Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown wireless network in manage wireless networks


  • Please log in to reply
7 replies to this topic

#1 shayan8891

shayan8891

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 04 June 2015 - 03:55 AM

Can somebody add my computer to a wireless network (wpa2-psk secured) without having physical access to my computer?

BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:14 AM

Posted 04 June 2015 - 05:25 AM

Hi shayan8891 :)

No, it's not possible for someone to add forcibly add your computer to a wireless network if he doesn't control your computer. What's the name of the network (we'll see if it's specific or generic) and do you recognize the password used for it (you can see it in the Properties of that wireless network)?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:01:14 AM

Posted 04 June 2015 - 10:53 PM

Can somebody add my computer to a wireless network (wpa2-psk secured) without having physical access to my computer?

Yes it can be done without having physical access, by ghosting (mimicking) your wireless router. I won't go into detail how this is done.

And if your computer is compromised by any means, then the registry is the first place to look.

Conclusions on page 24. https://www.sans.org/reading-room/whitepapers/forensics/wireless-networks-windows-registry-computer-been-33659

A Windows registry contains most of the configuration settings for the specific computer. With some knowledge of key locations as well as some basic analysis of the registry keys shown within this paper, an examiner is able to discover wireless network connection information, including when and where these networks were connected to, the IP addresses assigned, and the identification of these networks, either by SSID or by MAC addresses. It has been shown where this information is stored within the registry, as well as providing some tools that can assist in locating and decoding the various registry values more efficiently that via manual methods. Understanding the location of the registry keys, and the means to decode the values contained within provides the incident responder and analyst a powerful avenue for determining possible vectors for infection as
well as verifying compliance with wireless polices that may be in place.

Password Storage Locations For Popular Windows Applications. http://www.nirsoft.net/articles/saved_password_location.html and http://securityxploded.com/passwordsecrets.php

Wi-Fi Registry Settings (Windows Embedded CE 6.0) https://msdn.microsoft.com/en-us/library/ee495876%28v=winembedded.60%29.aspx
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#4 shayan8891

shayan8891
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 05 June 2015 - 01:06 AM

Aura ,It's the same "pcname_network" that we talked about earlier and the pass is skda-xxxx-xxxx

#5 White Hat Mike

White Hat Mike

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:09:14 AM

Posted 05 June 2015 - 01:16 AM

Not likely.  Possible, but not likely.  This is one of those things where you would have to connect to an insecure network (i.e. a hotspot within Starbucks) for this to really even be plausible in most cases.  Although it's not completely out of the question, if you've just been connecting to and utilizing your home network as you usually would, the chance of someone impersonating your private, home, internal network is highly unlikely; especially for the regular, average user (in comparison to a--usually high-profile--government agent/employee).  It is easy, once initial access to a network is gained, or rather while an attacker's device is simply in range of the target devices' NIC, to advertise a rogue network with the same SSID as the legitimate network, and then to deauth the target.  Most Windows users' devices would attempt to re-connect, and the goal of the attackers is for the targets to re-connect not to the legitimate SSID/AP, but to the rogue, cloned SSID that the attacker created and begun advertising.  This would allow MITM (man-in-the-middle) attacks to be performed by the attacker, where any or all traffic could be intercepted and viewed.

 

Lengthy explanation cause it's late and I'm overtired and couldn't stop typing, but I hope my explanation applies to your situation/question and isn't completely off-base.


Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:14 AM

Posted 05 June 2015 - 05:17 AM

shayan, is that "PCNAME" replaced by the name of your computer? Like for example, it would be "AURA-PC_NETWORK" for me?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 shayan8891

shayan8891
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 07 June 2015 - 12:21 PM

@aura sorry for the late reply ,the network's name is godmode_network ,godmode being the name of my pc.As always,thanks for replying :)

#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:14 AM

Posted 07 June 2015 - 05:55 PM

Do you have "Network Discovery" enabled on your Windows system by any chance?

http://windows.microsoft.com/en-us/windows/what-is-network-discovery#1TC=windows-7

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users