KisMAC

The gear needed for wardriving

24 posts • Page 1 of 2

Postby NomadicHan » Mon Aug 14, 2006 2:27 pm

There are two networks that I believe both belong to my neighbor. One is named "Monster" the other "ricardo".

Monster: is not protected. The problem is everytime I try to connect it gives up after a moment and it only says I can't connect. Not sure what the problem is here. I have the latest OS X and Airport drivers.

ricardo: is WEP protected. I'm currently trying to crack it with KisMAC. The problem is that I can't acquire packets quickly without a Prism II. My only option was to scan for networks, this is when Monster and ricardo come up and let KisMAC sit open while it collected packets very slowly on it's own. I blocked out Monster using a filter and locking all channels except the one in which ricardo lies in. So far it's been over five hours and has been collecting packets at around 10 a second. I currently have acquired a total of 250,000 packets (20.75 MiB). When I try Crack >> Wordlist Attack >> against 104-bit MD5 Key I get an error saying "You have not collected enough data packets to perform this attack. Please capture some more traffic."

Any suggestions or answers on any of these problems?

Postby ax0n » Mon Aug 14, 2006 4:31 pm

First, let me say that it's really hard for us to stand around and scream "wardriving is not a crime!" while people like you are asking how to hax0r their neighbor's WiFi.

Second, unless the owner goes on a YouTube or Torrent binge for a few hours, you're going to be waiting a very, very, very, very, very, very, very, very, very, very, long time to get enough packets. For 104 bit WEP it can take weeks to sniff the millions of packets needed to gather enough weak IV's to crack it.

This sport requires patience. I know some really good ways to speed up a WEP Cracking attack, and I'd gladly share them or point you to some helpful reading. I'm very much an "information wants to be free" kind of guy.

That said, I'm more interested in helping highly curious people figure out how something works than I am interested in handing out tidbits of knowledge to get a criminal past a single roadblock when he/she cares little about "knowing the system" and more about the task at hand (in this case, stealing access from neighbors for whatever reason)

Postby NomadicHan » Tue Aug 15, 2006 12:13 am

What's the difference between my trying to get a piece of my neighbour's bandwidth and your wardriving? The only reason you're probably able to wardrive is because many people using wireless networks haven't even heard the word wardriving, let alone it's definition. I'm sure many people wouldn't like you sharing their bandwidth. In fact, unless the person is really nice, I don't see why they'd consider giving a stranger free bandwidth.

Thanks for the little bit of information you did provide though. I didn't know the more he browserd the more packets I could acquire.

Postby uhtu » Tue Aug 15, 2006 12:14 am

wardriving isn't routing packets over people's connections.
its passively observing broadcast radio beacons, and correlating with gps data.
no responsible wardriver associates with the APs they observe.

Postby ax0n » Tue Aug 15, 2006 2:43 am

wardriving isn't routing packets over people's connections.
its passively observing broadcast radio beacons, and correlating with gps data.
no responsible wardriver associates with the APs they observe.
Quoted (in entirety) for truth. Wardriving sounds evil but it's really just passive location of networks for fun and sport. Like counting the number of black cars on a road trip. As long as the driver's intent is not criminal. As a general rule, stumbling software doesn't (by default) make any attempt to associate or crack encryption, most stumbling software these days is passive, but even the most primitive tools don't auto-associate unless configured to do so.

Using bandwidth that you have not been granted permission to use is theft of service. In some states, it's even illegal to connect to a wide open network unless the owner's intent was to create a public hot-spot and it's advertised as such.

The single act of attempting to crack something that's not yours, regardless of your intent is illegal. You're comparing close-encounter scuba divers to whale poachers.

Postby NomadicHan » Tue Aug 15, 2006 3:15 am

Since the Monster connection is not protected, you could consider this wardriving. Any idea why I can't connect to it?

Postby NomadicHan » Tue Aug 15, 2006 4:23 am

I have some questions:

Are more acquired packets better for an attack? If so, why and for what?

What are the differences between the cracking methods?

Postby whitedice » Tue Aug 15, 2006 6:21 am

You aren't going to get any help with questions regarding attacking networks, or connecting to networks you don't have permission to connect to in this forum.

Wardriving is counting networks, not connecting to networks.

Just a side note.... If you can't connect to an unsecure network, then you probably shouldn't bother trying to hack a secure network.

All thats going to happen with the rest of this thread is people making fun of you, or someone like uhtu banning your login, saving you from getting yourself into trouble.

Postby NomadicHan » Tue Aug 15, 2006 8:48 am


Wardriving is counting networks, not connecting to networks.

Hahaha, right. All you do is count networks when wardriving. Never with the intention of connecting to them.

Postby ax0n » Tue Aug 15, 2006 11:24 am

Since the Monster connection is not protected, you could consider this wardriving. Any idea why I can't connect to it?
You're trying to associate (connect) to it. That isn't anything like wardriving. If you got a GPS in your car and figured out its location without obsessing over why you couldn't connect, I *MIGHT* consider it wardriving.

I suggest saving up for a cheapo access point on eBay, then enable WEP on it and try to crack it. That's how I learned.

I actually just count networks. There are starbucks, panera stores, tons of little restaurants (Buffalo Wild Wings, sports bars, etc) and independently-owned coffee shops which gladly offer free WiFi. You don't have to drive a mile in any direction where I live to find at least one place tha t advertises.

Criminals (and skript kiddiez) almost always operate on the principle of "low-hanging fruit". That is, they find the easiest targets to attack and that's pretty much it. If my intent was simply to find some vulnerable network to abuse so that I don't get caught by the RIAA or MPAA, I'd point my cantenna across the parking lot. Why in the world would I have more than *6,500* discovered stations with GPS?

(The answer to that rhetorical question is "because I want to catch up to hratch" :lol: It's a sport. )

I'm a network security professional. I help people find and repair vulnerable networks. As such, I can't afford to have my reputation tarnished by a criminal record.

And for your information, real hackers and geeks don't waste much time on the low-hanging fruit. They look forward to taking apart and figuring out how to get around the most obscure and difficult puzzles.

Postby mark571 » Tue Aug 15, 2006 11:54 am

Hahaha, right. All you do is count networks when wardriving. Never with the intention of connecting to them.
Every post you make shows just how clueless you really are. You true intentions are clear. You want to learn how to be a thief. Nobody is going to help you here.

(The answer to that rhetorical question is "because I want to catch up to hratch" :lol: It's a sport. )
You have to catch me first. :wink:

How is Jess and Jim's. I haven't had a steak there in years. We were staying in Crown Center when the walkway across the street fell. We walked through the night before looking around. Spooky.

Postby ax0n » Tue Aug 15, 2006 12:57 pm

Mmmmm J&J's

I haven't been there in a few years. I actually ride the bus (and 'stumble, thanks to my new setup) through crown center every day.

I'm actually kind of back into the sport. I was out of it totally for a few months but I changed jobs yet again and have some free time and better income, and my freelance stuff is picking up too. I'm really not trying to become #1 (BTW Mark, second place is the first loser :P ) I'm just in it for the fun and sport of it. Kicking open the laptop after a long drive (or not even a long one) and seeing those networks is kind of fun. Sometimes I leave the speakers cranked up so I can hear the WiGLE points roll in.

It's too bad troll kids don't understand. Unfortunately, it's far too common a misconception, especially among LEO's. Local news coverage of "the new public menace" that started happening 2 years ago isn't helping.

BTW, NomadicHan, Weak packets are like 1963 denver mint pennies. Network traffic is like tons of random coins. You're looking for a few thousand 1963 denver mint pennies in all that. It would help your search if you had a few hundred moneybags stuffed with coins. See my point? More traffic = more packets = more potentially weak packets to help crack.

Postby ax0n » Tue Aug 15, 2006 1:21 pm

By the way, KisMAC, while great for stumbling, leaves much to be desired for cracking. All WEP cracking methods aside from brute force require gathering a huge sum of weak packets. Weak packets are naturally very rare, but they occur.

The methods for speeding up WEP cracking involve finding a way to increase the frequency which the weak packets occur. This process in and of itself still requires a good number of weak packets to get started, but can dramatically speed up the acquisition of weak packets once you get it going.

I'll leave it up to you to figure out what the method is called and what tools are best for the job. I can tell you that KisMAC might be capable of it, but that it's certainly not remotely close to being the right program for what you're trying to do.

Postby NomadicHan » Tue Aug 15, 2006 4:25 pm

I appreciate the help ax0n. I know you don't want to help me do this.

Is what you're talking about packet injection?

Postby argh » Sun Aug 20, 2006 5:56 am

i spent a lot of time at Crown Center/KC in the early 90's. also saw a lot of live music in Westport area.

NomadicHan: you are correct. we do not want to help you with this.

24 posts • Page 1 of 2

Return to “Net Hugging Hardware and Software”

Who is online

Users browsing this forum: No registered users and 38 guests