The Church Of Wi-Fi Presents: An Evil Bastard, A Rainbow And A Great Dane! (Break It!) presented at ShmooCon 2006

by Renderman , Thorn & H1kari, Dutch , Joshua Wright,

Tags: Security Wireless Community Analysis Forensics

Summary : The Church of Wifi has been hard at work in the last 6 months. At what, we aren't sure. When we woke up we found we had some projects lying around we thought we'd share.
Breaking WPA-PSK is possible with coWPAtty, but trying to do so onsite can be time consuming and boring. All that waiting around for things to be computed each and every time we want to check for dumb and default passwords. Well, we're impatient and like to know the password NOW! So we came up with a 'jdumas' tool to do this for us. With the help of Joshua Wright, we have come up with a solution and we also did some of the work for you.
Airsnarf is a great proof of concept tool for the danger of spoofed AP's. Rogue Squadron raised the bar even more by creating a simple appliance for snarfing hotspot passwords. Public Hotspots are not the only networks vulnerable to snarfing though. We decided to take this idea as far as we could go, the end result is the 'evil bastard'. Complete with 'Point n' 0wn' interface, we set out to create the easiest and most evil network appliance available at your local Best Buy.
Kismet is the defacto tool for wardriving under linux. Well, why should linux users have all the fun. Kismet under Windows has become a reality recently. However, the usefulness of this tool still hasn't been fully explored. This part will be an overview of Kismet on Windows with some new toys.
Thorn runs his own technology-consulting firm, Blackthorn Systems, which specializes in wireless networks and security. An interest in Amateur Radio has also helped him bridge the gap between computers and wireless networks. Thorn's experience with computers goes back to the 1970's when he started programming mainframes. Over the last thirty years, he has used dozens of different Operating Systems and programming languages.
In addition to his computer and wireless interests, Thorn was a Law Enforcement Officer for many years. As a detective and forensics expert he has investigated approximately one hundred homicides and thousands of other crime scenes. Combining both professional interests, he was a member of the workgroup that established ANSI Standard ANSI/NIST-CSL 1-1993 "Data Format for the Interchange of Fingerprint Information." Thorn is a co-author of "WarDriving: Drive, Detect, Defend", "Game Console Hacking" and contributor to "IT Ethics" all by Syngress Publishing. He resides in Vermont with his wife.
RenderMan has been a fixture in the wardriving community for many years. He never seems to be out of crazy projects and ideas, never very far from wardriving news, often causing it himself. He spends his time working on things like the 'stumbler ethic', Worldwide wardrive, 'the warpack' and the Church of Wifi. When not working to make wardriving an acceptable hobby, he can usually be found taking something apart, creating an army of cybernetic fluffins, trying to win the Defcon wardriving contest, or more likely, at the hotel bar.
J.D. "Dutch" Schmidt - Retired Danish IT entrepeneur, who spends far to much time being badly influenced by Thorn & Renderman's WiFi- Fu at the NetStumbler Forums. With experience ranging back from the z80 homebuilt kits, he has found a new hobby in implementing the collective ideas of Renderman & Thorn on the WRT54 platform.
Joshua Wright is the author of several papers on wireless security and intrusion analysis and has contributed several tools to the open-source community designed to evaluate the security of wireless networks. He currently serves as the senior security architect for Aruba Wireless Networks and is a senior instructor for the SANS Institute.