Swamppifi

Thanks for pointing that out cooper...I hadn't seen that info

Well I don't upload to the main database, so I keep my own database, as mentioned, my setup is alway on where ever I go. Just on the subject, this project was just pasted on hackaday site which may be of interest http://hyperionbristol.co.uk/hardware-open-source-nsa-technology-airborne-wifi/ A do it yourself wifi sniffing rig Also, here is another post for the airchat radio mesh project, may be interesting http://hackaday.com/2014/05/01/airchat-the-wireless-mesh-network-from-lulzlabs/

I export my runs out of wigle as a kmlz file.. This is on an android tablet I then use an app called kmlz to earth to load into google earth Then import the kmlz file as a xlm into excel spread sheet I sort in the spread sheet with tabs for wep, free wifi, business, printers, routers..etc.etc.. I have a tab with identifable info in the broadcast ssid.... people with names and street.....even phone numbers...really, to much info to broadcast to the world I am working on sorting WPS at the moment There are a couple of other suss ssid in the list already I also have a template to re compile the spread sheat back to kmlz after sorting so I can reload into google earth.

it is a lot of traffic, its a major road, but still I was surprised how many phones was left on as an access point. I was interested in the possibility of identify open access points of people who walk into offices, and just what exploit could be done on open AP.

wigle ( found at https://wigle.net/ ) uses gps to map any wifi points detected, I have found this fairly accurate, it even traces the path to my office at work every morning. So yes if you are driving, then it would show its path along the road, has even shown what lane I am in., but it has issues, 1. inside heavy buildings, it screws the gps, and the point is either not mapped, or way off on google earth 2. as you stated. it only maps the area detected. I had a similar idea to what you have suggested, I had detected a lot of open phone access point that are mobile, now where i live , I am on one of the major roadways into Newcastle, it is a major choke point, two months ago, I did an experiment, I set up in a car park at 6.00 am, on this road, in an area I know is clean of any wifi points, and just mapped how many cars drove past with open phone access points, I got 40 in just over 2 hours in the morning rush hour. Now what I was thinking, was to modify the code of wigle to use the tablets camera to snap a photo, every time it detects a access point come into range, turn it into a camera trap for wifi. this would be useful on a building entrance, you could detect who is walking in with open access points in the morning into a target. One thing that has come out of the database, is multiple sightings of the same access point, I have a few identified, one in particular is on a y junction, and I have it mapped a number (17) of times coming and going from all three side of that road junction. this should give a radius of its range. I have a high gain direction 18db ant. but I currently can't find my sma adapter for it, jaycar is out of stock so I have to wait to they get some more in or try to find mine, haven't seen it since I moved a few years ago, last used on my buffalo high power. that would narrow down the direction location, but will need to use a laptop and usb wireless adapter....or one of my network routers my tablet goes where I go, so it maps the general location of everything, all the time for general day to day wardiving

I have been updating my database of mapped nodes, haven't done it lately.. I turn on my wigle setup on my tablet everytime I go somewhere, so I am mapping every day, but haven't had the time to sort it ... so , while sorting the files and updating my database, I came across two access points of interest. one, a gov dept that should know better, considering what they do, and can you guess why they are silly... they are running WEP, other branches of this dept have WPA2 running,but this branch is running WEP... really. just wondering what else isn't secure at that branch. two I came across a ssid that had a name followed by a dash, then a 15 character string.. no...they couldn't be... not that silly, could they..... so I went and checked it last night. tried to connect with the string, nope, no luck... so I tried the string backwards, oh no.... it connected.... they included their 15 character passphase backwards into their ssid.... no matter how much the tech companies tighten security, if the weakest link, (people) want to be lazy, then security will always be comprimised....

good work cooper I will play with it over the weekend, and I really do appreciate your input. I been playing with fern, as it automates a lot of the work that is done in a terminal session as a quick on target platform, it does all the de auth, capture the handshake, and starts brute forcing, at which point you can move off with a few clicks. still experimenting with the best option.

Sdr from 10mhz to 6ghz.....now that would be good But I think the transmitter as well could be trouble...as darren pointed out in the episode on sdr's and aircraft But I will be placing a pre order tonight, already thinking of fun things to do with it....

Thanks for both replies...guys I should be able to work out a solution. I know I can pipe the std output from crunch orJohn the ripper directly into aircrack, but at the moment i am experimenting with Fern wifi cracker in Kali, and I am not sure if this is possible, as it requires password list for a dictionary attack. I have already cracked two of my routers using it, and I want to see how long it takes on routers with pre compiled phase keys, as I have three in my router farm ( total of 15 )

Hi all I am trying to generate a 8 digit number password list for WPA cracking of a router that has pre set 8 digit key phase when supplied from the sevice provider. I am using kali live on a 8gb usb when I am trying to generate , it is trying to generate 90000000 lines at 985mb it gets to 48% when it failsdue to no space left on the device i am using the following ...crunch 8 8 -f /usr/share/crunch/charset.lst numerical -o /root/routerpassword.txt any Ideas how i can generate a list from 00000000 to 99999999 , even if i have to split it Swamppifi

next hooked up the duck this is a success, i have hard wired the duck to another of the micro router USB ports, as shown below, it powered up and the duck and router worked when connecting to the computer I had to increase the delay, to allow the micro router to connect and handshake....but as shown next, it executed a basic notepad payload... next step, sort the USB stick then try to connect the mouse board to the third micro USB port, and wrap everything in heat shrink and fit within the mouse... more to come...

hooking it up.... I have soldered together all the componets, this is really fiddly... Unless you really have good soldering skills, and a good head magnifer and lighting, this would be hard, also a good soldering iron with a point tip is a must.. i have tried to solder the micro USB stick directly to the micro router board, but when plugged in, it is coming up as a failed device, I had tried to be a quick as possible when soldering, but it may have cooked it, or that port has failed. never mind, i will sort this later, will buy another and try again with the socket

Next i removed all the USB sockets from the micro USB hub, and trimmed the board down leaving soldering pads for three of the four USB hubs. I am keeping one socket to connect by wires for the micro 8Gb usb stick to plug into so the duck will be hard wired to one port, 8gb stick on another, and then later hook the mouse to the third remaining port. I have trimmed everything down so the duck will tuck underneath the hub board, the 8Gb stick will sit on top and then rap with heat shrink. This will keep a nice tight little foot print that will fit within the working mouse and its board. I have changed my mind on trying to hook on button to the duck, it is going to be tight fit on the board, maybe later Will post more over the next couple of days

Surgery begins... been busy the last three days, so I am only getting around to this today. After losing my first patient on the operating table, I lifted the pad off the PCB when attempting to remove the USB connection from the Duck and killed the duck, I decided to tackle this another way on another duck...will need to order more Darren soon.... 1st I removed as much solder with soldering braid, before taking a needle file and slowly cut the connection before removing the USB socket, then cleaning the pad of the remaining lug and solder. The plan is to minimize the foot print of all the components to fit within a working mouse see next post

I see your point cooper. when i went to get a USB cable to chop up for this, I found this very small micro USB hub, see the photo of it without its casing so here is the plan, I will cut the mouse board at the line shown, leaving the switches in place, then remove the USB connectors form the duck and three of the four ports, hard wire the duck to one port, trim the other two ports back, the duck will fold under the hub board. I will leave one USB intact for connecting a memory stick wire the duck button to one of the mouse button. This should fit within the mouse. this may take a few days...but I will keep this post updated on the outcome.

I should be able to get the duck to work, that is why I need to cut the tracks on the mouse board, to kill the controller chip,. I want to leave the board inplace as the micro switch for the buttons are there, I just want to wire up one switch to the duck The mouse board would be dead... I have found a spare at work, will have a go tonight to see if I can get the basic concept to work

I had time to think on this today, what I will do over the next couple of days is find an old mouse, maybe raid one from work, as I use track balls at home, I don't tend to have spare mouse lying around at home Instead of replacing the inners, I will use a dremmel and cut the mouse boards pcb track at the USB head. Then one of my spare ducks, I will solder wires to connect to the cable, also solder wires to the scroll wheel switch and to the payload button. If this works, I can't see why it wouldn't, I could try to spice a memory stick in as well. Be an interesting experiment....

I was more interested in the concept. Replace the mouse inners with the duck, could even hook up one of the buttons to the payload delevery button. would make the perfect cover....oh my mouse isn't working, can I test it on your computer....hidden in plane sight.....

I just found this on the hackaday site , it is an article on how a group of germans have built a device that injects malware via a mouse. Maybe an idea for expanding the duck... A memory stick hidden inside The link is at http://hackaday.com/2014/03/30/malware-in-a-mouse/

While I have been exeperimenting ,i had found that if the cap lock is on when executing, text strings come out inversed, ie lower case becomes upper case, and upper case becomes lower Now while may not be an issue with most commands, it will effect passwords if you are writing a payload for. Is there a way to make sure the cap lock state is set via script , I don't want to have touch the keyboard if I can help it

Thanks for the reply Adding a delay at the start resolved the issue...

I have resolved one issue, I was following a tut on the forum on how to write hello world, but it is incorrect It was using sleep instead of delay, so now I am using Gui r delay 100 string notepad.exe delay 100 enter delay 100 string hello world - how are you This works but..... I had open a word.doc but minimised, it restored and typed the string into the.doc where the cursor was After closing it, it ran properly. But I still can't auto execute, I have tried on all three of my pc's ,put in load drivers succesfully,unplug,then plug in again but nothing happens, have to push the payload button. These are standard ducks, what firmware should I be running. Peter

Thanks digip

Hi all I brought three ducks before xmas , just started to play with them this weekend. I got the encoder set up and managed to write a simple hello world source......but 1. When I put in the first time on two of my machine, the drivers load, I unplug it, and replug it, but nothing happen, only when I press the button button does it execute. 2. It is having delay issues, I can't get the notepad.exe in the cmd string,even when sleep commands before and after are set to 1000, But it is a start....... Any idea what I might be doing wrong Peter

Hi All I have just tried to upload a PDF file with a post, even thou it was under the limit, it came back as a non supported file format. what file formats are supported when attaching to posts. also what method of uploading images into post is supported, tried my photobucket account, but again, not supported Peter