[]1
There is a new Remote Exploite CD out so why do it again?
It has become so eazy to setup a war driving system now it worth another go. In this case you don’t have to install ANY software on your system. Zero. You can to it all with a “Live CD”.
Here is what you need and I used.
- Laptop – IBM T20
- Auditor CD – http://new.remote-exploit.org Get a copy of back|track
GPS – [Garmin
GPSMAP 60cs]3
WiFi adapter – [NETGEAR
wireless PC Care (MA401)]4
Thumb Drive – [SanDisk Cruzer
Mini (512MB)]5
Besides this documnt. I also made a short video with my
new camera.
_< strong>
STEP 1 – Boot CD_
back|grack is the live-CD, based on slackware, that makes all this work. At the time of this writing it is in beta but I’m still using it for my security work.
Back|track has a great collection of analysis and application testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. Independent of the hardware in use, the Auditor security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier.
Just drop in the CD, boot it, and wait for the boot prompt. You don’t have to select your screen size anymore. I add dma=1 to speed updisk reads
STEP 2 – Mount Thumb Drive
Your thumb drive needs to be formated with an
exteneded 2 file system (e2fs). This will make it unreadable in
Windows systems untill you reformat it with that system. To
format it with e2fs follow these steps to setup your thumb drive.
You only need to do this once. Next time, you will only need to mount
it as /root with the last (bold) command.
Plug it in and open a console window (it the thing that looks like a
LCD monitor in the lower left of the screen) and type in these commands.
- mke2fs /dev/uba1
- mount /dev/udb1 /mnt/uba1
- cp -prva /root/* /mnt/uba1
- cp -prva /root/.* /mnt/uba1
- umount /mnt/uba1
Now you can mount the thumb drive as you /root
directory. Again in a console window, run the command;
mount /dev/uba1 /root
STEP 3 – Restart your Session
I’ve found some of the applications, or maybe its
the system, doesn’t like have the /root directory swap out from under
it. To fix this I just restart my session. Go
to Start /
_**
STEP 4 – Start GPSD**_
GPSD is your interface between your GPS and all
the applications. GPSD needs to know the serial port of your
laptop and baud rate for your GPS. For my laptop the serial port
is ttyS0 and the default baud rate for a GPS is 4800.
Note your GPS needs to be in NMEA mode.
_**
STEP 5 – Start GKismet**_
GKismet is the heart of this process.
It will collect all the SSID and GPS locations for each new access
point or system it hears.
In my short drive from the house to the mall GKismet found 191
Networks and 81 of them where not WEPed.
_**
STEP 6 – Start GPSDrive**_
This step is not nessassory but it is cool to
watch your path and or document it with a screen shot after your
drive.
Please watch your driving not the comptuer.
I put my system in the back of the car so I’m not tempeted.
[
_**
STEP 7 – Drive (Safeley)**_
Stay on side streets and move slow to give your
laptop time to pick up the signals. Speeding down the highway may
covers lots of ground but you’ll get more signal connections if you
cover the ground and recover the same ground from different directions.
Another idea is to move through a location in each
of the compus points after restarting Kismet. This will get
you several intial starting locations. You can then trinagulate
the source of the signal.
[
After throwing this rig together in just a couple of minutes.
Here is an example of what I got on a quick drive to the
Mall.
This map is a screenshot of GPSDrive. The Green line is my
pathto and from the mall (The gray blob on the right). The green
line north was my trip to breakfast.
The next screenshot is of the gKismet data I got. Note the
yellow lines. These are the ones without even WEP
encryption.