Return to site
Return to site

How To Crack Unifi Wifi Full

broken image

 

 

 

*Unifi Wifi Access Point

*Unifi Wifi Setup

*How To Crack Unifi Wifi Full Version

*Unifi Wifi Schedule

*Unifi

OK….I made a boo boo!

Actually my method of ‘hacking’ the Unifi modems has a ridiculously simple work-around. Unfortunately, when I published the findings I was absolutely convinced the workaround didn’t work–I was wrong 🙁

Details about how I was mis-lead are unimportant for now (although I will explain it later on), for now I think the simplest way to address and to make yourself more secure (though not 100% secure) is to disable remote management of the router. Don’t worry here’s a step-by-step guide on how to do it.

WiFi Cracko is the application developed in purpose to find password to access protected WPA/WEP, WPA2 & WPA3 network security types. Internet users who are not so highly educated about digital networking or computing in general usually have problems of recovering back their WiFi (WLAN) password in case they've forgot it. At the end of the post is a link to a spreadsheet detailing all the devices that are susceptible to this hack, and one of those devices is the DLink Dir-615 Wi-Fi router, if it doesn’t sound familiar let me refresh your memory–it’s the router that Unifi gives out to all Unifi customers!!! Jul 01, 2012 At the end of the post is a link to a spreadsheet detailing all the devices that are susceptible to this hack, and one of those devices is the DLink Dir-615 Wi-Fi router, if it doesn’t sound familiar let me refresh your memory–it’s the router that Unifi gives out to all Unifi customers!!! Jan 02, 2014 They have forum in chinese and malay too. I have no IT background. But i tried it on my unifi and its really do crack password in 3hrs for 8 digits WPA2. WEP just in couple minutes. Now for my own safety, i keep changing password once a week and use long characters as i can. Wifi also can detect from 2-10km away!! I just subscribed to Unifi and what I can say is the internet service is superb (for time being la) and today I want to share a little bit about the wireless security which is a MUST be configured at the D-Link Dir-615 wireless router provided by TM.Unifi Wifi Access PointStep 1: Logon to your router

To logon to your router, fire up your web-browser (Chrome, Firefox, Safari–even Internet Explorer will do). In the address bar where you usually type www.google.com type http://192.168.0.1 or just click the link. Once there enter the username and password of the router. If you’re uncertain try any one of the following combinations:

Otherwise refer to this post on how to find your router password. Click here, and look for option 3.Step 2: Head on to the Maintenance Section

Once logged on, click on the Maintenance tab of the router.Step 3: Uncheck the box that says Enable Remote Management

Once you’ve entered the Maintenance tab, uncheck the “Enable Remote Management” check box. The image on top has the box check, you want to make it empty.Step 4: Save those damn settings

Finally make sure you save those settings, otherwise all your hard effort would have been wasted. Once you’ve saved your settings, the router will either inform you of the setting change or it’ll take you back to the router login page (same as step 1)Step 5: Reboot the router for good-luck

Finally for extra good luck, reboot your router, and check if the settings are still the same. Some funky stuff sometimes occur between reboots. Rebooting is easy, just switch off the power to the router for 10-15 seconds, then re-start it again.

That should do it. Easy wasn’t it.How I was wrong

Aiyah–this was a bit of a boo boo lor, everyone makes mistakes mah 🙂

Firstly, what you’ve done in the 5 steps above, is disable anyone from outside your home network from accessing the router. That means the only way you’ll ever access your router config page is via your internal network and not from the internet. So your router IP won’t even show up in the Shodan results and even if it did, your router wouldn’t allow these external IPs from accessing it’s page.

Where I was wrong is that I thought this feature didn’t work on the Unifi router, and to be fair there are plenty of Dlink routers that have this flaw. It didn’t help that there were support forums that explicitly addressed this. Where I was wrong of course, is that when I tested this–I tested it from within my own network. From within my network, regardless of whether I used the internal or external IP, I could still access my router, I was under the impression that if I entered the external IP, it would only work if remote access was enabled–I was wrong. I should have tested this from an external network, and using my phone or even a web-proxy I would have easily realized that this fix works for my router (and possibly yours as well).

So if you want to be sure that your router is no longer allowing GUI access over the internet, head on over to Texas Proxy, and then type your external IP to see if you can view your router login page, you should get a curl error, and that would confirm you’re good to go.

Now of course, I was wrong, and I’m sorry if I caused you to panic, or worse yet go out and splurge on a new router. I’ve been wrong before, and this probably isn’t going to be the last time either–being wrong is part of the job, I try to avoid it, but sometimes it’s unavoidable. The only thing I can truly offer, is my apologies for being wrong–and I really am sorry. To show just how sorry I am, take a look at the picture below (can you really still be angry with me after seeing those sad eyes?)Conclusion

Now, the final word though, is that while the fix will protect you, I’m not 100% sure why TM chose to NOT disable the remote login by default. From my quick check, most routers with the 7.17 firmware have this feature enabled and that’s a really bad thing.

Also, this isn’t 100% full-proof, the exploit still exist, and if someone manage to compromise your laptop, desktop or even IP Camera, they may have a back-door to your router, but making this one check (or un-check) makes you FAR more secure than before.

With the newly enacted Evidence Bill Amendment, you would have been deemed to have published everything that originates from your IP address. What that means is that if someone hacks your Wi-Fi and then uses it to publish malicious or seditious statements online, you will be deemed to have published it, and the onus is on YOU to prove you’re innocence rather than for the prosecution to prove your guilt.

So obviously with the new law floating around, Wi-Fi security should be at the top of every Unifi Subscribers agenda–if it isn’t already.However, how secure is your Unifi Wi-Fi connection?

The short answer is not so secure.

The brilliant blog Lifehacker recently posted an article on how you can hack Wi-Fi connections secured by a WPA or WPA2 password. The post is quite detailed but even I have to admit the technical skills neccessary to pull this off is somewhere between intermediate and expert. At the end of the post is a link to a spreadsheet detailing all the devices that are susceptible to this hack, and one of those devices is the DLink Dir-615 Wi-Fi router, if it doesn’t sound familiar let me refresh your memory–it’s the router that Unifi gives out to all Unifi customers!!! (que bone-chilling Alfred Hitchcock Movie sound)

Now taking aside the fact, that I could probably call all Unifi customers to request the Wi-Fi password printed at the bottom of their router, and 50% would probably provide that to me with no issue, this also means that for those people smart enough to hide their passwords — I can still hack your Unifi Wi-Fi connection no matter what you do on your router. There’s literally nothing you can do, hiding SSIDs don’t work and neither will MAC address filtering. Of course this is all theory, and testing this theory took a lot more time than I had, so I’m not sure.

What I am sure is that Unifi have their own firmware for the DIR-615 router, and that’s a partially susceptible router, meaning some firmwares are susceptible some firmwares aren’t, and it’s a coin toss and whether your router at home is susceptible.

Now, while I know of a few people who hack Wi-Fi passwords just for the fun of it,and there’s a lot of references and material online detailing the steps required–so we all know this works. In fact you can buy packages online that allow you crack the routers easily :). This blog written in Malay claims that they’ve successfully hacked a DLink Dir-615 router, I’ve no doubt it’s possible, but it’s not easy and it takes time.

Either way though, it’s always good to remember this. There is no such thing as impossible to crack, merely inconvenient and infeasible. Don’t believe me? Dap scoring manual. Check out this story of how a group of University Students manage to hack a US Military Drone in mid-flight using nothing more than $1000 worth of equipment, do you really think your Wi-Fi at home is more secure a ‘death from above’ US Predator Drone? Every Wi-Fi access point hackable, it’s only a matter of how much time, effort and money is required.What if I don’t change my password?

If you don’t even bother, or don’t know how to change Unifi password of your router from the default 6 digits Unifi assigns to you, then it’ll be safe to say, that geeky neighbour kid is probably stealing your Wi-Fi.

This post demonstrates a real easy way to brute force hack a router. What that basically means is that the program will try every single possible combination for your router password, usually that will take weeks, however if you just use the 6 digit default Unifi password, then you’ve narrowed the search to just 1,000,000 possible combinations. For a human that’s a big amount, but a for a computer running Beini–it’ll take about 10 hours.

So for Wi-Fi there are 2 general rules, change the default password AND don’t use WEP.Unifi Wifi SetupThe consequences of low protection

A lot of people don’t appreciate the importance of internet security and even few know how to properly secure things like the PCs, Wi-Fi and even online bank accounts. Some people I work with in my job, still think WEP is a perfectly acceptable way to secure a Wi-Fi connection…and I work in IT.

Naked Security (a fantastic blog to follow) details how a SWAT team Evansville, Indiana raided a house with flashbangs and grenades because the traced threatening blog post to the IP address of the house. The only problem was that the house was using an unsecured Wi-Fi connection, and it became pretty apparent that the 18 year old watching TV with her grandmother were not the perpetrators of the crime. It became even more apparent, that anyone within Wi-Fi distance of the house could use it to post those comments. Fortunately, the state of Indiana still believes in innocent till proven guilty and paid for the damages to the house cause by the flash bangs. In Malaysia, with the new evidence act amendment–you may not be so lucky.

In the past, the worst that stolen Wi-Fi meant was you would experience a slow connection because the neighbourhood hack geek was using your Wi-Fi to watch porn. Now it has far dire consequences that could include you being sent to jail.

With the newly ammended Evidence Act it’s far worse. Anyone that hacks your router can use your IP address to post malicious, seditious and sensitive material online, and YOU would be held accountable for that post. So If I hacked your router, and it’s quite possible, then I could post a terribly seditious post online that would be traced to your IP address, and you would have been deemed to publish it. It’s up to you to prove I hacked your router, and if you don’t even have the know-how to secure your Wi-Fi what chance do you have a catching me?

To see how easy it is to hack a Wi-Fi network, check out the point and click steps here.

That’s bad.

That’s why you need to sign the petition here. http://www.tinyurl.com/stop114a to stop the Evidence Act Amendment from being gazetted into law. Do that now.Last WordsHow To Crack Unifi Wifi Full Version

I’m really peeved that Members of Parliament from both the Government and Opposition have passed this law, particularly the opposition MPs simply because they failed to do their job. As an MP you have just one job– to pass laws — and if you can’t even get that right you don’t deserve to be an MP!!. I don’t care if you were given 400 pages to read 15 minutes before the bill is tabled, if you have just one job, you ensure that you perform that one job exceptionally well.Unifi Wifi Schedule

Shame on you Pakatan, at least BN MPs can claim to be following orders. Pakatan MPs should be ashamed that it took a blogger to first break the news about the amendment, rather than the MPs themselves.

Finally I’m merely pointing out to you what is now general knowledge of every hacker on the internet. Showing you how to steal internet is likely to get me jailed or worst, banned from cable. I’m not pointing out how to steal Wi-Fi, I’m pointing out on an unsecured Wi-Fi connection at your home is now a dangerous thing.Unifi

Image of router rather ‘Maliciously’ taken from thePCHarbor, I hope they don’t mind. http://techblog.thepcharbor.com/?p=2477

 

 

 

 

broken image
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save