Wardriving
-
Upload
sumit-kumar -
Category
Internet
-
view
1.736 -
download
0
Transcript of Wardriving
WARDRIVINGPresented By:
Sumit Kumar (1310013)
Contents:
2. Requirements
1. Introduction to Wardriving
3. Setup And Execution
4. Possible Risks
What is Wardriving?
• Wardriving is searching for Wi-Fi wireless networks by moving vehicle. Wardriving was first developed by Pete Shipley in April 2001. It involves using a car or truck and a Wi-Fi equipped computer, such as a laptop or a PDA, to detect the networks. Many wardrivers use GPS devices to measure the location of the network find and log it on a website.
• Wardriving also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere.
Why Wardrive?• Do tech managers know where all their wireless LAN access points (AP)
are? Since they can be plugged into a LAN and stashed almost anywhere, even by users, they can be a challenge to manage internally. Meanwhile, strangers can be discovering them be "war driving," cruising around with a wireless-enabled laptop seeking wireless LANs that can be entered and explored. —"IBM Tool Targets Wireless 'War Driving'," e-Business Advisor, August, 2002
• From a technical perspective War Driving can be very interesting, White Hat Hacking
• As a hobbyist War Driving is both FUN technically challenging.• Bandwidth Stealers (warez sharing, etc...)• Anonymity Seekers (legal and illegal motives)• True Black Hat Hackers
RequirementsHardware:• Required:
– A portable computer (laptop / palmtop)– Dell Latitude D810 (ear bud recommended)– A compatible built in or pc Wireless NIC
• external antennae (omnidirectional / unidirectional) – A GPS
• Optional: Linksys WRT54G Wireless Router / Access Point
Basic Software• Packages that you'll need:
– GPS (Global Positioning System) service daemon – kismet Wireless 802.11b monitoring tool – Ethereal network traffic analyzer– gpsdrive Car navigation system– MySQL database package
• Other Packages:– Airsnort WLAN sniffer – Aircrack wireless WEP cracker – Dsniff sniffs network traffic for cleartext insecurities
• Netstumbler http://www.netstumbler.com/– Runs on Windows XP– Great for a quick war-walk / war-drive or a quick vulnerability assessment
(rogue access point detection) or coverage / interference testing on an unprotected network, but....
– Netstumbler sends out 802.11 “Probe Request” frames for SSID “Any” providing no real advantage, but making it easily detectable.
– Netstumbler does not sniff.• Kismet http://www.kismetwireless.net/
– Runs on Linux / Unix (client ported to Windows)– Kismet puts your wireless NIC into RFMON mode and does Passive Scanning– Kismet's intrusion detection feature will detect many probing / attack
fingerprints including Netstumbler– Kismet sniffs and records packets for later use with Ethereal, AirSnort,
AirCrack, etc
Netstumbler vs. Kismet (Windows vs. Linux)
• Install NIC, GPS, and Software Packages• Compile RFMON mode NIC driver kernel modules if necessary• Setup the MySQL database
– mysql -u root -p < /usr/share/gpsdrive/create.sql (This will add a user : gast / gast)
• Edit /etc/kismet/kismet.conf for your NIC and configuration.– source=ipw2915,eth1,BuiltIn,6– source=orinoco,eth2,BuiltIn,6– source=cisco,eth2,BuiltIn,6– source=kismet_drone,192.168.108.1:3501,drone
Setup
Typical Wardriving Setup
GPS Mouse
802.11 network sniffing software (e.g.
Netstumbler)
Text to speech software
"new network found. ssid is thd-
wireless. channel 6. network open."
Power Cable
GPS SoftwareDisplay
Notebook computer
Execution• Start the GPS daemon:
‒ `ps -ef | grep -i gps` Kill gpsd -F /var/run/gpsd.sock if present‒ `dmesg | grep -i usb` check to make sure your GPS has associated
with a port‒ `ln -s /dev/ttyUSB0 /dev/gps ; gpsd -K -f /dev/gps ; ps -ef | grep -i gps
• make sure that mysqld is running `ps -ef | grep -i sql` , `/etc/init.d/mysql restart` if not
• make sure festival is running `ps -ef | grep -i sql` , `festival --server &` if not• Add localhost to xhosts `xhost ; xhost + localhost ; xhost`• Start xgps `xgps -speedunits mph -altunits ft &`• Make sure that no kismet components are running `ps -ef | grep -i kismet`,
kill if present• Start Kismet `kismet`• Start gpsdrive `gpsdrive`• Start Wi-Fi-radar `wifi-radar`• Now Do Your War Drive!
Kismet can be integrated with MySQL, GPSDrive, and SNORT
Results 29 Available networks in 2 short hours All available from parked car on crowded
streets Colorful names for wireless routers
hotstuff, red libre, eatshitanddie most use manufacturer name
Only 3 required a key of any kind
Possible Risks Anatomy of a Hack
War driving Process
FootprintingAddress range,
namespace acquisition
ScanningFind promising points of entry
EnumerationFind user accounts
and poorly protected shares
Gaining AccessInformed attempts to access target
Escalating PrivilegeGain complete
control of system
PilferingGain access to trusted systems
Covering TracksHide system privileges
Creating Back DoorsEnsure ability to
regain access at will
Denial of ServiceCreate ability to disable target Legal Illegal
Possible Risks
War driving = not illegal
Beyond war driving = illegal Encryption key cracking Free internet access Identity exposure and theft Network resource utilization Data theft Denial-of-service Other hacking activities
Confidentiality
Integrity
Availability
Thank YouKingsoft Office
@sam3961
fb.me/sam3961
Any Queries