At least in Europe, success rate is 10-20%.
If you spend money, and we're talking 1-3€/hour, it reaches 80%-100%.
Public, municipality-sponsored Wi-Fi is usually a joke (slow, non functioning, requiring you to like a certain facebook page or follow a twitter account, etc.)
In Greece I suggest trying the business' phone number, you can find it on discarded receipts on the ground or on tables.
It's always worth it to try and snoop the password hanging by the counter.
Other good combos are companynamewifi, wirelesscompanyname, wireless, internet, internet123.
t. scrooge that never wastes money on mobile internet subscription and survives on leeched public Wi-Fi
During my university years, back when having a mobile Internet (or even a functioning smartphone) was somewhat uncommon, I've managed to set up quite a collection of such Wi-Fi access points :). I'd casually ask people I spent time with for Wi-Fi access when opportunity arised (I didn't have to invent a reason, there eventually always was a good one). Student life being what it is, I was often out and about at weird hours - so it sometimes happened that on the way from one place to another, I would detour to park my bike in front of some colleague's block of flats, and use their Wi-Fi to sync my e-mails and conversations.
The fun part of this to me is all but the WiFi aspect. It has:
- a mesh-based social network
- a cute character
- a builtin game
- adjusts to the environment
It sounds like an awesome social game, even if it doesn't have any purpose, and turning this into a mesh communication network would even give it an aspect of usefulness. I can see two ways this could blow up:
- at big parties, think Burning Man or Chaos Communication Congress, where people get embedded devices (like the CardIO) which encourage meeting others
- everyday, to find connections in unlikely places, with a similar app running on your phone (the Librem5 would be a good starting point)
What does this thing actually achieve? (If nothing, that's fine too. It's cute, impressive, etc.) But if it can't actually get you onto wifi networks, it seems like a weird project to spend so much time on. How often does it snag a useable handshake?
I get that this things purpose is for fun and not so much cracking a lot of networks, but I can't help but wonder how useful it would be to collate the ssid/gps/key data for public consumption. Even reward pwnagotchis for sumbmission
Wifi Chua is a human version of that. It is a public database of wifi passwords that even integrates with iOS such that it will log you directly into the network.
Yes it can find passwords. First it kicks someone off the network by pretending to be the router, then when the person tries to reconnect it sees the handshake information and password.
I've had one of these running since the first week evilsocket put the source out. With $50 in parts from Amazon I was up and running with a battery powered unit within a few hours, that I ended up taking with me on vacation. The new build process is extremely simple though, and I'm excited to see where this project goes.
That's the first time I've seen your website. I didn't read the entire pwnagotchi article yet but it looks great! Keep up the good work, projects like these really motivate me to get into IT
Therefore let's flag any content that mentions it on public forums, so only the bad guys keep doing it completely unchecked as they have been for over a decade, and we continue not doing anything about actually fixing it?
Hey let's ban all youtube content about the use of tools like ettercap while we're at it.
In fact let's just make any research or discussion of security and pentesting illegal and bury our heads in the sand.
From the article:
"ESP based deauthers, to name one, always existed. Don’t yell at us “OMG they’re deauthing all over the city!!!”. Despite this stuff always existing, nobody bothered updating to technologies that work better and are more secure. That is the people you should be yelling at."
I'm not saying you're wrong, or that they're right. However, it seems to me that there has to be a middle ground between draconian signed blobs (which I'm not convinced will solve much for long, either) and the silliness that is the current state of things. Deauths have been used in so many wifi cracking schemes over the years and the fact we still don't seem to care about them (or treat them as harmful interference and blame the device) is getting silly.
Ironically you are trying to censor hacking from hacker news.
If you follow the point logically then surely you feel the same about the entire scope of computer security - "If it can be abused, then it must be flagged and removed", no?
I feel that this is a dangerous attitude that promotes ignorance and forbidden knowledge.
[+] [-] 88840-8855|6 years ago|reply
1) You need a device that can connect to wifi
2) Approach your neighbor/shop owner/coffee owner
3) Ask: "Can I connect to your wifi, please?"
4) It takes about 4-5 seconds to get the password to the ssid
5) Works on WPA2, WPA / TKIP/AES and WEP
6) Success rate: 70-80%
Cheers
[+] [-] tomcooks|6 years ago|reply
Public, municipality-sponsored Wi-Fi is usually a joke (slow, non functioning, requiring you to like a certain facebook page or follow a twitter account, etc.)
In Greece I suggest trying the business' phone number, you can find it on discarded receipts on the ground or on tables.
It's always worth it to try and snoop the password hanging by the counter.
Other good combos are companynamewifi, wirelesscompanyname, wireless, internet, internet123.
t. scrooge that never wastes money on mobile internet subscription and survives on leeched public Wi-Fi
[+] [-] TeMPOraL|6 years ago|reply
[+] [-] bluegreyred|6 years ago|reply
[+] [-] mentos|6 years ago|reply
[+] [-] dmos62|6 years ago|reply
[+] [-] rhn_mk1|6 years ago|reply
- a mesh-based social network - a cute character - a builtin game - adjusts to the environment
It sounds like an awesome social game, even if it doesn't have any purpose, and turning this into a mesh communication network would even give it an aspect of usefulness. I can see two ways this could blow up:
- at big parties, think Burning Man or Chaos Communication Congress, where people get embedded devices (like the CardIO) which encourage meeting others - everyday, to find connections in unlikely places, with a similar app running on your phone (the Librem5 would be a good starting point)
[+] [-] 55555|6 years ago|reply
[+] [-] gdy|6 years ago|reply
[+] [-] elif|6 years ago|reply
[+] [-] latchkey|6 years ago|reply
[+] [-] sdan|6 years ago|reply
[+] [-] mkagenius|6 years ago|reply
[+] [-] yobananaboy|6 years ago|reply
[+] [-] djmips|6 years ago|reply
[+] [-] carapace|6 years ago|reply
[+] [-] cryptofits|6 years ago|reply
[+] [-] stefan_|6 years ago|reply
[deleted]
[+] [-] missosoup|6 years ago|reply
Hey let's ban all youtube content about the use of tools like ettercap while we're at it.
In fact let's just make any research or discussion of security and pentesting illegal and bury our heads in the sand.
[+] [-] fooqux|6 years ago|reply
I'm not saying you're wrong, or that they're right. However, it seems to me that there has to be a middle ground between draconian signed blobs (which I'm not convinced will solve much for long, either) and the silliness that is the current state of things. Deauths have been used in so many wifi cracking schemes over the years and the fact we still don't seem to care about them (or treat them as harmful interference and blame the device) is getting silly.
[+] [-] rkachowski|6 years ago|reply
If you follow the point logically then surely you feel the same about the entire scope of computer security - "If it can be abused, then it must be flagged and removed", no?
I feel that this is a dangerous attitude that promotes ignorance and forbidden knowledge.
[+] [-] that_lurker|6 years ago|reply