No announcement yet.

Wireless Weapons of Mass Destruction for Windows

  • Filter
  • Time
  • Show
Clear All
new posts

  • Wireless Weapons of Mass Destruction for Windows

    HERE are my latest slides and code for the talk I gave at ToorCon (, which is a VERY cool security conference held annually in San Diego. From the ToorCon website and program:

    "Wireless Weapons of Mass Destruction for Windows

    If implementing wireless network security mechanisms doesn't kill you, managing enterprise wireless network security probably will. Whether it's deploying distributed networks of dedicated rogue AP detection devices, building automated articulating yagis, or walking all over campus with Netstumbler on a weekly basis, the costs in hardware and personal time needed to combat the rogue AP threat can become staggering! Well, things are about to get better. Ok. Maybe not. Beetle demonstrates how to do all sorts of crazy Wi-Fi things in Windows--good AND bad. How about iwconfig for XP? Nifty. Hotspot Defense Kit for Windows? No problemo. Fast and easy Windows enterprise monitoring for users that are dual-homed with wireless enabled while plugged in to your intranet? Nice! Hard-hitting worms that create global ad-hoc wireless networks that drive rogue AP watchdogs mad? Mmmm, not so nice. Or how about code that let's you sit in one place and discover every wireless network on the planet? Ouch. That's GOTTA hurt. Talk about the END of war-driving OR war-walking as we know it. Beetle has found Weapons of Mass Destruction! w00t! They're wireless! They're for Windows! And they're in San Diego--not Saddam's backyard, baby! New tips, new tools, and oh dear, new silly terminology from the Shmoo Group. 'War-lounging' anyone?"

    Basically, these programs are some examples of nifty and evil wireless things you can do with Windows XP via Windows Management Instrumentation (WMI).

    Brief breakdown:

    wifiwmd4win32.sxi - Slides in OpenOffice format.
    wifiwmd4win32.pdf - slides in PDF format.
    HotspotDK - Windows binary & source thanks to Scott Tenaglia, a.k.a. "Intern",
    iwconfig for XP - Windows binary & source. Older VBScript version, too.
    SSidScan.vbs - Simple and small SSID scanner for Windows.
    WiFiLocalSignal.vbs - Local current SSID, BSSID, and RSSI monitor.
    WiFiRemoteSignal.vbs - Current SSID, BSSID, and RSSI of REMOTE system.
    ssidscan.exe - Windows binary & source SSID scanner--has RSSI values, too.
    ssidpeek.exe - Windows binary & source SSID scanner of REMOTE system.
    WiFiMultiHome.vbs - Local check if connected to a WLAN while connected to a wired LAN.
    WiFiMultiHomeLogon.vbs - Multi-home check suitable for logon script that post results to share.
    WarLounge.vbs - Suitable friendly distributed app or worm-ready code to perform a global wardrive.

    C# stuff needs .NET framework to run the binary or .NET SDK to compile from source. VBscript stuff should just run with cscript <filename> from any command prompt.

    Tested with Senao cards. Limited testing / results with Orinoco, Netgear, D-Link, and Cisco cards. No testing with USB wireless adapters.

    NOTE: I recommend having Wireless Zero Configuration Service enabled in XP for these scripts, as well as making sure "force guest" is disabled in XP Pro's local security policy if attempting to run the tools on a remote system that's part of a Workgroup instead of a Domain.


    See you at ShmooCon ( 2005!



  • #2
    Nice, very interesting. Learned quite a bit, thanks


    • #3
      The talk was great, glad to have been there, and onward to ShmooCon!
      Ulch - that meat was tainted! You feel deathly sick.
      Its ok, you don't like everything, and everyone doesn't like you, so it balances out.