Many different people, companies, and organizations have developed their own "flavors" of Linux: most are free. Common flavors, or distros, include Ubuntu, Fedora, CentOS, Red Hat, Debian, SUSE, and our current flavor: BackTrack. There are many more, of course, and I am sure many Linux fans out there will condemn me for not mentioning their favorite. The important part is this: you are entering a whole new world. And this world is, well, scary. Do not worry if you have trouble wrapping your head around Linux--it is a complex concept with a complicated history. We just need it for one purpose: getting a WiFi password.

So, where are all the pretty windows and programs? There aren't any. We're going back to the old days, where it was just you, some text, and a keyboard. The tools we are using are command-line based: they don't have windows, just text. There is no mouse, just keyboard shortcuts and special commands.

What follows is a very simplified, non-technical image of your new surroundings. If you are already used to Linux, feel free to skip this section.

You are currently facing a terminal. Think of this like an interactive notepad. You type stuff in, and it spits stuff out. You have access to seven terminals. To switch between them, you have to use special keyboard shortcuts. Ctrl + Alt + F1 brings up the first terminal, Ctrl + Alt + F2 brings up the second terminal, and so on.

So, you're surrounded by seven notepads--really, really smart notepads. A single program can be running in each terminal (notepad) at any given time. So, for example, we could have a program on one terminal cracking a WiFi key, while we're playing a game on another.

Following so far?

Each terminal is running a "shell." For our purposes, a shell is like a secretary. It allows you to browse your files and run various programs. Like Windows, Linux organizes its files into various folders. There are folders for programs, folders for configuration files, and so on.

To send a command to our secretary, simply type the command and press enter. Try it now: type "pwd" (without the quotes), and press enter. You should see something like "/root", and then a new prompt. pwd is a program. You ran the program by typing its name and pressing enter. Easy cheesy, right? The program sent us some output, "/root", and then exited. pwd serves a simple purpose: it let's us know where we currently are in the file system. Right now, you are in a folder named "root". It is a top-level folder: it does not reside in any other folder. That's what the leading slash (/) means. But let's say pwd has told us we were in "/root/example". That means we are in a folder named "example", which is in a folder named "root". And we know that "root" is a top-level folder because it is preceded by a slash and no other text. Thus, folders, or directories, are separated by forward slashes to form a path. This path is like the identity of a file or folder: there can only be one file/folder named "/root/example". Just like on Windows. That leading slash is like "My Computer" on Windows; it brings you to the very base of your computer. If you had an office full of file cabinets, and then filled those with folders and files, "/" would represent the entire office.

Programs are files. They are special types of files, designed so that your computer can understand them and perform various functions. When you type a command at the prompt and press enter, the shell searches for a file with the same name in several directories designated as storing programs. If it finds a match, it runs the program.

Many programs need special information to run. For example, let's say we had a file named document.txt that we wanted to edit, and we had a program named "textedit" that would allow us to do so. We could just type "textedit", but how would it know which file to edit? Thus, we need to pass the filename as an argument. An argument is a bit of information that you pass, or send, to a program when you run it. Passing arguments is simple: they are separated by spaces, and go after the program name. In this scenario, "textedit document.txt" would tell textedit that it should open document.txt for editing.

Many programs accept special arguments that need to be named, rather than listed. These arguments usually start with one or two dashes (-), depending on the argument. These tend to be less commonly used arguments, so they do not need to be specified each time the program runs. Usually, named parameters have a "long version" and a "short version". For example, textedit might designate "--backup" to mean, "Back up this file before editing it, just in case." It may also designate a short argument name, such as "-b", if the argument is a bit more common. Thus, "textedit --backup document.txt" and "textedit -b document.txt" would do the same thing. Be careful: not all long argument names have short aliases, and vice versa. Similarly, the short version letter does not always correspond with the first letter of the long version. And, of course, some programs are weird, and take long argument names with only a single dash prefix--we'll worry about those when we have to deal with them later.

So, now we know that we have programs. We can run them as-is, or we can pass special bits of information to them, in a form called an argument. Arguments can be either named or unnamed. Named arguments usually start with one or two dashes, and precede all unnamed arguments. Some named arguments are "flags": they are either set or they aren't, like our example, "--backup". Others have special data associated with them, which directly follows the argument name.

A well-formed textedit command might look something like this:
Code:
textedit --line 30 -b document.txt
This hypothetical command would open the file document.txt for editing, starting at line 30, and making a backup of the file before editing it.

Again, a tricky concept to master, especially since there are so many exceptions. As we get going and you try these commands out for yourself, you may find it easier to wrap your head around them.

CHEAT SHEET

There are just a few more tricks you should remember while using Linux. There is not a force quit, Ctrl + Alt + Delete, or task manager that is easily accessible. Instead, there are a few universal shortcuts that you should remember.
  • Nearly everthing in Linux is case-sensitive, unlike in Windows. The command "textedit -b" would not be the same as "TextEdit -b" or "textedit -B".
  • The power button is your panic button. It will instruct Linux to shut down gracefully.
  • If pressing the power button once does not work, hold it for about five seconds, and your computer will instantaneously turn off. (Try to avoid this whenever possible.)
  • To instruct a single program to quit, press Ctrl + C. That's your kill command. Remember it--you will use it frequently.
  • Several Ctrl + Key combinations have effects that can be confusing and difficult to recover from without more experience in Linux. Be very careful to avoid accidentally pressing combinations such as Ctrl + S. The only exception to this is Ctrl + C, also known as the "break" combination.
  • Ctrl + Alt + F1 switches to terminal 1, Ctrl + Alt + F2 switches to terminal 2, and so on, all they way up to terminal 7.
  • Some programs deliberately block the use of Ctrl + C. This is usually for a good reason. Don't worry about these programs--they usually offer an alternative method of quitting, or will quit if you press Ctrl + C twice.
  • You can scroll up and down by pressing Shift + PgUp and Shift + PgDn, respectively. This is meant to be used exclusively in the shell; programs with independantly scrollable regions usually offer alternative methods of scrolling.
  • At the shell prompt, you can use the up and down arrows to iterate through your recent commands. This comes in particularly handy when you make an error in your first attempt at a complicated command, and don't want to start from scratch.

That's your cheat sheet. Don't forget it! This guide will assume you know the above facts from here on out. Don't worry: any exceptions to the "rules" will be noted, such as programs that do not exit on Ctrl + C.

THE HACK

Congratulations. The hardest parts are behind you. If this is your first time performing a task like this, welcome to the "enlightened" side of computing. You are no longer just a computer user, but a master of an art: you are able to manipulate computers to perform new tasks, rather than relying on others to carry the knowledge. Most importantly, you are able to learn a subject that scares most of the world: that curiosity is what separates true experts from professionals.

Now, onto the fun part: let's get that WiFi password! WiFi, officially titled 802.11, has four primary security levels: WEP, WPA, WPA2, and, of course, none at all. The latter is the easiest to get into: just hit connect, and you're done. Fortunately, many ISPs have started providing encryption by default. Unfortunately for the client, but fortunately for us, most of these ISPs setup the networks with WEP. WEP was the first popular security protocol for 802.11, and is, from my experience, the most common. It is also a broken algorithm. That means a flaw has been discovered that mathematically compromises the security of its encryption. In other words, it's quite easy to decrypt once you know the flaw. WPA is better, but has more recently been broken. Fortunately, the tools to crack WPA via this newfound flaw are non-existent in the public domain, but the tools that we are using will likely be capable of exploiting the flaw within a year or two. WPA2, on the other hand, is impractical to crack; no known flaw exists, so it remains secure. Cracking a WPA2-encrypted network with the most simple configuration requires certain "ideal" circumstances for about 24 hours--you'd probably notice if someone parked their car in your driveway for that long.

This is not an illegal hacking guide, so WPA and WPA2 are of no concern to us. Grandma let the Verizon techie set up the network, so it's probably still using WEP.

Let's get started. First, we need to make sure that BackTrack recognizes your WiFi card. Remember those terminals we were talking about? Let's start in terminal 1. Type iwconfig to launch the wireless configuration program without arguments. iwconfig will output a list of detected network devices, then exit. Use Shift + PgUp and Shift + PgDn to scroll through the list. In the left column, you should see entries such as "lo" and "eth0". These are network interface names; each recognized network device gets assigned a name. Some, such as lo, are virtual: they aren't physical network devices, but virtual interfaces controlled by BackTrack. They have various uses, and we'll be adding our own later. For now, search for an interface named "wlan0". There's a small chance that your WiFi adapter is masquerading under a different name, such as ath0. It will usually be toward the end of the list, should have the number 0 as a suffix (computers count starting at 0), and will not start with "eth". If all you have is "lo" and "eth0", chances are you (a) mistyped the command "iwconfig" as "ifconfig", or (b) need to load a special module for your device. If the latter is the case, head over to the Linux forums and ask for assistance, as kernel management is beyond the scope of this article.

This guide will assume that you have a WiFi device named wlan0. If your device's name differs, you should use its respective name.

Go back to the terminal and type "kismet". Kismet provides a window-like interface. You can navigate to different controls by pressing the Tab key. To select/activate a control, press Space or Enter. Some lists and fields will be scrollable; you can use PgUp, PgDn, and the arrow keys to scroll within them.

You will be presented with a dialog. Chances are good that the first dialog will be a warning, instructing you not to run kismet as root. Skip past this dialog--we don't need to worry about that sort of thing while running BackTrack from a flash drive. You will receive several more dialogs; most of them you can ignore and choose the default option. The only exception is the one that asks you if you would like to add an interface. Choose to add an interface. When prompted for the interface details, the first field should be labeled "Intf". Enter your interface name, wlan0. Leave the other fields blank and select the "Add" button. Kismet will do its magic, and you will see a window with various log entries. Press Tab to select the "Close Console Window" button, then press Enter or Space.

You are now viewing the main kismet window. You should see a list of networks up top, a scrolling graph in the middle, and a log at the bottom. kismet is a complex program with many features, most of which are beyond the scope of this guide. The one feature we are interested in is that network list. Find the network you are looking to access in the list. It should be one of three colors: green, dark orange, or red. If it's green, it has no encryption. If it's orange, it is WPA/2-encrypted, and cracking its key is beyond the scope of this guide. (People who know how to set up WPA/2 networks generally don't forget the password to their network.) If it's red, it's WEP encrypted, and we're golden. Note the exact name of the network and the channel on which it is broadcasting; the channel column should be labelled "Ch." We're done with kismet; while it is a powerful tool, it would take an entire book to exhaustively explain its uses. We are now going to switch to simpler tools, though they are equally as powerful. You can now exit kismet by pressing Ctrl + C.

Type iwconfig again. You should notice a new interface: wlan0mon. That virtual interface was created by kismet, and indicates that your WiFi adapter is in "monitor mode." While in monitor mode, a wireless adapter can intercept all packets--not just those intended for your specific computer. Often, it also allows an adapter to transmit data that would not normally be permitted, a concept known as "packet injection." As we are going to be utilizing both of these hidden features, we require a special monitor mode interface. Thanks to kismet, we have one.

Back to the terminal. This time, you'll need a longer command:
Code:
airodump-ng --channel 1 -w dump --output-format ivs --ivs wlan0
Note that you should change the number after the --channel argument name to the appropriate channel of the network you wish to access. You should have it recorded from before, when we had kismet running.

Upon running the command, you should see a screen similar to kismet, but much simpler. This program is going to run in the background, collecting the data we need to crack the password and storing it in a file named dump.ivs. These bits of data, known as IV packets (or simply IVs), are particularly useful for deciphering WEP keys.

Let's leave airodump-ng to its job and switch to terminal 2. This is where the cracking tool is going to run. Type "aircrack-ng dump.ivs" to open our lovely IV packet dump for cracking. aircrack-ng will list the networks with IVs in the file and prompt you to select one. If the network does not appear, airodump-ng probably has not intercepted any IVs yet. Exit aircrack-ng by pressing Ctrl + C and try again in a few seconds. Once you select the network and press Enter, aircrack-ng will take a shot at cracking the key. It will fail--this is normal. We don't have nearly enough IVs yet. It will continue cracking once more IVs are logged. This could take a while if we just let it sit, so we're going to switch to terminal 3 and use aireplay-ng to speed up the process.

aireplay-ng takes the packets intercepted from the wireless network and carefully retransmits packets of certain types. This more or less confuses the wireless access point, which complains a bit and spews out more IVs--thousands of them. Just what we need.

First, we need to tell the wireless access point (AP) that we are going to be transmitting data. To do this, type "aireplay-ng -e EX101 -1 0 wlan0mon", replacing EX101 with the network name, and press enter. If aireplay-ng is successful, it will give you a nice smiley face. If it is unsuccessful, and you are sure you typed the network name correctly, your device probably does not support packet injection, so you will have to wait for the IVs to arrive on their own. If a nearby computer is already connected to the WiFi network, have someone use it to browse the web. This will generate more wireless traffic, which means more IVs for you to intercept.

If aireplay-ng was able to authenticate, you can now go ahead and type "aireplay-ng -e EX101 -3 wlan0mon"--don't forget to replace EX101 with the name of the network. Sit back and watch the magic: aireplay-ng will look for data in the form of an ARP packet, log it, then retransmit it. You might need to wait a bit before it detects an ARP packet; this is perfectly normal. Once it detects an ARP packet, it will repeatedly update you with the number of packets it has transmitted; once this number starts rising from zero, you can be sure that IVs will soon follow.

Switch back to terminal 2, where aircrack-ng is running. Watch as it continues its attempts; each time it fails, it will wait for 5,000 new IVs. Usually, 15,000 IVs does the trick, but it can take quite a bit more or quite a bit less. Either way, if aireplay-ng is working, it shouldn't be more than a minute between attempts, if even. (If it takes longer, be sure that you are relatively close to the AP.)

Then, suddenly, aircrack-ng will finish. It's sudden, exciting, and... confusing. The key it gives you doesn't look like a normal key. It is a series of hexadecimal digits (0-9, A-F), with each pair separated by a colon--something like "A0:C9:1C:82:E5". All WEP keys are actually like this. When you enter a passkey into your computer, it translates the text to a sequence of bytes. These bytes are represented by hexadecimal pairs, like what you see. If you enter that text, minus the colons, as the WEP password, your computer will recognize that it does not need to be translated from text. Write the key down.

Time to reboot. The command for rebooting in BackTrack is very simple: reboot. Exit whatever is open by pressing Ctrl + C, then type the command. When prompted to do so, remove the flash drive and press Enter. After the computer restarts, you will be back in Windows. Find the network in the list, connect to it, and enter the key you cracked as the password, minus the colons. Example: "A0C91C82E5"

CONCLUSION

Well, that wasn't all as bad as it seemed, now, was it? Okay, maybe it was, but it's much easier the second time around--I promise. With a bit of practice, you'll be able to get into any network within 5 minutes, tops. I've found that I can easily make around $50 by offering my services to people who have lost their WEP key, but don't want to reset their router/AP.

Again:
Quote:
Remember, there are two types of hackers: white hat and black hat. The difference is in the motive. Do not go around hacking wireless networks because you can. I purposely designed this method so that it will stand out in any logs. Any decent AP will have an exact copy of your MAC address, meaning that your activities can easily be traced. Hacking a wireless network without permission is classified as illegal wire-tapping. I cannot stress enough that these methods, while relatively easy, purposely transmit a unique ID that traces back to your computer. If you hack illegally, you will get caught, and you will go to jail. I have personally witnessed this happening to people. Reflect on your intentions and reasons for accessing a wireless network before you press that Enter key, because once you start, there is no going back.
This guide, if nothing else, should convince you not to use WEP or WPA. Malicious intruders now have access to utilities that are easier than ever to use. While this particular method is simple to trace, there are ways for a hacker to cover his tracks. Act proactively: secure your network with WPA2, or at least WPA AES-CCM. WPA TKIP has been broken, and is therefore insecure. This includes WPA TKIP+AES. Ultimately, even WPA2 can be hacked: nothing is more secure than a wire. Just keep in mind that everything you transmit over WiFi is visible to everyone around you. You wouldn't shout your credit card number into a crowd, so why shout it over radio waves? Maintaining wireless security is important.

Of course, it's always handy when family members overlook wireless security.
Zenexer is offline   Reply With Quote
The Following 3 Users Say Thank You to Zenexer For This Useful Post:
maxmanrules (07-08-2010), metal03326 (25-06-2010), Strider (22-06-2010)
Unread 22-06-2010, 04:10 AM   #2
Overclocked Poster (2500+)
 
Join Date: Apr 2010
Age: 40
Posts: 2,568
Thanks: 20
Thanked 322 Times in 293 Posts
Mood: Buzzed
Blog Entries: 15
Rep Power: 0 wcogent is extemly Distinguishedwcogent is extemly Distinguishedwcogent is extemly Distinguishedwcogent is extemly Distinguishedwcogent is extemly Distinguishedwcogent is extemly Distinguishedwcogent is extemly Distinguishedwcogent is extemly Distinguishedwcogent is extemly Distinguishedwcogent is extemly Distinguishedwcogent is extemly Distinguished


Windows 7


Re: Can't remember you WiFi password?

Or, since you can't remember the wireless password of YOUR wireless network, you can just reset the router.
wcogent is offline   Reply With Quote
Unread 22-06-2010, 04:47 AM   #3
Advanced Member (250+)
Thread Starter
 
Join Date: Jun 2010
Location: United States
Posts: 252
Thanks: 6
Thanked 29 Times in 21 Posts
Rep Power: 85 Zenexer is on a distinguished road


Windows XP Windows Server 2003 / Windows Server 2008 Windows 7 Linux


Re: Can't remember you WiFi password?

Quote:
Originally Posted by wcogent View Post
Or, since you can't remember the wireless password of YOUR wireless network, you can just reset the router.
True, but if you're like me and never backup your configuration, that's a painful process.

I run into this problem on a monthly basis, at least. I visit someone for a cookout, we all want to check out the new pictures of so-and-so's baby, but darn, they're saved in so-and-so's e-mail. Nobody knows the WiFi password, the household computer is in the basement, and Aunt Crabby is getting antsy. I pull out my handy flash drive, reboot, get the key, tape it to the 'fridge for the next visitor, and Aunt Crabby is happy as potatoes.

Also, some of those DSL routers/modems/AP all-in-ones store the PPPoE ID and password in the configuration. I know Verizon used to do that with the Westell routers. Reset one of those, and you're doomed.

Edit: Darn, I made a typo in the title. Ignore that. Didn't bother to double-check that for spelling.

Edit #2: And as far as bad intentions go, this would be a pretty stupid way to go about "hacking" wireless access points. It'd be like storming Fort Knox with an army of tanks: sure, you'll get in, but you sure as heck aren't going to remain undetected. If the company net admin knows anything about wireless, you'll be in cuffs before you can say boo. Most IDSs designed to work with wireless networks will pick up on it immediately, so even if the admin is clueless about 802.11 security, he'll have the intruder's MAC popping up in every log immediately. I've even seen schools with Cisco hardware that can triangulate the location of the intruder and send it straight to the police.

Last edited by Zenexer; 22-06-2010 at 04:57 AM..
Zenexer is offline   Reply With Quote
Unread 22-06-2010, 07:25 AM   #4
Webmaster
 
Strider's Avatar
 
Join Date: Nov 2005
Location: Interwebs
Posts: 4,997
Thanks: 624
Thanked 726 Times in 610 Posts
Mood: Cynical
Blog Entries: 6
Rep Power: 9011 Strider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly EminentStrider is extemly Eminent

Intel Nvidia

Windows XP Windows Server 2003 / Windows Server 2008 Windows 7 Windows 8 Linux


Re: Can't remember your WiFi password?

@Zenexer: Thanks for the extensive guide mate. I'll check this out on my Netgear router.
Strider is offline   Reply With Quote
Unread 22-06-2010, 08:05 AM   #5
Advanced Member (250+)
Thread Starter
 
Join Date: Jun 2010
Location: United States
Posts: 252
Thanks: 6
Thanked 29 Times in 21 Posts
Rep Power: 85 Zenexer is on a distinguished road


Windows XP Windows Server 2003 / Windows Server 2008 Windows 7 Linux


Re: Can't remember your WiFi password?

Glad you like it. Let me know if I missed anything, or need to clarify a certain step. I tried to make the process as interesting and simple as possible, but in reality, it is a nasty and error-prone procedure--not to mention that I didn't finish the guide until well past midnight. I like to think of it as open heart surgery for geeks. Fortunately, it does have a certain excitement attached to it; at least it's more engaging than configuring Active Directory.
Zenexer is offline   Reply With Quote
Unread 25-06-2010, 07:06 PM   #6
Advanced Member (250+)
 
metal03326's Avatar
 
Join Date: May 2010
Location: Sofia
Age: 25
Posts: 300
Thanks: 8
Thanked 42 Times in 38 Posts
Rep Power: 128 metal03326 will become famous soon enough


Windows 98 / Windows ME Windows NT / Windows 2000 Windows XP Windows Vista Windows 7


Re: Can't remember your WiFi password?

That's a very good post! Thank you. Personally I've set up the security of my router without any encryption. I use MAC filtering, number of allowed PC's is limited, reduced transmit power (you can connect to the network only if you are in my house - hack that) and disabled the SSID beacon
metal03326 is offline   Reply With Quote
Unread 26-06-2010, 12:37 AM   #7
Advanced Member (250+)
Thread Starter
 
Join Date: Jun 2010
Location: United States
Posts: 252
Thanks: 6
Thanked 29 Times in 21 Posts
Rep Power: 85 Zenexer is on a distinguished road


Windows XP Windows Server 2003 / Windows Server 2008 Windows 7 Linux


Re: Can't remember your WiFi password?

Did I mention that MAC filtering and preventing SSID broadcasting provide no security?

MACs are transmitted without encryption, so they are simple to intercept and spoof. I left out how to spoof a MAC in this guide on purpose, but it can be done by changing a single argument in some of those commands. Kismet and airodump-ng both list clients associated with a wireless network and their respective MACs.

Like MACs, SSIDs must be broadcast in plaintext by clients periodically. Kismet will automatically intercept these packets and match the SSID with the BSSID (MAC) of the AP.

Limiting the number of PCs is easy to get around: without knowing anything about your network besides the BSSID (not the SSID) and other basic info provided by Kismet that you cannot hide, a hacker can "deauthorize" (disconnect) clients without any trouble.

In addition, reduced power won't stop a hacker with a homemade antenna. It seems that making your own antenna for war driving is the new big thing.

Of course, none of these techniques are necessary for determining a lost WEP key, so they are not included in the guide, nor will I be posting them in a different guide. Knowing that they exist should be sufficient.
Zenexer is offline   Reply With Quote
Unread 26-06-2010, 07:45 AM   #8
Advanced Member (250+)
 
metal03326's Avatar
 
Join Date: May 2010
Location: Sofia
Age: 25
Posts: 300
Thanks: 8
Thanked 42 Times in 38 Posts
Rep Power: 128 metal03326 will become famous soon enough


Windows 98 / Windows ME Windows NT / Windows 2000 Windows XP Windows Vista Windows 7


Re: Can't remember your WiFi password?

Yes I know the techniques I used are not so secure, but I doubt someone will make an antenna just to hack my network, when he has many other opportunities with my neighbors' networks.
metal03326 is offline   Reply With Quote
Unread 26-06-2010, 03:13 PM   #9
Senior Member (500+)
 
Join Date: Nov 2009
Location: Philippines
Age: 33
Posts: 699
Thanks: 49
Thanked 98 Times in 91 Posts
Mood: Stressed
Rep Power: 179 bloodwynd will become famous soon enoughbloodwynd will become famous soon enough


Windows 98 / Windows ME Windows NT / Windows 2000 Windows XP Windows Vista Windows 7


Send a message via Yahoo to bloodwynd Send a message via Skype™ to bloodwynd
Re: Can't remember your WiFi password?

Quote:
Originally Posted by metal03326 View Post
Yes I know the techniques I used are not so secure, but I doubt someone will make an antenna just to hack my network, when he has many other opportunities with my neighbors' networks.
That's a sound opinion, but I doubt it. If there is a hacker within the neighborhood, he'd be interested in hacking each and every wireless connection within his area, secured or unsecured. (Heck, if I am one then I'd be doing it.)

This is fairly from my own point of view, but if I am a hacker, then I'd exploit each and every connection that I can since I never know what I might uncover that's useful!
bloodwynd is offline   Reply With Quote
Unread 26-06-2010, 06:13 PM   #10
Advanced Member (250+)
Thread Starter
 
Join Date: Jun 2010
Location: United States
Posts: 252
Thanks: 6
Thanked 29 Times in 21 Posts
Rep Power: 85 Zenexer is on a distinguished road


Windows XP Windows Server 2003 / Windows Server 2008 Windows 7 Linux


Re: Can't remember your WiFi password?

Quote:
Originally Posted by bloodwynd View Post
That's a sound opinion, but I doubt it. If there is a hacker within the neighborhood, he'd be interested in hacking each and every wireless connection within his area, secured or unsecured. (Heck, if I am one then I'd be doing it.)

This is fairly from my own point of view, but if I am a hacker, then I'd exploit each and every connection that I can since I never know what I might uncover that's useful!
I'm on your side with this: that is a very insecure setup, and it leaves a lot to chance. However, I do agree that the chances of it being hacked are unlikely. It probably won't happen. But, to quote a recent TV commercial, "sometimes 'probably' just doesn't cut it."
Zenexer is offline   Reply With Quote
Reply

Thread Tools
Display Modes


Similar Threads
Thread Thread Starter Forum Replies Last Post
Remember password..........................???? Drew Leyda Windows Vista - Performance / Maintenance 8 23-05-2008 09:17 AM
Remember My Password Function Beth Windows XP 3 17-04-2008 10:12 AM
IE7 Won't Remember Password beerdini Internet Explorer 2 09-02-2008 11:02 AM
Password Protected Folder - I do not remember the password and ... Georgew6 Windows XP 0 28-11-2007 08:57 AM
IE7 Won't Remember Password Shane Internet Explorer 3 02-11-2007 04:00 AM


< Home - Windows Help - MS Office Help - Hardware Support >


New To Site? Need Help?

All times are GMT. The time now is 04:16 AM.


vBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright © 2005-2013, TechTalkz.com. All Rights Reserved - Privacy Policy
Valid XHTML 1.0 Transitional