Category Archives: Linux

Narwhal’s Guide to Wardriving

War driving, the practice of driving, biking, or walking while carrying a device that collects and records data and location of wireless networks. Until a couple days ago I had never considered war driving but I decided to try it out. I’ll be writing a guide following my setup here’s a list of the stuff I used.

  • Samsung Q310
  • Xubuntu or distro of your choice
  • External Wifi Adapter (this one is great)
  • a gps unit
  • if you are using a car some way to mount you laptop

Unless your laptop has a space for a external wifi card you will probably need to buy a external adapter. Most internal cards do not have the ranger of ability to be set into monitor mode. Also even if you can set your internal card into capture mode a external antenna is a good investment.

Once you get all this stuff together the first thing you need to do is install the software for wardriving. The wardriving software I use is Kismet, it’s Linux only, and generally considered one of the best. If your still reading this and insist on using Windows, Netstumbler is very good.

sudo apt-get install kismet

sudo gedit /etc/kismet/kismet.conf

Uncomment the line #suiduser=your_user_here and add your username that you use to login to Ubuntu.

suiduser=matt

You need to change the configuration depending on what wifi card you are using

If you are running Alfa wifi change

source=none,none,addme

to

source=rt8180,mon0,alfa

If you are running Atheros AR5001X+ card change

source=none,none,addme

to

source=madwifi_ag,wifi0,madwifi

If you are running Intel 2100 driver

source=none,none,addme

to

source=ipw2200,eth1,wifi

Configuring GPS to Run on Startup

gps=true
gpstype=gpsd
gpshost=localhost:2947
gpsmodelock=false
gpsreconnect=true

Notes

If you don’t know your relevant network driver, view the Kismet Readme and scroll down to the section “12. Capture Sources”.

If you don’t know your interface name, use iwconfig to find your wireless interface.

Save and Exit the file

Before starting kismet, you need to put your wireless adapter into monitor mode.

Run alfa wifi card in monitor mode

sudo airmon-ng check kill alfa & sudo airmon-ng start alfa

Run Atheros AR5001X+ card in monitor mode

sudo wlanconfig ath0 destroy

Finally start Kismet from the terminal using the following command

sudo kismet

Gpsdrive

In addition to using Kismet I also use Gpsdrive if I’m driving. But it doesn’t make much sense to have a live map if your biking like I will be.

Car Mounts for Your Laptop

A car mount isn’t to hard to put together. The best one I found used a aluminum laptop cooler bolted to the center console in a van.

It’s far cry from a crown vic mount but it works.

He just used some webbing to attach the laptop to the mount. If you don’t want to modify your car I normally just set the laptop in the passenger seat and strap it in.

Hot slot Wireless Cards

Another example from the same guy who has added whats called a “pigs tale” to his card to extend the cards range.

If you plan on buying a hot slot card I suggest adding a pigtale to it so you can get some real range out of it. I won’t be guiding you though this process. But WardrivingOnline has a pretty good guide to putting together a pigtale for your specific card.

Attaching a GPS to Kismet

Once you get Kismet up and running in order to us a GPS to log the location of the networks you need to install GPSD.

sudo apt-get install gpsd

Start gpsd. You’ll need to give it as an argument a path to a serial or USB port with a GPS attached to it. Your test command should look something like this:

gpsd -D 5 -N -n /dev/ttyUSB0
  1. Once gpsd is running, telnet to port 2947. You should see a greeting line that’s a JSON object describing GPSD’s version. Now plug in your GPS (or AIS receiver, or RTCM2 receiver).
  2. Type ?WATCH={“enable”:true,”json”}; to start raw and watcher modes. You should see lines beginning with { that are JSON objects representing reports from your GPS; these are reports in GPSD protocol.
  3. Start the xgps or cgps client. Calling it with no arguments should do the right thing. You should see a display panel with position/velocity-time information, and a satellite display. The displays won’t look very interesting until the GPS acquires satellite lock.
  4. Have patience. If you are cold-starting a new GPS, it may take 15-20 minutes after it gets a skyview for it to download an ephemeris and begin delivering fixes.
  5. A FAQ and troubleshooting instructions can be found at http://gpsd.berlios.de/faq.html

Now all you have to do is go out and drive, bike, or even walk around with your laptop. Your laptop will automatically collect all the data from any wireless network it touches. I’ll be posting some pictures of my biking setup later on. If you have any questions ask them in the comments I’ll do my best to answer them.

Narwhal’s Guide to Command Line | Processes

2.1 Listing and PIDs

Each process has a unique number, the PID. A list of all running process is retrieved with ps.

# ps -auxefw                         # Extensive list of all running process

However more typical usage is with a pipe or with pgrep

# ps axww | grep cron
586  ??  Is     0:01.48 /usr/sbin/cron -s
# ps axjf                            # All processes in a tree format
# ps aux | grep ‘ss[h]’              # Find all ssh pids without the grep pid
# pgrep -l sshd                      # Find the PIDs of processes by (part of) name
# echo $$                            # The PID of your shell
# fuser -va 22/tcp                   # List processes using port 22
# pmap PID                           # Memory map of process (hunt memory leaks)
# fuser -va /home                    # List processes accessing the /home partition
# strace df                          # Trace system calls and signals

2.2 Background/Foreground

When started from a shell, processes can be brought in the background and back to the foreground with [Ctrl]-[Z] (^Z), bg and fg. List the processes with jobs. When needed detach from the terminal with disown.

# ping cb.vu > ping.log
^Z                                   # ping is suspended (stopped) with [Ctrl]-[Z]
# bg                                 # put in background and continues running
# jobs -l                            # List processes in background
[1]  – 36232 Running                       ping cb.vu > ping.log
[2]  + 36233 Suspended (tty output)        top
# fg %2                              # Bring process 2 back in foregroun

# make                               # start a long compile job but need to leave the terminal
^Z                                   # suspended (stopped) with [Ctrl]-[Z]
# bg                                 # put in background and continues running
# disown -h %1                       # detatch process from terminal, won’t be killed at logout

No straight forward way to re-attach the process to a new terminal, try reptyr (Linux).
Use nohup to start a process which has to keep running when the shell is closed (immune to hangups).

2.3 Top

The program top displays running information of processes. See also the program htop from htop.sourceforge.net (a more powerful version of top) which runs on Linux. While top is running press the key h for a help overview. Useful keys are:

  • u [user name] To display only the processes belonging to the user. Use + or blank to see all users
  • k [pid] Kill the process with pid.
  • 1 To display all processors statistics (Linux only)
  • R Toggle normal/reverse sort.

2.4 Signals/Kill

Terminate or send a signal with kill or killall.

# ping -i 60 cb.vu > ping.log &
[1] 4712
# kill -s TERM 4712                  # same as kill -15 4712
# killall -1 httpd                   # Kill HUP processes by exact name
# pkill -9 http                      # Kill TERM processes by (part of) name
# pkill -TERM -u www                 # Kill TERM processes owned by www
# fuser -k -TERM -m /home            # Kill every process accessing /home (to umount)

Important signals are:

1       HUP (hang up)
2       INT (interrupt)
3       QUIT (quit)
9       KILL (non-catchable, non-ignorable kill)
15     TERM (software termination signal)

Next up in Narwhal’s Toolbox: File System

Narwhal’s Guide To Command Line | System

I’ve decided to write up a list of commands for Unix/Linux that are useful for IT work or for advanced users. This is a guide with concise explanations, however you are supposed to have some knowledge of Unix/Linux in order to use this guide to it’s full extent.

1.1 – Basic System Information

Running kernel and system information

# uname -a                           # Get the kernel version
# lsb_release -a                     # Full release info of any LSB distribution
# cat /etc/SuSE-release              # Get SuSE version
# cat /etc/debian_version            # Get Debian version

# uptime                             # Show how long the system has been running + load
# hostname                           # system’s host name
# hostname -i                        # Display the IP address of the host. (Linux only)
# man hier                           # Description of the file system hierarchy
# last reboot                        # Show system reboot history

1.2 – Hardware Information

Kernel Detected Hardware

# cat /proc/cpuinfo                  # CPU model
# cat /proc/meminfo                  # Hardware memory
# grep MemTotal /proc/meminfo        # Display the physical memory
# watch -n1 ‘cat /proc/interrupts’   # Watch changeable interrupts continuously
# free -m                            # Used and free memory (-m for MB)
# cat /proc/devices                  # Configured devices
# lspci -tv                          # Show PCI devices
# lsusb -tv                          # Show USB devices
# lshal                              # Show a list of all devices with their properties
# dmidecode                          # Show DMI/SMBIOS: hw info from the BIOS

1.3 – Load, statistics and messages

The following commands are useful to find out what is going on on the system.

# top                                # display and update the top cpu processes
# mpstat 1                           # display processors related statistics
# vmstat 2                           # display virtual memory statistics
# iostat 2                           # display I/O statistics (2 s intervals)
# tail -n 500 /var/log/messages      # Last 500 kernel/syslog messages
# tail /var/log/warn                 # System warnings messages see syslog.conf

1.4 – Users

# id                                 # Show the active user id with login and group
# last                               # Show last logins on the system
# who                                # Show who is logged on the system
# groupadd admin                     # Add group “admin” and user colin (Linux/Solaris)
# useradd -c “Colin Barschel” -g admin -m colin
# usermod -a -G <group> <user>       # Add existing user to group (Debian)
# groupmod -A <user> <group>         # Add existing user to group (SuSE)
# userdel colin                      # Delete user colin (Linux/Solaris)

Encrypted passwords are stored in /etc/shadow for Linux and Solaris. If the master.passwd is modified manually (say to delete a password), run # pwd_mkdb -p master.passwd to rebuild the database. (This has large implications especially for a Unix with an encrypted partition you could in theory modify the owners password in master.passwd giving you read/write access to the encrypted partition. Correct me if I’m wrong.)

1.5 – Limits

Some application require higher limits on open files and sockets (like a proxy
web server, database). The default limits are usually too low.

Per Shell/Script

# ulimit -n 10240                    # This is only valid within the shell

Per User/Process

# cat /etc/security/limits.conf
*   hard    nproc   250              # Limit user processes
asterisk hard nofile 409600          # Limit application open files

System Wide

# sysctl -a                          # View all system limits
# sysctl fs.file-max                 # View max open files limit
# sysctl fs.file-max=102400          # Change max open files limit
# echo “1024 50000” > /proc/sys/net/ipv4/ip_local_port_range  # port range
# cat /etc/sysctl.conf
fs.file-max=102400                   # Permanent entry in sysctl.conf
# cat /proc/sys/fs/file-nr           # How many file descriptors are in use

1.6 – Compile the Kernel

# cd /usr/src/linux
# make mrproper                      # Clean everything, including config files
# make oldconfig                     # Reuse the old .config if existent
# make menuconfig                    # or xconfig (Qt) or gconfig (GTK)
# make                               # Create a compressed kernel image
# make modules                       # Compile the modules
# make modules_install               # Install the modules
# make install                       # Install the kernel
# reboot

1.7 – Repair Grub

So you broke grub? Boot from a live cd, [find your linux partition under /dev and use fdisk to find the linux partion] mount the linux partition, add /proc and /dev and use grub-install /dev/xyz. Suppose linux lies on /dev/sda6:

# mount /dev/sda6 /mnt               # mount the linux partition on /mnt
# mount –bind /proc /mnt/proc       # mount the proc subsystem into /mnt
# mount –bind /dev /mnt/dev         # mount the devices into /mnt
# chroot /mnt                        # change root to the linux partition
# grub-install /dev/sda              # reinstall grub with your old settings

1.8 – Reset Root Password

At the boot loader (lilo or grub), enter the following boot option:

init=/bin/sh

The kernel will mount the root partition and init will start the bourne shell
instead of rc and then a runlevel. Use the command passwd at the prompt to change the password and then reboot. Forget the single user mode as you need the password for that.

If, after booting, the root partition is mounted read only, remount it rw:

# mount -o remount,rw /
# passwd                             # or delete the root password (/etc/shadow)
# sync; mount -o remount,ro /        # sync before to remount read only
# reboot

Next up in Narwhal’s Toolbox: Process