Wednesday, April 16, 2008

Wireless Hacking IRC Log


22:12:33 --> AZTEK (aztek@ has joined #bsrf

22:12:33 --- Topic for #bsrf is .::Welcome to Blacksun Research Facility [BSRF] ::. Enjoy your stay and plz talk this channel feels dead (Mikkkeee) (AZTEK)

22:12:33 --- Topic for #bsrf set by AZTEK at Sat Apr 27 14:05:07

22:12:33 --- ChanServ sets mode +q

22:12:33 --- ChanServ gives channel operator status to AZTEK

22:12:48 But then, I have no idea what I'm talking about

22:12:56 <-- mtcx1 has quit ( Ping timeout)

22:13:00 lol

22:13:19 ok im back

22:13:20 well now loging works

22:13:28 i am loging simprix

22:13:33 ok

22:13:59 anyone can butt in if they want or if i say something wrong

22:13:59 ok

22:14:22 everyone here

22:14:34 ;]

22:14:39 ya

22:14:52 ok girls and boys

22:15:43 Ok this will be centralized around linux because I have never done this in Windows and Windows sucks

22:16:13 oki

22:16:14 one thing i do know if you want to do this in windows then you need to use netstumpler

22:16:32 or ApSniff

22:16:47 from a website i am lookin at :/

22:16:57 Ok first off in linux you need to recompile your kernel with netlink and get rid of pcmcia support in the kernel

22:17:20 then you have to get the pcmcia source for

22:17:47 there are to ways you can do it now

22:18:16 you can use the wireless extensions in the kernel but you need a good card like a cisco aironet card

22:18:52 but the wireless extensions does not have as good sniffing techniques as the linux-wlan source

22:19:05 so they way i have done it is using the linux-wlan-ng source

22:19:30 you can get that from and you need to compile that

22:19:37 any questions so far?

22:19:59 or is no one listening

22:20:00 nope

22:20:15 is there info on editing the kernel?

22:20:48 have you recompiled a kernel before?

22:20:49 miteymouse, wheres that site with ApSniff?

22:21:04 no im new sorry :(

22:21:12 strider:

22:21:20 What he/she/it said^

22:21:21 thnx

22:21:25 ok well you should read the howto

22:21:40 i plan on it :P

22:21:54 ok once you have compiled all that stuff your almost ready to get started

22:22:23 Could you just explain what it is that those modifications do?

22:22:40 Or is it too lenghty to explain now.

22:22:50 oh yea the linux-wlan stuff only works with the prism2 chipset, which are cards like linksys, dlink, netgear, zoom alot of consumer cards

22:23:09 what motifications

22:23:23 The recompilations

22:23:36 they are pretty much drivers for the cards

22:23:47 i prefer the zoom wireless cards

22:23:53 Ah, ty

22:24:17 ok does everyone in here know what snmp is

22:24:59 any aussies here>?

22:25:02 SNMP

22:25:03 * Paranoiac does a know-nothing-newb

22:25:39 well the linux-wlan binaries are alot like using snmp

22:25:56 like to specify the ssid

22:26:33 a ssid is kinda like a network id

22:26:46 say one access point is on ssid: ap01

22:27:00 and one access point is on ssid: ap02

22:27:19 --- BaGeL[CS] is now known as BaGeL

22:27:28 and you want to attach to ap01 then you would use the ssid of ap01

22:27:45 it is two specify wireless networks

22:27:48 everyone with me?

22:27:53 and questions?

22:28:12 SNMP - Simple Network Managment Protocol

22:28:21 ep

22:28:22 yep

22:28:37 Ah


22:29:12 Ty

22:30:09 ok but if you are not familer with snmp and using mibs, you could use a program my friend wrote called wlanfe you can get it from or

22:30:51 --> r (trashmail@ has joined #bsrf

22:31:00 ok now you are ready to go wardriving

22:31:10 --> Sheik (sheik001@ has joined #bsrf

22:31:34 i am warning, make sure you are with someone else and make them drive

22:31:49 Hehe

22:31:58 it is really hard to drive and look at your computer at the same time trust me

22:32:18 wtf?

22:32:21 drive?

22:32:26 and computer

22:32:32 heh

22:33:06 yes

22:33:25 also you should get some programs before you go

22:33:48 so you basically can just use someone elses wireless network?

22:34:02 these programs are kismet, airsnort, scanchan, arpping

22:34:06 yes miteymous

22:34:10 like...hijack invisible parasite?

22:34:13 ok question

22:34:19 yes

22:34:51 <-- Sheik has quit (Quit: )

22:34:53 would it be possible to set up your own wireless network, that hijacks your targets, and then spreads it farther via your equipment

22:35:06 maybe letting you have free access at your house

22:35:14 yes you could bridge the connection

22:35:21 with a wireless bridge

22:35:41 he networks would need to overlap, though

22:35:45 *The

22:35:52 would the same basic techniques work with cell phone modems

22:36:34 well if you have the wireless bridge on the same ssid then your ok

22:36:40 and they wont overlap

22:36:53 miteymous: i dont know anything about cell phone modems

22:37:16 well i mean they obviously work on different frequencies

22:37:16 it might work but i dont know what cell phones use as there protocals

22:37:39 well then you could use a frequency counter and use a ham radio

22:37:44 <-- Forbze has quit (Ping timeout)

22:37:51 hey is neve campbelle that girl in the movie three to tango?

22:38:44 everyone ready to continue

22:38:58 <-- r (trashmail@ has left #bsrf

22:39:06 go ahead :)

22:39:29 yah

22:39:31 :D

22:39:55 --> Forbze (thedon@ has joined #bsrf

22:39:56 --- ChanServ gives channel operator status to Forbze

22:40:08 ok well when you are ready to go you need to put your wireless card in promiscuos mode which means it will gather everything that is in the air

22:40:35 there are tools that come with kismet

22:40:36 <-- LiquidKn0wledge (LiquidKn0w@ has left #bsrf

22:40:56 ok after that is all set you will start up kismet

22:41:15 and go drive around

22:41:51 once something pops up on the screen there will be three sections

22:42:02 nite all

22:42:04 ssid: it will say the ssid here

22:42:14 nite

22:42:20 WEP: it will say if wep is being used

22:42:32 channel it will say what channel the network is on

22:42:48 does everyone know what WEP is

22:43:00 no

22:43:05 ditto

22:43:19 wireless encryption protocal

22:43:56 it encrypts the network

22:44:17 so you cant attach to the network unless you have the wep key

22:44:36 What kind of encryption is it?

22:45:27 RC4

22:45:43 <-- ro0t has quit (Quit: rm -rf /;reboot&)

22:45:57 so you have to crack the encryption then, does kismet do that?

22:46:04 no

22:46:08 --> ro0t (ro0t@ has joined #bsrf

22:46:30 ok we will get to what you do if they use wep

22:46:44 but first we will talk about a network with out wep

22:47:19 while you are watching a kismet it will say what the ssid is remember that

22:47:40 if it says under W: N, then they arent using wep

22:48:03 ok so once you have got these

22:48:32 you will need pop out your card to take it out of promiscues mode

22:48:40 and pop it back in

22:48:48 then you will open wlanfe

22:49:11 and under ssid type the ssid you got from kismet

22:49:16 and click apply

22:49:25 now you are attached

22:49:43 now you need to get a ip

22:50:00 if the access point is using dhcp you can get it that way

22:50:14 but if it isnt you need to find out what ips they are using

22:50:24 to do this we will use arping

22:51:08 run that and we will get some ips they are using

22:51:23 so you will assign a unused ip using ifconfig

22:51:43 and then it is just like you are on a normal network

22:51:46 any questions?

22:52:12 so at this point you are connected and have internet access?

22:52:21 huh? is this thing still going??

22:52:24 and access to their network?

22:52:25 j/k

22:52:29 Hehe

22:52:34 yes

22:52:39 what Strider are you bored

22:52:50 whoah

22:53:03 Are there many networks that are unsecured?

22:53:09 yes

22:53:12 lots

22:53:18 Groovy

22:53:28 the city hall in my town is not using wep

22:53:40 Strider: what can we do to keep you interested

22:53:53 me?

22:53:55 ermm

22:53:57 danece?

22:54:01 dance*

22:54:10 How can you secure yourself from being detected/accessed?

22:54:12 ok so lets say you are connected now

22:54:24 would you be able to see all the computers that are shared on the network?

22:54:32 yes

22:54:36 network neighborhood type thing?

22:54:37 if you use samba

22:54:43 sorry Strider

22:54:53 Paranoiac: i will get to securing them later

22:54:57 * miteymous does the chicken dance for Strider

22:55:05 lmao

22:55:07 Ahh, ok...thanks

22:55:16 Bah....that's nothing

22:55:20 wait i thought samba was used to show graphics

22:55:25 * Paranoiac does the Funky Monkey

22:55:35 when compiling programs etc

22:55:48 nope

22:55:54 what Strider

22:56:10 ahhsoo o_O

22:56:40 ok everyone ready

22:56:46 to talk about wep

22:57:01 yup

22:57:07 Aye, cap'n

22:57:17 go on then

22:57:24 ok

22:57:41 well out in california two kids figured out how to break wep

22:58:31 hold on, whats wep?? is that still the wireless thingy?

22:58:41 yes

22:58:46 ah ok

22:58:49 carry on

22:58:51 wireless encryption protocol :x

22:58:52 it is wireless encryption protocal

22:59:32 ok when you find a wireless network you need to use airsnort

23:00:11 with your card still in promiscuos mode you need to start airsnort and just start to gather packets

23:00:19 --> GOD (que_import@226C75B7.CF2E741F.41F302F6.IP) has joined #bsrf

23:00:47 usually with a 128 bit wep key you should gather 1 gig of traffic

23:00:58 then it will list the wep key

23:01:06 everyone with me so far

23:01:25 So it grabs the key from the other user's packets?

23:01:37 airsnort figures out the key for you?

23:01:44 yes and beacon frames

23:01:48 yes miteymous

23:02:02 That's useful

23:02:20 yes

23:02:33 ok so once you have the wep key

23:02:52 Is the WEP verification a constant activity then? As opposed to using it once, like a password....

23:02:59 --> nosolution ( has joined #bsrf

23:03:36 you will load up wlanfe and put the ssid you have and click on the wep key tab and type the key

23:03:45 yes it is constant Paranoiac

23:04:55 --> Jackel88 (new-web@ has joined #bsrf

23:05:10 ok so once you attach to the network you need to get your ip the same way you did before

23:05:19 without wep

23:06:28 <-- Jackel88 has quit (Quit: Leaving)

23:06:29 ok there are three ways to secure a wireless network besides wep

23:06:31 --- GOD is now known as satan

23:06:34 kewl

23:06:37 cause wep sucks

23:06:43 <-- bluehaze[BED] has quit (Ping timeout)

23:06:44 Hehe

23:06:59 hey this is already registered

23:07:46 ok the three ways are a radius server, a kerbores server, ipsec

23:07:56 --- satan is now known as compaq

23:08:36 if you need to know about those ways read the rfc's cause i am not going to explain them this time maybe another lecture

23:09:07 suhweet

23:09:11 ok im done any questions

23:09:19 or opinions

23:09:25 do you have to have a big antennae?

23:09:30 no

23:09:33 and how far away can you be

23:09:35 --> Ravish (Ravish@ has joined #bsrf

23:09:48 500 feet is 2 megs a second

23:09:57 * Strider is away (finger lickin the chicken)

23:10:03 hmm

23:10:04 <-- Forbze has quit (Quit: Vive La Revolution)

23:10:06 thats not that far

23:10:07 What kind of wireless is this?

23:10:08 i would not go past 500 feet