Mapping WiFi Networks on the Pwn Pad 2014

There are many advantages to mobile pentesting, certainly one of the biggest being the simple fact that you aren’t stuck in one single geographic location; you can move seamlessly through buildings or even whole campuses without breaking stride. But making sense of the data you collected while moving around a location can be a nightmare if you don’t have the visual context to put it all together.

Luckily, a few quick steps can take the data you’ve collected from Kismet on the Pwn Pad and turn it into a file ready for importing into Google Earth; giving you the geospatial perspective you need to turn raw data into a valuable pentesting tool.

Enable GPS

First, you’ll need to make sure GPS is enabled on the Pwn Pad. The easiest way to do this is to take a look at the “Power Control” widget on the main screen. If the center GPS icon isn’t illuminated, simply tap it to turn on the Pwn Pad’s GPS hardware.

 

With the GPS radio powered on, open the “BlueNMEA” application, located under the “Wireless Tools” directory.

Pwn Pad wireless tools

Capture APs with Kismet

With GPS enabled and the BlueNMEA application running, you can start the Kismet WiFi scanner by tapping its icon under “Wireless Tools”. As soon as Kismet opens, hit the “Enter” key on the onscreen keyboard to begin capturing WiFi networks and their GPS coordinates.

 

As you walk around scanning for WiFi access points, you’ll see a constantly updated feed at the bottom of the screen as new networks are detected. You should also be able to see the GPS coordinates update as you move around.

Once you’ve finished logging some APs, press the physical “Volume Down” button on the side of the Pwn Pad, followed by “c” on the keyboard. This will cause Kismet to gracefully shutdown, and make sure the log of discovered networks and their associated devices is saved properly.

Log File Conversion

You now have a Kismet log file that contains all of the WiFi devices you’ve seen as well as their geographical location under /opt/pwnix/captures/wireless, but it isn’t ready for displaying in Google Earth yet. We’ll need to convert it first with a simple tool from the Kali repository.

After you exit Kismet you’ll be dropped back to the terminal. From here, enter the following commands to install giskismet:

apt-get update
apt-get install giskismet

Hit “Enter” when asked if you’d like to install giskismet and its dependencies, and give the Pwn Pad a minute to complete the operation. Once installed, run giskismet against the latest Kismet log file with the following command (where DATE is the timestamp of the log file you wish to convert):

giskismet ­-x Kismet-DATE.netxml ­-q "select * from wireless" ­-o blog_example.kml

After running the command, you’ll see a list of discovered AP’s as giskismet works through the file and does the conversion process. After conversion, copy the new KML file to /sdcard/ so it’s easier to find in the next step:

cp blog_example.kml /sdcard/

 

Opening in Google Earth

With your Kismet log file converted, all that’s left to do is install Google Earth and take a look. You’ll also need to install a file manager to select the KML file for import into Google Earth (ES File Explorer is recommended). Head over to the Google Play Store to install both applications as you would on any other Android device.

Note: Accessing the Google Play Store will require you to associate a Google Account with your Pwn Pad. You’ll be asked to either create a new account or use an existing one as soon as you open the Play Store for the first time.

Now simply open ES File Explorer and select the blog_example.kml file you moved to /sdcard/:

 

Google Earth will start up and zoom to your current location. You can then move around the globe, viewing the WiFi networks you detected. Tapping an individual network will let you see additional information about it, such as the channel it was running on, and the MAC addresses of any clients that were connected to it at the time of the scan.

 

 

 

1 reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *