Hacking Wireless Networks For Dummies
.pdf
50 |
Part I: Building the Foundation for Testing Wireless Networks |
10.Select the packages you want to install. Click Next.
If you want them all, click Default beside the word All under Category.
The word Default appears next to many categories. Clicking this word more than once produces a range of results: Click it once, and it changes to Install. Click again, and it’s Reinstall. Click it again, and it’s Uninstall. Click one last time, and you are back at Default. We suggest you select Install. Installing everything takes up approximately 1 gigabyte. If you don’t have the available space, select only those categories you think you will need.
If you choose to install everything, it can take a long time. Obviously, how long depends on the bandwidth of your connection to the Internet. It also depends on the speed of your processor. But trust us, when you install everything, it takes time, so prepare yourself for a long wait. Should you choose not to install a package at this time, you can always do so at a later time. Rerun the setup.exe program and install those programs you now want.
While Cygwin installs, the progress window shown in Figure 4-5 tracks your progress as it downloads the various components.
When the setup is complete, you see the window shown in Figure 4-6.
Figure 4-5:
Cygwin downloading.
11.If you want to create desktop or Start menu icons, select (or deselect) the appropriate options. Click Finish.
That’s it. You are now the proud owner of Cygwin.
Chapter 4: Amassing Your War Chest |
51 |
Figure 4-6:
Creating desktop and Start menu icons.
Go to your desktop and double-click the Cygwin icon. Cygwin starts, and you should see a window like the one shown in Figure 4-7.
Figure 4-7:
Cygwin window.
52 |
Part I: Building the Foundation for Testing Wireless Networks |
Cygwin presents you with a command prompt. This is a bash shell. The Cygwin user is the same as the Windows user. If you want to see what Cygwin has mounted for you, in addition to the contents of the c:/cygwin directory you created, type df at the prompt. The c:/cygwin directory is the root directory.
You have the opportunity to try some of the UNIX tools in later chapters. But just to get started, type uname –a at the prompt. Try an ls -al command. Ever cursed Windows because you couldn’t easily find out what processes are executing? Well, you just have to execute the ps –aWl command. (You might want to pipe (>) the output to a file.) If you’re not familiar with UNIX commands, then you need to get a good UNIX book. Why not start with UNIX For Dummies, 5th Edition, by John Levine and Margaret Levine Young (Wiley)?
Cygwin has a couple of drawbacks:
You have to use the UNIX version it gives you.
You cannot run other operating systems.
That’s a pretty short list considering that Cygwin is free (it is distributed under the GNU Public License). However, should you feel flush, you can move up to VMware.
Setting up VMware
VMware allows you to run simultaneous operating systems. The VM in VMware stands for virtual machine. You install a host operating system, such as Windows XP, and then install VMware Workstation on top of it. Then you install the guest operating system in VMware. The virtual machine is similar to your real machine: You can power it on and off, and it boots up just like the real thing. As a guest operating system, VMware allows you to install anything that runs on the Intel x86 architecture. This means you can install Solaris x86, Windows 2003 Server, Red Hat Linux, SUSE Linux, or any other operating system you choose. Still need to test Windows 98 programs? Use VMware. The only thing stopping you from running every operating system known to man is disk space and real memory.
You can download VMware from www.vmware.com. It takes up approximately 21MB.
Hover your cursor over the Products link at the top of the page and select the VMware Workstation link from the resulting drop-down list. If you click the red Buy Now button at the top, you go to the VMware Store, where you find out that VMware Workstation for Windows costs $189. After you use the software for a while, you’ll agree this is a good price. (You can get a 30-day trial if you are not convinced.)
After you download VMware, it installs like any Windows application. Just follow the installation wizard.
Chapter 4: Amassing Your War Chest |
53 |
During the download process, you might see a warning message to disable AutoRun. VMware doesn’t like the CD-ROM AutoRun feature. (From a security standpoint, you shouldn’t either.) Agreeing with VMware and disabling AutoRun is a good idea.
When the installation is complete, you need to reboot your machine. Now you are ready to add some guests or virtual machines. Installing new machines is easy:
1.Start VMware.
You see a window like the one shown in Figure 4-8.
Figure 4-8:
VMware
Workstation
opening
window.
2.Click the New Virtual Machine icon.
This starts the process of creating your first virtual machine. The New Virtual Machine wizard appears.
3.Click Next.
4.Select Typical and click Next.
The Select a Guest Operating System window appears.
5.Select the OS you want to install.
You have a choice of the following:
•Microsoft Windows
•Linux
•Novell Netware
•Sun Solaris
•Other
54 |
Part I: Building the Foundation for Testing Wireless Networks |
If you select Other, you can install FreeBSD. Many good tools run on BSD. If you select Linux, you can select a Linux version from the drop-down box.
6.Select the version you have and click Next.
7.Type a name for your guest in the Virtual Machine Name box. Then click Next.
You can create any name you want, so pick one that is meaningful to you. Also, decide where you want to store the image. Leave the default unless you have a compelling reason not to do so.
8.Select the Network Type. Click Next.
We suggest that you select Use Bridged Networking because it allows you to talk to your host operating system.
9.Specify Disk Capacity.
Virtual machines have virtual disks. You can pick any size you want as long as you have the available space. We recommend you leave the default of 4GB and leave the two other boxes deselected.
10.Click Finish.
However, you are not quite finished because you don’t have a system image.
You should see the window shown in Figure 4-9.
Figure 4-9:
Red Hat
Linux tab.
You now have a big choice. You can start the VM and install Red Hat Linux from a CD-ROM, or you can point to an ISO image. For this exercise, we’ll do the latter.
Chapter 4: Amassing Your War Chest |
55 |
11.From the Commands panel, click Edit Virtual Machine Settings.
VMware presents the window shown in Figure 4-10.
12.Click CD-ROM.
If you want to install the operating system from a CD, then skip to Step 14.
Figure 4-10:
Virtual
Machine
settings.
13.From the right-hand pane, select Use ISO image.
14.Click the Browse button and find your ISO image. Click OK.
15.Click Start This Virtual Machine from the left-hand pane.
When you do this, you see a familiar display: The VM goes through the POST routine, does a memory check, and then boots itself.
Cygwin and VMware are wonderful tools, but you need to install them on your system; they won’t run any other way. If you don’t want to install software on your system, you can use products like Knoppix and WarLinux that boot from a diskette or a CD.
Linux distributions on CD
The following solutions are different from the partitioning and emulation solutions discussed above. What makes them different is that you don’t need to install them on your system: They boot and run completely from a CD.
Knoppix, for instance, runs from a CD based on the Linux 2.6.x kernel. It is a free and Open Source GNU/Linux distribution. You don’t need to install
56 |
Part I: Building the Foundation for Testing Wireless Networks |
anything on a hard disk; it’s not necessary. Knoppix has automatic hardware detection and support for many graphics cards, sound cards, SCSI and USB devices, and other peripherals. It includes recent Linux software, the K Desktop Environment (KDE), and programs such as OpenOffice, Abiword, The Gimp (GNU Image Manipulation Program), the Konqueror browser, the Mozilla browser, the Apache Web server, PHP, MySQL database, and many more quality open-source programs. Knoppix offers more than 900 installed software packages with over 2,000 executable user programs, utilities, and games.
You can download Knoppix (it is approximately 700 MB) or you can buy it from a CD distributor. Knoppix is available for download from www.knoppix. net/get.php. It’s also included on a DVD in Knoppix For Dummies by Paul Sery (Wiley).
Knoppix is not the only distribution of Linux that fits on a CD. Consider also using one of the following Linux CD distributions:
Cool Linux CD: http://sourceforge.net/project/showfiles. php?group_id=55396&release_id=123430
DSL (Damn Small Linux): www.damnsmalllinux.org
GNU/Debian Linux: www.debian.org
SLAX: http://slax.linux-live.org
WarLinux: http://sourceforge.net/projects/warlinux
WarLinux is a special Linux distribution made for wardrivers. It is available on either a disk or bootable CD. The developer of WarLinux intended systems administrators to use it to audit and evaluate their wireless network installations.
Stumbling tools
In the methodology Kevin describes in his book, Hacking For Dummies (Wiley), and in the OSSTMM and ISSAF methods discussed in Chapter 2, the first step in ethical hacking is the same: reconnaissance. The best type of tool for reconnaissance is wardriving software. Programs like NetStumbler and Kismet help you find access points. Refer to Chapters 9 and 10 for more on the various stumbling tools.
You got the sniffers?
Stumbling tools help you find the access points, but that’s not enough. You need to peek into the transmitted frames. If the frames are unencrypted, of course, then this is an easy task. But when the frames are encrypted, you
Chapter 4: Amassing Your War Chest |
57 |
The origin of the word sniffer
The term sniffer came from a product called Sniffer that was manufactured and marketed by a company named Data General. Unfortunately for Data General, the name of their product has become the generic name for this type of software. (Ask the various companies whose
products had the same thing happen to them — Aspirin, Kleenex, and Zipper — and they’ll tell you this is not a good thing.) Still, you might hear these products referred to as network analyzers, data analyzers, protocol analyzers, packet analyzers, data line monitors, or network monitors.
need to decrypt the frame before you can look at it. This type of decryption software is generally called a sniffer.
Many freeware and commercial sniffer products are floating around out there. Some run on Windows, and others run on Linux. Two of the more popular sniffers are Ethereal and AiroPeek, which we cover in Chapter 8.
Picking Your Transceiver
Wireless Networks For Dummies (Wiley) provides information on the various form factors for your clients. You have lots of options to choose from. Picking your wireless network interface card or transceiver depends on the operating system you choose. When NetStumbler and Kismet first came out, there were two chipsets for wireless NICs: Hermes and Prism2. As a general rule, if you decide to use NetStumbler, you want a card based on the Hermes chipset. Kismet, on the other hand, works best with a Prism2 (Intersil) card. If you are prepared to do a kernel modification, then Hermes cards will work with Kismet.
Determining your chipset
Don’t know whether you have a Prism2 chipset or a Hermes chipset? The following PC Card manufacturers use the Prism2 chipset:
3Com |
|
Farallon |
Addtron |
|
GemTek |
AiroNet |
|
Intel |
Bromax |
|
LeArtery Solutions |
Compaq WL100 |
|
Linksys |
D-Link |
|
Netgear |
|
58 |
Part I: Building the Foundation for Testing Wireless Networks |
Nokia |
|
SMC |
Nortel |
|
Symbol |
Samsung |
|
Z-Com |
Senao |
|
Zoom Technologies |
Siemens |
|
|
Further, if you have a Prism2 chipset, you may see a computer with antenna icon in the System Tray, as shown in Figure 4-11.
Prism2 icon
Figure 4-11:
Prism2 icon.
The following PC Card manufacturers use the Hermes (Lucent) chipset:
1stWave |
|
Compaq WL110 |
Agere/ORiNOCO/ |
|
Dell |
Proxim |
|
ELSA |
Alvarion |
|
|
|
Enterasys |
|
Apple |
|
|
|
HP |
|
ARtem |
|
|
|
IBM |
|
Avaya |
|
|
|
SONY |
|
Buffalo |
|
|
|
Toshiba |
|
Cabletron |
|
|
|
|
Much like the Prism2 chipset, if you have a Hermes (Lucent) chipset, you will see an icon in the System Tray, as shown in Figure 4-12.
Hermes icon
Figure 4-12:
Hermes icon.
To find information for your Hermes chipset, visit www.hpl.hp.com/personal/ Jean_Tourrilhes/Linux/Wireless.html and look for “orinoco.”
Chapter 4: Amassing Your War Chest |
59 |
Buying a wireless NIC
When purchasing a wireless NIC, look for one that supports an external antenna. Figure 4-13 depicts an ORiNOCO card with an external antenna connector on the top. In this figure, the built-in antenna is the black plastic part on the end.
External antenna connector
Figure 4-13:
ORiNOCO
Gold Classic
card.
The ORiNOCO Gold Classic card from either Agere or Lucent is a popular card with wireless hackers because it has an external antenna connector and works with both Kismet and NetStumbler. Take care when buying new ORiNOCO cards. ORiNOCO is now owned by Proxim, which came out with an ORiNOCO card not based on the Hermes chipset. The Hermes card is still available, but it is usually sold as the ORiNOCO Gold Classic.
You can find a somewhat dated but useful comparison of the wireless cards and their chipsets at Seattle Wireless: www.seattlewireless.net/index. cgi/HardwareComparison.
Extending Your Range
Antennae are generally optional, but if you want to test the boundary of your wireless signal, they are a must. Many companies that sell PC wireless NIC cards also sell antennae. But many of these cards do not come equipped with a jack to plug in the antenna. Many people have resorted to modifying these PC cards to add jacks or soldering wires to the built-in antennas of their cards. Check out eBay for examples.