Process Analysis of wireless penetration + social engineering acquisition of Wi-Fi + QQ + vro by neighbors

Process Analysis of wireless penetration + social engineering acquisition of Wi-Fi + QQ + vro by neighbors

It's a useless blind game. Try a new dictionary...

Finally, I got my sister's wi-fi password, sister's QQ number, sister's name, and Router password. I also became a good friend with my neighbor's sister. We made an appointment to have dinner together...

The detailed steps are as follows:
 

First, use airmon-ng start wlan0 to change the wireless network card to the hybrid mode, which can listen to all 802.11 data frames.

Then we use airodump-ng to scan and find that this mercury client is online.


The deAuthentication attack captures the handshake packet. Note: DeAuth is a management frame and is sent by the AP.


Directly run the aircrack-ng package (GPU acceleration, hash table, rainbow table, etc.). It turns out that the nb dictionary is applicable to mainland China and will be available in 28 seconds! Luck explosion


Come up happily !!!


Then habitually sacrifice Ettercap for ARP spoofing, scanning out a client, it seems that the sister may be single! In addition, I want to speed up the network by myself, at least 20 M.


Then we captured packets with wireshark and caught an http group of a QQ space every minute. So we had her QQ and cookie (I tried to get a cookie)


Then she started to engage in a social engineering idea on her router. First, dns Spoofing resolved the domain name to my server.




Then enable iis on the ECS, and change the home page to the following URL (my server is not used for website construction)


DNS Spoofing has been successful (the ip address will not be spoofed because the ip address itself does not need to be resolved through the DNS server)


Wireshark is also capturing packets for a while. wireshark contains a message group that automatically deepens purple.
After it is opened, it is the information of her login to the vro (the girl is still logged on to the vro), but there is no password but a cookie.


Then, I opened my browser to replace the cookie, but I couldn't log on to it.


But fortunately, there is no way to survive. I use burp as an http proxy, then modify the cookie, log on, and modify five or six packages consecutively. The following interface is displayed:


Refresh. Come in!
At this time, we can stop her DNS Spoofing. wireshark indicates that she had not done anything on the vro (because there are not many HTTP requests for SIP = 192.168.1.1)
After backing up her CFG file txt, you can see the vroweb WEB management password and the vropppppoe ISP user name and password.


QQ kaixiao
From the information, we can see that the name of Cui zhenhong's birthday 19931003 wireless password is CZH19931003. It seems she is herself!


The chat record will not be sent... I popularized the evening knowledge for my sister. She decided to ask me for dinner.


1 w words are omitted later...


.
 

 
 
Provide some security suggestions:
1. Complicated password settings
2. Disable the WPS (QSS) Function
3. Set mac address filter
4. Disable SSID broadcast
5. Bind static arp addresses or use the arpfirewall of QQ Computer Manager
6. Check whether the connected users are valid when DNS problems are found.
7. Reject any wifi universal key