War Driving & WiFi in Linux

Full Version: War Driving & WiFi in Linux

GovernmentSecurity.org > System Security > Linux & Unix Systems

dissolutions

Apr 16 2003, 11:49 PM

Do not quite not where i got this link from but i found it in my bookmarks gave it a read thought it'd be useful, I have a few other materials available for windows in the war driving dept.
Here goes...

22:12:33 -->AZTEK (aztek@198.81.129.100) has joined #bsrf
22:12:33 ---Topic for #bsrf is .::Welcome to Blacksun Research Facility [BSRF] ::. http://blacksun.box.sk Enjoy your stay and plz talk this channel feels dead (Mikkkeee) (AZTEK)
22:12:33 ---Topic for #bsrf set by AZTEK at Sat Apr 27 14:05:07
22:12:33 ---ChanServ sets mode +q
22:12:33 ---ChanServ gives channel operator status to AZTEK
22:12:48 <Paranoiac>But then, I have no idea what I'm talking about
22:12:56 <--mtcx1 has quit (Ping timeout)
22:13:00 <Forbze>lol
22:13:19 <simprix>ok im back
22:13:20 <AZTEK>well now loging works
22:13:28 <AZTEK>i am loging simprix
22:13:33 <simprix>ok
22:13:59 <simprix>anyone can butt in if they want or if i say something wrong
22:13:59 <simprix>ok
22:14:22 <simprix>everyone here
22:14:34 <miteymous>;]
22:14:39 <Strider>ya
22:14:52 <simprix>ok girls and boys
22:15:43 <simprix>Ok this will be centralized around linux because I have never done this in Windows and Windows sucks
22:16:13 <miteymous>oki
22:16:14 <simprix>one thing i do know if you want to do this in windows then you need to use netstumpler
22:16:32 <miteymous>or ApSniff
22:16:47 <miteymous>from a website i am lookin at :/
22:16:57 <simprix>Ok first off in linux you need to recompile your kernel with netlink and get rid of pcmcia support in the kernel
22:17:20 <simprix>then you have to get the pcmcia source for pcmcia-cd.sourceforge.net
22:17:47 <simprix>there are to ways you can do it now
22:18:16 <simprix>you can use the wireless extensions in the kernel but you need a good card like a cisco aironet card
22:18:52 <simprix>but the wireless extensions does not have as good sniffing techniques as the linux-wlan source
22:19:05 <simprix>so they way i have done it is using the linux-wlan-ng source
22:19:30 <simprix>you can get that from http://www.linux-wlan.org and you need to compile that
22:19:37 <simprix>any questions so far?
22:19:59 <simprix>or is no one listening
22:20:00 <Strider>nope
22:20:15 <miteymous>is there info on editing the kernel?
22:20:48 <simprix>have you recompiled a kernel before?
22:20:49 <Strider>miteymouse, wheres that site with ApSniff?
22:21:04 <miteymous>no im new sorry

22:21:12 <miteymous>strider: http://www.wardriving.com
22:21:20 <Paranoiac>What he/she/it said^
22:21:21 <Strider>thnx
22:21:25 <simprix>ok well you should read the howto
22:21:40 <miteymous>i plan on it

22:21:54 <simprix>ok once you have compiled all that stuff your almost ready to get started
22:22:23 <Paranoiac>Could you just explain what it is that those modifications do?
22:22:40 <Paranoiac>Or is it too lenghty to explain now.
22:22:50 <simprix>oh yea the linux-wlan stuff only works with the prism2 chipset, which are cards like linksys, dlink, netgear, zoom alot of consumer cards
22:23:09 <simprix>what motifications
22:23:23 <Paranoiac>The recompilations
22:23:36 <simprix>they are pretty much drivers for the cards
22:23:47 <simprix>i prefer the zoom wireless cards
22:23:53 <Paranoiac>Ah, ty
22:24:17 <simprix>ok does everyone in here know what snmp is
22:24:59 <Forbze>any aussies here>?
22:25:02 <Forbze>SNMP
22:25:03 *Paranoiac does not....is a know-nothing-newb
22:25:39 <simprix>well the linux-wlan binaries are alot like using snmp
22:25:56 <simprix>like to specify the ssid
22:26:33 <simprix>a ssid is kinda like a network id
22:26:46 <simprix>say one access point is on ssid: ap01
22:27:00 <simprix>and one access point is on ssid: ap02
22:27:19 ---BaGeL[CS] is now known as BaGeL
22:27:28 <simprix>and you want to attach to ap01 then you would use the ssid of ap01
22:27:45 <simprix>it is two specify wireless networks
22:27:48 <simprix>everyone with me?
22:27:53 <simprix>and questions?
22:28:12 <Forbze>SNMP - Simple Network Managment Protocol
22:28:21 <simprix>ep
22:28:22 <simprix>yep
22:28:37 <Paranoiac>Ah
22:29:00 <Forbze> http://www.rad.com/networks/1995/snmp/snmp.htm
22:29:12 <Paranoiac>Ty
22:30:09 <simprix>ok but if you are not familer with snmp and using mibs, you could use a program my friend wrote called wlanfe you can get it from se.rious.net or freshmeat.net
22:30:51 -->r (trashmail@172.166.185.154) has joined #bsrf
22:31:00 <simprix>ok now you are ready to go wardriving
22:31:10 -->Sheik (sheik001@65.58.40.148) has joined #bsrf
22:31:34 <simprix>i am warning, make sure you are with someone else and make them drive
22:31:49 <Paranoiac>Hehe
22:31:58 <simprix>it is really hard to drive and look at your computer at the same time trust me
22:32:18 <Forbze>wtf?
22:32:21 <Forbze>drive?
22:32:26 <Forbze>and computer
22:32:32 <Strider>heh
22:33:06 <simprix>yes
22:33:25 <simprix>also you should get some programs before you go
22:33:48 <miteymous>so you basically can just use someone elses wireless network?
22:34:02 <simprix>these programs are kismet, airsnort, scanchan, arpping
22:34:06 <simprix>yes miteymous
22:34:10 <miteymous>like...hijack it...an invisible parasite?
22:34:13 <miteymous>ok question
22:34:19 <simprix>yes
22:34:51 <--Sheik has quit (Quit: )
22:34:53 <miteymous>would it be possible to set up your own wireless network, that hijacks your targets, and then spreads it farther via your equipment
22:35:06 <miteymous>maybe letting you have free access at your house
22:35:14 <simprix>yes you could bridge the connection
22:35:21 <simprix>with a wireless bridge
22:35:41 <Paranoiac>he networks would need to overlap, though
22:35:45 <Paranoiac>*The
22:35:52 <miteymous>would the same basic techniques work with cell phone modems
22:36:34 <simprix>well if you have the wireless bridge on the same ssid then your ok
22:36:40 <simprix>and they wont overlap
22:36:53 <simprix>miteymous: i dont know anything about cell phone modems
22:37:16 <miteymous>well i mean they obviously work on different frequencies
22:37:16 <simprix>it might work but i dont know what cell phones use as there protocals
22:37:39 <simprix>well then you could use a frequency counter and use a ham radio
22:37:44 <--Forbze has quit (Ping timeout)
22:37:51 <LiquidKn0wledge>hey is neve campbelle that girl in the movie three to tango?
22:38:44 <simprix>everyone ready to continue
22:38:58 <--r (trashmail@172.166.185.154) has left #bsrf
22:39:06 <Strider>go ahead

22:39:29 <miteymous>yah
22:39:31 <miteymous>:D
22:39:55 -->Forbze (thedon@203.134.22.186) has joined #bsrf
22:39:56 ---ChanServ gives channel operator status to Forbze
22:40:08 <simprix>ok well when you are ready to go you need to put your wireless card in promiscuos mode which means it will gather everything that is in the air
22:40:35 <simprix>there are tools that come with kismet
22:40:36 <--LiquidKn0wledge (LiquidKn0w@66.153.12.78) has left #bsrf
22:40:56 <simprix>ok after that is all set you will start up kismet
22:41:15 <simprix>and go drive around
22:41:51 <simprix>once something pops up on the screen there will be three sections
22:42:02 <zemo>nite all
22:42:04 <simprix>ssid: it will say the ssid here
22:42:14 <Strider>nite
22:42:20 <simprix>WEP: it will say if wep is being used
22:42:32 <simprix>channel it will say what channel the network is on
22:42:48 <simprix>does everyone know what WEP is
22:43:00 <miteymous>no
22:43:05 <Paranoiac>ditto
22:43:19 <simprix>wireless encryption protocal
22:43:56 <simprix>it encrypts the network
22:44:17 <simprix>so you cant attach to the network unless you have the wep key
22:44:36 <Paranoiac>What kind of encryption is it?
22:45:27 <simprix>RC4
22:45:43 <--ro0t has quit (Quit: rm -rf /;reboot&)
22:45:57 <miteymous>so you have to crack the encryption then, does kismet do that?
22:46:04 <simprix>no
22:46:08 -->ro0t (ro0t@216.153.217.132) has joined #bsrf
22:46:30 <simprix>ok we will get to what you do if they use wep
22:46:44 <simprix>but first we will talk about a network with out wep
22:47:19 <simprix>while you are watching a kismet it will say what the ssid is remember that
22:47:40 <simprix>if it says under W: N, then they arent using wep
22:48:03 <simprix>ok so once you have got these
22:48:32 <simprix>you will need pop out your card to take it out of promiscues mode
22:48:40 <simprix>and pop it back in
22:48:48 <simprix>then you will open wlanfe
22:49:11 <simprix>and under ssid type the ssid you got from kismet
22:49:16 <simprix>and click apply
22:49:25 <simprix>now you are attached
22:49:43 <simprix>now you need to get a ip
22:50:00 <simprix>if the access point is using dhcp you can get it that way
22:50:14 <simprix>but if it isnt you need to find out what ips they are using
22:50:24 <simprix>to do this we will use arping
22:51:08 <simprix>run that and we will get some ips they are using
22:51:23 <simprix>so you will assign a unused ip using ifconfig
22:51:43 <simprix>and then it is just like you are on a normal network
22:51:46 <simprix>any questions?
22:52:12 <miteymous>so at this point you are connected and have internet access?
22:52:21 <Strider>huh? is this thing still going??
22:52:24 <miteymous>and access to their network?
22:52:25 <Strider>j/k
22:52:29 <Paranoiac>Hehe
22:52:34 <simprix>yes
22:52:39 <simprix>what Strider are you bored
22:52:50 <miteymous>whoah
22:53:03 <Paranoiac>Are there many networks that are unsecured?
22:53:09 <simprix>yes
22:53:12 <simprix>lots
22:53:18 <Paranoiac>Groovy
22:53:28 <simprix>the city hall in my town is not using wep
22:53:40 <simprix>Strider: what can we do to keep you interested
22:53:53 <Strider>me?
22:53:55 <Strider>ermm
22:53:57 <Strider>danece?
22:54:01 <Strider>dance*
22:54:10 <Paranoiac>How can you secure yourself from being detected/accessed?
22:54:12 <miteymous>ok so lets say you are connected now
22:54:24 <miteymous>would you be able to see all the computers that are shared on the network?
22:54:32 <simprix>yes
22:54:36 <miteymous>network neighborhood type thing?
22:54:37 <simprix>if you use samba
22:54:43 <simprix>sorry Strider
22:54:53 <simprix>Paranoiac: i will get to securing them later
22:54:57 *miteymous does the chicken dance for Strider
22:55:05 <Strider>lmao
22:55:07 <Paranoiac>Ahh, ok...thanks
22:55:16 <Paranoiac>Bah....that's nothing
22:55:20 <miteymous>wait i thought samba was used to show graphics
22:55:25 *Paranoiac does the Funky Monkey
22:55:35 <miteymous>when compiling programs etc
22:55:48 <simprix>nope
22:55:54 <simprix>what Strider
22:56:10 <miteymous>ahhsoo o_O
22:56:40 <simprix>ok everyone ready
22:56:46 <simprix>to talk about wep
22:57:01 <miteymous>yup
22:57:07 <Paranoiac>Aye, cap'n
22:57:17 <Strider>go on then
22:57:24 <simprix>ok
22:57:41 <simprix>well out in california two kids figured out how to break wep
22:58:31 <Strider>hold on, whats wep?? is that still the wireless thingy?
22:58:41 <simprix>yes
22:58:46 <Strider>ah ok
22:58:49 <Strider>carry on
22:58:51 <miteymous>wireless encryption protocol :x
22:58:52 <simprix>it is wireless encryption protocal
22:59:32 <simprix>ok when you find a wireless network you need to use airsnort
23:00:11 <simprix>with your card still in promiscuos mode you need to start airsnort and just start to gather packets
23:00:19 -->GOD (que_import@226C75B7.CF2E741F.41F302F6.IP) has joined #bsrf
23:00:47 <simprix>usually with a 128 bit wep key you should gather 1 gig of traffic
23:00:58 <simprix>then it will list the wep key
23:01:06 <simprix>everyone with me so far
23:01:25 <Paranoiac>So it grabs the key from the other user's packets?
23:01:37 <miteymous>airsnort figures out the key for you?
23:01:44 <simprix>yes and beacon frames
23:01:48 <simprix>yes miteymous
23:02:02 <Paranoiac>That's useful
23:02:20 <simprix>yes
23:02:33 <simprix>ok so once you have the wep key
23:02:52 <Paranoiac>Is the WEP verification a constant activity then? As opposed to using it once, like a password....
23:02:59 -->nosolution (NS@p19-tnt1.ham.ihug.co.nz) has joined #bsrf
23:03:36 <simprix>you will load up wlanfe and put the ssid you have and click on the wep key tab and type the key
23:03:45 <simprix>yes it is constant Paranoiac
23:04:55 -->Jackel88 (new-web@166.90.65.247) has joined #bsrf
23:05:10 <simprix>ok so once you attach to the network you need to get your ip the same way you did before
23:05:19 <simprix>without wep
23:06:28 <--Jackel88 has quit (Quit: Leaving)
23:06:29 <simprix>ok there are three ways to secure a wireless network besides wep
23:06:31 ---GOD is now known as satan
23:06:34 <miteymous>kewl
23:06:37 <simprix>cause wep sucks
23:06:43 <--bluehaze[BED] has quit (Ping timeout)
23:06:44 <Paranoiac>Hehe
23:06:59 <satan>hey this is already registered
23:07:46 <simprix>ok the three ways are a radius server, a kerbores server, ipsec
23:07:56 ---satan is now known as compaq
23:08:36 <simprix>if you need to know about those ways read the rfc's cause i am not going to explain them this time maybe another lecture
23:09:07 <miteymous>suhweet
23:09:11 <simprix>ok im done any questions
23:09:19 <simprix>or opinions
23:09:25 <miteymous>do you have to have a big antennae?
23:09:30 <simprix>no
23:09:33 <miteymous>and how far away can you be
23:09:35 -->Ravish (Ravish@210.214.102.213) has joined #bsrf
23:09:48 <simprix>500 feet is 2 megs a second
23:09:57 *Strider is away (finger lickin the chicken)
23:10:03 <miteymous>hmm
23:10:04 <--Forbze has quit (Quit: Vive La Revolution)
23:10:06 <miteymous>thats not that far
23:10:07 <Paranoiac>What kind of wireless is this?
23:10:08 <simprix>i would not go past 500 feet
23:10:19 <simprix>its 802.11b
23:10:26 <Paranoiac>Ahh good
23:10:34 <Paranoiac>At least I've heard of it
23:10:43 <simprix>802.11a, 802.11g are supposed to be better
23:10:44 <miteymous>but you said earlier you could bridge it, so itd be possible to get within say 100 feet, bridge the connection to a landline that went back to your house?
23:11:04 <simprix>yea you could do that
23:11:07 <miteymous>to keep the speeds?
23:11:11 <Ravish>hi
23:11:14 <simprix>bridges go up to 2 miles
23:11:20 <simprix>hey ravish
23:11:29 <miteymous>oh wow
23:11:30 <Paranoiac>What is a bridge, exactly?
23:11:48 <miteymous>can i build one using a coke can and a piece of twine?

23:12:04 <simprix>not a bridge maybe a antenna
23:12:27 <Paranoiac>Hehehe
23:12:27 <miteymous>lol
23:12:47 <miteymous>omgggggggg
23:12:52 <miteymous>coke all over my pc
23:12:57 -->criven (nobody@68.3.152.20) has joined #bsrf
23:13:06 <Paranoiac>.....that's not goof
23:13:09 <Paranoiac>*good
23:13:27 <simprix>ok everyone done
23:13:33 <Paranoiac>Groovy
23:13:33 <simprix>or more questions
23:13:46 <Paranoiac>By the way, where do you get your tools from?
23:13:53 <simprix>the internet
23:14:00 <Paranoiac>......thanks
23:14:08 <simprix>freshmeat
23:14:18 <Paranoiac>Thank you
23:15:13 <simprix>so do you guys think i did a good job on my first lecture
23:15:22 <miteymous>yes

23:15:23 <Paranoiac>Yep
23:15:23 ---compaq is now known as AOL
23:15:36 <miteymous>im gonna try it out next year, and maybe get free internet access :x
23:15:38 <Paranoiac>This is my first, and it was damned good
23:15:57 ---AOL is now known as GODFATHER
23:16:01 <simprix>ok well if you suys have any questions you can email me at simprix@simprix.net
23:16:19 <simprix>or simprix@projectnexus.org
23:16:27 <Paranoiac>Here's a question: Is there any way to cloak your connection, so that they network can't see your pc?
23:17:03 <simprix>well you could drop ping packets and setup a firewall and close all ports
23:17:20 <simprix>but if your doing something on the network they will see you
23:17:33 <Paranoiac>Ahh
23:17:34 <--misguidedpoet has quit (Quit: gonna have some fun with dreamweaver)
23:18:01 -->th0rn (Dude@172.164.43.240) has joined #bsrf
23:18:39 -->Sub-0 (LiquidKn0w@66.153.12.78) has joined #bsrf
23:19:37 <miteymous>oh
23:19:43 <miteymous>so eventually they will find you
23:19:53 <Paranoiac>Another stupid question: Which OS are you people running?
23:19:59 <GODFATHER>win XP
23:20:05 <simprix>yea if you camp out their
23:20:14 <miteymous>:/
23:20:22 <simprix>i run linux
23:20:30 <miteymous>i run winxp atm
23:20:32 <Paranoiac>Which distro?
23:20:33 <GODFATHER>i run mandrake also
23:20:34 *Strider is back (finger lickin the chicken) - was away 11mins 38secs
23:20:43 <BaGeL>night guys
23:20:46 <--BaGeL has quit (Quit: )
23:20:47 <simprix>crux
23:20:57 <Paranoiac>Ah
23:21:01 <Paranoiac>Ty
23:21:01 <miteymous>umm
23:21:09 <miteymous>corporate pro
23:21:54 <Paranoiac>Is there a lecture at this time every week?
23:22:03 <simprix>not that i know of
23:22:05 <miteymous>i think there should be :x
23:22:15 <simprix>yea
23:22:29 <Paranoiac>How does one find out when there will be one?
23:22:43 <simprix>ask AZTEK
23:22:55 ---Sub-0 is now known as Liquid-is-away
23:23:00 <simprix>i think there hadn't been one in awhile
23:23:11 <Strider>anyone wanna do a lec on summin a bit more n00b orientated?
23:23:21 <miteymous>yah, like spoofing your ip :x
23:23:26 <Paranoiac>Wasn't this n00b orientated?
23:23:35 <Strider>pfft
23:23:44 <Strider>it is if u know about it
23:23:56 <miteymous>i know about it now, so i would say it was

23:24:00 <Paranoiac>...crazy...I thought it was
23:24:42 <Strider>well i dont know jack shit about linux so i didnt understand a bit of it
23:24:54 <miteymous>you can do it on windows too though :/
23:25:03 <th0rn>hey can someone please help me find a nice big FAQ on totalitarianism?
23:25:07 <Paranoiac>You don't use Linux?
23:25:12 <th0rn>:-)
23:25:14 <th0rn>lol
23:25:15 <th0rn>damn research paper
23:25:19 <Strider>nope
23:25:24 <th0rn>i've been lookin all over
23:25:25 <simprix>hey guys im going to bed
23:25:31 <miteymous>thanx a lot simprix
23:25:38 <Paranoiac>Thanks
23:25:41 <simprix>no problem
23:25:50 ---Strider is now known as The_Don
23:25:56 <Paranoiac>You've made a simple n00b very happy
23:26:02 <simprix>ok
23:26:04 <simprix>see ya
23:26:18 ---simprix is now known as simprix[away]
23:26:18 <miteymous>bye
23:27:04 ---The_Don is now known as Strider
23:27:36 <Strider>them logs should come in handy when i do get linux

23:27:47 <--AtnNn has quit (Quit: g2g)
23:28:17 <Paranoiac>Hehe...I would have got it a long time ago if it weren't for my crappy 56k
23:28:58 *Paranoiac doesn't like 7-day downloads...

http://blacksun.box.sk/tutorials/wardriving.txt

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: War Driving & WiFi in Linux GovernmentSecurity.org > System Security > Linux & Unix Systems dissolutions Apr 16 2003, 11:49 PM Do not quite not where i got this link from but i found it in my bookmarks gave it a read thought it'd be useful, I have a few other materials available for windows in the war driving dept. Here goes... 22:12:33 -->AZTEK (aztek@198.81.129.100) has joined #bsrf 22:12:33 ---Topic for #bsrf is .::Welcome to Blacksun Research Facility [BSRF] ::. http://blacksun.box.sk Enjoy your stay and plz talk this channel feels dead (Mikkkeee) (AZTEK) 22:12:33 ---Topic for #bsrf set by AZTEK at Sat Apr 27 14:05:07 22:12:33 ---ChanServ sets mode +q 22:12:33 ---ChanServ gives channel operator status to AZTEK 22:12:48 <Paranoiac>But then, I have no idea what I'm talking about 22:12:56 <--mtcx1 has quit (Ping timeout) 22:13:00 <Forbze>lol 22:13:19 <simprix>ok im back 22:13:20 <AZTEK>well now loging works 22:13:28 <AZTEK>i am loging simprix 22:13:33 <simprix>ok 22:13:59 <simprix>anyone can butt in if they want or if i say something wrong 22:13:59 <simprix>ok 22:14:22 <simprix>everyone here 22:14:34 <miteymous>;] 22:14:39 <Strider>ya 22:14:52 <simprix>ok girls and boys 22:15:43 <simprix>Ok this will be centralized around linux because I have never done this in Windows and Windows sucks 22:16:13 <miteymous>oki 22:16:14 <simprix>one thing i do know if you want to do this in windows then you need to use netstumpler 22:16:32 <miteymous>or ApSniff 22:16:47 <miteymous>from a website i am lookin at :/ 22:16:57 <simprix>Ok first off in linux you need to recompile your kernel with netlink and get rid of pcmcia support in the kernel 22:17:20 <simprix>then you have to get the pcmcia source for pcmcia-cd.sourceforge.net 22:17:47 <simprix>there are to ways you can do it now 22:18:16 <simprix>you can use the wireless extensions in the kernel but you need a good card like a cisco aironet card 22:18:52 <simprix>but the wireless extensions does not have as good sniffing techniques as the linux-wlan source 22:19:05 <simprix>so they way i have done it is using the linux-wlan-ng source 22:19:30 <simprix>you can get that from http://www.linux-wlan.org and you need to compile that 22:19:37 <simprix>any questions so far? 22:19:59 <simprix>or is no one listening 22:20:00 <Strider>nope 22:20:15 <miteymous>is there info on editing the kernel? 22:20:48 <simprix>have you recompiled a kernel before? 22:20:49 <Strider>miteymouse, wheres that site with ApSniff? 22:21:04 <miteymous>no im new sorry 22:21:12 <miteymous>strider: http://www.wardriving.com 22:21:20 <Paranoiac>What he/she/it said^ 22:21:21 <Strider>thnx 22:21:25 <simprix>ok well you should read the howto 22:21:40 <miteymous>i plan on it 22:21:54 <simprix>ok once you have compiled all that stuff your almost ready to get started 22:22:23 <Paranoiac>Could you just explain what it is that those modifications do? 22:22:40 <Paranoiac>Or is it too lenghty to explain now. 22:22:50 <simprix>oh yea the linux-wlan stuff only works with the prism2 chipset, which are cards like linksys, dlink, netgear, zoom alot of consumer cards 22:23:09 <simprix>what motifications 22:23:23 <Paranoiac>The recompilations 22:23:36 <simprix>they are pretty much drivers for the cards 22:23:47 <simprix>i prefer the zoom wireless cards 22:23:53 <Paranoiac>Ah, ty 22:24:17 <simprix>ok does everyone in here know what snmp is 22:24:59 <Forbze>any aussies here>? 22:25:02 <Forbze>SNMP 22:25:03 Paranoiac does not....is a know-nothing-newb 22:25:39 <simprix>well the linux-wlan binaries are alot like using snmp 22:25:56 <simprix>like to specify the ssid 22:26:33 <simprix>a ssid is kinda like a network id 22:26:46 <simprix>say one access point is on ssid: ap01 22:27:00 <simprix>and one access point is on ssid: ap02 22:27:19 ---BaGeL[CS] is now known as BaGeL 22:27:28 <simprix>and you want to attach to ap01 then you would use the ssid of ap01 22:27:45 <simprix>it is two specify wireless networks 22:27:48 <simprix>everyone with me? 22:27:53 <simprix>and questions? 22:28:12 <Forbze>SNMP - Simple Network Managment Protocol 22:28:21 <simprix>ep 22:28:22 <simprix>yep 22:28:37 <Paranoiac>Ah 22:29:00 <Forbze> http://www.rad.com/networks/1995/snmp/snmp.htm 22:29:12 <Paranoiac>Ty 22:30:09 <simprix>ok but if you are not familer with snmp and using mibs, you could use a program my friend wrote called wlanfe you can get it from se.rious.net or freshmeat.net 22:30:51 -->r (trashmail@172.166.185.154) has joined #bsrf 22:31:00 <simprix>ok now you are ready to go wardriving 22:31:10 -->Sheik (sheik001@65.58.40.148) has joined #bsrf 22:31:34 <simprix>i am warning, make sure you are with someone else and make them drive 22:31:49 <Paranoiac>Hehe 22:31:58 <simprix>it is really hard to drive and look at your computer at the same time trust me 22:32:18 <Forbze>wtf? 22:32:21 <Forbze>drive? 22:32:26 <Forbze>and computer 22:32:32 <Strider>heh 22:33:06 <simprix>yes 22:33:25 <simprix>also you should get some programs before you go 22:33:48 <miteymous>so you basically can just use someone elses wireless network? 22:34:02 <simprix>these programs are kismet, airsnort, scanchan, arpping 22:34:06 <simprix>yes miteymous 22:34:10 <miteymous>like...hijack it...an invisible parasite? 22:34:13 <miteymous>ok question 22:34:19 <simprix>yes 22:34:51 <--Sheik has quit (Quit: ) 22:34:53 <miteymous>would it be possible to set up your own wireless network, that hijacks your targets, and then spreads it farther via your equipment 22:35:06 <miteymous>maybe letting you have free access at your house 22:35:14 <simprix>yes you could bridge the connection 22:35:21 <simprix>with a wireless bridge 22:35:41 <Paranoiac>he networks would need to overlap, though 22:35:45 <Paranoiac>The 22:35:52 <miteymous>would the same basic techniques work with cell phone modems 22:36:34 <simprix>well if you have the wireless bridge on the same ssid then your ok 22:36:40 <simprix>and they wont overlap 22:36:53 <simprix>miteymous: i dont know anything about cell phone modems 22:37:16 <miteymous>well i mean they obviously work on different frequencies 22:37:16 <simprix>it might work but i dont know what cell phones use as there protocals 22:37:39 <simprix>well then you could use a frequency counter and use a ham radio 22:37:44 <--Forbze has quit (Ping timeout) 22:37:51 <LiquidKn0wledge>hey is neve campbelle that girl in the movie three to tango? 22:38:44 <simprix>everyone ready to continue 22:38:58 <--r (trashmail@172.166.185.154) has left #bsrf 22:39:06 <Strider>go ahead 22:39:29 <miteymous>yah 22:39:31 <miteymous>:D 22:39:55 -->Forbze (thedon@203.134.22.186) has joined #bsrf 22:39:56 ---ChanServ gives channel operator status to Forbze 22:40:08 <simprix>ok well when you are ready to go you need to put your wireless card in promiscuos mode which means it will gather everything that is in the air 22:40:35 <simprix>there are tools that come with kismet 22:40:36 <--LiquidKn0wledge (LiquidKn0w@66.153.12.78) has left #bsrf 22:40:56 <simprix>ok after that is all set you will start up kismet 22:41:15 <simprix>and go drive around 22:41:51 <simprix>once something pops up on the screen there will be three sections 22:42:02 <zemo>nite all 22:42:04 <simprix>ssid: it will say the ssid here 22:42:14 <Strider>nite 22:42:20 <simprix>WEP: it will say if wep is being used 22:42:32 <simprix>channel it will say what channel the network is on 22:42:48 <simprix>does everyone know what WEP is 22:43:00 <miteymous>no 22:43:05 <Paranoiac>ditto 22:43:19 <simprix>wireless encryption protocal 22:43:56 <simprix>it encrypts the network 22:44:17 <simprix>so you cant attach to the network unless you have the wep key 22:44:36 <Paranoiac>What kind of encryption is it? 22:45:27 <simprix>RC4 22:45:43 <--ro0t has quit (Quit: rm -rf /;reboot&) 22:45:57 <miteymous>so you have to crack the encryption then, does kismet do that? 22:46:04 <simprix>no 22:46:08 -->ro0t (ro0t@216.153.217.132) has joined #bsrf 22:46:30 <simprix>ok we will get to what you do if they use wep 22:46:44 <simprix>but first we will talk about a network with out wep 22:47:19 <simprix>while you are watching a kismet it will say what the ssid is remember that 22:47:40 <simprix>if it says under W: N, then they arent using wep 22:48:03 <simprix>ok so once you have got these 22:48:32 <simprix>you will need pop out your card to take it out of promiscues mode 22:48:40 <simprix>and pop it back in 22:48:48 <simprix>then you will open wlanfe 22:49:11 <simprix>and under ssid type the ssid you got from kismet 22:49:16 <simprix>and click apply 22:49:25 <simprix>now you are attached 22:49:43 <simprix>now you need to get a ip 22:50:00 <simprix>if the access point is using dhcp you can get it that way 22:50:14 <simprix>but if it isnt you need to find out what ips they are using 22:50:24 <simprix>to do this we will use arping 22:51:08 <simprix>run that and we will get some ips they are using 22:51:23 <simprix>so you will assign a unused ip using ifconfig 22:51:43 <simprix>and then it is just like you are on a normal network 22:51:46 <simprix>any questions? 22:52:12 <miteymous>so at this point you are connected and have internet access? 22:52:21 <Strider>huh? is this thing still going?? 22:52:24 <miteymous>and access to their network? 22:52:25 <Strider>j/k 22:52:29 <Paranoiac>Hehe 22:52:34 <simprix>yes 22:52:39 <simprix>what Strider are you bored 22:52:50 <miteymous>whoah 22:53:03 <Paranoiac>Are there many networks that are unsecured? 22:53:09 <simprix>yes 22:53:12 <simprix>lots 22:53:18 <Paranoiac>Groovy 22:53:28 <simprix>the city hall in my town is not using wep 22:53:40 <simprix>Strider: what can we do to keep you interested 22:53:53 <Strider>me? 22:53:55 <Strider>ermm 22:53:57 <Strider>danece? 22:54:01 <Strider>dance* 22:54:10 <Paranoiac>How can you secure yourself from being detected/accessed? 22:54:12 <miteymous>ok so lets say you are connected now 22:54:24 <miteymous>would you be able to see all the computers that are shared on the network? 22:54:32 <simprix>yes 22:54:36 <miteymous>network neighborhood type thing? 22:54:37 <simprix>if you use samba 22:54:43 <simprix>sorry Strider 22:54:53 <simprix>Paranoiac: i will get to securing them later 22:54:57 miteymous does the chicken dance for Strider 22:55:05 <Strider>lmao 22:55:07 <Paranoiac>Ahh, ok...thanks 22:55:16 <Paranoiac>Bah....that's nothing 22:55:20 <miteymous>wait i thought samba was used to show graphics 22:55:25 Paranoiac does the Funky Monkey 22:55:35 <miteymous>when compiling programs etc 22:55:48 <simprix>nope 22:55:54 <simprix>what Strider 22:56:10 <miteymous>ahhsoo o_O 22:56:40 <simprix>ok everyone ready 22:56:46 <simprix>to talk about wep 22:57:01 <miteymous>yup 22:57:07 <Paranoiac>Aye, cap'n 22:57:17 <Strider>go on then 22:57:24 <simprix>ok 22:57:41 <simprix>well out in california two kids figured out how to break wep 22:58:31 <Strider>hold on, whats wep?? is that still the wireless thingy? 22:58:41 <simprix>yes 22:58:46 <Strider>ah ok 22:58:49 <Strider>carry on 22:58:51 <miteymous>wireless encryption protocol :x 22:58:52 <simprix>it is wireless encryption protocal 22:59:32 <simprix>ok when you find a wireless network you need to use airsnort 23:00:11 <simprix>with your card still in promiscuos mode you need to start airsnort and just start to gather packets 23:00:19 -->GOD (que_import@226C75B7.CF2E741F.41F302F6.IP) has joined #bsrf 23:00:47 <simprix>usually with a 128 bit wep key you should gather 1 gig of traffic 23:00:58 <simprix>then it will list the wep key 23:01:06 <simprix>everyone with me so far 23:01:25 <Paranoiac>So it grabs the key from the other user's packets? 23:01:37 <miteymous>airsnort figures out the key for you? 23:01:44 <simprix>yes and beacon frames 23:01:48 <simprix>yes miteymous 23:02:02 <Paranoiac>That's useful 23:02:20 <simprix>yes 23:02:33 <simprix>ok so once you have the wep key 23:02:52 <Paranoiac>Is the WEP verification a constant activity then? As opposed to using it once, like a password.... 23:02:59 -->nosolution (NS@p19-tnt1.ham.ihug.co.nz) has joined #bsrf 23:03:36 <simprix>you will load up wlanfe and put the ssid you have and click on the wep key tab and type the key 23:03:45 <simprix>yes it is constant Paranoiac 23:04:55 -->Jackel88 (new-web@166.90.65.247) has joined #bsrf 23:05:10 <simprix>ok so once you attach to the network you need to get your ip the same way you did before 23:05:19 <simprix>without wep 23:06:28 <--Jackel88 has quit (Quit: Leaving) 23:06:29 <simprix>ok there are three ways to secure a wireless network besides wep 23:06:31 ---GOD is now known as satan 23:06:34 <miteymous>kewl 23:06:37 <simprix>cause wep sucks 23:06:43 <--bluehaze[BED] has quit (Ping timeout) 23:06:44 <Paranoiac>Hehe 23:06:59 <satan>hey this is already registered 23:07:46 <simprix>ok the three ways are a radius server, a kerbores server, ipsec 23:07:56 ---satan is now known as compaq 23:08:36 <simprix>if you need to know about those ways read the rfc's cause i am not going to explain them this time maybe another lecture 23:09:07 <miteymous>suhweet 23:09:11 <simprix>ok im done any questions 23:09:19 <simprix>or opinions 23:09:25 <miteymous>do you have to have a big antennae? 23:09:30 <simprix>no 23:09:33 <miteymous>and how far away can you be 23:09:35 -->Ravish (Ravish@210.214.102.213) has joined #bsrf 23:09:48 <simprix>500 feet is 2 megs a second 23:09:57 Strider is away (finger lickin the chicken) 23:10:03 <miteymous>hmm 23:10:04 <--Forbze has quit (Quit: Vive La Revolution) 23:10:06 <miteymous>thats not that far 23:10:07 <Paranoiac>What kind of wireless is this? 23:10:08 <simprix>i would not go past 500 feet 23:10:19 <simprix>its 802.11b 23:10:26 <Paranoiac>Ahh good 23:10:34 <Paranoiac>At least I've heard of it 23:10:43 <simprix>802.11a, 802.11g are supposed to be better 23:10:44 <miteymous>but you said earlier you could bridge it, so itd be possible to get within say 100 feet, bridge the connection to a landline that went back to your house? 23:11:04 <simprix>yea you could do that 23:11:07 <miteymous>to keep the speeds? 23:11:11 <Ravish>hi 23:11:14 <simprix>bridges go up to 2 miles 23:11:20 <simprix>hey ravish 23:11:29 <miteymous>oh wow 23:11:30 <Paranoiac>What is a bridge, exactly? 23:11:48 <miteymous>can i build one using a coke can and a piece of twine? 23:12:04 <simprix>not a bridge maybe a antenna 23:12:27 <Paranoiac>Hehehe 23:12:27 <miteymous>lol 23:12:47 <miteymous>omgggggggg 23:12:52 <miteymous>coke all over my pc 23:12:57 -->criven (nobody@68.3.152.20) has joined #bsrf 23:13:06 <Paranoiac>.....that's not goof 23:13:09 <Paranoiac>good 23:13:27 <simprix>ok everyone done 23:13:33 <Paranoiac>Groovy 23:13:33 <simprix>or more questions 23:13:46 <Paranoiac>By the way, where do you get your tools from? 23:13:53 <simprix>the internet 23:14:00 <Paranoiac>......thanks 23:14:08 <simprix>freshmeat 23:14:18 <Paranoiac>Thank you 23:15:13 <simprix>so do you guys think i did a good job on my first lecture 23:15:22 <miteymous>yes 23:15:23 <Paranoiac>Yep 23:15:23 ---compaq is now known as AOL 23:15:36 <miteymous>im gonna try it out next year, and maybe get free internet access :x 23:15:38 <Paranoiac>This is my first, and it was damned good 23:15:57 ---AOL is now known as GODFATHER 23:16:01 <simprix>ok well if you suys have any questions you can email me at simprix@simprix.net 23:16:19 <simprix>or simprix@projectnexus.org 23:16:27 <Paranoiac>Here's a question: Is there any way to cloak your connection, so that they network can't see your pc? 23:17:03 <simprix>well you could drop ping packets and setup a firewall and close all ports 23:17:20 <simprix>but if your doing something on the network they will see you 23:17:33 <Paranoiac>Ahh 23:17:34 <--misguidedpoet has quit (Quit: gonna have some fun with dreamweaver) 23:18:01 -->th0rn (Dude@172.164.43.240) has joined #bsrf 23:18:39 -->Sub-0 (LiquidKn0w@66.153.12.78) has joined #bsrf 23:19:37 <miteymous>oh 23:19:43 <miteymous>so eventually they will find you 23:19:53 <Paranoiac>Another stupid question: Which OS are you people running? 23:19:59 <GODFATHER>win XP 23:20:05 <simprix>yea if you camp out their 23:20:14 <miteymous>:/ 23:20:22 <simprix>i run linux 23:20:30 <miteymous>i run winxp atm 23:20:32 <Paranoiac>Which distro? 23:20:33 <GODFATHER>i run mandrake also 23:20:34 Strider is back (finger lickin the chicken) - was away 11mins 38secs 23:20:43 <BaGeL>night guys 23:20:46 <--BaGeL has quit (Quit: ) 23:20:47 <simprix>crux 23:20:57 <Paranoiac>Ah 23:21:01 <Paranoiac>Ty 23:21:01 <miteymous>umm 23:21:09 <miteymous>corporate pro 23:21:54 <Paranoiac>Is there a lecture at this time every week? 23:22:03 <simprix>not that i know of 23:22:05 <miteymous>i think there should be :x 23:22:15 <simprix>yea 23:22:29 <Paranoiac>How does one find out when there will be one? 23:22:43 <simprix>ask AZTEK 23:22:55 ---Sub-0 is now known as Liquid-is-away 23:23:00 <simprix>i think there hadn't been one in awhile 23:23:11 <Strider>anyone wanna do a lec on summin a bit more n00b orientated? 23:23:21 <miteymous>yah, like spoofing your ip :x 23:23:26 <Paranoiac>Wasn't this n00b orientated? 23:23:35 <Strider>pfft 23:23:44 <Strider>it is if u know about it 23:23:56 <miteymous>i know about it now, so i would say it was 23:24:00 <Paranoiac>...crazy...I thought it was 23:24:42 <Strider>well i dont know jack shit about linux so i didnt understand a bit of it 23:24:54 <miteymous>you can do it on windows too though :/ 23:25:03 <th0rn>hey can someone please help me find a nice big FAQ on totalitarianism? 23:25:07 <Paranoiac>You don't use Linux? 23:25:12 <th0rn>:-) 23:25:14 <th0rn>lol 23:25:15 <th0rn>damn research paper 23:25:19 <Strider>nope 23:25:24 <th0rn>i've been lookin all over 23:25:25 <simprix>hey guys im going to bed 23:25:31 <miteymous>thanx a lot simprix 23:25:38 <Paranoiac>Thanks 23:25:41 <simprix>no problem 23:25:50 ---Strider is now known as The_Don 23:25:56 <Paranoiac>You've made a simple n00b very happy 23:26:02 <simprix>ok 23:26:04 <simprix>see ya 23:26:18 ---simprix is now known as simprix[away] 23:26:18 <miteymous>bye 23:27:04 ---The_Don is now known as Strider 23:27:36 <Strider>them logs should come in handy when i do get linux 23:27:47 <--AtnNn has quit (Quit: g2g) 23:28:17 <Paranoiac>Hehe...I would have got it a long time ago if it weren't for my crappy 56k 23:28:58 Paranoiac doesn't like 7-day downloads... http://blacksun.box.sk/tutorials/wardriving.txt This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.