Trick To Get Connection from campus / hack campus (university) connection

[eidelweiss]

I have been on quite a few campus' in some city when i visit, and have (for the most part) figured out how their wireless security works in most cases. They consist of one of the following, or even possibly both, (I will touch that subject later).

A. VPN - This is the most common and the most secure. Generally speaking, the wireless connection itself is open, but revolves around some sort of Cisco Concentrator, or some piece of hardware that governs a VPN to access the gateway. Just as the expression goes, "You can ping, but you can't SSH."

B. MAC Address filtering - One of least common ways of protecting wireless signals. Though, this method is beginning to grow, thanks to website scripts, etc. The way it works is either two ways; One, when MAC address filtering is enabled, one purpose is to keep students out. This way, it is only used for staff on the go, connecting to the open wireless network, and they currently have their MAC address in a database that states that this connection is allowed to connect. TO clarify what a MAC address is, think of it as an IP address, but not necessarily public to the outside. It is a hardware address assigned by your NIC's (network interface card) company/ Such as, my NIC that I am currently using is the onboard Nvidia NIC controller, and the address given here: 00-18-F3-97-2B-FE corresponds to this particular company. Think of it as digitally signing software, except in this case, it is hardware. It is a simple way of identifying your product. To obtain this information in Windows, you would type: ipconfig /all. In Linux, (or the newer versions of Mac) you would type: iwconfig. A MAC address may be used for other things, such as filtering, etc. but I will discuss this a bit later.

C. WEP/WPA-PSK - This is much more abundant only in High Schools, (primary schools in general). The reason being that faculty does not wish students to connect and leach bandwidth that is not related to studies. The reason for having this mainly is for using laptops provided by the school to perform in class projects. In this case, the laptops are pre-configured to automatically connect to the secured network. Though, this is the absolute LEAST secure way of doing so, considering the fact that Windows stores the password unencrypted within the registry. Doesn't that make you laugh? So if you are not in secondary school yet, you have it easy.

Now, the methods of attack. We will cover the hardest one first, then work our way down the list. Going through a VPN connection is beginning to fade in the larger more technologically/wirelessly advanced campuses in the U.S.A or some high university around the world also some university or campus in indonesia. The reason behind it is that it is becoming more and more expensive/difficult to properly and securely route traffic in the larger campuses that have students anywhere from around 10,000 to easily 40,000. But in satellite campuses or smaller schools, VPN is the way to go. If your school only uses VPN as a connection, normally the wireless access point alone is open. Hence the "ping can't SSH" comment made earlier. The only method of attack that I am familiar with in regards to gaining access to a VPN login is the following.

Boot up your Linux distribution in either VMWare, or however. I prefer Backtrack over anything else, great distribution with many tools and very many drivers pre-supported. In my case, I use the D-Link Wireless USB Adapter model: DWL-G122 with the firmware version B1. The programs that are used within this distribution are asleap and ettercap. Keep in mind though, that this is only for PPTP VPN (which is the most common used on campuses).

1. Connect to your wireless network that is indeed an open station.
2. Execute ettercap.
3. Create a new "Sniff" from the easy point and click menu, and then specify the interface you wish to use. In my case, it is rausb0, since I am doing this wirelessly.
4. Select "Hosts" and then "Scan for hosts"
5. A host list will eventually appear, and then you select your first target IP/MAC address, and thereafter select yet another host, prefferable scroll down the list a bit, then double click it.
6. Next, verify that the targets have been added by selecting "Targets > Current targets."
7. From there, click Mitm in the menu, then choose ARP Poisoning. You will see a box appear, and check the box that says "Sniff remote connections."
8. Now, highlight the first MAC address of host 1 (group 1) and click Mitm > ICMP redirect. In the dialog box, paste the MAC address that you have just copied from group 1, paste it, as well as the IP address tied to it.
9. Now, click Start sniffing.
10. Open up a konsole to root, and cd Desktop/, (or wherever your word list is located, for me, it is Desktop).
11. We will be using "genkeys" to generate the hashed values and an index files for the same from a provided dictionary file entitled "english.txt" for this particular scenario. You can always use your own word lists.
12. Type: genkeys -r english.txt -f english.dat -n english.idx (Remember to be consistent with your file names, it will be useful later on).
13. Now that that has completed successfully, we now need to setup 'asleap' in live mode. The command is as follows: asleap -i rausb0 -f english.dat -n english.idx -v (What this is doing is the following; -i specifies what device you are using, which in our case is rausb0, and then you specify our newly converted word lists made earlier to be eventually targeted to our unsuspecting VPN user.
14. At this moment, we now have to wait for some poor unsuspecting VPN user to connect to the same wireless network we are on. Considering the fact that internet activity occurs quite often (sessions and all) this will not take very long on an active campus.
15. Once a session is started, a bunch of HexEdit-esque looking preview will appear, as well as the line stating: 'Captured PPTP exchange information:" as well as the username and password!
16. Bingo, there we have it. The time that it takes to decrypt each password varies from situation to situation, but for the most part isn't very long.

Remember this is for educational only , i will not responsible for any damage couse of it

NB: for all tools that u need to do this attack or hacking method , u can find it by googling your self

TO BE CONTINUE...

[chaer.newbie]

A. VPN - This is the most common and the most secure. Generally speaking, the wireless connection itself is open, but revolves around some sort of Cisco Concentrator, or some piece of hardware that governs a VPN to access the gateway. Just as the expression goes, "You can ping, but you can't SSH."

recomended ,to access local server from public connection

[eidelweiss]

(05-31-2011 11:02 PM)chaer.newbie Wrote:  A. VPN - This is the most common and the most secure. Generally speaking, the wireless connection itself is open, but revolves around some sort of Cisco Concentrator, or some piece of hardware that governs a VPN to access the gateway. Just as the expression goes, "You can ping, but you can't SSH."

recomended ,to access local server from public connection

yeah like the one when u get trouble to configure your server and u need to do jumping LOL..

[chaer.newbie]

jumping from router to server..

hacker skill unrelased and 0day technique..lol

[eidelweiss]

(05-31-2011 11:06 PM)chaer.newbie Wrote:  jumping from router to server..

hacker skill unrelased and 0day technique..lol

i do agree with 0day tehnique but hacker skill unrelased i do not agree because hm.. you are not the first or the only one do it lol

[chaer.newbie]

jump server from router and defaced the router..

0day tehnique

[eidelweiss]

(05-31-2011 11:24 PM)chaer.newbie Wrote:  jump server from router and defaced the router..

0day tehnique

LOOOOOOOOL

this is my home work from you (deface the router) , till this seconds the person wont tell me how

[Meonkzt]

just change the index from scp... wkwkwkkwk

[selfdefense]

(05-31-2011 11:29 PM)eidelweiss Wrote:  

(05-31-2011 11:24 PM)chaer.newbie Wrote:  jump server from router and defaced the router..

0day tehnique

LOOOOOOOOL

this is my home work from you (deface the router) , till this seconds the person wont tell me how

(05-31-2011 11:42 PM)Meonkzt Wrote:  just change the index from scp... wkwkwkkwk

maybe become a new trend of deface.... router deface....

[scifix]

wow this is great...thank you sir.