Jump to content

i can't believe some people....how silly are they


Swamppifi
 Share

Recommended Posts

I have been updating my database of mapped nodes, haven't done it lately..

I turn on my wigle setup on my tablet everytime I go somewhere, so I am mapping every day, but haven't had the time to sort it ...

so , while sorting the files and updating my database, I came across two access points of interest.

one,

a gov dept that should know better, considering what they do, and can you guess why they are silly... they are running WEP, other branches of this dept have WPA2 running,but this branch is running WEP... really.

just wondering what else isn't secure at that branch.

two

I came across a ssid that had a name followed by a dash, then a 15 character string..

no...they couldn't be... not that silly, could they.....

so I went and checked it last night.

tried to connect with the string, nope, no luck... so I tried the string backwards, oh no.... it connected....

they included their 15 character passphase backwards into their ssid....

no matter how much the tech companies tighten security, if the weakest link, (people) want to be lazy, then security will always be comprimised....

Edited by Swamppifi
Link to comment
Share on other sites

I don't quite understand this WiGLE thing. I looked at the map for my area and while I believe a lot of the hotspots shown are valid, particularly those indoors, the vast majorities of nodes shown are on roads and pathways. Why is that? Is it reporting where you were when you were in range of a hotspot and then maps that (remote) hotspot to your current (local) location?

The concept could be very usable for my idea to have a rotating directional wifi scanner in a laptop bag to carry around and do inconspicuous recon work.

Link to comment
Share on other sites

wigle ( found at https://wigle.net/ ) uses gps to map any wifi points detected, I have found this fairly accurate, it even traces the path to my office at work every morning.

So yes if you are driving, then it would show its path along the road, has even shown what lane I am in., but it has issues,

1. inside heavy buildings, it screws the gps, and the point is either not mapped, or way off on google earth

2. as you stated. it only maps the area detected.

I had a similar idea to what you have suggested, I had detected a lot of open phone access point that are mobile, now where i live , I am on one of the major roadways into Newcastle, it is a major choke point, two months ago, I did an experiment, I set up in a car park at 6.00 am, on this road, in an area I know is clean of any wifi points, and just mapped how many cars drove past with open phone access points, I got 40 in just over 2 hours in the morning rush hour.

Now what I was thinking, was to modify the code of wigle to use the tablets camera to snap a photo, every time it detects a access point come into range, turn it into a camera trap for wifi.

this would be useful on a building entrance, you could detect who is walking in with open access points in the morning into a target.

One thing that has come out of the database, is multiple sightings of the same access point, I have a few identified, one in particular is on a y junction, and I have it mapped a number (17) of times coming and going from all three side of that road junction. this should give a radius of its range.

I have a high gain direction 18db ant. but I currently can't find my sma adapter for it, jaycar is out of stock so I have to wait to they get some more in or try to find mine, haven't seen it since I moved a few years ago, last used on my buffalo high power.

that would narrow down the direction location, but will need to use a laptop and usb wireless adapter....or one of my network routers

my tablet goes where I go, so it maps the general location of everything, all the time for general day to day wardiving

Link to comment
Share on other sites

In what percentage of the total of cars do you see the AP? I'm wondering how common it is for people to carry around a phone set to act as a WiFi access point...

One of the things I want to eventually do is put a nice, powerful antenna on my balcony, which overlooks a not very small car park. Then send out the SSID for the local yellow M and see who pings back and tries to check their email or whatever. I'm quite confident this could yield some interesting results.

Link to comment
Share on other sites

it is a lot of traffic, its a major road, but still I was surprised how many phones was left on as an access point.

I was interested in the possibility of identify open access points of people who walk into offices, and just what exploit could be done on open AP.

Link to comment
Share on other sites

It would be interesting to parse through all your data with a regex to see if you can spot any other obvious WEP keys. I thought that Wigle used to let you download their data but just checked and I can't see that option any more, just queries.

Link to comment
Share on other sites

I export my runs out of wigle as a kmlz file..

This is on an android tablet

I then use an app called kmlz to earth to load into google earth

Then import the kmlz file as a xlm into excel spread sheet

I sort in the spread sheet with tabs for wep, free wifi, business, printers, routers..etc.etc..

I have a tab with identifable info in the broadcast ssid....

people with names and street.....even phone numbers...really, to much info to broadcast to the world

I am working on sorting WPS at the moment

There are a couple of other suss ssid in the list already

I also have a template to re compile the spread sheat back to kmlz after sorting so I can reload into google earth.

Edited by Swamppifi
Link to comment
Share on other sites

It would be interesting to parse through all your data with a regex to see if you can spot any other obvious WEP keys. I thought that Wigle used to let you download their data but just checked and I can't see that option any more, just queries.

Pretty sure you can download your personal uploads with the jigle client.

I don't quite understand this WiGLE thing. I looked at the map for my area and while I believe a lot of the hotspots shown are valid, particularly those indoors, the vast majorities of nodes shown are on roads and pathways. Why is that? Is it reporting where you were when you were in range of a hotspot and then maps that (remote) hotspot to your current (local) location?

The concept could be very usable for my idea to have a rotating directional wifi scanner in a laptop bag to carry around and do inconspicuous recon work.

It plots the location of the highest signal. Most people are wardriving from cars, so that's why they mostly show up on the street.

Edited by barry99705
Link to comment
Share on other sites

Pretty sure you can download your personal uploads with the jigle client.

It plots the location of the highest signal. Most people are wardriving from cars, so that's why they mostly show up on the street.

Downloading your own doesn't help that much as you already have the data, I was refering to other peoples data.

Link to comment
Share on other sites

Well I don't upload to the main database, so I keep my own database, as mentioned, my setup is alway on where ever I go.

Just on the subject, this project was just pasted on hackaday site which may be of interest

http://hyperionbristol.co.uk/hardware-open-source-nsa-technology-airborne-wifi/

A do it yourself wifi sniffing rig

Also, here is another post for the airchat radio mesh project, may be interesting

http://hackaday.com/2014/05/01/airchat-the-wireless-mesh-network-from-lulzlabs/

Edited by Swamppifi
Link to comment
Share on other sites

$6000 in 2008!!!! Holy shit. We were doing something similar in 2006 with off the shelf linksys wrt54g routers! In fact one of the top 20 users on the wigle database who lives in Denmark put a few in his brother's taxi cabs!

http://www.netstumbler.org/off-topic/the-headless-wardriver-0-2-t19462.html

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...