This OSINT challenge will focus on one very famous "Open Source INTelligence" tool called Wigle.NET. This tool collects information about different WIFI networks, which then can be used to discover different vulnerabilities on the network. The tool uses community submissions of networks found from doing something called "WarDriving", which is a method of driving that uses a WIFI equipped device together with a GPS device to record the location of wireless networks. The locations you see on Wigle.NET can sometimes be incorrect, however it is still valuable information to see what networks are available in the area.
No information needs to submitted and methods learned are not to be used for any illegal purposes. This challenge is designed to be a walkthrough and basic introduction to "OSINT" for learning purposes.
- We going to pick a location and see what networks we can see
- We are going to collect open source data on the networks using Wigle.NET
- We are going to apply the collected information to discover vulnerabilities.
- Computer with internet connection
- Access to a web browser
- Ability to search using Google
Picking a location: Let's use your local coffee shop and see what WIFI connections we can see.
Using google, locate the address of your local coffee shop.
Copy down the address that you found, you will need it later.
Finding infrastructure to work with
Go to “Wigle.net” and type in the address you just found in Step 1. *you will have to login to see information on networks found, but not required to confirm your email, so use a place holder email for now.
We are using a random coffee shop in the picture below. How many dots do you see inside the building?
Those purple dots are actually SSIDs, try zooming in to see their names.
Try zooming in even closer and you can now see names of SSIDs and MAC addresses associated with their devices.
Using the skills you learned
The question probably going through your head is ... so what!? what could someone do with this information?
Let’s use your own home address and look up it's location on "Wigle.NET".
How many devices can you see?
If someone found the name of your WIFI connection, depending what device it is and the name being displayed, it can be used in numerous ways.
For example, if you have a WIFI connection that clearly displays the router's name such as "Linksys2.5" or a printer name such as "HPDESKJET2755" , why not try googling "Linksys2.5 vulnerabilities" and see what results show up.
Let’s dive in a little deeper and use vendor lookup, to learn how to look up vendor names using a mac address.
Let’s take a look at “c0:ea:e4:4e:07:07” as an example. Usually the first 3 octets highlighted in bold is a unique sequence of symbols that define the vendor that made the device.
In search for "mac-address-finder", type in the MAC address highlighted above in bold and see what “vendor” you get as a result.
Go to Google and type in the vendor you got from the previous search.
How do you think this information can be useful to someone?
Use any of the MAC addresses you found in "Step 3" and look up the vendors for the networks that interest you.
Take the vendors you discovered and google the vulnerabilities for those. In google type:
<vendor name> vulnerabilities
You just gathered valuable information about possible vulnerabilities on your own network using nothing but "Open Source Intelligence". Keep in mind if you did find any vulnerabilities, check to make sure you have the most up to date version number for which ever device it is.