Network mapping with Kismet-newcore + giskismet
Tutorial provided by
Keeper |
First make a quick edit to the kismet.conf file, we can do this with nano:
Code:
nano /pentest/wireless/kismet-newcore/conf/kismet.conf
Just edit to make sure the GPS device is pointing correctly to ttyUSB0.
Ctrl + X (to close after amending)
Y (Yes to save)
Enter (to save as same file name)
Then start up GPSD and we're good to go.
Code:
gpsd /dev/ttyUSB0
So with the Kismet-Newcore and GPS set to work, it was war-driving time !
So starting up kismet with the GPS:
In kismet going to Windows --> GPS Info
All is well, now just time to hop in the car and drive around a little !
When done, just exit kismet.
Now we can use giskismet, first inserting all information into a GISKismet database file from which we can create .kml files to put in either google maps or google earth.
So in the directory where the kismet files are;
Code:
giskismet -x kismet_netxml_file.netxml
wireless.dbl will be created, then we can make some .kml files depending on what we want to see.
Code:
giskismet -q "select * from wireless" -o output_all.kml
The .kml file will be created in that same directory with all information on all access points seen and can then be opened with google earth.
If for instance only want to show AP's with an ESSID "linksys":
Code:
giskismet -q "select * from wireless where ESSID='linksys'" -o linksys.kml
Resulting .kml in Google Earth:
Showing only AP's without any encryption:
Code:
giskismet -q "select * from wireless where Encryption='None'" -o None.kml
Showing only AP's with WEP encryption:
Code:
giskismet -q "select * from wireless where Encryption='WEP'" -o WEP.kml
You can actually filter the input to this database on channel / essid / bssid or encryption.
For instance:
Code:
giskismet -x kismet_netxml_file.netxml --channel 1 --encryption None
then
Code:
giskismet -q "select * from wireless" -o output.kml
This will give you a .kml file directly with only networks shown which are on channel 1 without encryption.
Resulting .kml in Google Earth:
The amount of networks you see with either no encryption or WEP is really staggering..
Still trying to figure out how best to grep out the SSIDs for entering in my essid list for cracking hidden essids.
Wrote a bit of code that the blog wouldnt even let me post, so must be rough ! Will be reverting on that..
So got some help.. thanks Gitsnik !
Still quite a mouthful, but gets the job done, am pleased to say that what I had, although ugly, actually worked as well ;)
Code:
grep SSID kismet-nettxt-file.nettxt | egrep -v 'BSSID|SSID [0-9]' | sed 's/.*://' | sed 's/"//' | sed 's/"//' | sort -f | uniq > ssid.txt
Still not 100% perfect, but I'm sure I will be able to 'prettify' (omg) it after some further resting, testing and trials.
So after some trial and error, and not a little help from Gitsnik:
Code:
grep SSID test.nettxt | egrep -v 'BSSID|SSID [0-9]' | cut -c 18- | sed 's/"//g' | sed 's/ *$//g' | sort -fu > ssid.txt
Seems to be pretty clean so far !
To make things a little easier on stripping out the SSIDs, made a couple of scripts which I thought
I would share for the hell of it:
SSIDstrip_v0.1
ssidstrip_v0.1 can be downloaded here:
Or if you like a bit more to look at (and with some more safety built in to avoid accidental overwriting etc.)
SSIDstrip_v0.2
ssidstrip_v0.2 can be downloaded here:
0 comments:
Post a Comment