WARDRIVINGPresented By:

Sumit Kumar (1310013)

Contents:

2. Requirements

1. Introduction to Wardriving

3. Setup And Execution

4. Possible Risks

What is Wardriving?

• Wardriving is searching for Wi-Fi wireless networks by moving vehicle. Wardriving was first developed by Pete Shipley in April 2001. It involves using a car or truck and a Wi-Fi equipped computer, such as a laptop or a PDA, to detect the networks. Many wardrivers use GPS devices to measure the location of the network find and log it on a website.

• Wardriving also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere.

Why Wardrive?• Do tech managers know where all their wireless LAN access points (AP)

are? Since they can be plugged into a LAN and stashed almost anywhere, even by users, they can be a challenge to manage internally. Meanwhile, strangers can be discovering them be "war driving," cruising around with a wireless-enabled laptop seeking wireless LANs that can be entered and explored. —"IBM Tool Targets Wireless 'War Driving'," e-Business Advisor, August, 2002

• From a technical perspective War Driving can be very interesting, White Hat Hacking

• As a hobbyist War Driving is both FUN technically challenging.• Bandwidth Stealers (warez sharing, etc...)• Anonymity Seekers (legal and illegal motives)• True Black Hat Hackers

RequirementsHardware:• Required:

– A portable computer (laptop / palmtop)– Dell Latitude D810 (ear bud recommended)– A compatible built in or pc Wireless NIC

• external antennae (omnidirectional / unidirectional) – A GPS

• Optional: Linksys WRT54G Wireless Router / Access Point

Basic Software• Packages that you'll need:

– GPS (Global Positioning System) service daemon – kismet Wireless 802.11b monitoring tool – Ethereal network traffic analyzer– gpsdrive Car navigation system– MySQL database package

• Other Packages:– Airsnort WLAN sniffer – Aircrack wireless WEP cracker – Dsniff sniffs network traffic for cleartext insecurities

• Netstumbler http://www.netstumbler.com/– Runs on Windows XP– Great for a quick war-walk / war-drive or a quick vulnerability assessment

(rogue access point detection) or coverage / interference testing on an unprotected network, but....

– Netstumbler sends out 802.11 “Probe Request” frames for SSID “Any” providing no real advantage, but making it easily detectable.

– Netstumbler does not sniff.• Kismet http://www.kismetwireless.net/

– Runs on Linux / Unix (client ported to Windows)– Kismet puts your wireless NIC into RFMON mode and does Passive Scanning– Kismet's intrusion detection feature will detect many probing / attack

fingerprints including Netstumbler– Kismet sniffs and records packets for later use with Ethereal, AirSnort,

AirCrack, etc

Netstumbler vs. Kismet (Windows vs. Linux)

• Install NIC, GPS, and Software Packages• Compile RFMON mode NIC driver kernel modules if necessary• Setup the MySQL database

– mysql -u root -p < /usr/share/gpsdrive/create.sql (This will add a user : gast / gast)

• Edit /etc/kismet/kismet.conf for your NIC and configuration.– source=ipw2915,eth1,BuiltIn,6– source=orinoco,eth2,BuiltIn,6– source=cisco,eth2,BuiltIn,6– source=kismet_drone,192.168.108.1:3501,drone

Setup

Typical Wardriving Setup

GPS Mouse

802.11 network sniffing software (e.g.

Netstumbler)

Text to speech software

"new network found. ssid is thd-

wireless. channel 6. network open."

Power Cable

GPS SoftwareDisplay

Notebook computer

Execution• Start the GPS daemon:

‒ `ps -ef | grep -i gps` Kill gpsd -F /var/run/gpsd.sock if present‒ `dmesg | grep -i usb` check to make sure your GPS has associated

with a port‒ `ln -s /dev/ttyUSB0 /dev/gps ; gpsd -K -f /dev/gps ; ps -ef | grep -i gps

• make sure that mysqld is running `ps -ef | grep -i sql` , `/etc/init.d/mysql restart` if not

• make sure festival is running `ps -ef | grep -i sql` , `festival --server &` if not• Add localhost to xhosts `xhost ; xhost + localhost ; xhost`• Start xgps `xgps -speedunits mph -altunits ft &`• Make sure that no kismet components are running `ps -ef | grep -i kismet`,

kill if present• Start Kismet `kismet`• Start gpsdrive `gpsdrive`• Start Wi-Fi-radar `wifi-radar`• Now Do Your War Drive!

Kismet can be integrated with MySQL, GPSDrive, and SNORT

Results 29 Available networks in 2 short hours All available from parked car on crowded

streets Colorful names for wireless routers

hotstuff, red libre, eatshitanddie most use manufacturer name

Only 3 required a key of any kind

Possible Risks Anatomy of a Hack

War driving Process

FootprintingAddress range,

namespace acquisition

ScanningFind promising points of entry

EnumerationFind user accounts

and poorly protected shares

Gaining AccessInformed attempts to access target

Escalating PrivilegeGain complete

control of system

PilferingGain access to trusted systems

Covering TracksHide system privileges

Creating Back DoorsEnsure ability to

regain access at will

Denial of ServiceCreate ability to disable target Legal Illegal

Possible Risks

War driving = not illegal

Beyond war driving = illegal Encryption key cracking Free internet access Identity exposure and theft Network resource utilization Data theft Denial-of-service Other hacking activities

Confidentiality

Integrity

Availability

Thank YouKingsoft Office

@sam3961

fb.me/sam3961

Any Queries