You know what’s almost adorable? Wanna be “l33t hax0rz.” These are the kids who have either just downloaded Cain and Able and think they’re hot shit or somebody who just found out what Wireshark is. Usually you can identify these punks by talking to them for five seconds… they’re the ones that will tell you how they can “hax0rz ur netwurkz.” Spotting them on IRC is made even easier because they’ll usually ask for your IP address so they can “hax ur azz.” Two things become apparent when talking to these people; they don’t know what the Hell they’re talking about and they can’t spell. I actually find the former more annoying than the latter to be honest.
Sometimes I find these people amusing enough to post about them. I’m sure you’ve deducted that this is one of those times. Via a good joke thread going around I found this little gem of an article about one of these “hax0rz.”. Although the information in this article is technically correct it’s shrouded in such a thick fog of bullshit I couldn’t help but laugh. The premise here is the author has decided to show how “l33t” he is by sneaking into an apartment building and listening to traffic on an open Wi-Fi network. I’m mostly going to be making fun of his delivery of information here. Shall we begin (yes I’ve been drinking beer and feel like being a total prick, why do you ask?):
Wearing pyjama pants and an ironic t-shirt, I headed towards a large apartment building near where I live. I choose it because a lot of students live there and I could easily blend in. That and I knew there would be lots of targets.
Yes camouflage is required to sneak into an apartment. When doing tactical entries into apartment complexes sometimes it’s just not convenient to wear your tactical entry vest. Usually when I’m on one of these black ops I disguise myself in a button-down shirt, pants, and a good pair of boots. You know what? I blend right the fuck in with everybody else who wears regular looking clothes. I’m such a bad ass.
I used to be a door to door salesman, so I know a few unique ways to get into a building, but I didn’t need them. As I walked up to the door, someone else was leaving. They held the door open for me and I was in. As soon as I entered, I noticed a video camera. What I planned to do would look weird on camera and I didn’t want security on my butt, so I was more careful from there onwards.
Wait… this guy used to be a door to door salesman and thus knows tricks to get into buildings? Personally I know a thing or two about getting into buildings as well. Of course I’m not a complete dumb ass and know the best way to gain entry into a building is to just wait for somebody to let you in. You’ll not Al Capone here used that “trick.” It’s pretty damned difficult to stand outside and act like you forgot your key.
How about that camera? I know being on a laptop sure looks suspicious this day and age. Every time I’m on my laptop in a public area I get hassled by all sorts of security personnel. Wait… scratch that, I never get hassled by security because nobody sees somebody on a laptop as weird this day an age. Well I take that back, they do if you act suspicious by trying to avoid cameras. That’s why the best trick when entering a building is to walk in like you own the place. Don’t give anybody watching any cameras a reason to be suspicious such as keeping your head low when you see a camera:
When I finally made it to my floor a camera greeted me. I ducked my head low and walked over to the staircase. If security was watching me, I didn’t want them knowing where I was.
After dropping down a few floors and switching to the other staircase I decided to do my dirty work on the 18th floor. The building was huge and it would take hours for them to search the entire thing. I opened up my laptop and lo and behold, there were eight insecure networks. I picked one at random and hit the mother-load.
Remember kids if you’re going to be an elite “hax0rz” you need to avoid cameras but then post exactly where you were in the building online. That way nobody can find out that the weird guy who entered or left floor 18 is the guy who wasn’t supposed to be there. Of course being an apartment I don’t think anybody gives two shits.
The program you see those IP’s in is called Ettercap. It’s no longer in development and I don’t want to go over everything it does, lets just say it makes it so I can steal usernames and passwords among other things. All I had to do was install the program and run it.
Ettercap is so elite and secret that “hax0rz” can’t talk about it.
I then opened a program called WireShark (you can see it in the second screenshot). Using this program I can easily see the websites these four people were browsing. As you can see this person is browsing IMDb. And in the next screenshot the person is… err…
OH MY GOD! WIRESHARK! IT’S SO FUCKING L33T! In fact it’s so fucking “l33t” that I use it almost every day at work. Wireshark is a packet analyzer. What the fuck is a packet analyzer you ask? Nothing fancy. It captures traffic going across a network and saves it for analysis. Wireshark has a million and one uses (for instance I use it to debug network applications I’m developing). Basically you can view all unencrypted data that goes across a network meaning if somebody on your network is using HTTPS you’re shit out of luck.
So I’m sure you’re asking why I wasted my time ridiculing this kid. The answer is simple… I’ve been drinking which means I’m a bigger asshole at the moment than usual (hard to believe isn’t it?). Additionally “hax0r” kiddies irritate me. They prey on peoples’ ignorance of computers to make themselves look more intelligent.
What the kid said in this article is technically correct. If can turn on my laptop, sniff an open wireless access point, and obtain any unencrypted traffic going across said network. I just don’t try to make myself look like a bad ass doing it. I also don’t do it on networks that I don’t own or have permission from the owner. The proper way to demonstrate this fact would have been to setup a private open network, generate traffic on it, and demonstrate the fact you can obtain the traffic from it via another computer by simply listening.
I always find it funny how the script kiddies (a person who doesn’t actually know about security flaws but instead utilizes automated tools and pretends they’re a bad ass) are the most boastful punks. Most people with actual knowledge of security issue will explain it to you in such a way that it doesn’t make it seem like they’re trying to be an elite bad ass operator. I’m sure this kid thought he was hot shit once he realized that you can actually see peoples’ network traffic via a packet analyzer.
Honestly I’d be embarrassed if I posted some drivel such as that article on my web site. Hell I’m almost embarrassed just linking to it. Let me redeem myself by recommending the awesome beer that inspired this post.
I guess that’s all I have to say about this “l33t hax0rz.” Just remember kids, always herp before you derp.