Wardriving: where to start for a beginner.

[Admin 2425]

Wardriving - (eng. wardriving - combat driving) scanning broadcast on a frequency of 2.4 Ghz with the goal to find as many wireless access points Wi-Fi (Acces Point or Hotspot). Typically the "on wheels", hence the name WarDriving. Wardriving - not necessarily hacking. Most often it is just harmless collecting, attempt to discover as many access points and put them on the map as proof of your achievements =) But many for personal gain or just for fun hacking wireless networks using equipment and specsoft for the exploitation of vulnerabilities in Wi-Fi, since its protection in the first implementations was, and still is full of holes like a sieve =)
Few know what wardriving, although he did not appear yesterday. Now, thanks to articles in some journals , as well as publications on the Internet wardriving goes to mass. Many, my wifi technology, Intel Centrino, etc. rushed to use all these charms of the era of high-tech, unaware that their network can break any student.
This website is not intended to be a global RTFM on wardrive, and without missing (unfortunately, most of them in English). This is a rather small collection of content on the topic, assembled enthusiastic person...

In connection with the opening of the new section on wireless security, decided to write an article that would help beginners to answer many of the questions at the first acquaintance with the vulnerabilities of wireless protocols. To write what is wi-fi, wardriwing about the wireless standards, I will not, on this subject is already enough information in this section. I certainly do not consider myself a Pro in this, but a couple of tips I can give, and in General I would like to organize some knowledge on the subject. The  repeatedly asked questions like: "What is the better adapter to buy for wardriving'a?", "What software to use and how to configure it?", etc. to all these questions, I will try to answer.

1. Why do I need it?

Indeed, at the beginning would do well to ask ourselves the question, what is it you want to do wardriving'? All people have different motivation for this. Explore wireless protocols, and without the risk of being caught for illegal activities and causing extensive damage and, of course, to bear in all that criminal liability. I'll tell you about both sides wardriving'. First, some do it only for fun, finding the access point, and by mapping their location and information is quite harmless, as these cards can be useful and other people involved in the analysis of wireless networks. Also something else that is not bringing any harm to the direct application of the markings on buildings, sidewalks, fences about wireless network availability, learn more about these characters in the app. The second part wardriving'and applies directly to the discovery of vulnerabilities, benefits and damage. One of the main purposes of hacking wifi networks is gaining access, and illegal use of another channel when working with internet, despite the fact that in our time, free access points are becoming more and more, getting free Internet is a threat to wireless networks. But as you can see not only free Internet you can make money in wi-fi networks. The second threat is in most cases practically not protected traffic is transmitted in wireless networks, as far as we know traffic is transmitted by air, unlike wired networks, and if you have a particular software is not be easy to intercept unprotected traffic, from which you can get enough useful information, such as usernames, passwords from various services, the wep keys closed wireless nodes, etc. also, nothing prevents portati any machine in the network, and use it to their advantage. For special lovers of brutal solutions that are easily implemented dos attacks on the network-class wi-fi, just one powerful adapter(about 400-500 mW) and a good antenna, you can easily launch an attack "denial of service" at any point. These are all basic attacks, also there are many other types, such as attack type "man in the middle" attack on a RADIUS server, attacks on the first and second network level, and so on. General facilities study of wireless protocols is very broad and I think that after reading the above you have already decided what you will do and what it is you really need. 

2. Preparation equipment.

2.1. Iron 
Regardless of whether you chose a legitimate path of study or not, you should prepare the equipment for analysis and implementation attacks. First you need the device that will take your high-frequency research. If you're not going to cross the line of law, but only to study wireless networks and their location, some information, for these purposes, it is quite suitable conventional PDA with a built-in or external wireless module, the necessary software for pocket PC, you can find here. Also quite possible to detect wireless networks and get information about them you can use the portable console . For a more serious study, you can use a sub-notebook or a regular laptop with a wireless adapter, or specialized spectrum analyzers. Also, if you use adapters with a small signal strength, you may need a power amplifier or a good antenna(more about antennas here). So with the device decided, it remains to select the adapter, in the case of a PDA, it's much easier, and many models have built-in wireless adapters if one is not available, you can buy an external adapter, the most common connector CF. In the case of a laptop it's much more difficult, the market provided a huge amount of external adapters, although modern laptops are increasingly common built-in adapters, I would suggest to buy external, you'll soon see why. For the standard study wireless networks without any serious interventions, the model and chipset of the adapter is not critical, as long as it was compatible with the software, and if you are going to work with maps and gps adapters.Now consider the adapters for combat purposes, here is a little more complicated, firstly not all adapters are compatible with the software, and still have to decide which OS will deal wardriving'ω personally, I suggest to put Linux, or FreeBSD, since the OS is designed for these much more soft than under all your favorite Windows. So let's go straight to the adapters a long time to paint, I will not, let me just say that the main criteria for choosing a combat card is a chipset, connectors for external antennas, and power built-in transmitter. With the adapters figured out there the last part is the antenna, I don't want to copy-paste existing info, so learn more about antennas you can read here.

2.2. Soft
Start looking at the software used for wardriving'a. I'm not going to tell you about all the software, and give a bunch of links to download, I just wanted to introduce you to the software most often used in wardriving'e, and which will be more understandable to beginners, I want to divide the software into several categories:
1. Scanning, information.
2. Hacking, the selection of wep, wpa keys.
3. Dos attacks, generating frames.

With the first category, I think everything is clear, just before active actions to discover the network and get some information about her. The first tool in this category is NetStumbler, a well-known product, excellent scanner to detect access point, and outputs the maximum of useful information, have the opportunity to work with a gps receiver, the platform is Windows. Linux system as there is a great software product, Kismet, a great scanner with lots of features. To scan and retrieve information this software is enough. There is a common mistake when beginners, download a bunch of software, and don't know what to do.

NetStumbler 
Kismet 

The second category I want to include only one program which don't have analogues, it is Aircrack. There is a version both under win and under nix. A good software product, able to easily crack any wep and wpa keys. Built-in sniffer allows you to intercept the required number of packets to decrypt the key. The possibility of opening a key, as the selection and dictionary. On a more detailed configuration of the program may be read in my article .

Aircrack

The third category is the software used for more violent purposes. One of the most effective programs in this category is void11. C this program implements a dos attack by flooding the frames and sending requests for session termination. The most destructive program in its class, able to attack hosts on the list, you might need for active protection of your network.

3. Where and how to start fighting.

I hope you have already prepared the necessary equipment and software, now proceed directly to combat operations in the city. If you don't know of any places in your city where the access point does not matter, you can see list of available access points in your city on the website freewifi.ru if you don't find any points on this site, you will have to look for yourself, in General, the big work it will not be enough to translate mode the scan software, which I've mentioned above, and just to ride around town with your wi-fi device(PDA, Laptop, PSP). Look for the access point preferably in the center of town, where more business offices, hypermarkets, etc. After finding the available points should specifically focus on one of them, and to engage in more detailed study, to determine the signal bandwidth, the presence of encryption, etc. Then, you can decide exactly what we need from this point, free Internet, network traffic, or just to get back at someone, and to have a big dos attack.

4. Conclusion.

In this article I tried to show newcomers how interesting may be the study of wireless networks, as well as to give the first push, and tried to explain in General terms why we should start to do wardriving'ohms. I was not here to describe in more detail some types of attack, and configuration of software, I just wanted to encourage the reader that he would have had the motivation to further, independent study of this area.