Trackingdown via Wardriving

Viewing 20 reply threads
  • Author
    Posts
    • #6523
      maver
      Participant

      Hi, as you can tell him new here. I’m pretty sure this is the forum I should put this in.

      So I started searching google for help and this forum kept poping up over and over and looked like the perfect place to go because I wasn’t getting very far in getting my question answered.

      My friend’s laptop was stolen. He has all the guy’s personal information, name age which highschool he went to, what his external IP is ect. (he has logmein on the computer) problem is the guy turns the laptop off when he’s not using it. So my friend sits there everyday and watching him on the laptop trying to find a moment to grab the laptop and use it real quick. It’s a win7 machine with some antivirus. He moused over the network icon and saw he was attached to linksys.

      Which is a bummer through tracing his external IP we know the neighborhood, and planned on going wardriving to hunt for the SSID, but with it being linksys we’re gonna get a few results.

      Now I know that using netsh in win7 you can do something like a show wlan /all and get the mac address for the wireless network so we can pinpoint it. but as well. but with it possibly being an old linksys do you guys know if maybe I could do something to like get the netbios against the internet address to get the mac that way. As a moment of time to type commands on the laptop hasn’t presented it’s self?

      Thank you very much apologies if I’ve put this in the wrong category.

    • #40431
      El33tsamurai
      Participant

      My friend’s laptop was stolen.

      If he knows where it is why does he just not go to the police?

      He has all the guy’s personal information, name age which highschool he went to, what his external IP is ect. (he has logmein on the computer) problem is the guy turns the laptop off when he’s not using it.

      How does he have all this informtion?

      So my friend sits there everyday and watching him on the laptop trying to find a moment to grab the laptop and use it real quick. It’s a win7 machine with some antivirus. He moused over the network icon and saw he was attached to Linksys.

      Did he break into the guys house to get this information?  This guy is running a Linksys router without changing the SSID?

      Which is a bummer through tracing his external IP we know the neighborhood, and planned on going wardriving to hunt for the SSID, but with it being linksys we’re gonna get a few results.

      How did you get his external IP?  If you know his external IP there is no need to war drive ;).

      Now I know that using netsh in win7 you can do something like a show wlan /all and get the mac address for the wireless network so we can pinpoint it.

      Why are you using windows 7?  Linux is needed makes life much easier.  This wont work unless you are connected to his network and if its secured which I am sure it is, it is not going to be easy.

      but as well. but with it possibly being an old linksys do you guys know if maybe I could do something to like get the netbios against the internet address to get the mac that way. As a moment of time to type commands on the laptop hasn’t presented it’s self?

      Now with all that said.  Are you trying to gain access to your friends laptop in this other guys house? If so why are you trying to do this? If the laptop is his does he have proof its his?  If so call the cops and get it back.

    • #40432
      maver
      Participant

      We don’t have the address that’s what we’re trying to get.

      Got his external IP because i think my friend has rainmeter has as it shown on the desktop.

      The rest of the information he got while watching him sign up for dating websites I think.

      With the external IP we’re still waiting on comcast to get back to us wit the address but it’s doesn’t appear to be happening anytime soon.

      And in order to get a warrant to search the house we first need to know which house it is. With the external IP we only have it traced down to the rough location. So with wardriving we were hopping to find it narrow it down to the exact address, then present it to the police (who we’ve already reported too) hopefully giving them enough evidence that they can get a warrant.

      Of course because the cops only have loose evidence they refuse to move or do anything. As well I believe this guy is a minor so he’s name isn’t in records.

      So that leads me back to us trying to pin point the house. Because we know which neighborhood it is. I figured best way was through wifi because he is connected wirelessly but the SSID is linksys so my next move was to see if we could find the mac of that linksys (hopefully from the internet via his external ip) because we don’t want to scare the guy into ditching the laptop by suddenly taking control of it and him shutting it off right away.

      so thats why I was asking if there was something I could do to discover that linksys mac via WAN

    • #40433
      maver
      Participant

      @El33tsamurai wrote:

      He has all the guy’s personal information, name age which highschool he went to, what his external IP is ect. (he has logmein on the computer) problem is the guy turns the laptop off when he’s not using it.

      How does he have all this informtion?

      Like I said in my post LogMeIn, it’s a remote desktop service. So we do have remote control of the laptop but the guy never leaves it on, only has it on when he uses it.

      And I’d imagine if we just started controlling the desktop he would shut off the computer and ditch it. So we’ve only been using it for watching.

    • #40434
      Anonymous
      Participant

      I’m the owner of the laptop. A report was made to the police 3.5 weeks ago, but the cops can’t get information from the High school because CPS schools seal student records to everyone until the student graduates (Even to CPD, unless the student gets into an altercation on campus where Police have to get involved)

      Subpoenaed Comcast 3 weeks ago, and it takes 12 days to process a subpoena, but when I called the cop yesterday asking about the subpoena status, he asked me what subpoena? And then tried to say he had submitted it weeks ago but Comcast had not gotten back to him yet. So I’m assuming that this is a dead end.

      I got the information by recording what he does on the computer using Logmein Central. But, to date, he has yet to do anything with an address, just mostly facebook and pron.

      The goal of this is to get the address, or a contact number for the home so the police can reclaim the laptop and possibly some of the other 5 grand in equipment that was stolen. I’ve got access to the command prompt (Logmein Central allows you to run it in the background), a way to drop files into the computer and the ability to remote control the laptop.

      Open to basically anything, I just want my stuff back.

    • #40435
      El33tsamurai
      Participant

      @maver wrote:

      @El33tsamurai wrote:

      He has all the guy’s personal information, name age which highschool he went to, what his external IP is ect. (he has logmein on the computer) problem is the guy turns the laptop off when he’s not using it.

      How does he have all this informtion?

      Like I said in my post LogMeIn, it’s a remote desktop service. So we do have remote control of the laptop but the guy never leaves it on, only has it on when he uses it.

      And I’d imagine if we just started controlling the desktop he would shut off the computer and ditch it. So we’ve only been using it for watching.

      Sorry I missed that part, was reading fast

    • #40436
      El33tsamurai
      Participant

      @dmuzial wrote:

      I’m the owner of the laptop. A report was made to the police 3.5 weeks ago, but the cops can’t get information from the High school because CPS schools seal student records to everyone until the student graduates (Even to CPD, unless the student gets into an altercation on campus where Police have to get involved)

      Subpoenaed Comcast 3 weeks ago, and it takes 12 days to process a subpoena, but when I called the cop yesterday asking about the subpoena status, he asked me what subpoena? And then tried to say he had submitted it weeks ago but Comcast had not gotten back to him yet. So I’m assuming that this is a dead end.

      I got the information by recording what he does on the computer using Logmein Central. But, to date, he has yet to do anything with an address, just mostly facebook and pron.

      The goal of this is to get the address, or a contact number for the home so the police can reclaim the laptop and possibly some of the other 5 grand in equipment that was stolen. I’ve got access to the command prompt (Logmein Central allows you to run it in the background), a way to drop files into the computer and the ability to remote control the laptop.

      Open to basically anything, I just want my stuff back.

      1) http://www.whatismyip.com/tools/ip-address-lookup.asp
      2) get the ISP
      3) call the ISP you got the guys last name 😉
      4) get the address from the ISP

    • #40437
      Anonymous
      Participant

      I wish. But the ISP wont disclose that information without a Subpoena and I don’t have enough information about him to BS my way through it.

    • #40438
      El33tsamurai
      Participant

      Well doing that would be wrong and get you into trouble.  You know who the kid is from the school right, could you ask the school for his address?  maybe find it on his facebook page? 

    • #40439
      jsm725
      Participant

      People tend to focus too much on the technical side of recon. Sometimes you need to think outside of the box.

      I am assuming he is living at home since he is a minor.  So you should be able to look up his parents property tax info by last name, which would give you an address. Completely free information that can be obtained legally on the internet.

      If you know what this guy looks like (facebook and dating sites usually have pictures) and his general location…why not just do some old fashion detective work and stake out the neighborhood? Wait till you see him and figure out which house he goes into. Completely legal since you are observing people in a public place. Just don’t go looking through windows.

    • #40440
      El33tsamurai
      Participant

      Good call on the tax info, you are right sometimes get to excited and forget about the simple stuff 😀

    • #40441
      Anonymous
      Participant

      How would I search tax information by name? Ideas/links?

    • #40442
      tturner
      Participant

      I’d recommend county property records. For instance, Google ” county property search”. Here’s an example:

      http://www.brevardpropertyappraiser.com/asp/record.asp

      http://www.spokeo.com/ and http://www.intelius.com/ are also very useful. I like using Tineye as well if I have a photo or link to a photo of someone. it will show you other instances of the same photo on the net. If photos are geotagged you can download the images and harvest GPS coordinates from the EXIF data. maybe try http://www.sno.phy.queensu.ca/~phil/exiftool/

      You can also sometimes get registrant address info from Whois lookups if the guy has a domain. I also like Maltego a lot but I’ve never used it for a private party so not sure how useful it will be here. For domains and companies it’s amazing.

      Google groups is a great resource for recon as well. Especially if you know the guys common handles. Doubt it will give you address but might complete the picture for you or give you new avenues to check.

      Lastly, one of my new favorites is FOCA from http://www.informatica64.com/FOCA/ . Might not be much help here b ut I include it for general reference. It queries search engines for a target domain for downloadable files like pdf, doc, etc and then harvests the metadata from the files. I’ve found internal usernames, dns info, server names, IP addresses, installed applications (Adobe Acrobat 6?! Sweet!) and various other juicy info.

    • #40443
      El33tsamurai
      Participant

      Thanks, for the good sites man I will add them to my arsenal!

    • #40444
      WCNA
      Participant

      Because you have remote access to the computer, you should be able to find what is in the preferred network list for the wireless interface. With that info, you can run airbase-ng when you do your wardriving and with a directional antenna pinpoint the exact location. You should look at the wireless megaprimer series at securitytube.net if you need help figuring out what I’m talking about.

    • #40445
      Anonymous
      Participant

      Hey Guys,

      Thanks for all of the links! I expect they will be a huge help, if not for this, then for projects in the future.

      Here is the update; We couldn’t use the property tax information to zero in on the house. There are too many people in that zip code with this specific last name. So, we used the boundaries of the high school and the 5 surrounding networks to create a footprint. We then did our war driving. We’ve limited the house to 2 candidates and I’m going to try looking up the property taxes today.

      We were pretty confidant about the house choice, but it was hard because there is so much interference from the 10+ networks on that block that it was hard to pin it to one specific house even with the network proximity app. I will keep you updated when judgement day comes.

      Wish me luck!

    • #40446
      rattis
      Participant

      I won’t wish you luck. but will warn you to be careful. Make sure you document the hell out of everything. Screen shots are good too. If the laptop has a camera, try to snap a shot or two of the guy.

      Then give EVERYTHING to the police.

      I know, you’re taking the prevailing (vigilante style) justice that our society has been holding up as a way it should be done because the system is broken and it won’t get one otherwise. However I’m worried that if you’re not careful you’ll be the one in trouble with the law, not the guy that stole your laptop.

      Actually, even giving everything to the police could be a problem, I mean there is a reason why Private Investigators are licensed right?

    • #40447
      El33tsamurai
      Participant

      @dmuzial wrote:

      Hey Guys,

      Thanks for all of the links! I expect they will be a huge help, if not for this, then for projects in the future.

      Here is the update; We couldn’t use the property tax information to zero in on the house. There are too many people in that zip code with this specific last name. So, we used the boundaries of the high school and the 5 surrounding networks to create a footprint. We then did our war driving. We’ve limited the house to 2 candidates and I’m going to try looking up the property taxes today.

      We were pretty confidant about the house choice, but it was hard because there is so much interference from the 10+ networks on that block that it was hard to pin it to one specific house even with the network proximity app. I will keep you updated when judgement day comes.

      Wish me luck!

      Nice dude, I hope you get your stuff back.

    • #40448
      El33tsamurai
      Participant

      @chrisj wrote:

      I won’t wish you luck. but will warn you to be careful. Make sure you document the hell out of everything. Screen shots are good too. If the laptop has a camera, try to snap a shot or two of the guy.

      Then give EVERYTHING to the police.

      I know, you’re taking the prevailing (vigilante style) justice that our society has been holding up as a way it should be done because the system is broken and it won’t get one otherwise. However I’m worried that if you’re not careful you’ll be the one in trouble with the law, not the guy that stole your laptop.

      Actually, even giving everything to the police could be a problem, I mean there is a reason why Private Investigators are licensed right?

      Good point but you can’t help feeling bad for this guy.  I hope hes able to get his stuff back without getting in trouble.

    • #40449
      rattis
      Participant

      @El33tsamurai wrote:

      Good point but you can’t help feeling bad for this guy.  I hope hes able to get his stuff back without getting in trouble.

      Not saying I don’t feel bad for him. Not saying I probably wouldn’t do the same (if not more) myself. I hope he gets things worked out, just wanted to inject some sanity there.

    • #40450
      El33tsamurai
      Participant

      I agree with you don’t want to see the guy going to jail trying to get his own stuff back.

Viewing 20 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?