Evil Twin

Sitting in the parking lot of the organization. I pull out my laptop or rather my “machine”, as we call it the hacking circles. I’m thinking of a name. Employees of must not find this name suspicious, i decide on “Coffee Shop”. This is what i am going to name the fake access point aka Rouge AP aka Evil twin that i’m about to create using FREE readily available tools.

graphic showing how an evil twin is set up

An evil twin is a fake AP that mimicks the organizations real AP.  The name i’ve chosen is not a random guess, i had previously scanned the wi-fi connections in the area and noted that they had a very weak coffee shop wi-fi signal. All i have to do now is simply create another access point, name it Coffee Shop, maximize the  broadcast strength so that my Evil twin will appear at the top of every devices wi-fi list.

coffee shop  showing a possible evil twin attack

I now have my fake wireless access point(AP) up and running, and just like clock work we have our first victim. It seems someone has found the AP and connected to it with what seems to be a company laptop. The user/employee logs in using legit company credentials which i capture using my favorite packet sniffer.

At around 11:00 am or coffee break time is when things heat up, i have upto 10 users using my fake AP. All their traffic is going through my AP and onto to the internet via their AP this means there is no slow down in traffic and no one suspects anything (most employees abuse company wi-fi any way).

diagram of a man in the middle attack

At this time i intercept a user with a very interesting device name “admin fin”, am guessing its the finance administrator, using a man in the middle attack. I send the user a fake company landing page asking them to login and reset their password, being that the company landing page can be found online spoofing it is a breeze!

 

Information Bounty

In two hours am done, my legs are numb and i have the munchies! Hacking is tiresome. My bounty is made up of company usernames, passwords, various wi-fi passwords and a network map of the entire organization, i even know how many devices and what kind of devices they have on the network i.e router makes and models, servers makes and models including running software and most importantly i know what ports have been left open on the network.

JNetMap-graphical mapping software showing an organizations network

After my evening gym session (yes these days hackers do stay fit!), i take all the data i gathered and begin doing more research. I look online/darkweb for 0-day exploits for some of the devices i discovered on the organisations network, i also search for common misconfiguration settings that these devices are most likely to have. Im even able to reverse engineer a vendor firmware update for one the routers to reveal a master password written in plain text!

With more research patterns begin to emerge, i now know that the organization prefers to use DELL computers for workstations and the ASUS brand for laptops, i even know their internet provider is ISP X, these critical details i shall use to craft my social engineering attack to a tee next week

 Patience pays…literaly

This is just the early stages of hacking, hollywood will have you thinking that the sony hack happened in 90 mins…movies lol. Hacking takes time, it requires patience and needs a criminal mindset. It will be a whole month before i’m done with this hack! For now with the data gathered i will go and prepare for the next stage; gaining access to the organizations systems and maintaining a foothold-after which i shall decide what to do.

I think i’ll hold all their data for ransom, or maybe i’ll crash their systems or maybe even make some money disappear from the finance department. Wait and see!