I'm trying to get a full answer to an interview question I got asked a while ago that keeps coming back to haunt me at night. Hoping that I can get a clearer picture of it here, or at least a link to somewhere that explains the process (I haven't found one that satifies my curiosity). The question is: if you are trying to hack someone on a public wifi network (hack can equal (1) gain access to their machine or (2) gain access to their login info for a website), how would you go about it? The answer to (2) is: you can be sniffing the network and gain access to their login creds that way, but only if you are on the network first.
Here it becomes clear that there are some constraints to the stated problem that I haven't figured out. Since it's public wifi I'm assuming that you have access to it automatically. All the research I've done indicates that you would be able to read their cleartext traffic (so HTTP not HTTPS) if you were on the same network. Does WPA2 encrypt traffic differently for every single user separately from any websites the user is accessing (is this how pre-shared keys work)? Do you have to crack the pre-shared key and can only do that if you're on the network first?
Any help putting the end-to-end picture together on this would be much appreciated. I would really like to understand the answer even if the interview is over.
