SlideShare a Scribd company logo

Hacker tool talk: kismet

Chris Hammond-Thrasher
Chris Hammond-Thrasher

How to: - Setup a simple wireless hacker lab - Install the Kismet wireless network analysis tool - Use Kismet

Technology
1 of 28
Download to read offline
Hacker tool talk: Kismet CIPS Edmonton Dinner Meeting – October 2011 “Security through knowledge” Chris Hammond-Thrasher chris.hammond-thrasher <at> ca.fujitsu.com Fujitsu Edmonton Security Lab October 2011 Fujitsu Edmonton Security Lab 1
• Network: Fool-open • http://kismet.nfshost.com/ Fujitsu Edmonton Security Lab 2
Agenda • Why are we here? • Setting up a wireless security lab • About Kismet • Installing Kismet • Kismet demo • What’s next? Fujitsu Edmonton Security Lab 3
Why are we here? Fujitsu Edmonton Security Lab 4
Ethics and motives “Every single scam in human history has worked for one key reason; the victim did not recognize it as a scam.” - R. Paul Wilson Fujitsu Edmonton Security Lab 5
Setting up a wireless security lab Fujitsu Edmonton Security Lab 6
Wireless security lab reqs • It’s actually pretty easy to setup – Wireless access point (AP) • Recommendation: Almost any will do – Attack/dev box • Wireless card and driver that supports packet injection • On Windows there is only one choice: AirPCAP from CACE (starting at US $200) • PCAP compliant network packet analyzer • Aircrack-ng wireless cracking and audit suite • Recommendation: OS: Backtrack Linux, Packet tool: Wireshark, H/W: ALFA AWUS36H for 802.11b/g (~$40) – Target box • Wireless card and driver compatible with your AP – Logging/monitoring box (Optional) • Wireless card and driver that supports monitor mode Fujitsu Edmonton Security Lab 7
Choices • If you have a shortage of hardware, you can employ virtualization to cut down on the number of boxes in your lab. However,VMs can only use USB wireless cards. • Booting from a Backtrack DVD or other bootable device is often the best option for the attack/dev box; it has Kismet and drivers for many wireless chipsets. Fujitsu Edmonton Security Lab 8
Caution • Unless your lab is in a rural area or in a Faraday cage, there will be innocent networks within range of your equipment • You are welcome to attack your own equipment, but attacking others’ networks without permission is potentially illegal Fujitsu Edmonton Security Lab 9
About Kismet Fujitsu Edmonton Security Lab 10
History • Kismet is one of the longest running and most successful open source wireless tool projects – dates back to the early 2000s • The Kismet project is lead by Dragorn (aka Mike Kershaw) • It was originally created to fill a void for an affordable full featured wireless scanner • Kismet-newcore is the recently released total rewrite of Kismet • Kismet-newcore is included in the latest Backtrack 4 release Fujitsu Edmonton Security Lab 11
Features • Kismet is a passive 802.11a/b/g/n network sniffer (assuming you have the right drivers and hardware) • Broad support for wireless chip sets and reliable driver auto- detection • ncurses interface • GPS integration (+ Google Earth KML mapping tool) • Packet capture • Wireless protocol dissection and analysis • Some wireless IDS features • Can be deployed in a distributed architecture with remote sensors (drones) linked to a central console • Extensible plug-in framework (WEP crack and DECT sniffing via plug-ins) • Free (as in beer and speech) Fujitsu Edmonton Security Lab 12
Kismet vs. others • Kismet passively monitors wireless networks – it never transmits – Cannot be detected – Can see non-beaconing networks if they are in use – Recovers cloaked SSIDs by listening to connection handshakes • Stumblers broadcast probes and listen for responses – Can be detected – Find many networks faster – Cannot find non-beaconing networks – Cannot recover cloaked SSIDs – Cannot packet capture Fujitsu Edmonton Security Lab 13
Legit uses of Kismet • Site survey planning and measurement – "Do we have enough coverage?“ • Security auditing – "Does the network comply with policy?“ • Penetration Testing and Vulnerability Assessment – "What opportunities are there to exploit the network?“ • Security Monitoring and IDS Analysis – "Is someone attacking my network?" Fujitsu Edmonton Security Lab 14 Props to Josh Wright for this slide
h4X0r$ • Undetectable eavesdropping – “Do you have unencrypted data on the airwaves?” • Undetectable WEP cracking (with plug-in) – “Do you ‘protect’ your data with the worst encryption protocol ever published by the IEEE?”* • Undetectable reconnaissance in advance of another attack – “Do you reveal any vulnerabilities that I can exploit?” * Bill Arbaugh of the University of Maryland Computing Science department uses WEP as an example of how not to design a cryptographic protocol. Fujitsu Edmonton Security Lab 15
Installing Kismet Fujitsu Edmonton Security Lab 16
Choices • Easiest: Get latest Backtrack (BT5R1 right now) http://www.backtrack-linux.org/downloads/ • Linux power user: Use your distro’s package manager to install the latest binary sudo apt-get install kismet • Windows power user (with AirPCAP adaptor): Get the latest win32 installer from the Kismet site http://www.cacetech.com/downloads.html • Developer: Get latest snapshot from svn and compile with gcc svn co https://www.kismetwireless.net/code/svn/trunk kismet cd kismet ./configure --prefix=/opt && make && make install Fujitsu Edmonton Security Lab 17
Kismet demo Fujitsu Edmonton Security Lab 18
Kismet demo • Starting it up • Tour through Kismet screens • Eavesdropping on open networks • [Cracking WEP keys] Fujitsu Edmonton Security Lab 19
What’s next Fujitsu Edmonton Security Lab 20
Learn more • Read Josh Wright’s much better (but slightly dated) intro to Kismet http://www.willhackforsushi.com/presentations/budget-wireless- assessment-newcore.pdf • Read Josh Wright’s book https://www.amazon.ca/Hacking-Exposed-Wireless-Second- Johnny/dp/0071666613/ref=sr_1_8?ie=UTF8&qid=1291838235&sr=8-8 Fujitsu Edmonton Security Lab 21
Act locally • At home – Turn on WPA2 PSK using a strong password – Try using Kismet on your laptop to determine your home network range – note that the range at which you can listen to your network is different from the range at which you can connect to your network – Use Kismet to audit your community league, church, friend’s store, parents’ networks to make sure they are configured securely Fujitsu Edmonton Security Lab 22
Act locally • At home – Watch your network for high volumes of retransmitted packets – this may indicate interference from nearby networks or other wireless devices (or your microwave) – Warwalk your neighborhood to determine the channel with the least interference for your home network – Use Kismet to help diagnose wireless network connectivity issues Fujitsu Edmonton Security Lab 23
Final Thoughts • SSID broadcast: yes or no? • SSID cloaking? • MAC address filtering? • Understanding Open vs WEP vs WPA2* * The EFF advocates for Open - https://www.eff.org/deeplinks/2011/04/open-wireless-movement Fujitsu Edmonton Security Lab 24
Fujitsu Edmonton Security Lab 25
Cryptanalysis Procedure Every deck has the same cards with the same letters. For the sake of fairness it is important to follow this procedure to the letter. 1. Unpack your special deck being careful to not alter the order of the cards 2. Hold the deck face down in whichever hand is the most comfortable 3. Deal exactly 24 cards off of the top of the deck face down onto the table forming a single pile 4. Riffle shuffle the two packs together *just once* (If you cannot riffle, ask for help) 5. Now deal down exactly 12 cards off the top of the deck onto the table forming a single pile 6. Do this three more times to form 4 piles 7. When your facilitator signals, look at your cards and try to use up all of your letters spelling one or more English words. Proper nouns and common acronyms are fair game. Cards labeled “space” can be used as a space between two words. Fujitsu Edmonton Security Lab 26
Thank you! Want more presentations like this? Is there a particular tool or hack that you would like to see demoed? Chris Hammond-Thrasher Fujitsu Edmonton Security Lab Email: chris.hammond-thrasher <at> ca.fujitsu.com Twitter: @thrashor Fujitsu Edmonton Security Lab 27
Fujitsu Edmonton Security Lab 28

Recommended

Wardriving & Kismet Introduction
Wardriving & Kismet IntroductionWardriving & Kismet Introduction
Wardriving & Kismet IntroductionLance Howell
 
Kismet
KismetKismet
Kismet
Nilesh Pawar
 
Acid
AcidAcid
Acid
Michael Boman
 
Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDS
Michael Boman
 
SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)
Michael Boman
 
Wardriving
WardrivingWardriving
WardrivingMonika Deswal
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
Anton Chuvakin
 
Ipfire open source firewall
Ipfire open source firewallIpfire open source firewall
Ipfire open source firewallsaing sab
 

Recommended

Wardriving & Kismet Introduction
Wardriving & Kismet IntroductionWardriving & Kismet Introduction
Wardriving & Kismet IntroductionLance Howell
 
Kismet
KismetKismet
Kismet
Nilesh Pawar
 
Acid
AcidAcid
Acid
Michael Boman
 
Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDS
Michael Boman
 
SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)
Michael Boman
 
Wardriving
WardrivingWardriving
WardrivingMonika Deswal
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
Anton Chuvakin
 
Ipfire open source firewall
Ipfire open source firewallIpfire open source firewall
Ipfire open source firewallsaing sab
 
IPCop Firewall
IPCop FirewallIPCop Firewall
IPCop Firewall
Mohammed Farrah
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
Narudom Roongsiriwong, CISSP
 
Backtrack
BacktrackBacktrack
Backtrack
One97 Communications Limited
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linux
mariuszantal
 
Backtrack
BacktrackBacktrack
Backtrack
n|u - The Open Security Community
 
Snort
SnortSnort
Snort
Fadwa Gmiden
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linux
Helder Oliveira
 
L14 More Wireless Hacking: Cracking Wired Equivalent Privacy (WEP) it-slidesh...
L14 More Wireless Hacking: Cracking Wired Equivalent Privacy (WEP) it-slidesh...L14 More Wireless Hacking: Cracking Wired Equivalent Privacy (WEP) it-slidesh...
L14 More Wireless Hacking: Cracking Wired Equivalent Privacy (WEP) it-slidesh...
phanleson
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
Sandeep Yadav
 
Firewalls
FirewallsFirewalls
Firewalls
Kalluri Madhuri
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
arushi bhatnagar
 
2014 Security Onion Conference
2014 Security Onion Conference2014 Security Onion Conference
2014 Security Onion Conference
DefensiveDepth
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
Fredrick Hall
 
Snort IDS
Snort IDSSnort IDS
Snort IDS
primeteacher32
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selection
amiable_indian
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort webhostingguy
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense Firewall
Huda Seyam
 
Security Onion
Security OnionSecurity Onion
Security Onion
johndegruyter
 
Security onion
Security onionSecurity onion
Security onion
Kaustubh Padwad
 
Hacker tool talk: kismet
Hacker tool talk: kismetHacker tool talk: kismet
Hacker tool talk: kismet
Chris Hammond-Thrasher
 
Intro to firewalls
Intro to firewallsIntro to firewalls
Intro to firewalls
Joshua Johnston
 

More Related Content

What's hot

IPCop Firewall
IPCop FirewallIPCop Firewall
IPCop Firewall
Mohammed Farrah
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
Narudom Roongsiriwong, CISSP
 
Backtrack
BacktrackBacktrack
Backtrack
One97 Communications Limited
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linux
mariuszantal
 
Backtrack
BacktrackBacktrack
Backtrack
n|u - The Open Security Community
 
Snort
SnortSnort
Snort
Fadwa Gmiden
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linux
Helder Oliveira
 
L14 More Wireless Hacking: Cracking Wired Equivalent Privacy (WEP) it-slidesh...
L14 More Wireless Hacking: Cracking Wired Equivalent Privacy (WEP) it-slidesh...L14 More Wireless Hacking: Cracking Wired Equivalent Privacy (WEP) it-slidesh...
L14 More Wireless Hacking: Cracking Wired Equivalent Privacy (WEP) it-slidesh...
phanleson
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
Sandeep Yadav
 
Firewalls
FirewallsFirewalls
Firewalls
Kalluri Madhuri
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
arushi bhatnagar
 
2014 Security Onion Conference
2014 Security Onion Conference2014 Security Onion Conference
2014 Security Onion Conference
DefensiveDepth
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
Fredrick Hall
 
Snort IDS
Snort IDSSnort IDS
Snort IDS
primeteacher32
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selection
amiable_indian
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort webhostingguy
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense Firewall
Huda Seyam
 
Security Onion
Security OnionSecurity Onion
Security Onion
johndegruyter
 
Security onion
Security onionSecurity onion
Security onion
Kaustubh Padwad
 

What's hot (20)

IPCop Firewall
IPCop FirewallIPCop Firewall
IPCop Firewall
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
 
Backtrack
BacktrackBacktrack
Backtrack
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linux
 
Backtrack
BacktrackBacktrack
Backtrack
 
Snort
SnortSnort
Snort
 
Hack wifi password using kali linux
Hack wifi password using kali linuxHack wifi password using kali linux
Hack wifi password using kali linux
 
L14 More Wireless Hacking: Cracking Wired Equivalent Privacy (WEP) it-slidesh...
L14 More Wireless Hacking: Cracking Wired Equivalent Privacy (WEP) it-slidesh...L14 More Wireless Hacking: Cracking Wired Equivalent Privacy (WEP) it-slidesh...
L14 More Wireless Hacking: Cracking Wired Equivalent Privacy (WEP) it-slidesh...
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
 
Firewalls
FirewallsFirewalls
Firewalls
 
Wireless hacking
Wireless hackingWireless hacking
Wireless hacking
 
2014 Security Onion Conference
2014 Security Onion Conference2014 Security Onion Conference
2014 Security Onion Conference
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
 
Snort IDS
Snort IDSSnort IDS
Snort IDS
 
FireWall
FireWallFireWall
FireWall
 
Attacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network SelectionAttacking Automatic Wireless Network Selection
Attacking Automatic Wireless Network Selection
 
Intrusion Detection System using Snort
Intrusion Detection System using Snort Intrusion Detection System using Snort
Intrusion Detection System using Snort
 
Snort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense FirewallSnort Intrusion Detection / Prevention System on PFSense Firewall
Snort Intrusion Detection / Prevention System on PFSense Firewall
 
Security Onion
Security OnionSecurity Onion
Security Onion
 
Security onion
Security onionSecurity onion
Security onion
 

Similar to Hacker tool talk: kismet

Hacker tool talk: kismet
Hacker tool talk: kismetHacker tool talk: kismet
Hacker tool talk: kismet
Chris Hammond-Thrasher
 
Intro to firewalls
Intro to firewallsIntro to firewalls
Intro to firewalls
Joshua Johnston
 
wirelesssecurity materialwirelesssecurity materialwirelesssecurity material
wirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity material
wirelesssecurity materialwirelesssecurity materialwirelesssecurity material
Nune SrinivasRao
 
L27
L27L27
L27
NathannyabvureMapisa
 
Alice and bob: Love & the most important crypto on the net
Alice and bob: Love & the most important crypto on the netAlice and bob: Love & the most important crypto on the net
Alice and bob: Love & the most important crypto on the net
Chris Hammond-Thrasher
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
WSO2
 
Hack one iot device, break them all!
Hack one iot device, break them all!Hack one iot device, break them all!
Hack one iot device, break them all!
Justin Black
 
BOSNOG NAC stack 2018
BOSNOG NAC stack 2018BOSNOG NAC stack 2018
BOSNOG NAC stack 2018
GENIANS, INC.
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
Santhosh Kumar
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools i
Syaiful Ahdan
 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud Environment
ShapeBlue
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
veerababu penugonda(Mr-IoT)
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009
dnomura
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdf
ParasPatel967737
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdf
KalsoomTahir2
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdf
ParvezAhmed59842
 
25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloud25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloud
shira koper
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
B.A.
 

Similar to Hacker tool talk: kismet (20)

Hacker tool talk: kismet
Hacker tool talk: kismetHacker tool talk: kismet
Hacker tool talk: kismet
 
Intro to firewalls
Intro to firewallsIntro to firewalls
Intro to firewalls
 
wirelesssecurity materialwirelesssecurity materialwirelesssecurity material
wirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity material
wirelesssecurity materialwirelesssecurity materialwirelesssecurity material
 
L27
L27L27
L27
 
Alice and bob: Love & the most important crypto on the net
Alice and bob: Love & the most important crypto on the netAlice and bob: Love & the most important crypto on the net
Alice and bob: Love & the most important crypto on the net
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
 
Hack one iot device, break them all!
Hack one iot device, break them all!Hack one iot device, break them all!
Hack one iot device, break them all!
 
BOSNOG NAC stack 2018
BOSNOG NAC stack 2018BOSNOG NAC stack 2018
BOSNOG NAC stack 2018
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoT
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools i
 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud Environment
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdf
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdf
 
ML13198A410.pdf
ML13198A410.pdfML13198A410.pdf
ML13198A410.pdf
 
25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloud25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloud
 
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
 
DGRZETICH_TDC531_Presentation
DGRZETICH_TDC531_PresentationDGRZETICH_TDC531_Presentation
DGRZETICH_TDC531_Presentation
 

More from Chris Hammond-Thrasher

Six health privacy experiments that should *NEVER* be caried out
Six health privacy experiments that should *NEVER* be caried outSix health privacy experiments that should *NEVER* be caried out
Six health privacy experiments that should *NEVER* be caried out
Chris Hammond-Thrasher
 
Spiritualists, magicians and security vendors
Spiritualists, magicians and security vendorsSpiritualists, magicians and security vendors
Spiritualists, magicians and security vendors
Chris Hammond-Thrasher
 
hackers vs suits
hackers vs suitshackers vs suits
hackers vs suits
Chris Hammond-Thrasher
 
Introduction to Green IT
Introduction to Green ITIntroduction to Green IT
Introduction to Green IT
Chris Hammond-Thrasher
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
Chris Hammond-Thrasher
 
Hacker tool talk: maltego
Hacker tool talk: maltegoHacker tool talk: maltego
Hacker tool talk: maltego
Chris Hammond-Thrasher
 
Open Source Library Software
Open Source Library SoftwareOpen Source Library Software
Open Source Library Software
Chris Hammond-Thrasher
 
Infosec Workshop - PacINET 2007
Infosec Workshop - PacINET 2007Infosec Workshop - PacINET 2007
Infosec Workshop - PacINET 2007
Chris Hammond-Thrasher
 
Popular GIS: a webliography
Popular GIS: a webliographyPopular GIS: a webliography
Popular GIS: a webliography
Chris Hammond-Thrasher
 
Popular GIS
Popular GISPopular GIS
Popular GIS
Chris Hammond-Thrasher
 
How hackers do it
How hackers do itHow hackers do it
How hackers do it
Chris Hammond-Thrasher
 

More from Chris Hammond-Thrasher (11)

Six health privacy experiments that should *NEVER* be caried out
Six health privacy experiments that should *NEVER* be caried outSix health privacy experiments that should *NEVER* be caried out
Six health privacy experiments that should *NEVER* be caried out
 
Spiritualists, magicians and security vendors
Spiritualists, magicians and security vendorsSpiritualists, magicians and security vendors
Spiritualists, magicians and security vendors
 
hackers vs suits
hackers vs suitshackers vs suits
hackers vs suits
 
Introduction to Green IT
Introduction to Green ITIntroduction to Green IT
Introduction to Green IT
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
 
Hacker tool talk: maltego
Hacker tool talk: maltegoHacker tool talk: maltego
Hacker tool talk: maltego
 
Open Source Library Software
Open Source Library SoftwareOpen Source Library Software
Open Source Library Software
 
Infosec Workshop - PacINET 2007
Infosec Workshop - PacINET 2007Infosec Workshop - PacINET 2007
Infosec Workshop - PacINET 2007
 
Popular GIS: a webliography
Popular GIS: a webliographyPopular GIS: a webliography
Popular GIS: a webliography
 
Popular GIS
Popular GISPopular GIS
Popular GIS
 
How hackers do it
How hackers do itHow hackers do it
How hackers do it
 

Recently uploaded

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 

Recently uploaded (20)

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 

Hacker tool talk: kismet

  • 1. Hacker tool talk: Kismet CIPS Edmonton Dinner Meeting – October 2011 “Security through knowledge” Chris Hammond-Thrasher chris.hammond-thrasher <at> ca.fujitsu.com Fujitsu Edmonton Security Lab October 2011 Fujitsu Edmonton Security Lab 1
  • 2. • Network: Fool-open • http://kismet.nfshost.com/ Fujitsu Edmonton Security Lab 2
  • 3. Agenda • Why are we here? • Setting up a wireless security lab • About Kismet • Installing Kismet • Kismet demo • What’s next? Fujitsu Edmonton Security Lab 3
  • 4. Why are we here? Fujitsu Edmonton Security Lab 4
  • 5. Ethics and motives “Every single scam in human history has worked for one key reason; the victim did not recognize it as a scam.” - R. Paul Wilson Fujitsu Edmonton Security Lab 5
  • 6. Setting up a wireless security lab Fujitsu Edmonton Security Lab 6
  • 7. Wireless security lab reqs • It’s actually pretty easy to setup – Wireless access point (AP) • Recommendation: Almost any will do – Attack/dev box • Wireless card and driver that supports packet injection • On Windows there is only one choice: AirPCAP from CACE (starting at US $200) • PCAP compliant network packet analyzer • Aircrack-ng wireless cracking and audit suite • Recommendation: OS: Backtrack Linux, Packet tool: Wireshark, H/W: ALFA AWUS36H for 802.11b/g (~$40) – Target box • Wireless card and driver compatible with your AP – Logging/monitoring box (Optional) • Wireless card and driver that supports monitor mode Fujitsu Edmonton Security Lab 7
  • 8. Choices • If you have a shortage of hardware, you can employ virtualization to cut down on the number of boxes in your lab. However,VMs can only use USB wireless cards. • Booting from a Backtrack DVD or other bootable device is often the best option for the attack/dev box; it has Kismet and drivers for many wireless chipsets. Fujitsu Edmonton Security Lab 8
  • 9. Caution • Unless your lab is in a rural area or in a Faraday cage, there will be innocent networks within range of your equipment • You are welcome to attack your own equipment, but attacking others’ networks without permission is potentially illegal Fujitsu Edmonton Security Lab 9
  • 10. About Kismet Fujitsu Edmonton Security Lab 10
  • 11. History • Kismet is one of the longest running and most successful open source wireless tool projects – dates back to the early 2000s • The Kismet project is lead by Dragorn (aka Mike Kershaw) • It was originally created to fill a void for an affordable full featured wireless scanner • Kismet-newcore is the recently released total rewrite of Kismet • Kismet-newcore is included in the latest Backtrack 4 release Fujitsu Edmonton Security Lab 11
  • 12. Features • Kismet is a passive 802.11a/b/g/n network sniffer (assuming you have the right drivers and hardware) • Broad support for wireless chip sets and reliable driver auto- detection • ncurses interface • GPS integration (+ Google Earth KML mapping tool) • Packet capture • Wireless protocol dissection and analysis • Some wireless IDS features • Can be deployed in a distributed architecture with remote sensors (drones) linked to a central console • Extensible plug-in framework (WEP crack and DECT sniffing via plug-ins) • Free (as in beer and speech) Fujitsu Edmonton Security Lab 12
  • 13. Kismet vs. others • Kismet passively monitors wireless networks – it never transmits – Cannot be detected – Can see non-beaconing networks if they are in use – Recovers cloaked SSIDs by listening to connection handshakes • Stumblers broadcast probes and listen for responses – Can be detected – Find many networks faster – Cannot find non-beaconing networks – Cannot recover cloaked SSIDs – Cannot packet capture Fujitsu Edmonton Security Lab 13
  • 14. Legit uses of Kismet • Site survey planning and measurement – "Do we have enough coverage?“ • Security auditing – "Does the network comply with policy?“ • Penetration Testing and Vulnerability Assessment – "What opportunities are there to exploit the network?“ • Security Monitoring and IDS Analysis – "Is someone attacking my network?" Fujitsu Edmonton Security Lab 14 Props to Josh Wright for this slide
  • 15. h4X0r$ • Undetectable eavesdropping – “Do you have unencrypted data on the airwaves?” • Undetectable WEP cracking (with plug-in) – “Do you ‘protect’ your data with the worst encryption protocol ever published by the IEEE?”* • Undetectable reconnaissance in advance of another attack – “Do you reveal any vulnerabilities that I can exploit?” * Bill Arbaugh of the University of Maryland Computing Science department uses WEP as an example of how not to design a cryptographic protocol. Fujitsu Edmonton Security Lab 15
  • 16. Installing Kismet Fujitsu Edmonton Security Lab 16
  • 17. Choices • Easiest: Get latest Backtrack (BT5R1 right now) http://www.backtrack-linux.org/downloads/ • Linux power user: Use your distro’s package manager to install the latest binary sudo apt-get install kismet • Windows power user (with AirPCAP adaptor): Get the latest win32 installer from the Kismet site http://www.cacetech.com/downloads.html • Developer: Get latest snapshot from svn and compile with gcc svn co https://www.kismetwireless.net/code/svn/trunk kismet cd kismet ./configure --prefix=/opt && make && make install Fujitsu Edmonton Security Lab 17
  • 18. Kismet demo Fujitsu Edmonton Security Lab 18
  • 19. Kismet demo • Starting it up • Tour through Kismet screens • Eavesdropping on open networks • [Cracking WEP keys] Fujitsu Edmonton Security Lab 19
  • 20. What’s next Fujitsu Edmonton Security Lab 20
  • 21. Learn more • Read Josh Wright’s much better (but slightly dated) intro to Kismet http://www.willhackforsushi.com/presentations/budget-wireless- assessment-newcore.pdf • Read Josh Wright’s book https://www.amazon.ca/Hacking-Exposed-Wireless-Second- Johnny/dp/0071666613/ref=sr_1_8?ie=UTF8&qid=1291838235&sr=8-8 Fujitsu Edmonton Security Lab 21
  • 22. Act locally • At home – Turn on WPA2 PSK using a strong password – Try using Kismet on your laptop to determine your home network range – note that the range at which you can listen to your network is different from the range at which you can connect to your network – Use Kismet to audit your community league, church, friend’s store, parents’ networks to make sure they are configured securely Fujitsu Edmonton Security Lab 22
  • 23. Act locally • At home – Watch your network for high volumes of retransmitted packets – this may indicate interference from nearby networks or other wireless devices (or your microwave) – Warwalk your neighborhood to determine the channel with the least interference for your home network – Use Kismet to help diagnose wireless network connectivity issues Fujitsu Edmonton Security Lab 23
  • 24. Final Thoughts • SSID broadcast: yes or no? • SSID cloaking? • MAC address filtering? • Understanding Open vs WEP vs WPA2* * The EFF advocates for Open - https://www.eff.org/deeplinks/2011/04/open-wireless-movement Fujitsu Edmonton Security Lab 24
  • 26. Cryptanalysis Procedure Every deck has the same cards with the same letters. For the sake of fairness it is important to follow this procedure to the letter. 1. Unpack your special deck being careful to not alter the order of the cards 2. Hold the deck face down in whichever hand is the most comfortable 3. Deal exactly 24 cards off of the top of the deck face down onto the table forming a single pile 4. Riffle shuffle the two packs together *just once* (If you cannot riffle, ask for help) 5. Now deal down exactly 12 cards off the top of the deck onto the table forming a single pile 6. Do this three more times to form 4 piles 7. When your facilitator signals, look at your cards and try to use up all of your letters spelling one or more English words. Proper nouns and common acronyms are fair game. Cards labeled “space” can be used as a space between two words. Fujitsu Edmonton Security Lab 26
  • 27. Thank you! Want more presentations like this? Is there a particular tool or hack that you would like to see demoed? Chris Hammond-Thrasher Fujitsu Edmonton Security Lab Email: chris.hammond-thrasher <at> ca.fujitsu.com Twitter: @thrashor Fujitsu Edmonton Security Lab 27