View previous topic :: View next topic |
Author |
Message |
cantthinkofanickname Just Arrived
Joined: 04 Nov 2006 Posts: 1
|
Posted: Wed Nov 26, 2008 9:51 am Post subject: Simple home wireless network reveals password |
|
|
I helped someone setup a wireless connection to their router from a laptop and it all works fine. I did tell him that the connection needs securing. Anyway a week later he said a relative visited who had the latest mobile device and with that managed to connect and his PC revealed one of his passwords. This relative "is a bit of a wizkid" I was told.
I can see how any wireless device could connect and use the broadband service but has anyone any idea how any stored passwords may have been revealed? And if possible what to do about it?
|
|
Back to top |
|
|
ryansutton Trusted SF Member
Joined: 25 Aug 2004 Posts: 67 Location: San Francisco, California
|
Posted: Wed Nov 26, 2008 5:35 pm Post subject: |
|
|
There are lots of variables here, but the answer to your question is yes, it is possible. He could have exploited a weakness in your friends system, or he could have been sniffing packets, maybe he simply just logged in to your friends computer by guessing the password!
The bottom line is that your friend should change his passwords, secure his Wifi connection and secure his computer.
|
|
Back to top |
|
|
razta Just Arrived
Joined: 12 Nov 2005 Posts: 2 Location: 127.0.0.1
|
Posted: Sat Nov 29, 2008 7:14 pm Post subject: |
|
|
If the "whizkid" used your friends machine he could have used Cain's 'Wireless Password Decoder' which uses DLL injection.
To download Cain and test it your self:
http://www.oxid.it/
|
|
Back to top |
|
|
scyrus.dury Just Arrived
Joined: 30 Nov 2008 Posts: 0
|
Posted: Fri Feb 13, 2009 6:18 pm Post subject: |
|
|
What was the mobile device?
|
|
Back to top |
|
|
SKAP Just Arrived
Joined: 18 Feb 2009 Posts: 0 Location: IN
|
Posted: Wed Feb 18, 2009 9:57 pm Post subject: |
|
|
Yes, there are password bruteforce tools like cain which can sniff and decode your passwords. If the password is stronger, then obviously the tool will consume lot of time to decode. But if the guest was able to find it in fraction of second, then he might have guessed it from Hint Question or his friends default password or he might have tried his luck
|
|
Back to top |
|
|
Nonapeptide Trusted SF Member
Joined: 10 Nov 2008 Posts: 2 Location: Scottsdale, Arizona
|
Posted: Thu Feb 19, 2009 2:10 am Post subject: Re: Simple home wireless network reveals password |
|
|
cantthinkofanickname wrote: |
I helped someone setup a wireless connection to their router from a laptop and it all works fine. I did tell him that the connection needs securing. Anyway a week later he said a relative visited who had the latest mobile device and with that managed to connect and his PC revealed one of his passwords. This relative "is a bit of a wizkid" I was told. |
A couple of things puzzle me. First, you say that you left the wireless network unsecured but later say that this "whizkid" managed to connect to the wireless network as if that was something special. Was the wireless network later secured by your friend?
The second thing that puzzles me is that you say that "his PC revealed one of his passwords." What was the password to? Was it the wireless security password or was it a password to some other type of account like a POP3 email account?
cantthinkofanickname wrote: |
but has anyone any idea how any stored passwords may have been revealed? And if possible what to do about it? |
We need to know what kind of account the password was to. For example POP3 / SMTP email accounts send their account information in plain text. I used that to my advantage when I forgot one of my email account's credentials and sniffed them off the network when I sent an email (my email client stores my credentials, but obscures the password).
As others have already pointed out, there are many different tools out there that are made to be virtually "point and click" to scoop credentials from a data stream.
|
|
Back to top |
|
|
|