I Made a Wifi Cracking Van

[TannerMcCoolman]

Did you know that you can get the internet wirelessly now? Well, you can, and while it might be amazing, it comes with a certain level of risk, especially if you are using a simple password and happen to run afoul a person with a van full of RTX 4090s. Just how fast can a nefarious van dweller with a bottomless budget gain access to your precious shared network drive? The answer might shock you. Big shout out to Comino for letting us borrow this absolute leaf blower of a server, it's been so much fun to play with.

[PowerPCFan]

24 minutes ago, TannerMcCoolman said:

Did you know that you can get the internet wirelessly now? Well, you can, and while it might be amazing, it comes with a certain level of risk, especially if you are using a simple password and happen to run afoul a person with a van full of RTX 4090s. Just how fast can a nefarious van dweller with a bottomless budget gain access to your precious shared network drive? The answer might shock you. Big shout out to Comino for letting us borrow this absolute leaf blower of a server, it's been so much fun to play with.

Watching this right now, seems interesting so far...  

[Aleph256]

... I'm puzzled at the fact they seemingly had an ammunition box lying aroung just to use it as a challenge key prop.

[Mr.Zixxel]

I always feel sorry for North Americans when I hear "use up your data limit" when it comes to internet connections.

[GodAtum]

I put my printer on my guest network, now my PC can't see it. So that tip was pointless!

[Sunoo]

11 minutes ago, GodAtum said:

I put my printer on my guest network, now my PC can't see it. So that tip was pointless!

I was surprised to see them make that recommendation for exactly that reason. Sure it’s more secure, but unplugging it and throwing it out would be even more secure, and equally usable.

[Davkpl]

46 minutes ago, GodAtum said:

I put my printer on my guest network, now my PC can't see it. So that tip was pointless!

Ask your guests to print for you 

[macking104]

What about a video on router settings. That would help people secure their networks.

maybe just the big names like Asus, netgear, tplink, ubiquiti, etc…

[macking104]

17 minutes ago, Davkpl said:

Ask your guests to print for you 

Search online. Many articles on that topic…

[unijab]

So i guess i should start looking for usb dongles to get wifi6/wpa3, so I can get all my devices better protected.

[Rbakker02]

Does anyone have any good sources/videos, that are good for learning and implementing the sort of better security configs suggested in the video?

[9TechTips]

[SirVH]

I wonder what tools where used, dictionaries and etc.

[ShawnNettle]

7 hours ago, GodAtum said:

I put my printer on my guest network, now my PC can't see it. So that tip was pointless!

use a USB cable like any sane person would. sorry for being a turd but that's how i use my printer

[SansVarnic]

14 hours ago, ShawnNettle said:

use a USB cable like any sane person would. sorry for being a turd but that's how i use my printer

Careful how you refer to others as sane...

Printers on my network are hardline to my network and not shared [passthrough] through my pc. They have a dedicated connection on the network switch, this would be the "sane" move imo, easy access to everyone.

 

*edit. Passthrough or shared printer can give access to your pc to others, not hard to use this to access your files by sharing your printer this way.

Edited March 24 by SansVarnic

[ARandomPerson]

The worst part is that for some printers, even if you perfectly memorized the password, entering it is painfully slow. Don't even get me started on inputting special characters or printers where the WPS button is needed to connect wirelessly. If all consumer printers had at least 10-key numpads, I'd have back at least half of my sanity.

 

 

8 hours ago, GodAtum said:

I put my printer on my guest network, now my PC can't see it.

Even better, your PC connects, and the drivers work. And you still can't print. At this point, Apple could release a printer, and unless they mess it up horribly, they would still be a better option.

[pinkyandthebrain]

having chosen for example first character of each word in a sentence isn't much of a problem once you factor in good practice with atleast 1 uppercase, 1 lowercase, 1 special character and 1 number and a minimum of 8 characters for password. When a hacker wants to hack an account, they don't know how long or short your password is. How is your hacking machine going to know? That is why every good company has a mix and match of these requirements. I feel like your video was blow out of proportion. What are you hacking into a home that contains such info worth breaking into a password that has this criteria? Companies won't allow such info on personal computers. Hacker would be better off hacking a company. 

again, video blown out of proportion. 

[Spindel]

PW lenght trumps complexity.

 

Having a full sentance of some lenght is hard to brute force and still easy to remember. Or even having a shorter sentance repeted 3 times.

 

Even further, if you still worry about dictionary attacks and if you know multiple languages (like most people outside anglosphere do) make a mixed language sentence. 

[9TechTips]

12 hours ago, Rbakker02 said:

Does anyone have any good sources/videos, that are good for learning and implementing the sort of better security configs suggested in the video?

try this channel it has a bunch of free networking stuff 

https://www.youtube.com/@cbtnuggets/playlists
edit: if you want something more modern take a look at NetworkChucks videos

 

Edited March 24 by 9TechTips
networkchuck

[Barrington]

oh dang finally LTT keycaps!!!, been waiting for them for about 9+ years now!

[Tap56]

As somebody who does network infrastructure design and support for large hotels I admit the Wifi/vlan security thing hits close to home. We have vlans for Servers, Workstations, Printers, Phones, Point of sale, Security/Cameras, IOT, Guest, HVAC/utilities, Guest Chromecast streaming, VPN users, Conferences, Staff housing, Spa, certain "special" users, and others.. 

 

Pretty sure I have one site with at least 13 SSID's defined for all the different equipment onsite. Most of which are defined to certain areas. So users usually only see 2 or 3 at a time. (Have to at least attempt to limit beaconing time) 

 

So many firewall rules as well, If a service needs a port forward into the network you better believe that device is considered untrusted and will only accept connections from defined IP addresses.

 

Well back to the PTSD of network security for me..

[dogwitch]

59 minutes ago, Tap56 said:

As somebody who does network infrastructure design and support for large hotels I admit the Wifi/vlan security thing hits close to home. We have vlans for Servers, Workstations, Printers, Phones, Point of sale, Security/Cameras, IOT, Guest, HVAC/utilities, Guest Chromecast streaming, VPN users, Conferences, Staff housing, Spa, certain "special" users, and others.. 

 

Pretty sure I have one site with at least 13 SSID's defined for all the different equipment onsite. Most of which are defined to certain areas. So users usually only see 2 or 3 at a time. (Have to at least attempt to limit beaconing time) 

 

So many firewall rules as well, If a service needs a port forward into the network you better believe that device is considered untrusted and will only accept connections from defined IP addresses.

 

Well back to the PTSD of network security for me..

other the comcast guest network.

everything wifi is run thru my asus ap point. no  guest net work.

and it limited in term of distance of the end of land of where my house is.

 

every ip is log and name of device..

so many other wifi networks around me and got hack years ago... i try to limit wifi devices i use.

also i have cam set up to get faces and plates  if they get into distance of wifi

[OhYou_]

the whole van thing is the dumbest idea I have ever heard.
I have a Nexus 5 that runs lineageos 14 with Kali linux in chroot. This phone is unique because thanks to some custom firmware for the wlan chip, the phone itself can support capturing traffic in monitor mode, and it will even do packet injection.
Meaning I can just pull out my phone, deauth spam your devices, and capture the authentication packets when your devices reconnect.
Next I simply ssh to a server that has a bunch of gpus to do the cracking for the password.
from a phone. a device that fits in my pocket and doesnt look out of place

[GRex2595]

On 3/24/2024 at 3:44 AM, Spindel said:

PW lenght trumps complexity.

 

Having a full sentance of some lenght is hard to brute force and still easy to remember. Or even having a shorter sentance repeted 3 times.

 

Even further, if you still worry about dictionary attacks and if you know multiple languages (like most people outside anglosphere do) make a mixed language sentence. 

Exactly this. I don't know why they tried to suggest that a passphrase wouldn't work against this type of attack. If you have a simple sentence like "I am the last air bender.", you probably won't ever get somebody to successfully crack that. Meanwhile Sj4cksabc!, which I just randomly made up, would probably take a few hours or maybe days.