I know this isn't a new subject by any means but I think it's still interesting and most of the material that's useful out there right now is antiquated so I thought I'd write my own version.

Background

The reason I got into war driving was to:

1. Learn the specifics about the technologies (Kismet, gpsd)
2. Have something to do on the drive to Notacon
3. Be a geek

Hardware

Here is the list of hardware that I used:

• Laptop (Wireless card, serial port)
• Garmin eTrex - Craigslist $35
• Garmin eTrex serial cable - $8
• Edimax RT73 (optional) - $43

Software

Software I used:

• Kismet - wireless sniffing tool
• GPSD - receives GPS data
• Ubuntu 8.10 - OS
• GPSDrive - (optional) Maps your current location as you drive
• Festival - (optional) Text to speech plugin for announcing when an access point is found
• KisGearth - convert kismet data to KML for GoogleEarth
• Google Earth - place access points on a map

GPS Setup

• sudo apt-get install gpsd
• Telnet to gpsd server and type "r" to receive the coordinates and "b" to confirm the console settings
  >telnet localhost gpsd Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. >r GPSD,R=1 >b GPSD,B=9600 8 N 1
• Plug in garmin using the console cable
• In the garmin, page over to the setup > Interfaces and make sure the output format is NMEA and the transfer rate is 9600 baud
• If you are successful you should see coordinates pop up in console of GPSD

Kismet Setup

• sudo apt-get install kismet festival
• Configure kismet.conf for your wifi cards (see KismetWireless.net under the Capture Sources section for a listing of your network card)
  #Edimax RT73 Usb source=rt2500,wlan0,RT73 #Intel Ipw2200 for Lenovo T43p laptop source=ipw2200,eth1,Intel
• Configure kismet.conf for festival
  festival=/usr/bin/festival
• Configure kismet.conf to save waypoints for GPSDrive
  # Do we write waypoints for gpsdrive to load? Note: This is NOT related to # recent versions of GPSDrive's native support of Kismet. waypoints=true # GPSDrive waypoint file. This WILL be truncated. waypointdata=%h/.gpsdrive/way.txt # Do we want ESSID or BSSID as the waypoint name ? waypoint_essid=true
• Configure kismet.conf to save GPS data in the log files
  logtypes=dump,network,csv,xml,weak,cisco,gps
• Start kismet to use your wifi cards. (only put in the cards you've setup in the sources or leave blank)
  sudo kismet -C Intel,RT73

GPSDrive Setup

NOTE: GPSDrive is a fun tool to show you access points while you drive. It's unnecessary if you're going to be mapping the coordinates on Google Earth later

• Download the latest deb from the GPSDrive website or download the stable release with apt-get sudo apt-get install gpsdrive
• Before you go on your war drive, make sure you download the maps for the location you'll be driving, otherwise you won't be able to get the specific streets. I'd suggest getting used to how gpsdrive works because there's a little bit of a learning curve.

The Drive

This is a no brainer but I wanted to give a few tips that I learned:

• Plan laptop power settings before hand - make sure your laptop isn't going to shut off the hard drive after 15 minutes of inactivity
• Setup the equipment beforehand so it doesn't slide
• kitchen drawer sponge - a friend of mind gave me the idea of using that spongy material that goes at the bottom of a silverware drawer. Throw it on your dash and put your hardware on it so that it's not sliding around during turns.
• Secure the laptop however you can in your car
• Ideally buy a magnetic antenna to latch onto the top of your car so nothing is sliding around
• Test everything a couple of times before trying to do it in the car - reboot, unplug, undo everything because sometime or another it's going to happen and you're going to need to know what to do
• Make sure your GPS always has a good signal or your maps will be inaccurate

Importing into Google Earth

So you've finished your drive and you want to map out everywhere you've been. Google earth is perfect for this.

• Install google earth either from Google Earth's site or from the Ubuntu repositories
  sudo apt-get install googleearth
• Download an extract KisGearth
• Run kisgearth to use the kismet .xml file and .gps file. (You can use just .xml but using the .gps file as well makes it more accurate)
  ./kisgearth.pl --gps /var/log/kismet/Kismet-Apr-26-2009-6.gps -oN Kismet.kml -- /var/log/kismet/Kismet-Apr-26-2009-6.xml
• Open Google Earth and go to file>open and open the KML file you created

With a little luck you should have an accurate map of where all the access points are using Google Earth's satellites. Just for fun I've attached the KML file that I used for Notacon.

You can download it here.

External Links

http://code.google.com/p/kisgearth/ - Kisgearth

http://www.gpsdrive.de/download.shtml - GPSDrive

http://www.kismetwireless.net - Kismet

Remote administration is a subject that's open to a lot of interpretation because one way could work for one environment and just not fit in for the next. It's pretty easy to setup a client to have a secure remote shell or remote desktop viewing software but a lot of my environments are not setup ideally so you're forced to use the tools that are on the system and free tools that you can download. Also add to the picture that you don't want to disrupt an employee working and answer may be at the command line.

In this example I'm investigating a report from the antivirus protection on a machine that its process is attempting to be disabled by a certain PID. I want to know what process is associated to that PID and why that's happening. My computer name is WORKSTATION and the PID in question is 1055.

tasklist /s WORKSTATION /FI "PID eq 1055"

You'll see that PID 1055 is a certain executable. In my case it was winlogon.exe and because the event was happening at 3:00AM, I knew that it was caused by Windows Updates being installed.

But if you noticed that a process named something like virus_hack_death.exe was running under this PID and it was trying to access your antivirus, you can use tasklist's cousin, taskkill.

taskkill /s workstation /PID 1055
OR
taskkill /s workstation /IM virus_hack_death.exe

Obviously this is a pretty weak example because whatever process you killed will most likely start again but you could also help those machines that are hung up and not accessible from the keyboard or through RDP. Connect in and kill the frozen process.

The sixth installment of the annual hacker convention, Notacon happened this last weekend. It drew the same crowd as other hacker cons like Defcon, Shmoocon, and Random but as the name implies, Notacon wasn't like the others. The general subject for the talks asked the question, what would geeks like to hear? So it ranged from rules of the board game GO to SQL injections to silly internet videos to healthy cubicle life to hacking consumer routers - all over the place.

The scene was the same as a standard con with all of the same characters we've grown to know and love. Because the talks were all over the place, some people didn't have interest in listening to them. This lead to more off the field antics where you had more time to take in the Lockpick village, check out HackerSpaces.org and the guys from PumpingStation:One, hang out with Deviant and have a go at his Gringo Warrior. There was a guitar hero/karaoke/Commodore64 game room that was a lot of fun. There was also a pirate radio that asked anyone to just walk in and talk.

PS:One

I don't get to really talk about these guys to many people around here because it's completely out of context in Rochester but Pumping Station One is the newest if not the only open hacker space in Chicago. One of the founders Eric who helped start HacDC teamed up with Rogue Clown and many others to create a not for profit organization, hold regular meetings, and find their own space which they just signed the lease for. You'll see a lot more of these hacker spaces popping up as the HackerSpaces.org team becomes more and more organized and provide templates for other people around the world.

Check them out here: http://pumpingstationone.org

DualCore

Dual Core is a nerdcore group from Cincinatti. Int Eighty is the rapper/frontman for the group and happens to show up at all the popular cons. If you haven't listened to them you may have the assumption that oh it's just another one of those nerdcore groups that focus on geeky lyrics and lack rapping skills but you'd be wrong. Eighty is a seriously skilled rapper who is into the hip-hop scene and the hacker scene. It's like if Emminem and Kevin Mitnick had an illegitimate child together. You know it'll be a party when DualCore is there.

External Links

http://notacon.org/ - Notacon's website

http://dualcoremusic.com/nerdcore/ - DualCore's website

http://pumpingstationone.org - PS:One website

http://hackerspaces.org - HackerSpaces.org