22:12:33 --- Topic for #bsrf set by AZTEK at Sat Apr 27 14:05:07
22:12:33 --- ChanServ sets mode +q
22:12:33 --- ChanServ gives channel operator status to AZTEK
22:12:48 <Paranoiac> But then, I have no idea what I'm talking about
22:12:56 <-- mtcx1 has quit ( Ping timeout)
22:13:00 <Forbze> lol
22:13:19 <simprix> ok im back
22:13:20 <AZTEK> well now loging works
22:13:28 <AZTEK> i am loging simprix
22:13:33 <simprix> ok
22:13:59 <simprix> anyone can butt in if they want or if i say something wrong
22:13:59 <simprix> ok
22:14:22 <simprix> everyone here
22:14:34 <miteymous> ;]
22:14:39 <Strider> ya
22:14:52 <simprix> ok girls and boys
22:15:43 <simprix> Ok this will be centralized around linux because I have never done this in Windows and Windows sucks
22:16:13 <miteymous> oki
22:16:14 <simprix> one thing i do know if you want to do this in windows then you need to use netstumpler
22:16:32 <miteymous> or ApSniff
22:16:47 <miteymous> from a website i am lookin at :/
22:16:57 <simprix> Ok first off in linux you need to recompile your kernel with netlink and get rid of pcmcia support in the kernel
22:17:20 <simprix> then you have to get the pcmcia source for pcmcia-cd.sourceforge.net
22:17:47 <simprix> there are to ways you can do it now
22:18:16 <simprix> you can use the wireless extensions in the kernel but you need a good card like a cisco aironet card
22:18:52 <simprix> but the wireless extensions does not have as good sniffing techniques as the linux-wlan source
22:19:05 <simprix> so they way i have done it is using the linux-wlan-ng source
22:19:30 <simprix> you can get that from www.linux-wlan.org and you need to compile that
22:19:37 <simprix> any questions so far?
22:19:59 <simprix> or is no one listening
22:20:00 <Strider> nope
22:20:15 <miteymous> is there info on editing the kernel?
22:20:48 <simprix> have you recompiled a kernel before?
22:20:49 <Strider> miteymouse, wheres that site with ApSniff?
22:21:04 <miteymous> no im new sorry :(
22:21:12 <miteymous> strider: www.wardriving.com
22:21:20 <Paranoiac> What he/she/it said^
22:21:21 <Strider> thnx
22:21:25 <simprix> ok well you should read the howto
22:21:40 <miteymous> i plan on it :P
22:21:54 <simprix> ok once you have compiled all that stuff your almost ready to get started
22:22:23 <Paranoiac> Could you just explain what it is that those modifications do?
22:22:40 <Paranoiac> Or is it too lenghty to explain now.
22:22:50 <simprix> oh yea the linux-wlan stuff only works with the prism2 chipset, which are cards like linksys, dlink, netgear, zoom alot of consumer cards
22:23:09 <simprix> what motifications
22:23:23 <Paranoiac> The recompilations
22:23:36 <simprix> they are pretty much drivers for the cards
22:23:47 <simprix> i prefer the zoom wireless cards
22:23:53 <Paranoiac> Ah, ty
22:24:17 <simprix> ok does everyone in here know what snmp is
22:24:59 <Forbze> any aussies here>?
22:25:02 <Forbze> SNMP
22:25:03 * Paranoiac does not....is a know-nothing-newb
22:25:39 <simprix> well the linux-wlan binaries are alot like using snmp
22:25:56 <simprix> like to specify the ssid
22:26:33 <simprix> a ssid is kinda like a network id
22:26:46 <simprix> say one access point is on ssid: ap01
22:27:00 <simprix> and one access point is on ssid: ap02
22:27:19 --- BaGeL[CS] is now known as BaGeL
22:27:28 <simprix> and you want to attach to ap01 then you would use the ssid of ap01
22:27:45 <simprix> it is two specify wireless networks
22:27:48 <simprix> everyone with me?
22:27:53 <simprix> and questions?
22:28:12 <Forbze> SNMP - Simple Network Managment Protocol
22:28:21 <simprix> ep
22:28:22 <simprix> yep
22:28:37 <Paranoiac> Ah
22:29:00 <Forbze> http://www.rad.com/networks/1995/snmp/snmp.htm
22:29:12 <Paranoiac> Ty
22:30:09 <simprix> ok but if you are not familer with snmp and using mibs, you could use a program my friend wrote called wlanfe you can get it from se.rious.net or freshmeat.net
22:30:51 --> r ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) has joined #bsrf
22:31:00 <simprix> ok now you are ready to go wardriving
22:31:10 --> Sheik ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) has joined #bsrf
22:31:34 <simprix> i am warning, make sure you are with someone else and make them drive
22:31:49 <Paranoiac> Hehe
22:31:58 <simprix> it is really hard to drive and look at your computer at the same time trust me
22:32:18 <Forbze> wtf?
22:32:21 <Forbze> drive?
22:32:26 <Forbze> and computer
22:32:32 <Strider> heh
22:33:06 <simprix> yes
22:33:25 <simprix> also you should get some programs before you go
22:33:48 <miteymous> so you basically can just use someone elses wireless network?
22:34:02 <simprix> these programs are kismet, airsnort, scanchan, arpping
22:34:06 <simprix> yes miteymous
22:34:10 <miteymous> like...hijack it...an invisible parasite?
22:34:13 <miteymous> ok question
22:34:19 <simprix> yes
22:34:51 <-- Sheik has quit (Quit: )
22:34:53 <miteymous> would it be possible to set up your own wireless network, that hijacks your targets, and then spreads it farther via your equipment
22:35:06 <miteymous> maybe letting you have free access at your house
22:35:14 <simprix> yes you could bridge the connection
22:35:21 <simprix> with a wireless bridge
22:35:41 <Paranoiac> he networks would need to overlap, though
22:35:45 <Paranoiac> *The
22:35:52 <miteymous> would the same basic techniques work with cell phone modems
22:36:34 <simprix> well if you have the wireless bridge on the same ssid then your ok
22:36:40 <simprix> and they wont overlap
22:36:53 <simprix> miteymous: i dont know anything about cell phone modems
22:37:16 <miteymous> well i mean they obviously work on different frequencies
22:37:16 <simprix> it might work but i dont know what cell phones use as there protocals
22:37:39 <simprix> well then you could use a frequency counter and use a ham radio
22:37:44 <-- Forbze has quit (Ping timeout)
22:37:51 <LiquidKn0wledge> hey is neve campbelle that girl in the movie three to tango?
22:38:44 <simprix> everyone ready to continue
22:38:58 <-- r ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) has left #bsrf
22:39:06 <Strider> go ahead :)
22:39:29 <miteymous> yah
22:39:31 <miteymous> :D
22:39:55 --> Forbze ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) has joined #bsrf
22:39:56 --- ChanServ gives channel operator status to Forbze
22:40:08 <simprix> ok well when you are ready to go you need to put your wireless card in promiscuos mode which means it will gather everything that is in the air
22:40:35 <simprix> there are tools that come with kismet
22:40:36 <-- LiquidKn0wledge ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) has left #bsrf
22:40:56 <simprix> ok after that is all set you will start up kismet
22:41:15 <simprix> and go drive around
22:41:51 <simprix> once something pops up on the screen there will be three sections
22:42:02 <zemo> nite all
22:42:04 <simprix> ssid: it will say the ssid here
22:42:14 <Strider> nite
22:42:20 <simprix> WEP: it will say if wep is being used
22:42:32 <simprix> channel it will say what channel the network is on
22:42:48 <simprix> does everyone know what WEP is
22:43:00 <miteymous> no
22:43:05 <Paranoiac> ditto
22:43:19 <simprix> wireless encryption protocal
22:43:56 <simprix> it encrypts the network
22:44:17 <simprix> so you cant attach to the network unless you have the wep key
22:44:36 <Paranoiac> What kind of encryption is it?
22:45:27 <simprix> RC4
22:45:43 <-- ro0t has quit (Quit: rm -rf /;reboot&)
22:45:57 <miteymous> so you have to crack the encryption then, does kismet do that?
22:46:04 <simprix> no
22:46:08 --> ro0t ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) has joined #bsrf
22:46:30 <simprix> ok we will get to what you do if they use wep
22:46:44 <simprix> but first we will talk about a network with out wep
22:47:19 <simprix> while you are watching a kismet it will say what the ssid is remember that
22:47:40 <simprix> if it says under W: N, then they arent using wep
22:48:03 <simprix> ok so once you have got these
22:48:32 <simprix> you will need pop out your card to take it out of promiscues mode
22:48:40 <simprix> and pop it back in
22:48:48 <simprix> then you will open wlanfe
22:49:11 <simprix> and under ssid type the ssid you got from kismet
22:49:16 <simprix> and click apply
22:49:25 <simprix> now you are attached
22:49:43 <simprix> now you need to get a ip
22:50:00 <simprix> if the access point is using dhcp you can get it that way
22:50:14 <simprix> but if it isnt you need to find out what ips they are using
22:50:24 <simprix> to do this we will use arping
22:51:08 <simprix> run that and we will get some ips they are using
22:51:23 <simprix> so you will assign a unused ip using ifconfig
22:51:43 <simprix> and then it is just like you are on a normal network
22:51:46 <simprix> any questions?
22:52:12 <miteymous> so at this point you are connected and have internet access?
22:52:21 <Strider> huh? is this thing still going??
22:52:24 <miteymous> and access to their network?
22:52:25 <Strider> j/k
22:52:29 <Paranoiac> Hehe
22:52:34 <simprix> yes
22:52:39 <simprix> what Strider are you bored
22:52:50 <miteymous> whoah
22:53:03 <Paranoiac> Are there many networks that are unsecured?
22:53:09 <simprix> yes
22:53:12 <simprix> lots
22:53:18 <Paranoiac> Groovy
22:53:28 <simprix> the city hall in my town is not using wep
22:53:40 <simprix> Strider: what can we do to keep you interested
22:53:53 <Strider> me?
22:53:55 <Strider> ermm
22:53:57 <Strider> danece?
22:54:01 <Strider> dance*
22:54:10 <Paranoiac> How can you secure yourself from being detected/accessed?
22:54:12 <miteymous> ok so lets say you are connected now
22:54:24 <miteymous> would you be able to see all the computers that are shared on the network?
22:54:32 <simprix> yes
22:54:36 <miteymous> network neighborhood type thing?
22:54:37 <simprix> if you use samba
22:54:43 <simprix> sorry Strider
22:54:53 <simprix> Paranoiac: i will get to securing them later
22:54:57 * miteymous does the chicken dance for Strider
22:55:05 <Strider> lmao
22:55:07 <Paranoiac> Ahh, ok...thanks
22:55:16 <Paranoiac> Bah....that's nothing
22:55:20 <miteymous> wait i thought samba was used to show graphics
22:55:25 * Paranoiac does the Funky Monkey
22:55:35 <miteymous> when compiling programs etc
22:55:48 <simprix> nope
22:55:54 <simprix> what Strider
22:56:10 <miteymous> ahhsoo o_O
22:56:40 <simprix> ok everyone ready
22:56:46 <simprix> to talk about wep
22:57:01 <miteymous> yup
22:57:07 <Paranoiac> Aye, cap'n
22:57:17 <Strider> go on then
22:57:24 <simprix> ok
22:57:41 <simprix> well out in california two kids figured out how to break wep
22:58:31 <Strider> hold on, whats wep?? is that still the wireless thingy?
22:58:41 <simprix> yes
22:58:46 <Strider> ah ok
22:58:49 <Strider> carry on
22:58:51 <miteymous> wireless encryption protocol :x
22:58:52 <simprix> it is wireless encryption protocal
22:59:32 <simprix> ok when you find a wireless network you need to use airsnort
23:00:11 <simprix> with your card still in promiscuos mode you need to start airsnort and just start to gather packets
23:00:19 --> GOD ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) has joined #bsrf
23:00:47 <simprix> usually with a 128 bit wep key you should gather 1 gig of traffic
23:00:58 <simprix> then it will list the wep key
23:01:06 <simprix> everyone with me so far
23:01:25 <Paranoiac> So it grabs the key from the other user's packets?
23:01:37 <miteymous> airsnort figures out the key for you?
23:01:44 <simprix> yes and beacon frames
23:01:48 <simprix> yes miteymous
23:02:02 <Paranoiac> That's useful
23:02:20 <simprix> yes
23:02:33 <simprix> ok so once you have the wep key
23:02:52 <Paranoiac> Is the WEP verification a constant activity then? As opposed to using it once, like a password....
23:02:59 --> nosolution ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) has joined #bsrf
23:03:36 <simprix> you will load up wlanfe and put the ssid you have and click on the wep key tab and type the key
23:03:45 <simprix> yes it is constant Paranoiac
23:04:55 --> Jackel88 ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) has joined #bsrf
23:05:10 <simprix> ok so once you attach to the network you need to get your ip the same way you did before
23:05:19 <simprix> without wep
23:06:28 <-- Jackel88 has quit (Quit: Leaving)
23:06:29 <simprix> ok there are three ways to secure a wireless network besides wep
23:06:31 --- GOD is now known as satan
23:06:34 <miteymous> kewl
23:06:37 <simprix> cause wep sucks
23:06:43 <-- bluehaze[BED] has quit (Ping timeout)
23:06:44 <Paranoiac> Hehe
23:06:59 <satan> hey this is already registered
23:07:46 <simprix> ok the three ways are a radius server, a kerbores server, ipsec
23:07:56 --- satan is now known as compaq
23:08:36 <simprix> if you need to know about those ways read the rfc's cause i am not going to explain them this time maybe another lecture
23:09:07 <miteymous> suhweet
23:09:11 <simprix> ok im done any questions
23:09:19 <simprix> or opinions
23:09:25 <miteymous> do you have to have a big antennae?
23:09:30 <simprix> no
23:09:33 <miteymous> and how far away can you be
23:09:35 --> Ravish ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it ) has joined #bsrf
23:09:48 <simprix> 500 feet is 2 megs a second
23:09:57 * Strider is away (finger lickin the chicken)
23:10:03 <miteymous> hmm
23:10:04 <-- Forbze has quit (Quit: Vive La Revolution)
23:10:06 <miteymous> thats not that far
23:10:07 <Paranoiac> What kind of wireless is this?
23:10:08 <simprix> i would not go past 500 feet
