Sharing your Wi-Fi password gives you unlimited access to your network. So you can directly access devices with LAN connection such as printers, routers and security cameras. Most networks allow users to scan and try to log in to these connected devices. And if you did not change the default password on these devices, an attacker could simply try to involve them.
Network scanners are Recon tools for finding vulnerabilities and are often considered the first stage of an attack. While it is primarily a tool for collecting information, the Fingers Network Scanner allows us to communicate directly with a variety of devices by guessing the password. In an advanced attack, Fing can be used to quickly get targeting information that can be used to attempt strong hydra cracking.
Scanning a network with Fing can lead to many exciting discoveries, as the people who set up the network do so often that does not make sense. In some configurations, the "Guest" Wi-Fi network can even display a page with the password for the second "Secure" Wi-Fi network in plain text format by simply navigating to the IP address of the router.
Sure, there are many more sophisticated setups for using access, but if physical access is limited, the flexible use of your existing tools can be a lifesaver.
The essential things that Fing achieves are:
- Mapping a network by detecting all connected devices.
- Scanning devices for operating system information and opening ports
- Direct connection to open network devices by guessing or resolving the default password.
The first two bullets above provide the information for a sound attempt to own devices on a network or targetting the router with a more advanced attack on the device such as router sploit. If you're interested in stumbling across surveillance cameras, print servers, wireless routers, and other random devices you find on networks, read on to find out what you need.
In this case, we use the disclosure of a Wi-Fi password to quickly scan and identify the network, identify and identify a computer with an open HTTP port, and use the model-specific default user name and guess the password for logging in to the device. For this you need any current iPhone or Android device.
While you can access your phone's browser on a device with HTTP ports, such as 80 or 8080, you need an app to open SSH, FTP, and Telnet connections. Today we will talk about HTTP, but I recommend Juice SSH for connecting to other ports on Android or Shelly for use on the iPhone.
Step 1: Installing Fing on iOS or Android Phone
There are many network scanners for Windows, macOS and Linux, but the best tool is often the one you know you will have with you. Anything that's too big, specialized or expensive, you'll probably have left home if you really need it.
That's why we use the Fing Mobile app here. If you have access to a destination at any given time or you unexpectedly receive a Wi-Fi password, it may be easy to access many devices on a network with just one smartphone.
Fing works on both Android and iPhone, allowing anyone to begin associating with a network and connecting to devices. So use these links to install them on your device, and after you connect to a Wi-Fi network, Fing scans the entire network and gives a detailed breakdown of all connected devices.
Step 2: Connect to Wi-Fi network on your phone
Please ask for the Wi-Fi password of the network you want to scan. Nowadays, it is rare for someone to not give you this information. Once you have it, connect to the network on your smartphone and start the currently installed fing-app.
Fing can not scan a network it has not joined. For reconfiguration in networks for which you do not have a password, see our article on Wardriving.
Step 3: Scan the Entire Wi-Fi Network
Start a New Network Scan in the Fing App Touch the round arrow icon at the top right to identify all devices in the current network.
Fing performs a scan against a set of all possible IP addresses based on the IP address of the network to which they are connected. It compares the information found with the fingerprints of the devices and displays the result in an easily understandable graphical display of all connected devices.
Find important devices such as routers, servers, and desktop computers.
If you select a specific device, you can scan it and find open ports. Just tap the "Scan Services" option to start the scan. It will probably take longer than the main scan that was done in the previous step.
Scanning a device can tell you a lot about the services offered. Below is a scan of a Raspberry Pi with SSH and a web server with port 80 enabled. Ports 22, 80 and 443 are open.
Each port you find open allows you to continue snooping into the device. Once you see a device with port 80, 8080, or 443 open, you can tap it to open it in your browser.
Good Beginner Pi Setup: CanaKit Raspberry Pi 3 B + Starter Kit – $ 80
Step 5: Identifying the Device
Logging pages can be used in conjunction with the information from our fing-scan to get detailed information about the device manufacturer and often include the model number. If you have ever done an "advanced" Google search, you know that this is a bad idea, as you can simply look up the default password (which we'll talk about in the next step).
In one of my scans, I found an Arris router. On its login page, the default user name is displayed quickly (as "admin"). In addition, the HSD tab displays the model number and even the serial number.
A simple Google search will give you the default credentials for this particular model. Enter the default user name and password to test if the device has been properly configured. Probably not.
By far the most common logins of all devices are:
- Username: root, admin, user and super
- Password: Password, (blank), Toor, Super , Admin, User, and Root
One thing you learn about life is that not everyone likes finessing. Some companies with IT departments or IDS systems can be very upset about being grabbed by surprise and without permission. Therefore, it is advisable not to bypass every open port if you do not know who is upset about it, as in general life.
In particular, the anti-cybercrime education that drives technology companies through The US Government addresses employees who are increasingly looking to control and potentially report to federal agencies as they worry about their behavior in corporate networks. Port scanning enterprise networks are considered suspicious and indicate espionage or crime. If you work in a company like this and use your phone, keep your finger on it.
Unauthorized access to a device is a crime, and although you may have permission to use the Internet, "using" does not usually involve logging in to the router and changing settings. Like every port scan, Fing leaves traces in the router logs and can trigger a firewall or IDS to block you.
You can ask questions here or @ sadmin2001 on Twitter or Instagram.