Wi-Fi survey and resource scan

From Inforail
Jump to: navigation, search

Keywords

security, Wi-Fi, survey, war-driving, scanning, fingerprinting 

WARNING
Some parts of this assignment will bring you close to an ethical line
that must not be crossed. The purpose of the exercise is to discover
what kind of information is inadvertently shared, not to use or abuse
that data.

Wifi-chisinau.jpg

A map of known Wi-Fi access points in Chișinău. This is what the map looks like in December 2014, perhaps you and your colleagues can help extend it.


Objectives

  • Scan a region for Wi-Fi networks
  • Determine whether private information is shared and is available
    • without authentication
    • or is weakly protected


Workflow

  • Scan a region for Wi-Fi networks
  • When an open network is found, connect to it
    • Scan it for hosts
      • For each host, scan it for open ports
      • Determine the service handled via that port
      • For services related to file-sharing (e.g CIFS/Samba/NetBIOS or FTP)
        • Attempt to connect as a guest user
        • If that fails, try some typical passwords (as discussed in the The password cracking challenge)
        • Retrieve a list of shares and their contents
        • DO NOT view the contents of those files, simply establishing their presence is enough.


Document your work

Explain:

  • Which tools you used
  • What methods you applied to detect hosts on a network
  • What types of files you found laying around unprotected

Prepare your conclusions:

  • security recommendations for people who want to protect their data
    • a poster that fits on a single A4 page
    • it hast to be aimed at non tech-savvy people
  • recommendations for security researchers on how to more effectively find the data of the people mentioned in the previous point

Grading policy

  • 6 - show me a list of Wi-Fi access points you've personally discovered
  • 7 - document your workflow
  • 8 - poster with security recommendations for non tech-savvy users
  • 9 - recommendations for increasing the chances of finding targets to exploit
  • 10 - plan and describe a scenario in which you leverage an open Wi-Fi access point in order to obtain a person's debit card information.

Notes:

  • You can get a maximum grade even if you don't discover resources that contain any form of data available to the public; as long as your effort is clearly documented. Your report can include other interesting details, such as an analysis of names of access points, their density, the channels used, the most common operating systems on the machines in the networks you found, etc.
  • If I find one error that could have been easily detected by a spelling-checker, I will stop reading the report. You'll have to update it and come again on another day.

Self-test questions

  • How can a security researcher be manipulated via publicly available data?
  • What is a honeypot?
  • What is spoofing
  • What is DNS hijacking?
  • How to build a list of hosts on a given network?
  • How to hide open ports from potential attackers, while leaving them accessible to legitimate users?
  • What is OS fingerprinting?
  • Why is it important not to view the files you might find?

Tools

  • NMap
  • Wigle
  • Hydra


References

Retrieved from "https://info.railean.net/index.php?title=Wi-Fi_survey_and_resource_scan&oldid=391"