passwords. password is taco. How long after walking into someone' s house is it acceptable to ask for their IA/ IR password?. As soon as you walk in. ecard
Upload
Login or register
Hide Comments
sonicwind has disabled anonymous comments.
Refresh Comments (43)
asd
User avatar #5 - deadlyfoez
-27 123456789123345869
(03/28/2013) [-]
I don't ask for the encryption code or passphrase, I get it on my own. :D
#9 to #5 - holyturkey
0 123456789123345869
(03/28/2013) [-]
LOL MOM DO NOT WANT I AM ANONYMOUSSEE

HUEHUEHEUHUEHUEHE
#41 to #5 - eccleston
0 123456789123345869
(03/28/2013) [-]
Even if the network  you are going to connect to is password-free, you should at least let the person who owns the WIFI know that you're gonna use their network (unless we're talking about a public WIFI).
Even if the network you are going to connect to is password-free, you should at least let the person who owns the WIFI know that you're gonna use their network (unless we're talking about a public WIFI).
User avatar #42 to #41 - deadlyfoez
+1 123456789123345869
(03/28/2013) [-]
If you bothered to read all the following comments you would see that I have said that everyone knows I'm going to crack before actually doing so.

"The more you know"
User avatar #44 to #42 - eccleston
0 123456789123345869
(03/28/2013) [-]
Oops, my bad. Sorry for not reading trough all the comments.
#15 to #5 - coal **User deleted account**
+1 123456789123345869
has deleted their comment [-]
User avatar #17 to #15 - deadlyfoez
-8 123456789123345869
(03/28/2013) [-]
But I'm glad to see that you think you know me, my background, and my knowledge level. I always love it when asshats assume **** with no basis to go off of.
User avatar #16 to #15 - deadlyfoez
-8 123456789123345869
(03/28/2013) [-]
Nope, I have a 13gb wordlist. Although that has only cracked about half of the AP's out there that did not have WPS enabled, the rest I can usually trick with an AP with the same SSID and setting up a fake verizon or comcast page asking for the passphrase after deauthenticating some users. So far the fake AP trick has only not worked on like 5 businesses or homes. But at that point there are MANY other things that can be done to get into the network via the internet, it's just a matter of how much time do I want to waste on it and is there anything important worth getting inside that network. Being that I just do this in a white hat type of way, I don't find it necessary to go the full length of trying to gain access.
#18 to #16 - anon id: 5578f404
0 123456789123345869
(03/28/2013) [-]
Rainbow tables / dictionary attacks won't work assuming you are visiting your friend with a smartphone. Laptop is plausible, but would raise suspicion to said victim. Fake AP's aswell, because that would either require some social engineering (and depending on the person you'd visit, it would fail) or luck. And time is still a factor, assuming your visit won't last for 5+ hours. But I'm glad you took the bait and actually showed your experience to show people you aren't a complete retard ;)
User avatar #19 to #18 - deadlyfoez
-6 123456789123345869
(03/28/2013) [-]
**** rainbow tables. That fad died a long time ago and it wastes too much space on my machine considering that most people that use one of those top 100 SSID's most likely are not smart enough to do any encryption type better than WEP. I have never seen a 'linksys' SSID that had WPA or WPA2 encryption because people that use that **** just are not educated. I find them as completely useless.

It only takes a few moments to capture a 4-way handshake and then do the dictionary attack back on my desktop computer. Obviously you can't do **** with most phones, although some are now possible. People bring laptops everywhere now, including to McDonalds and waiting rooms for appointments so it is not weird to see someone with a laptop. Most friends houses I go to know that I am pentesting and they allow it, same with most businesses that I visit because I know the owner to some degree and he would like to see how stupid their employees are. I don't do much without some authorization from people because the last thing I need is any criminal charges against me because then my business would be completely thrown out the window since no one would trust me anymore.

Social engineering is no so much of a problem around my area. It's usually the woman who make the dumb mistakes and not notice something is suspicious.

Of course there are MANY more attack vectors than just what I listed, but I don't go out of my way to do anything above and beyond what I listed unless I am being contracted to do pentesting. The things that I do for free and for fun are all things that take less than 5 minutes for me to accomplish my goal, and even a fake AP can be set up in just a couple minutes since I already have everything all preconfigured.
#20 to #19 - coal **User deleted account**
0 123456789123345869
has deleted their comment [-]
User avatar #23 to #20 - deadlyfoez
-2 123456789123345869
(03/28/2013) [-]
Comcast now hands out AP's with WPA2 by default, but also has WPS enabled. So I went and disabled WPS on my neighbors router for him and then went back into my office and for ***** and giggles I decided to give it another crack and I was still able to use reaver on it even though WPS was disabled. So I doubled checked it and it was in fact disabled in the configuration pages, but it was actually still enabled. Most of Comcasts AP's around here are like that, but some are fixed. :facepalm:

Fairpoint (formally Verizon) gives out AP's with WEP as the default encryption type.

Plenty of businesses use Fairpoint around here and never even change the SSID. I have gained many customers by just walking in to the business and telling the person in charge that their network that they are doing their credit card transactions on is insecure.
#32 to #23 - coal **User deleted account**
0 123456789123345869
has deleted their comment [-]
User avatar #10 to #5 - payseht
+38 123456789123345869
(03/28/2013) [-]
u iz mustr hax0r
User avatar #12 to #10 - deadlyfoez
-17 123456789123345869
(03/28/2013) [-]
You're just mad because you don't know how to do it so you have to make yourself feel better the only way you know how which is by belittling the skills that other possess.

Sorry, I went to college for computer science and network security so it is natural for me to know how to do this stuff.

Go suck an AIDS dick.
#27 to #12 - princessthymicorn
+5 123456789123345869
(03/28/2013) [-]
Sorry, forgot you're better than me, my mistake.
User avatar #29 to #27 - deadlyfoez
-8 123456789123345869
(03/28/2013) [-]
Did I ever say I was better than you? I don't ever recall that. So how could you forget it if I never said it to you?
#34 to #29 - coal **User deleted account**
-5 123456789123345869
has deleted their comment [-]
#21 to #12 - davidavidson
+5 123456789123345869
(03/28/2013) [-]
Kill yourself maybe?
User avatar #25 to #21 - deadlyfoez
-11 123456789123345869
(03/28/2013) [-]
I tried that by getting married. I prefer the slow and painful death.
#26 to #25 - davidavidson
+5 123456789123345869
(03/28/2013) [-]
yfw
User avatar #28 to #25 - stijnverheye
-3 123456789123345869
(03/28/2013) [-]
you are married and spend your time on funnyjunk instead of your wife , sounds like a beautiful relationship
User avatar #31 to #28 - deadlyfoez
-5 123456789123345869
(03/28/2013) [-]
You wouldn't want to be on my wife if you knew her. The abuse from FJ is far more enjoyable than putting up with this woman.
User avatar #33 to #31 - stijnverheye
+2 123456789123345869
(03/28/2013) [-]
okay , well then , i hope you enjoy the rest of your awesome life
User avatar #40 to #12 - critality
0 123456789123345869
(03/28/2013) [-]
Dude, stop trying to sound like an elitist prick. ************************ that you have a specialized knowledge of a particular topic.
User avatar #8 - mookiez
+12 123456789123345869
(03/28/2013) [-]
As soon as you walk in.
#22 - adamnow
+2 123456789123345869
(03/28/2013) [-]
>Be me.
>16.
>Half sister I never met before coming to visit for first time.
>So nervous.
>Doorbell rings, nearly puke.
>Mom lets her in.
>She comes into my house.
>Sees me, doesn't realise I'm her brother.
>"Hi, do you know if there's wifi in this house?"
>Tell her yes.
>Give her the code.
>Go to room for the rest of the evening.
>Still an only child.
User avatar #24 to #22 - sonicwind [OP]
+8 123456789123345869
(03/28/2013) [-]
wut
#38 - tinybroadcaster
0 123456789123345869
(03/28/2013) [-]
Can i have your WiFI password please? and that will be 10.99 for pizzas.
User avatar #30 - sparkyoneonetwo
0 123456789123345869
(03/28/2013) [-]
I've never asked that question
User avatar #7 - stafeezy
0 123456789123345869
(03/28/2013) [-]
immediately! ask immediately.. get it out the way
#4 - RageGuyyourmom
-3 123456789123345869
(03/28/2013) [-]
Lol most people are stupid and have either a weak encryption or none at all so I rarely ask.

not that I go to peoples houses anyway.
User avatar #11 to #4 - astraea
0 123456789123345869
(03/28/2013) [-]
how do u hax0rs internet passwords?
User avatar #2 - browner
0 123456789123345869
(03/28/2013) [-]
our wifi does not have range outside the house, so we don't set a password. Free wifi for all guests...
#3 to #2 - fragman
0 123456789123345869
(03/28/2013) [-]
which is idiotic since therefore it's unencrypted and anyone can read the traffic in plain text. also reaching it from outside isn't that hard even if you think the signal doesn't reach beyond the walls. it does. you just need an antenna with higher Rx power to get the packets.
User avatar #1 - losglatzos
0 123456789123345869
(03/27/2013) [-]
5 sec. after u said: I just ruined ur Bathroom. **** got Serious.....