Beetle

HERE are my latest slides and code for the talk I gave at ToorCon (http://www.toorcon.org), which is a VERY cool security conference held annually in San Diego. From the ToorCon website and program:

"Wireless Weapons of Mass Destruction for Windows

If implementing wireless network security mechanisms doesn't kill you, managing enterprise wireless network security probably will. Whether it's deploying distributed networks of dedicated rogue AP detection devices, building automated articulating yagis, or walking all over campus with Netstumbler on a weekly basis, the costs in hardware and personal time needed to combat the rogue AP threat can become staggering! Well, things are about to get better. Ok. Maybe not. Beetle demonstrates how to do all sorts of crazy Wi-Fi things in Windows--good AND bad. How about iwconfig for XP? Nifty. Hotspot Defense Kit for Windows? No problemo. Fast and easy Windows enterprise monitoring for users that are dual-homed with wireless enabled while plugged in to your intranet? Nice! Hard-hitting worms that create global ad-hoc wireless networks that drive rogue AP watchdogs mad? Mmmm, not so nice. Or how about code that let's you sit in one place and discover every wireless network on the planet? Ouch. That's GOTTA hurt. Talk about the END of war-driving OR war-walking as we know it. Beetle has found Weapons of Mass Destruction! w00t! They're wireless! They're for Windows! And they're in San Diego--not Saddam's backyard, baby! New tips, new tools, and oh dear, new silly terminology from the Shmoo Group. 'War-lounging' anyone?"

Basically, these programs are some examples of nifty and evil wireless things you can do with Windows XP via Windows Management Instrumentation (WMI).

Brief breakdown:

wifiwmd4win32.sxi - Slides in OpenOffice format.
wifiwmd4win32.pdf - slides in PDF format.
HotspotDK - Windows binary & source thanks to Scott Tenaglia, a.k.a. "Intern", intern@geekspeed.net
iwconfig for XP - Windows binary & source. Older VBScript version, too.
SSidScan.vbs - Simple and small SSID scanner for Windows.
WiFiLocalSignal.vbs - Local current SSID, BSSID, and RSSI monitor.
WiFiRemoteSignal.vbs - Current SSID, BSSID, and RSSI of REMOTE system.
ssidscan.exe - Windows binary & source SSID scanner--has RSSI values, too.
ssidpeek.exe - Windows binary & source SSID scanner of REMOTE system.
WiFiMultiHome.vbs - Local check if connected to a WLAN while connected to a wired LAN.
WiFiMultiHomeLogon.vbs - Multi-home check suitable for logon script that post results to share.
WarLounge.vbs - Suitable friendly distributed app or worm-ready code to perform a global wardrive.

C# stuff needs .NET framework to run the binary or .NET SDK to compile from source. VBscript stuff should just run with cscript <filename> from any command prompt.

Tested with Senao cards. Limited testing / results with Orinoco, Netgear, D-Link, and Cisco cards. No testing with USB wireless adapters.

NOTE: I recommend having Wireless Zero Configuration Service enabled in XP for these scripts, as well as making sure "force guest" is disabled in XP Pro's local security policy if attempting to run the tools on a remote system that's part of a Workgroup instead of a Domain.

Enjoy.

See you at ShmooCon (http://www.shmoocon.org) 2005!

Sincerely,

Beetle

Thorn

Beetle,
I'm think of presenting a paper for the Smchoocon, but frankly I'm not sure that I'll complete the software in time. Is there some provision for such things?

__________________
Thorn
"I'm The Doctor. I'm a Time Lord. I am from the planet Gallifrey in the constellation Kasterborous. I'm 903 years old and I am the man who is going to save your lives and all 6 billion people on the planet below... You got a problem with that?"

renderman

Great stuff Beetle!

Damn I wish I could code.

__________________
Never drink anything larger than your head!

Scaramental Wine Taster for the Church Of WiFi
Buy our books!
"I reject your reality, and substitute my own!" – Adam Savage
CoWF WPA Hash Tables

Beetle

Hey Thorn,

All we're asking for in the CFP is basically your name, your bio, and your idea. Naturally, you should have some confidence that you'll be able to complete your project by ShmooCon, but it's generally accepted practice to be working on something (rather finishing it) and planning to present on it at a con.

Although we'd like to have folks who are more certain they can pull off their talk, we'll be accepting enough submissions as hot alternates, who get free admission, to account for folks who might have difficulties. Submit and do your honest best to have something kickass by the con. We'll do the rest.

Sincerely,

Beetle

TheWatcher

Hi Beetle,
Looking forward to see you at shmoocon.

Regards,
TheWatcher

__________________
Wardriving.INFO - "wireless web portal"
Wireless Sniffers - we got them, let me know if I missed your tools.

kabassanov

Hi,

I've tried to use these files with Windows XP SP2 and it does not work...

Is it normal?

Thanks.

Dutch

Yes, when you don't know what you are doing.. A guess : You didn't install the .net framework from windowsupdate ??

Dutch

__________________
All your answers are belong to Google. SEARCH DAMMIT!
Warning. Warning.
Low C8H10N4O2 level detected. Operator halted....

kabassanov

I've installed all windows updates that are available ... Is it possible that internal wireless structures were modified in SP2?

The Others

But did you install .net?

http://download.microsoft.com/downlo...6/dotnetfx.exe

(23 megs)

__________________
all good ends all

wrzwaldo

Yet another case of HIAD!

kabassanov

Yes .NET is installed.

RedSector

You are running these programs from the command prompt right (with the exception of HotspotDK)? Is there any error messages, etc?

__________________
Get thine ass into the Church
The Church of Wifi

kabassanov

cscript iwconfig.vbs wlan0 gives:

iwconfig.vbs(122, 1) (null): 0x8004100C



iwconfig.exe wlan0 gives:

[thread 0xe64] Unhandled exception generated: (0x00ab8c1c) <System.Management.Ma
nagementException>
errorObject=(0x00ab8bac) <System.Management.ManagementBaseObject>
errorCode=<System.Management.ManagementStatus>
_className=<null>
_exceptionMethod=<null>
_exceptionMethodString=<null>
_message=(0x00ab8be4) "Non pris en charge "
_innerException=<null>
_helpURL=<null>
_stackTrace=(0x00ab8c64) array with dims=[36]
_stackTraceString=<null>
_remoteStackTraceString=<null>
_remoteStackIndex=0x00000000
_HResult=0x80131501
_source=<null>
_xptrs=0x00000000
_xcode=0xe0434f4d

[00a8] int 3

Flopik

It can be nice to make a forum for wireless developers and I web site with source for Windows and linux. And try to make program multiplatform.

wrzwaldo

You mean like http://sourceforge.net/ ??