Is it possible to social engineer a wifi screen name?
#1
I'm asking this because let's say an organization uses a portal or wifi screen name required along with a password to use the wifi. How would you go about getting different screen names from people. The password is obvious but it not be cracked once one obtains the less obvious screen name?
Reply
#2
Are you talking about a login screen?
We had a similar discussion a year ago, it all depends on how everything is set up:
Check the thread here, there are some cool methods in the thread.
https://greysec.net/showthread.php?tid=1749
Reply
#3
Do you understand what social engineering is?

Pretty much any information can be social engineered. But it depends on your skills, and the other person's awareness/suspiciousness/etc.
Reply
#4
Let's say everyone at the organization has a user id and password. For example, at my school they track everyone by requiring a user id and password to log into wifi. How do I social engineer a username and password? I did it using a jailbroken app that records login info for wifi a long time ago via asking the person to log in so I could test the connection without realizing the app was recording in the background.

Now I've changed my mind. I want to social engineer both the user id and password of someone to gain access to their school wifi account which is also their portal account. I want it to prevent the school from tracking me while I use their wifi.
Reply
#5
(03-01-2018, 12:16 AM)fogbright Wrote: Let's say everyone at the organization has a user id and password. For example, at my school they track everyone by requiring a user id and password to log into wifi. How do I social engineer a username and password? I did it using a jailbroken app that records login info for wifi a long time ago via asking the person to log in so I could test the connection without realizing the app was recording in the background.

Now I've changed my mind. I want to social engineer both the user id and password of someone to gain access to their school wifi account which is also their portal account. I want it to prevent the school from tracking me while I use their wifi.

I don't have any experience with this. But some ideas could be:

Evil-twin attack.

Create a counterfeit version of the access-point you want to target. In other words, same SSID/Network name etc. There's tools for this. Assuming that the network is open, you need to create a phising page and redirect all users to it initially before accessing the internet. Like a network-gateway which many of these networks, I assume your school uses the same type of deal? When you log in, you are redirected to a web-page where you enter your school-ID/Username and password, after which you will gain access.

The idea here is the same. Make your own fake wifi that pretends to be the real wifi. Make a replica of the school gateway to phish passwords. Pretty sure you can redirect users to this page via DNS spoofing or something, I'm not a networks pro. I'm sure there are other ways, maybe look into it?

More info:
https://null-byte.wonderhowto.com/how-to...a-0147919/
https://www.hackingloops.com/dns-spoofing/
https://github.com/wifiphisher/wifiphisher

Dig around! I'm not sure how it's possible, but a cool idea would be to simultaneously take down the real wifi to make your own more legitimate.

Be careful though. This is your own school we're talking about. Do you really want to risk yourself getting into trouble? Possibly even suspended?

If you don't want to be tracked in the wifi, consider using tor together with tor obfuscated bridges. Tor bridges is that they use behind the china great firewall and Iran. Or maybe use an SSL vpn on port 80 or something? You can always bypass firewalls if you just take effort and expirement, what works and what does not?
https://www.torproject.org/docs/bridges
Reply
#6
I'm thinking a cantenna would be a good idea then as I could log into Starbucks or a neighbors wifi from my dorm?
Reply
#7
(03-01-2018, 05:56 PM)fogbright Wrote: I'm thinking a cantenna would be a good idea then as I could log into Starbucks or a neighbors wifi from my dorm?

I don't know where you live or how far away Starbucks is. The only way you can find out is by trying. If you want a super-long distance antenna I would recommend Yagi antenna or GSM bridge.
Reply
#8
(03-01-2018, 10:11 PM)Insider Wrote:
(03-01-2018, 05:56 PM)fogbright Wrote: I'm thinking a cantenna would be a good idea then as I could log into Starbucks or a neighbors wifi from my dorm?

I don't know where you live or how far away Starbucks is. The only way you can find out is by trying. If you want a super-long distance antenna I would recommend Yagi antenna or GSM bridge.

I am thinking of building my own cantenna. Have planned for a while on it. Maybe a parabolic antenna too. I may also buy a cantenna eventually if the one I build isn't good enough unless I can find a way to make it better.

The nearest Starbucks is 0.8 miles away.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  is it possible to lie to someone who can read body language AND facial expressions? QMark 4 2,673 11 hours ago
Last Post: QMark
  collegiate social engineering CTF!? QMark 0 1,509 09-06-2020, 02:08 AM
Last Post: QMark
  Practical Examples of Social Engineering Insider 2 2,079 08-15-2020, 11:03 PM
Last Post: Insider
  Which is the best type of public speaking to help with social engineering? QMark 0 1,573 08-06-2020, 08:25 AM
Last Post: QMark