Wireless Weapons of Mass Destruction for Windows

Wireless Weapons of Mass Destruction for Windows

Postby Beetle » Tue Sep 28, 2004 11:18 am

HERE are my latest slides and code for the talk I gave at ToorCon (http://www.toorcon.org), which is a VERY cool security conference held annually in San Diego. From the ToorCon website and program:

"Wireless Weapons of Mass Destruction for Windows

If implementing wireless network security mechanisms doesn't kill you, managing enterprise wireless network security probably will. Whether it's deploying distributed networks of dedicated rogue AP detection devices, building automated articulating yagis, or walking all over campus with Netstumbler on a weekly basis, the costs in hardware and personal time needed to combat the rogue AP threat can become staggering! Well, things are about to get better. Ok. Maybe not. Beetle demonstrates how to do all sorts of crazy Wi-Fi things in Windows--good AND bad. How about iwconfig for XP? Nifty. Hotspot Defense Kit for Windows? No problemo. Fast and easy Windows enterprise monitoring for users that are dual-homed with wireless enabled while plugged in to your intranet? Nice! Hard-hitting worms that create global ad-hoc wireless networks that drive rogue AP watchdogs mad? Mmmm, not so nice. Or how about code that let's you sit in one place and discover every wireless network on the planet? Ouch. That's GOTTA hurt. Talk about the END of war-driving OR war-walking as we know it. Beetle has found Weapons of Mass Destruction! w00t! They're wireless! They're for Windows! And they're in San Diego--not Saddam's backyard, baby! New tips, new tools, and oh dear, new silly terminology from the Shmoo Group. 'War-lounging' anyone?"

Basically, these programs are some examples of nifty and evil wireless things you can do with Windows XP via Windows Management Instrumentation (WMI).

Brief breakdown:

wifiwmd4win32.sxi - Slides in OpenOffice format.
wifiwmd4win32.pdf - slides in PDF format.
HotspotDK - Windows binary & source thanks to Scott Tenaglia, a.k.a. "Intern", intern@geekspeed.net
iwconfig for XP - Windows binary & source. Older VBScript version, too.
SSidScan.vbs - Simple and small SSID scanner for Windows.
WiFiLocalSignal.vbs - Local current SSID, BSSID, and RSSI monitor.
WiFiRemoteSignal.vbs - Current SSID, BSSID, and RSSI of REMOTE system.
ssidscan.exe - Windows binary & source SSID scanner--has RSSI values, too.
ssidpeek.exe - Windows binary & source SSID scanner of REMOTE system.
WiFiMultiHome.vbs - Local check if connected to a WLAN while connected to a wired LAN.
WiFiMultiHomeLogon.vbs - Multi-home check suitable for logon script that post results to share.
WarLounge.vbs - Suitable friendly distributed app or worm-ready code to perform a global wardrive.

C# stuff needs .NET framework to run the binary or .NET SDK to compile from source. VBscript stuff should just run with cscript <filename> from any command prompt.

Tested with Senao cards. Limited testing / results with Orinoco, Netgear, D-Link, and Cisco cards. No testing with USB wireless adapters.

NOTE: I recommend having Wireless Zero Configuration Service enabled in XP for these scripts, as well as making sure "force guest" is disabled in XP Pro's local security policy if attempting to run the tools on a remote system that's part of a Workgroup instead of a Domain.

Enjoy.

See you at ShmooCon (http://www.shmoocon.org) 2005!

Sincerely,

Beetle
Beetle
Mini Stumbler
 
Posts: 9
Joined: Mon Jun 24, 2002 5:58 pm
Location: D.C.

Schmoocon CFP

Postby Thorn » Tue Sep 28, 2004 11:39 am

Beetle,
I'm think of presenting a paper for the Smchoocon, but frankly I'm not sure that I'll complete the software in time. Is there some provision for such things?
Thorn
Stop the TSA now! Boycott the airlines.
Thorn
 
Posts: 10340
Joined: Sat Apr 13, 2002 3:00 am
Location: Villa Straylight

Postby renderman » Tue Sep 28, 2004 11:47 am

Great stuff Beetle!

Damn I wish I could code.
User avatar
renderman
 
Posts: 1867
Joined: Thu Jun 06, 2002 5:29 pm
Location: Anywhere but Utah

Postby Beetle » Tue Sep 28, 2004 1:25 pm

Thorn wrote:Beetle,
I'm think of presenting a paper for the Smchoocon, but frankly I'm not sure that I'll complete the software in time. Is there some provision for such things?


Hey Thorn,

All we're asking for in the CFP is basically your name, your bio, and your idea. Naturally, you should have some confidence that you'll be able to complete your project by ShmooCon, but it's generally accepted practice to be working on something (rather finishing it) and planning to present on it at a con.

Although we'd like to have folks who are more certain they can pull off their talk, we'll be accepting enough submissions as hot alternates, who get free admission, to account for folks who might have difficulties. Submit and do your honest best to have something kickass by the con. We'll do the rest.

Sincerely,

Beetle
Beetle
Mini Stumbler
 
Posts: 9
Joined: Mon Jun 24, 2002 5:58 pm
Location: D.C.

Postby TheWatcher » Sun Dec 19, 2004 8:42 pm

Hi Beetle,
Looking forward to see you at shmoocon.

Regards,
TheWatcher
Wardriving.INFO - "wireless web portal"
Wireless Sniffers - we got them, let me know if I missed your tools.
User avatar
TheWatcher
 
Posts: 344
Joined: Tue Jun 11, 2002 10:20 am
Location: Wardriving.INFO

Postby kabassanov » Fri Feb 18, 2005 5:27 am

Hi,

I've tried to use these files with Windows XP SP2 and it does not work...

Is it normal?

Thanks.
kabassanov
Mini Stumbler
 
Posts: 4
Joined: Fri Feb 18, 2005 3:35 am
Location: Paris, France

Postby Dutch » Fri Feb 18, 2005 6:25 am

kabassanov wrote:Hi,

I've tried to use these files with Windows XP SP2 and it does not work...

Is it normal?

Thanks.

Yes, when you don't know what you are doing.. A guess : You didn't install the .net framework from windowsupdate ??

Dutch
All your answers are belong to Google. SEARCH DAMMIT!
Warning. Warning.
Low C8H10N4O2 level detected. Operator halted....
User avatar
Dutch
 
Posts: 6698
Joined: Fri Mar 05, 2004 12:00 pm
Location: City of Mermaids, Denmark

Postby kabassanov » Fri Feb 18, 2005 6:33 am

I've installed all windows updates that are available ;) ... Is it possible that internal wireless structures were modified in SP2?
kabassanov
Mini Stumbler
 
Posts: 4
Joined: Fri Feb 18, 2005 3:35 am
Location: Paris, France

Postby The Others » Fri Feb 18, 2005 6:44 am

[quote="kabassanov"]I've installed all windows updates that are available ]

But did you install .net?

http://download.microsoft.com/download/a/a/c/aac39226-8825-44ce-90e3-bf8203e74006/dotnetfx.exe

(23 megs)
all good ends all

?u=273
User avatar
The Others
 
Posts: 2910
Joined: Mon Apr 22, 2002 7:27 am
Location: Dos Palabras, Mandoras

Postby wrzwaldo » Fri Feb 18, 2005 9:06 am

[quote="kabassanov"]I've installed all windows updates that are available ]


Yet another case of HIAD!
wrzwaldo
 
Posts: 8995
Joined: Sun Dec 14, 2003 12:43 pm

Postby kabassanov » Fri Feb 18, 2005 9:37 am

Yes .NET is installed.
kabassanov
Mini Stumbler
 
Posts: 4
Joined: Fri Feb 18, 2005 3:35 am
Location: Paris, France

Postby RedSector » Fri Feb 18, 2005 10:25 am

You are running these programs from the command prompt right (with the exception of HotspotDK)? Is there any error messages, etc?
Get thine ass into the Church
The Church of Wifi
RedSector
Mini Stumbler
 
Posts: 673
Joined: Sat Nov 27, 2004 12:06 am
Location: Illinois

Postby kabassanov » Sat Feb 19, 2005 7:32 am

cscript iwconfig.vbs wlan0 gives:

iwconfig.vbs(122, 1) (null): 0x8004100C



iwconfig.exe wlan0 gives:

[thread 0xe64] Unhandled exception generated: (0x00ab8c1c) <System.Management.Ma
nagementException>
errorObject=(0x00ab8bac) <System.Management.ManagementBaseObject>
errorCode=<System.Management.ManagementStatus>
_className=<null>
_exceptionMethod=<null>
_exceptionMethodString=<null>
_message=(0x00ab8be4) "Non pris en charge "
_innerException=<null>
_helpURL=<null>
_stackTrace=(0x00ab8c64) array with dims=[36]
_stackTraceString=<null>
_remoteStackTraceString=<null>
_remoteStackIndex=0x00000000
_HResult=0x80131501
_source=<null>
_xptrs=0x00000000
_xcode=0xe0434f4d

[00a8] int 3
kabassanov
Mini Stumbler
 
Posts: 4
Joined: Fri Feb 18, 2005 3:35 am
Location: Paris, France

Wireless Programming

Postby Flopik » Wed Mar 23, 2005 9:41 am

It can be nice to make a forum for wireless developers and I web site with source for Windows and linux. And try to make program multiplatform.
Flopik
 

Postby wrzwaldo » Wed Mar 23, 2005 9:50 am

Flopik wrote:It can be nice to make a forum for wireless developers and I web site with source for Windows and linux. And try to make program multiplatform.


You mean like http://sourceforge.net/ ?? :rolleyes:
wrzwaldo
 
Posts: 8995
Joined: Sun Dec 14, 2003 12:43 pm

Next

Return to Windows

Who is online

Users browsing this forum: No registered users and 3 guests

cron