Wednesday, September 12, 2012

Network mapping with Kismet-newcore + giskismet


Tutorial provided by



First make a quick edit to the kismet.conf file, we can do this with nano:

Code:
nano /pentest/wireless/kismet-newcore/conf/kismet.conf


Just edit to make sure the GPS device is pointing correctly to ttyUSB0.

Ctrl + X (to close after amending)
Y (Yes to save)
Enter (to save as same file name)

Then start up GPSD and we're good to go.

Code:
gpsd /dev/ttyUSB0

So with the Kismet-Newcore and GPS set to work, it was war-driving time !

So starting up kismet with the GPS:


In kismet going to Windows --> GPS Info


All is well, now just time to hop in the car and drive around a little !

When done, just exit kismet.

Now we can use giskismet, first inserting all information into a GISKismet database file from which we can create .kml files to put in either google maps or google earth.

So in the directory where the kismet files are;

Code:
giskismet -x kismet_netxml_file.netxml


wireless.dbl will be created, then we can make some .kml files depending on what we want to see.

Code:
giskismet -q "select * from wireless" -o output_all.kml

The .kml file will be created in that same directory with all information on all access points seen and can then be opened with google earth.


If for instance only want to show AP's with an ESSID "linksys":

Code:
giskismet -q "select * from wireless where ESSID='linksys'" -o linksys.kml


Resulting .kml in Google Earth:


Showing only AP's without any encryption:

Code:
giskismet -q "select * from wireless where Encryption='None'" -o None.kml


Showing only AP's with WEP encryption:

Code:
giskismet -q "select * from wireless where Encryption='WEP'" -o WEP.kml

You can actually filter the input to this database on channel / essid / bssid or encryption.


For instance:

Code:
giskismet -x kismet_netxml_file.netxml --channel 1 --encryption None

then

Code:
giskismet -q "select * from wireless" -o output.kml

This will give you a .kml file directly with only networks shown which are on channel 1 without encryption.

Resulting .kml in Google Earth:


The amount of networks you see with either no encryption or WEP is really staggering..

Still trying to figure out how best to grep out the SSIDs for entering in my essid list for cracking hidden essids.
Wrote a bit of code that the blog wouldnt even let me post, so must be rough ! Will be reverting on that..

So got some help.. thanks Gitsnik !

Still quite a mouthful, but gets the job done, am pleased to say that what I had, although ugly, actually worked as well ;)

Code:
grep SSID kismet-nettxt-file.nettxt | egrep -v 'BSSID|SSID [0-9]' | sed 's/.*://' | sed 's/"//' | sed 's/"//' | sort -f | uniq > ssid.txt

Still not 100% perfect, but I'm sure I will be able to 'prettify' (omg) it after some further resting, testing and trials.

So after some trial and error, and not a little help from Gitsnik:

Code:
grep SSID test.nettxt | egrep -v 'BSSID|SSID [0-9]' | cut -c 18- | sed 's/"//g' | sed 's/ *$//g' | sort -fu > ssid.txt

Seems to be pretty clean so far !


To make things a little easier on stripping out the SSIDs, made a couple of scripts which I thought
I would share for the hell of it:

SSIDstrip_v0.1


ssidstrip_v0.1 can be downloaded here:


Or if you like a bit more to look at (and with some more safety built in to avoid accidental overwriting etc.)
SSIDstrip_v0.2
ssidstrip_v0.2 can be downloaded here:

0 comments:

Post a Comment