Help Me !!

How to crack "unprotected" wifi that takes you to a username/password screen

This topic contains 7 replies, has 6 voices, and was last updated by  hystorichabbit 4 years, 4 months ago.

  • Author
    Posts
  • #2173

    shiftguy
    Participant

    The General manager set up a new Wifi for the store, and this one he refuses to give the password to anyone. My Manager even asked him for it, and he did not “feel like” giving out the password.

    It’s Wifi for the store and the customers, not him personally, and he is maliciously refusing anyone access.

    The connection itself has no password, but it takes you to a Username and Password screen when you click on the “more informtaion may be required” popup. Is there any way around this?

  • #2174

    maher
    Participant

    Find out what MAC address he uses(using something like wireshark) spoof your MAC address while he is connected and it’s a less then well thought out proxy server that might be enough.(Mind you this obviously won’t help your customers)

    If that doesn’t work just keep monitoring the packets and if it’s http rather than https you should be able to follow the tcp stream of him entering his credentials. Then share it with everyone who it’s meant to be used for(best to write it lying around on a piece of paper rather than actually telling people) . When he realises that it’s being used by others rinse and repeat until he either learn his lesson or gets smarter. If it really is meant to be shared complain to his one up.

  • #2175

    shiftguy
    Participant

    I’m stuck on the night shift, and he only shows up every so often during the day when I am not here.

    Any other way around it?

    • #2176

      shinney7
      Participant

      I believe what you are referring to is a captive portal. I,’ am looking for more info on this as well.

  • #2177

    maher
    Participant

    You don’t need to be there yourself. Just a device running the program needs to be there and then you can review it later.

    Or even have the device connected to the Internet as well and remote in for shits and giggles.(not that there would be any purpose tbh)

  • #2190

    rooted
    Participant

    Sounds like a RADIUS server your best bet would be to sniff all traffic with a device when you’re not there. Find the MAC address and IP (IP is subject to change) of his device and isolate what traffic you are sniffing. He is bound to re-enter his credentials again. Happy hunting.

  • #2264

    zebred
    Participant

    What is the purpose of a store wifi that nobody is allowed to use? Appeal to the social side of the matter. If your manager is not high up enough to force the GM to let you use it and you can demonstrate a legitimate need for access, ask your manager for help either going over the general manager’s head or set up your own wifi.

    Perhaps the GM is not confident in the security of what he has set up yet, and you can gain his trust by pointing him to resources that help him secure it better. Become his IT go-to guy so you get to be in charge of the thing. This is the part where I remind you that hacking an employers network can get you not only fired but jailed.

  • #2265

    hystorichabbit
    Participant

    Iodine tunnels through DNS to get around these auth measures, but it isn’t terribly fast.

    https://hblok.net/blog/posts/2013/04/24/iodine-ip-over-dns/

You must be logged in to reply to this topic.


Back to Top ↑