Now my WiFi router was in place and working like a dream, I wanted to test how secure my connection was. I downloaded BackTrack (used for penetration testing) from the Remote Exploit website. I'd previously  had WHAX, but hadn't actually done anything with it apart from installing it. At the time I couldn't remember why I didn't progress with the software any further.
I checked on the net to see if my on-board WiFi chipset was supported by BackTrack (check here). Much to my frustration, it wasn't. It then occurred to me why I had not progressed with WHAX. Off I popped to, as you should know by now, my local 'IT' shop - Staples. On my way I remembered reading in a few forums that either Linksys or Netgear work fine. When I arrived I went straight across to the Wireless section and as per the norm everything was scattered around, so it was anyone's guess which price goes with which item.
Looking at the kit I decided that I wanted to try out a 125Mbit USB WiFi adapter for my PC - just to see what sort of difference it made to the WLAN speed. The only one that matched that requirement was the Belkin adapter; however, this is a Broadcom chipset and it wouldn't work with BackTrack. I got it anyway. Now, it was time for one for the task in hand. Linksys had a PCMCIA card (as I was only going to use it with my laptop) for £29.99. Grabbing that and the Belkin I clocked the security guard looking at me either confused as to why I had got two or concerned that I was actually carrying an Uzi under my jacket. I'm sure it was the latter because I doubt he even knew what WiFi was. For those who didn’t know, it means Wireless Fidelity.
When I arrived at the counter the check-out assistant asked me which one I wanted. I wanted both, which is why I got both! You don't get to the checkout in Tescos with a brown and a white loaf and get asked the same. I didn't ask him any chipset related questions, as I knew it might have been too much for him, and besides I would have looked a tad geeky.
Purchase sorted I walked out of the main doors only for the security alarm to go off. Sheepishly I turned and looked at the security guard for him to just gesticulate with his arm that it was alright for me to proceed.
As soon as I was home, I checked for the Linksys model number to see if it was compatible. Bloody hell, it wasn't. Out of all the ones on there for Linksys there were only two which were Broadcom - I'd got one! Back in the car, swapped the Linksys adapter for the Netgear (Prism GT chipset), which set me back a further fiver. Alarm goes off, I don’t even turn round. Again, I checked on the net, no problem this time. Phew.
Installed the drivers, plugged it in and it picked up connecting to my network with no issues. Lovely. I'd actually managed to connect to mine and a neighbour's with the two cards, which I didn't think was possible, however they are on different channels, sooo.
Right, time to get a little BackTrack action going. I needed to choose my installation method:
- VMWare
- Direct install
- Partitioned direct install - dual boot
- Boot-from-CD (not strictly an install, but let's not argue)
I had a gander again on http://www.remote-exploit.org to see if there were any glitches with the kit I had. Friggin’ Nora, PCMCIA cards aren't supported via VMWare. No way was I going back to Staples again. So for the time being, I decided to ditch the VMWare option and boot from CD to see how BackTrack differed from WHAX.
On boot up I noticed they'd picked a Mac (ugh...) looking keyboard as the background wallpaper. Never mind, judgement wasn't made straight away. Flicking through the menu I noticed that Airplay is missing. It wasn't clear to me whether it was installed elsewhere. The forums reported two conflicting things, that it's missing, but also that some people are using it. Whether it has to be downloaded separately would need looking into.
Whilst it was booted I thought I would have a go with the onboard Dell WiFi card (broadcom) and 'ndiswrapper'. Ndiswrapper uses windows drivers and encapsulates them to allow a Linux kernel to utilise them. I'd just bought the picky mickey (PCMCIA) card from Staples, but if I could get the Dell one working, then that would be less stuff stuck in my laptop. 'Ndiswrapper' comes included in BackTrack already, so no need to download it. To check your card will work with 'ndiswrapper' go here.
First things first, I needed to transfer the drivers from Windows to my Laptop running BackTrack. Found the two files 'bcmwl5.inf' and 'bcmwl5.sys' on my PC and transferred them to a USB pen drive. Plugged it in to the laptop, but wasn't sure whether it would pick it up okay, so restarted the system to be sure. 'SDA1' was given as the device name for the USB pen drive. Bingo. Next was to copy the files across to the hard drive. I wasn't bothered where I put them, just as long as I remembered where they were located.
What if all this was unnecessary and the latest version of BackTrack actually supported the Broadcom chipset? Checking this now would save me a comment later like, "blimey Charlie, it's been working all along and I've been arsing around with this and that command?"
Start a console session and type 'iwconfig', which displayed the following:
lo
root@slax:~# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Underneath this section should be one which starts 'lan0' so, my LAN card installed fine, but not the WiFi card. Never mind. I'd seen websites which mention using the 'depmodprobe' command, which I presume is used to remove any current wrapped driver. However, as I knew this was fresh, then it wasn't needed.
Next type 'ndiswrapper -i /bcmwl5.inf' (
root@slax:~# ndiswrapper -i /bcmwl5.inf
Installing bcmwl5
Forcing parameter IBSSGMode|0 to IBSSGMode|2
Forcing parameter IBSSGMode|0 to IBSSGMode|2
Forcing parameter IBSSGMode|0 to IBSSGMode|2
To check that it's actually recognising the device, type 'ndiswrapper -l' and you will be presented with the following:
root@slax:~# ndiswrapper -l
Installed ndis drivers:
bcmwl5 driver present, hardware present
Lovely, so far so good.
Next to create an alias in '/etc/modprobe.conf'
To write the config file, type 'ndiswrapper -m'
root@slax:~# ndiswrapper -m
Adding "alias wlan0 ndiswrapper" to /etc/modprobe.conf
Next, start it up - 'modprobe ndiswrapper'
Nothing should happen here, but if you run the 'dmesg' command and, with mine, look about 20 lines up you will see:
ndiswrapper version 1.2 loaded (preempt=no, smp=yes)
ndiswrapper: driver bcml5 (Broadcom,11/27/2004, 3.100.35.0) loaded
Finally for this part, type 'iwlist wlan0 scan' which will scan for any available AP (Access Point).
Once all that was sorted time to use Kismet - a wireless network detector, sniffer and intrusion detection system. I'd already proven that the adapter worked and that the router could be 'seen'. Loaded up Kismet, but an error flashed up. It was a bit too quick to be viewed, so I had to do a screen grab to be able to read all the info.
Basically the monitor function could not be started – the whole point of using Kismet! Fook. The forums suggest it's a problem with wrapped Windows drivers. So near yet so far. No problem, I've got the PCMCIA card. However, before I tried that, I wanted to see if that card worked via VMWare on WHAX. Bit of a mess around, but I tend to go off on a tangent with these things. For a bit more information go here.
Back in Windows loaded up VMWare and my networked WHAX image with the PCMCIA card in. After struggling for a bit with it, I went back to a forum to find out that the PCMCIA WiFi devices are basically converted to LAN devices and therefore are useless when it comes to WEP/WPA cracking. By this point, I couldn’t be bothered carrying on with anymore of this and decided to shut down – the PC.
In the next few days I will have a go at booting from the CD with the picky mickey card in and see whether I can, at least, get Kismet started. |
