Page 1 of 3

Wireless Weapons of Mass Destruction for Windows

PostPosted: Tue Sep 28, 2004 11:18 am
by Beetle
HERE are my latest slides and code for the talk I gave at ToorCon (http://www.toorcon.org), which is a VERY cool security conference held annually in San Diego. From the ToorCon website and program:

"Wireless Weapons of Mass Destruction for Windows

If implementing wireless network security mechanisms doesn't kill you, managing enterprise wireless network security probably will. Whether it's deploying distributed networks of dedicated rogue AP detection devices, building automated articulating yagis, or walking all over campus with Netstumbler on a weekly basis, the costs in hardware and personal time needed to combat the rogue AP threat can become staggering! Well, things are about to get better. Ok. Maybe not. Beetle demonstrates how to do all sorts of crazy Wi-Fi things in Windows--good AND bad. How about iwconfig for XP? Nifty. Hotspot Defense Kit for Windows? No problemo. Fast and easy Windows enterprise monitoring for users that are dual-homed with wireless enabled while plugged in to your intranet? Nice! Hard-hitting worms that create global ad-hoc wireless networks that drive rogue AP watchdogs mad? Mmmm, not so nice. Or how about code that let's you sit in one place and discover every wireless network on the planet? Ouch. That's GOTTA hurt. Talk about the END of war-driving OR war-walking as we know it. Beetle has found Weapons of Mass Destruction! w00t! They're wireless! They're for Windows! And they're in San Diego--not Saddam's backyard, baby! New tips, new tools, and oh dear, new silly terminology from the Shmoo Group. 'War-lounging' anyone?"

Basically, these programs are some examples of nifty and evil wireless things you can do with Windows XP via Windows Management Instrumentation (WMI).

Brief breakdown:

wifiwmd4win32.sxi - Slides in OpenOffice format.
wifiwmd4win32.pdf - slides in PDF format.
HotspotDK - Windows binary & source thanks to Scott Tenaglia, a.k.a. "Intern", intern@geekspeed.net
iwconfig for XP - Windows binary & source. Older VBScript version, too.
SSidScan.vbs - Simple and small SSID scanner for Windows.
WiFiLocalSignal.vbs - Local current SSID, BSSID, and RSSI monitor.
WiFiRemoteSignal.vbs - Current SSID, BSSID, and RSSI of REMOTE system.
ssidscan.exe - Windows binary & source SSID scanner--has RSSI values, too.
ssidpeek.exe - Windows binary & source SSID scanner of REMOTE system.
WiFiMultiHome.vbs - Local check if connected to a WLAN while connected to a wired LAN.
WiFiMultiHomeLogon.vbs - Multi-home check suitable for logon script that post results to share.
WarLounge.vbs - Suitable friendly distributed app or worm-ready code to perform a global wardrive.

C# stuff needs .NET framework to run the binary or .NET SDK to compile from source. VBscript stuff should just run with cscript <filename> from any command prompt.

Tested with Senao cards. Limited testing / results with Orinoco, Netgear, D-Link, and Cisco cards. No testing with USB wireless adapters.

NOTE: I recommend having Wireless Zero Configuration Service enabled in XP for these scripts, as well as making sure "force guest" is disabled in XP Pro's local security policy if attempting to run the tools on a remote system that's part of a Workgroup instead of a Domain.

Enjoy.

See you at ShmooCon (http://www.shmoocon.org) 2005!

Sincerely,

Beetle

Schmoocon CFP

PostPosted: Tue Sep 28, 2004 11:39 am
by Thorn
Beetle,
I'm think of presenting a paper for the Smchoocon, but frankly I'm not sure that I'll complete the software in time. Is there some provision for such things?

PostPosted: Tue Sep 28, 2004 11:47 am
by renderman
Great stuff Beetle!

Damn I wish I could code.

PostPosted: Tue Sep 28, 2004 1:25 pm
by Beetle
Thorn wrote:Beetle,
I'm think of presenting a paper for the Smchoocon, but frankly I'm not sure that I'll complete the software in time. Is there some provision for such things?


Hey Thorn,

All we're asking for in the CFP is basically your name, your bio, and your idea. Naturally, you should have some confidence that you'll be able to complete your project by ShmooCon, but it's generally accepted practice to be working on something (rather finishing it) and planning to present on it at a con.

Although we'd like to have folks who are more certain they can pull off their talk, we'll be accepting enough submissions as hot alternates, who get free admission, to account for folks who might have difficulties. Submit and do your honest best to have something kickass by the con. We'll do the rest.

Sincerely,

Beetle

PostPosted: Sun Dec 19, 2004 8:42 pm
by TheWatcher
Hi Beetle,
Looking forward to see you at shmoocon.

Regards,
TheWatcher

PostPosted: Fri Feb 18, 2005 5:27 am
by kabassanov
Hi,

I've tried to use these files with Windows XP SP2 and it does not work...

Is it normal?

Thanks.

PostPosted: Fri Feb 18, 2005 6:25 am
by Dutch
kabassanov wrote:Hi,

I've tried to use these files with Windows XP SP2 and it does not work...

Is it normal?

Thanks.

Yes, when you don't know what you are doing.. A guess : You didn't install the .net framework from windowsupdate ??

Dutch

PostPosted: Fri Feb 18, 2005 6:33 am
by kabassanov
I've installed all windows updates that are available ;) ... Is it possible that internal wireless structures were modified in SP2?

PostPosted: Fri Feb 18, 2005 6:44 am
by The Others
[quote="kabassanov"]I've installed all windows updates that are available ]

But did you install .net?

http://download.microsoft.com/download/a/a/c/aac39226-8825-44ce-90e3-bf8203e74006/dotnetfx.exe

(23 megs)

PostPosted: Fri Feb 18, 2005 9:06 am
by wrzwaldo
[quote="kabassanov"]I've installed all windows updates that are available ]


Yet another case of HIAD!

PostPosted: Fri Feb 18, 2005 9:37 am
by kabassanov
Yes .NET is installed.

PostPosted: Fri Feb 18, 2005 10:25 am
by RedSector
You are running these programs from the command prompt right (with the exception of HotspotDK)? Is there any error messages, etc?

PostPosted: Sat Feb 19, 2005 7:32 am
by kabassanov
cscript iwconfig.vbs wlan0 gives:

iwconfig.vbs(122, 1) (null): 0x8004100C



iwconfig.exe wlan0 gives:

[thread 0xe64] Unhandled exception generated: (0x00ab8c1c) <System.Management.Ma
nagementException>
errorObject=(0x00ab8bac) <System.Management.ManagementBaseObject>
errorCode=<System.Management.ManagementStatus>
_className=<null>
_exceptionMethod=<null>
_exceptionMethodString=<null>
_message=(0x00ab8be4) "Non pris en charge "
_innerException=<null>
_helpURL=<null>
_stackTrace=(0x00ab8c64) array with dims=[36]
_stackTraceString=<null>
_remoteStackTraceString=<null>
_remoteStackIndex=0x00000000
_HResult=0x80131501
_source=<null>
_xptrs=0x00000000
_xcode=0xe0434f4d

[00a8] int 3

Wireless Programming

PostPosted: Wed Mar 23, 2005 9:41 am
by Flopik
It can be nice to make a forum for wireless developers and I web site with source for Windows and linux. And try to make program multiplatform.

PostPosted: Wed Mar 23, 2005 9:50 am
by wrzwaldo
Flopik wrote:It can be nice to make a forum for wireless developers and I web site with source for Windows and linux. And try to make program multiplatform.


You mean like http://sourceforge.net/ ?? :rolleyes: