Got into someone's Wireless Network. Now what?

[pseudeoxys]

In my area, most of the people use WEP encryption and as we all know WEP is very easy to crack. So I got into someone's Wireless Network. Now what?

I did so some googling and found that you can sniff passwords from a network but most of it are just to sniff data from my PC and not my target. What I want to learn is how to hack my target's PC not my own.
I want to know if I can sniff, monitor or whatever it is called from  my targets/victims.

Sorry for the noob question. I do admit that I am a noob and I believe this is a place a learn. Thanks in advance.

Edit: Modified so my question can be understood easier.

[ande]

Hmm, this is like asking what to do after you have broken into a house..

We have no idea what you want to do. You can sniff password, try to exploit other computers on the network, edit router settings etc etc etc.

Look into ARP spoofing.

[iTpHo3NiX]

asdf

[noob]

since you are a noob google for firesheep first

[techb]

since you are a noob google for firesheep first

Firesheep is crap IMHO. ARP poisoning would be better like Ande said. Or even phishing.

[bubzuru]

OK

to sum it all up, if you want passwords ARP poisoning is the way to go
if you want to break into anouther computer on the network, you will scan\exploit there machine

there are more things you can do , but we wont go into that

[pseudeoxys]

Hmm, this is like asking what to do after you have broken into a house..

We have no idea what you want to do. You can sniff password, try to exploit other computers on the network, edit router settings etc etc etc.

Look into ARP spoofing.

Well I did found some decent tutorials on how to sniff networks and such.
But most of it are for sniffing data out of my computer and not my target.
I want to know how to do so on my target not on myself.

But still, thanks!

since you are a noob google for firesheep first

Tried FireSheep, it's kinda crappy IMO. Besides it's outdated. I had to install an older vers of Firefox to use it but it's somewhat worth it.

Firesheep is crap IMHO. ARP poisoning would be better like Ande said. Or even phishing.

Phishing is something I would love to look into. I tried once in my web server but not on a wireless network.

delete their system32s. what better than that?

Great idea but dude.. I'm not even in their system yet. That's what I'm trying to learn here.


And... Thanks to all those who helped!
Links to tutorials, please? I know I can just use the search function. But links recommended by all of you are more worth reading yes?

Edit: Tried Cain and Abel. Finally I know how to scan other devices instead of my PC.
Screenshot:
http://i.imgur.com/BwtqN.png

[techb]

Uz l33T!


Anyways back to the topic at hand. If you want to start I would suggest using something such as wireshark to monitor the traffic just to see anything interesting.. You can then if you deem it interesting enough use a MITM or some other exploit to start sniffing out passwords. There are MANY tutorials on even youtube for finding out how to sniff peoples networks and gain passwords. Though most of them are probably going to use backtrack. Oh cain and abel the days of windows

Wireshark will sniff data going to him alone generally speaking. You can check the following link out to see how to sniff other network data.
http://serverfault.com/questions/187597/can-wireshark-read-data-being-sent-to-from-other-computers (Can someone say StackOverflow rip-off?)

[BigE]

Wireshark will sniff data going to him alone generally speaking. You can check the following link out to see how to sniff other network data.

You can fix that in two different ways. ARP poison the network and route all traffic through your computer, although they will probably notice a network slowdown, or you can use promiscuous mode on Wireshark, which will capture pretty much everything on the network, at the expense of being really easy to spot. But then again, if they are using WEP, I wouldn't worry about that sort of thing. I actually wouldn't worry about that sort of thing on WPA either.

[RedBullAddicted]

Hi,

first of all you need to know that an access point is working like a hub and not like a switch. This means all data is send to all clients which are connected. You should be able to see some traffic from other clients when you are capturing with wireshark. If someone in the network uses some unencrypted service as FTP or VNC you should be able to capture password information. Maybe you should look on a technique called evil twin. Try logging in to there router, maybe they don't changed the default password and see what you can do there (maybe dyndns settings??). I agree that ARP or DNS poisoning with phishing would be the best method. 

[ande]

..., or you can use promiscuous mode on Wireshark, which will capture pretty much everything on the network, at the expense of being really easy to spot. ...

How would passively sniffing wifi packets be easy to spot? And also, iirc, Wireshark can only sniff unencrypted wifi packets. It probably depends on the encryption method but I would guess the encryption is not the same for each client. Sorry if I am mistaken, my wi-fu is a little rusty.

[kateus]

And also, iirc, Wireshark can only sniff unencrypted wifi packets.

I'm pretty sure you can sniff encrypted packets, or at least in his scenario. I was playing around with WireShark sniffing at my router yesterday, which is encrypted with WPA/WPA2 and I can get the packets, the data is just encrypted vs plain text data if there was no encryption.


But if you can sniff enough packets WEP really isn't too hard to crack the encryption of.

[ande]

I'm pretty sure you can sniff encrypted packets, or at least in his scenario. I was playing around with WireShark sniffing at my router yesterday, which is encrypted with WPA/WPA2 and I can get the packets, the data is just encrypted vs plain text data if there was no encryption.


But if you can sniff enough packets WEP really isn't too hard to crack the encryption of.

Yeah well, ignore my previous statement. What I ment to say is that you can only make sense out of the unencrypted packets captures by wireshark. As they are encrypted..

[Z3R0]

[edit]you can only make sense out of the unencrypted packets captures by wireshark. As they are encrypted..

That's correct. You can sniff wifi-encrypted traffic, but all of it will be seen as WEP or WPA traffic. Luckily, wireshark comes with a wifi plugin where you can put in a known key and it will decrypt the data for you, or you can try to run the packet capture through aircrack.

[BigE]

How would passively sniffing wifi packets be easy to spot?

I specifically refer to capturing packets in promiscuous mode, which while giving you more captured packets, is really easy to spot. Among other methods, nmap for about 5 years now has come with a promiscuous network card detector script which can be run on an entire subnet if need be.

Luckily, wireshark comes with a wifi plugin where you can put in a known key and it will decrypt the data for you, or you can try to run the packet capture through aircrack.

Wireshark has a lot of very cool features in it. About a month ago I was playing around with it and stumbled onto a function which will construct an audio file of the captured packets from an audio stream such as Skype calling.