accesing internet hotspot (no WEP/WPA protection)

Data that travels over the air and how to protect (or decipher) it

accesing internet hotspot (no WEP/WPA protection)

Post by syphonA1 on Sun Feb 28, 2010 3:12 pm
([msg=35910]see accesing internet hotspot (no WEP/WPA protection)[/msg])

Hi

i'm having problems finding the username and password of the hotspot at my school...

I can connect to the wireless internet (since it has no wep,wpa protect or what-so-ever), but as soon as i open mozilla firefox, IE, opera, ... i get redirected to a login page.
I tried googling and such, but I can't come up with an answer...
Somewhere i found that it could be a pfSense captive portal, but how can I gain access to this internet?

<style type="text/css">
<!--
.style1 {
font-family: "Times New Roman", Times, serif;
font-size: 18px;
color: #0066FF;
}
.style2 {color: #FFFFFF}
.style4 {
color: #0066FF;
font-size: 44px;
}
.style5 {
color: #0033FF;
font-family: Georgia, "Times New Roman", Times, serif;
font-style: italic;
font-size: 36px;
}
.style9 {color: #99FF33}
.style11 {color: #99FF33; font-size: 44px; }
-->
</style>

<table width="100%" height="100%" bordercolor="#99FF33">
<tr>
<td><span class="style2">DavidR</span>
<table align="center" width="400" border="2" bordercolor="#99FF33">
<tr>
<td>







<form method="post" action="http://10.10.10.1:8000/">
<input name="redirurl" type="hidden" value="www.google.com">

<table width="415" border="0" bordercolor="#0066CC">
<tr>
<th colspan="4" bordercolor="#333333" scope="col"><p align="center" class="style5"><br />
<span class="style4">school</span><span class="style11">School</span></p>
<p align="center"><span class="style1">Hotspot school<span class="style9">Hotspot</span></span><br />
</p></th>
</tr>
<tr>
<th width="70" bordercolor="#333333" scope="col">&nbsp;</th>
<th width="123" bordercolor="#333333" scope="col">&nbsp;</th>
<th width="157" bordercolor="#333333" scope="col">&nbsp;</th>
<th width="47" bordercolor="#333333" scope="col">&nbsp;</th>
</tr>
<tr>
<td bordercolor="#333333">&nbsp;</td>
<td bordercolor="#333333"><div align="right"><strong>username:</strong></div></td>
<td bordercolor="#333333"><input name="auth_user" type="text" /></td>
<td bordercolor="#333333">&nbsp;</td>
</tr>
<tr>
<td bordercolor="#333333">&nbsp;</td>
<td bordercolor="#333333"><div align="right"><strong>paswoord:</strong></div></td>
<td bordercolor="#333333"><input name="auth_pass" type="password" /></td>
<td bordercolor="#333333">&nbsp;</td>
</tr>
<tr>
<td bordercolor="#333333">&nbsp;</td>
<td bordercolor="#333333">&nbsp;</td>
<td bordercolor="#333333"><input name="accept" type="submit" value="Continue" /></td>
<td bordercolor="#333333">&nbsp;</td>
</tr>
</table>
</form></td>
</tr>
</table></td>
</tr>
</table>
syphonA1
New User
New User
 
Posts: 4
Joined: Sun Feb 28, 2010 3:03 pm
Blog: View Blog (0)


Re: accesing internet hotspot (no WEP/WPA protection)

Post by Goatboy on Sun Feb 28, 2010 3:25 pm
([msg=35911]see Re: accesing internet hotspot (no WEP/WPA protection)[/msg])

Well my first suggestion would be to ask the admin if you can use the wireless. You'd be surprised how far a little politeness/ass-kissing will go.

As for that form, there's not a whole lot revealed. You type in a username and a password, and it gets sent to 10.10.10.1 on port 8000 which is likely the "main server" in your school. It checks your input against a database and if it is correct, you get access and are redirected to google. If it's wrong, it probably spits out some error to you and you have to try again.

You could try SQL injection on the username and password fields, but that depends largely on how vulnerable the script is. You could try every possible combination of injection and still not get in.

Depending on your skill level, you could try to attack the server itself to gain access. See what OS it is running, any services, etc. and then look up some vulnerabilities. Again, may or may not work but it's another attack angle.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2785
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: accesing internet hotspot (no WEP/WPA protection)

Post by sanddbox on Sun Feb 28, 2010 3:27 pm
([msg=35912]see Re: accesing internet hotspot (no WEP/WPA protection)[/msg])

I'll boot up my HTML hacking tool and see what I can do.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: accesing internet hotspot (no WEP/WPA protection)

Post by syphonA1 on Sun Feb 28, 2010 3:40 pm
([msg=35913]see Re: accesing internet hotspot (no WEP/WPA protection)[/msg])

too be honest, my hacking knowledge is very limited...
but i'll try to learn more about SQL injecting, thanks :)
syphonA1
New User
New User
 
Posts: 4
Joined: Sun Feb 28, 2010 3:03 pm
Blog: View Blog (0)


Re: accesing internet hotspot (no WEP/WPA protection)

Post by sanddbox on Sun Feb 28, 2010 3:51 pm
([msg=35914]see Re: accesing internet hotspot (no WEP/WPA protection)[/msg])

Alright, I've discovered the IP address belongs to a Visual Basic GUI Server. You should be able to crossinterace the V 1.27 exploit with the server logs and drop a payload (make sure the payload isn't more than 100 megapixels). Tell me how it goes.

If you're unable to root the server with that method, then follow Goatboy's advice and ask the admin.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: accesing internet hotspot (no WEP/WPA protection)

Post by syphonA1 on Sun Feb 28, 2010 3:59 pm
([msg=35915]see Re: accesing internet hotspot (no WEP/WPA protection)[/msg])

sanddbox wrote:Alright, I've discovered the IP address belongs to a Visual Basic GUI Server. You should be able to crossinterace the V 1.27 exploit with the server logs and drop a payload (make sure the payload isn't more than 100 megapixels). Tell me how it goes.

If you're unable to root the server with that method, then follow Goatboy's advice and ask the admin.

that's far above my knowledge :o
do you maybe got some getting started links, is it too complicated to learn?
syphonA1
New User
New User
 
Posts: 4
Joined: Sun Feb 28, 2010 3:03 pm
Blog: View Blog (0)


Re: accesing internet hotspot (no WEP/WPA protection)

Post by Goatboy on Sun Feb 28, 2010 4:06 pm
([msg=35916]see Re: accesing internet hotspot (no WEP/WPA protection)[/msg])

syphonA1 wrote:do you maybe got some getting started links, is it too complicated to learn?

Nothing is too complicated to learn if you put the time and effort into it.

The first thing you should read up on is what SQL actually is. I see you already use Google, which is a big plus around here, so I'll give you this link as a freebie: http://www.w3schools.com/sql/default.asp

w3schools is an AMAZING site for learning all kinds of web languages. I'd suggest you absorb that site like a sponge. Like a knowledge sponge of incredible proportions.

After that, it may be helpful to learn what PHP and ASP are. They both do basically the same thing, so as long as you learn the concept, you'll be fine. I don't expect you to be an expert next week.

Once you understand how those technologies work together, you'll be able to understand SQL Injection.

I hope this helps!

ADD:

syphonA1 wrote:
sanddbox wrote:Alright, I've discovered the IP address belongs to a Visual Basic GUI Server. You should be able to crossinterace the V 1.27 exploit with the server logs and drop a payload (make sure the payload isn't more than 100 megapixels). Tell me how it goes.

If you're unable to root the server with that method, then follow Goatboy's advice and ask the admin.

that's far above my knowledge :o

I do believe he was being heavily sarcastic there. Except for the following my advice part. You can safely ignore that post. Except for the following my advice part >_>
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2785
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: accesing internet hotspot (no WEP/WPA protection)

Post by syphonA1 on Sun Feb 28, 2010 4:16 pm
([msg=35917]see Re: accesing internet hotspot (no WEP/WPA protection)[/msg])

Goatboy wrote:
syphonA1 wrote:
sanddbox wrote:Alright, I've discovered the IP address belongs to a Visual Basic GUI Server. You should be able to crossinterace the V 1.27 exploit with the server logs and drop a payload (make sure the payload isn't more than 100 megapixels). Tell me how it goes.

If you're unable to root the server with that method, then follow Goatboy's advice and ask the admin.

that's far above my knowledge :o

I do believe he was being heavily sarcastic there. Except for the following my advice part. You can safely ignore that post. Except for the following my advice part >_>

I wasn"t being sarcastic, sorry :(
I'll start reading, i guess i'll see you guys in a week or so :p
syphonA1
New User
New User
 
Posts: 4
Joined: Sun Feb 28, 2010 3:03 pm
Blog: View Blog (0)


Re: accesing internet hotspot (no WEP/WPA protection)

Post by Goatboy on Sun Feb 28, 2010 4:43 pm
([msg=35918]see Re: accesing internet hotspot (no WEP/WPA protection)[/msg])

syphonA1 wrote:I wasn"t being sarcastic, sorry :(
I'll start reading, i guess i'll see you guys in a week or so :p

Not you, sanddbox. That whole bit about the exploit (although it was kinda funny) was just a bunch of technical terms meant to scare you. "Visual Basic GUI Server" is a reference to this clip from CSI in which the producers show that it's more important for a TV show to be "flashy" than to be accurate.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2785
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: accesing internet hotspot (no WEP/WPA protection)

Post by sanddbox on Sun Feb 28, 2010 4:46 pm
([msg=35919]see Re: accesing internet hotspot (no WEP/WPA protection)[/msg])

Goatboy wrote:
syphonA1 wrote:I wasn"t being sarcastic, sorry :(
I'll start reading, i guess i'll see you guys in a week or so :p

Not you, sanddbox. That whole bit about the exploit (although it was kinda funny) was just a bunch of technical terms meant to scare you. "Visual Basic GUI Server" is a reference to this clip from CSI in which the producers show that it's more important for a TV show to be "flashy" than to be accurate.


What..just because my server rooting ability dwarfs yours means I'm being sarcastic?

...Okay, maybe I was a little sarcastic...

Seriously, though, your best bet is to just ask :P.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Next

Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests