Mark's Notebook

My sketchbook, code and other things I'm working on.

Sep 10, 2005 - 6 minute read - Comments - Information Security

Zero Install War Driving

[]1

I have written about War Driving before so why do it again?

It has become so easy to setup a war driving

system now it worth another go. In this case you don’t have to install ANY software on your

system.  Zero.  You can to it all with a “Live CD”.

Here is what you need and I used.

(NOTE: Remote Exploit is working on a new version of Auditor called Back/Track. It is a fusion of the best two live security CDs, Auditor and WHAX.)

I have written about War Driving before so why do it again?

It has become so easy to setup a war driving

system now it worth another go. In this case you don’t have to install ANY software on your

system.  Zero.  You can to it all with a “Live CD”.

Here is what you need and I used.

(NOTE: Remote Exploit is working on a new version of Auditor called Back/Track. It is a fusion of the best two live security CDs, Auditor and WHAX.)

]5

  • WiFi adapter –

    [

    NETGEARwireless PC Care (MA401)]6

    I have also used a

    [

    Orinoco gold]7. This card is nice because it has a connection for an external antenna.

  • Thumb Drive –

    [[]1

I have written about War Driving before so why do it again?

It has become so easy to setup a war driving

system now it worth another go. In this case you don’t have to install ANY software on your

system.  Zero.  You can to it all with a “Live CD”.

Here is what you need and I used.

(NOTE: Remote Exploit is working on a new version of Auditor called Back/Track. It is a fusion of the best two live security CDs, Auditor and WHAX.)

I have written about War Driving before so why do it again?

It has become so easy to setup a war driving

system now it worth another go. In this case you don’t have to install ANY software on your

system.  Zero.  You can to it all with a “Live CD”.

Here is what you need and I used.

(NOTE: Remote Exploit is working on a new version of Auditor called Back/Track. It is a fusion of the best two live security CDs, Auditor and WHAX.)

]5

  • WiFi adapter –

    [

    NETGEARwireless PC Care (MA401)]6

    I have also used a

    [

    Orinoco gold]7. This card is nice because it has a connection for an external antenna.

  • Thumb Drive –

]8

Besides this documnt. I also made a short

[

video]9

with my new camera.

_**

STEP 1 – Boot CD

**_

Auditor is the live-CD, based on KNOPPIX, that makes all this work.  It has a great collection of analysis and application testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. Independent of the hardware in use, the Auditor security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier.

Just drop in the CD, wait for the boot prompt,

select your screen size (I add dma=1 to the size to speed updisk reads)

and press the enter key.

_**

STEP 2 – Mount Thumb Drive

**_

Your thumb drive needs to be formated with an exteneded 2 file system (e2fs). This will make it unreadable in Windows systems untill you reformat it with that system. To format it with e2fs follow these steps to setup your thumb drive. You only need to do this once. Next time, you will only need to mount it as /root with the last (bold) command.

Plug it in and open a console window (it the thing that looks like a

LCD monitor in the lower left of the screen) and type in these commands.

  1. mke2fs /dev/uba1
  2. mount /dev/udb1 /mnt/uba1
  3. cp -prva /root/* /mnt/uba1
  4. cp -prva /root/.* /mnt/uba1
  5. umount /mnt/uba1

Now you can mount the thumb drive as you /root directory. Again in a console window, run the command;

**

mount /dev/uba1 /root

**

The next time you boot Auditor you don’t have to go through the formating steps above, just mount your thumb drive to /root.

_**

STEP 3 – Restart your Session**_

I’ve found some of the applications, or maybe its

the system, doesn’t like have the /root directory swap out from under

it. To fix this I just restart my session. Goto Start / logout and press the “End Current Session button”.

_**

STEP 4 – Start GPSD

**_

GPSD is your interface between your GPS and all the applications. GPSD needs to know the serial port of your laptop and baud rate for your GPS. For my laptop the serial port is ttyS0 and the default baud rate for a GPS is 4800.

Note your GPS needs to be in NMEA mode.

_**

STEP 5 – Start GKismet

**_

GKismet is the heart of this process. It will collect all the SSID and GPS locations for each new access point or system it hears.

To run it go to start / Wireless / Scanner/Analyzer / Kismet Tools / GKismet. The start is the gear with the K in it in the bottom left of your screen.

In my short drive from the house to the mall GKismet found 191

Networks and 81 of them where not WEPed.

_**

STEP 6 – Start GPSDrive**_

This step is not nessassory but it is cool to watch your path and or document it with a screen shot after your drive.

GPSDrive is Start / Wireless / GPS / GpsDrive.

Please watch your driving not the comptuer. I put my system in the back of the car so I’m not tempeted.

[

Where I went]10

_**

STEP 7 – Drive (Safeley)**_

Stay on side streets and move slow to give your laptop time to pick up the signals. Speeding down the highway may covers lots of ground but you’ll get more signal connections if you cover the ground and recover the same ground from different directions.

Another idea is to move through a location in each of the compus points after restarting Kismet. This will get you several intial starting locations.  You can then trinagulate the source of the signal.

[

What I found]11

After throwing this rig together in just a couple of minutes.

Here is an example of what I got on a quick drive to the

Mall.

This map is a screenshot of GPSDrive.  The Green line is my

path to and from the mall (The gray blob on the right). The green

line north was my trip to breakfast.

The next screenshot is of the gKismet data I got. Note the yellow lines. These are the ones without even WEP encryption.