The Art of casual WiFi hacking
Jeremy Martin, CISSP-ISSAP, NSA-IAM/IEM, CEH – email@example.com
It is a cloudy Friday night and I am inthe listening to another episode of 2600’s “Off the hook” radio when theinterruption of the phone catches myattention. I had been expecting thecall from my colleague, because Ineeded help with some new proof-of-concept ideas for a penetration test Ihave the following week. During theconversation, we eagerly decided tohead out for the night to Wardrive inthe area. Wardriving is always a goodexcuse to test new programs andideas. We position both laptops foroptimal WiFi signal, easy access tothe GPS devices, and secure them forthe least amount of movement whiledriving. Right before we leave, wemake sure the power converter isturned on, and the systems areplugged in. To cover all our bases,one laptop runs Windows XP Pro,NetStumbler, and Cain&Able whilethe second system has Suse 9.2 Linuxwith Kismet, Airsnort, Aircrack, andVoid11. Using two devices with suchdifferent environments improvessuccess while surveying WiFi in anarea or “footprinting” them.
Also referred to as
“Geek’s catch and release fishing”
, is the act of drivingaround and scanning for open WiFihotspots. This is considered a sport inmany circles and is growing in popularityacross the globe.
Is similar to Wardriving, but on foot.There are many PDA devices that willallow you to install wireless and network auditing tools.Here is where the fun begins. After driving for a fewmiles, we enter a well lit street in the business section of town, and hear the ping of live access points every fewseconds. Even though we have been doing this for years,we are both amazed at the percentage of companies thatemploy WiFi that do not implement any sort of encryption. This allows us to park and let Kismet do whatit does best... passively listen to network traffic runningover the 802.11 signal. We are able to map severalsubnets and gather other interesting information beingbroadcast to the public. At the end of the night, we wereable to gather over 127 WiFi hotspots after only drivingseventeen miles round trip. With this type of informationgathered, playtime for hackers begins.