War Driving
 

 

War Driving is the act of taking a laptop with a wireless network card and driving around in your car looking for wireless access points (WAP's). The popularity of wireless internet access is growing faster than anybody expected, making it really easy to find many WAP's. Fortunately, many WAP owners don't understand how to properly set up a wireless access point thus making it almost too easy to locate and "share" there wireless bandwidth.

I will show you the basics of:

-Locating WiFi
-See if it's "secure"
-How to get on a WiFi connection even if it is "secure"

 

  • First of all you will need a laptop (notebook PC). Running Linux, Windows or MAC.
  • Secondly you will need a WiFi card. This can be built in or a PCM added card. However the external ones are generally going to give you better reception. Your best bet is to get one that supports 802.11A/B/G, or at least B. The external ones like the Orinoco Pro card that have the additional antenna port so you can get even better reception are great. The Cisco Aironet and any Prism2 based cards using wlan-ng drivers work fine. Here is a list of cards that work with Kismet.
  • Now you just need software to be able to find WiFi and software to "sniff" it if the WAP is "secure".

 

Assuming you have your notebook and WiFi card, here is a list of the software that is recommended.

~:Finding WiFi:~

Linux: KisMet

Mac: MacStumbler

Windows: NetStumbler

 

~:Breaking in to WiFi:~

Linux: Airsnort

Mac: Wepcrack (for Linux but can work in OSX)

Windows: The support for windows is coming.

 

Use the first three pieces of software to find access points, the next pieces of software can break WEP (Wired Equivalent Protocol) encryption -if WEP is enabled. Airsnort captures "interesting packets" that over time can discover the WAP password. If you have a Windows laptop, it may be easier to get a bootable "live" Linux distro that comes with these programs needed. With Knoppix STD or PHLAK, you can just throw it in your laptop and be in Linux without installing and messing with your windows and the software is in place already. Once more, if you have a USB thumbdrive you can save your "interesting packets" session for a later time (depending on the network traffic it can take a while to get enough packets to determine the password).

 

Once you have NetStumbler up and running here is what it looks like:

As you can see, the bottom right (black/red/green) shows the status of signal strength and loss. Green is a good signal strength while red is week. The breaks is when signal is dropped.

If you have an external antenna on your car or a homemade 'cantenna' you will get better signal strength.

Once you found a good strong signal, in XP just double click the WiFi icon on the bottom right corner of the screen. A window will pop up showing you the SSID (WiFi ID/name). If you find SSID's that are generic labeled such as "Linksys"... that is a no brainer to get in. If the SSID is default, chances are - so are the username and password. In the case of a Linksys ID, the username is blank (nothing) and the password is "Admin".

This means no WEP encryption is enabled.

Here is The Default Password List for all known devices.

 

Now if there is WEP encryption enabled, then the SSID will be something made up and will be obvious. But have no fear, you can get in.

This is when you fire up your AirSnort to capture packets. Just pop in your CD of Knoppix STD or PHLAK, boot in and run Airsnort. Once enough packets are captured, you will know the WAP password and be able to jump right on and enjoy somebody else's WiFi. The WiFi cards that work best with Airsnort are the cards with the Prism2 chipset (Linksys, Cisco etc.). If you have an Orinoco card you will need a patch for Airsnort to work. Luckily, Knoppix STD comes with this patch.

Here is a picture of Airsnort running:

 

 

If you are sniffing a large corporate network, you will get enough packets to break the password within a few hours. If the network only consists of a few users, it's going to take a few weeks. Save your session (to a thumbdrive or FDD) and come back later.

 

Just think: You don't even have to drive around in most cases. Just hook up a WiFi card, get a long antenna to drape outside your house and "have fun". Or if you don't have a laptop just get a PCI 802.11B Wireless Adapter for your PC, put a big cantenna outside and aim it 'downtown'. Here is what to do with those old satellite dishes.

 

If you would like to prevent this from happening to you, read my how-to here. This helps but as of now there is no real "secure" way.

 

 

Helpful Links:

WiFi basics
LAN and WiFi basics
NetStumbler.org forum
AirSnort.com
Orinoco
Kismet
Knoppix STD forum

 

 

 

 

 

 

Burke~

 

 

 

 

 

Laptop Accessories @ Factory price - Free Shipping 

 
 

 
Ramsinks.com Copyright 2005 All rights reserved