.

Trackingdown via Wardriving

<<

maver

Newbie
Newbie

Posts: 3

Joined: Wed Jun 22, 2011 10:10 am

Post Wed Jun 22, 2011 10:18 am

Trackingdown via Wardriving

Hi, as you can tell him new here. I'm pretty sure this is the forum I should put this in.

So I started searching google for help and this forum kept poping up over and over and looked like the perfect place to go because I wasn't getting very far in getting my question answered.

My friend's laptop was stolen. He has all the guy's personal information, name age which highschool he went to, what his external IP is ect. (he has logmein on the computer) problem is the guy turns the laptop off when he's not using it. So my friend sits there everyday and watching him on the laptop trying to find a moment to grab the laptop and use it real quick. It's a win7 machine with some antivirus. He moused over the network icon and saw he was attached to linksys.

Which is a bummer through tracing his external IP we know the neighborhood, and planned on going wardriving to hunt for the SSID, but with it being linksys we're gonna get a few results.

Now I know that using netsh in win7 you can do something like a show wlan /all and get the mac address for the wireless network so we can pinpoint it. but as well. but with it possibly being an old linksys do you guys know if maybe I could do something to like get the netbios against the internet address to get the mac that way. As a moment of time to type commands on the laptop hasn't presented it's self?

Thank you very much apologies if I've put this in the wrong category.
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 219

Joined: Sat Feb 03, 2007 4:01 pm

Post Wed Jun 22, 2011 10:45 am

Re: Trackingdown via Wardriving

My friend's laptop was stolen.

If he knows where it is why does he just not go to the police?

He has all the guy's personal information, name age which highschool he went to, what his external IP is ect. (he has logmein on the computer) problem is the guy turns the laptop off when he's not using it.

How does he have all this informtion?

So my friend sits there everyday and watching him on the laptop trying to find a moment to grab the laptop and use it real quick. It's a win7 machine with some antivirus. He moused over the network icon and saw he was attached to Linksys.

Did he break into the guys house to get this information?  This guy is running a Linksys router without changing the SSID?


Which is a bummer through tracing his external IP we know the neighborhood, and planned on going wardriving to hunt for the SSID, but with it being linksys we're gonna get a few results.

How did you get his external IP?  If you know his external IP there is no need to war drive ;).

Now I know that using netsh in win7 you can do something like a show wlan /all and get the mac address for the wireless network so we can pinpoint it.

Why are you using windows 7?  Linux is needed makes life much easier.  This wont work unless you are connected to his network and if its secured which I am sure it is, it is not going to be easy.

but as well. but with it possibly being an old linksys do you guys know if maybe I could do something to like get the netbios against the internet address to get the mac that way. As a moment of time to type commands on the laptop hasn't presented it's self?

Now with all that said.  Are you trying to gain access to your friends laptop in this other guys house? If so why are you trying to do this? If the laptop is his does he have proof its his?  If so call the cops and get it back.
CCENT, A+, Network+, Security+
<<

maver

Newbie
Newbie

Posts: 3

Joined: Wed Jun 22, 2011 10:10 am

Post Wed Jun 22, 2011 11:04 am

Re: Trackingdown via Wardriving

We don't have the address that's what we're trying to get.

Got his external IP because i think my friend has rainmeter has as it shown on the desktop.

The rest of the information he got while watching him sign up for dating websites I think.

With the external IP we're still waiting on comcast to get back to us wit the address but it's doesn't appear to be happening anytime soon.

And in order to get a warrant to search the house we first need to know which house it is. With the external IP we only have it traced down to the rough location. So with wardriving we were hopping to find it narrow it down to the exact address, then present it to the police (who we've already reported too) hopefully giving them enough evidence that they can get a warrant.

Of course because the cops only have loose evidence they refuse to move or do anything. As well I believe this guy is a minor so he's name isn't in records.

So that leads me back to us trying to pin point the house. Because we know which neighborhood it is. I figured best way was through wifi because he is connected wirelessly but the SSID is linksys so my next move was to see if we could find the mac of that linksys (hopefully from the internet via his external ip) because we don't want to scare the guy into ditching the laptop by suddenly taking control of it and him shutting it off right away.

so thats why I was asking if there was something I could do to discover that linksys mac via WAN
<<

maver

Newbie
Newbie

Posts: 3

Joined: Wed Jun 22, 2011 10:10 am

Post Wed Jun 22, 2011 11:07 am

Re: Trackingdown via Wardriving

El33tsamurai wrote:
He has all the guy's personal information, name age which highschool he went to, what his external IP is ect. (he has logmein on the computer) problem is the guy turns the laptop off when he's not using it.

How does he have all this informtion?


Like I said in my post LogMeIn, it's a remote desktop service. So we do have remote control of the laptop but the guy never leaves it on, only has it on when he uses it.

And I'd imagine if we just started controlling the desktop he would shut off the computer and ditch it. So we've only been using it for watching.
<<

dmuzial

Post Wed Jun 22, 2011 11:10 am

Re: Trackingdown via Wardriving

I'm the owner of the laptop. A report was made to the police 3.5 weeks ago, but the cops can't get information from the High school because CPS schools seal student records to everyone until the student graduates (Even to CPD, unless the student gets into an altercation on campus where Police have to get involved)

Subpoenaed Comcast 3 weeks ago, and it takes 12 days to process a subpoena, but when I called the cop yesterday asking about the subpoena status, he asked me what subpoena? And then tried to say he had submitted it weeks ago but Comcast had not gotten back to him yet. So I’m assuming that this is a dead end.

I got the information by recording what he does on the computer using Logmein Central. But, to date, he has yet to do anything with an address, just mostly facebook and pron.

The goal of this is to get the address, or a contact number for the home so the police can reclaim the laptop and possibly some of the other 5 grand in equipment that was stolen. I've got access to the command prompt (Logmein Central allows you to run it in the background), a way to drop files into the computer and the ability to remote control the laptop.

Open to basically anything, I just want my stuff back.
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 219

Joined: Sat Feb 03, 2007 4:01 pm

Post Wed Jun 22, 2011 11:14 am

Re: Trackingdown via Wardriving

maver wrote:
El33tsamurai wrote:
He has all the guy's personal information, name age which highschool he went to, what his external IP is ect. (he has logmein on the computer) problem is the guy turns the laptop off when he's not using it.

How does he have all this informtion?


Like I said in my post LogMeIn, it's a remote desktop service. So we do have remote control of the laptop but the guy never leaves it on, only has it on when he uses it.

And I'd imagine if we just started controlling the desktop he would shut off the computer and ditch it. So we've only been using it for watching.




Sorry I missed that part, was reading fast
CCENT, A+, Network+, Security+
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 219

Joined: Sat Feb 03, 2007 4:01 pm

Post Wed Jun 22, 2011 11:19 am

Re: Trackingdown via Wardriving

dmuzial wrote:I'm the owner of the laptop. A report was made to the police 3.5 weeks ago, but the cops can't get information from the High school because CPS schools seal student records to everyone until the student graduates (Even to CPD, unless the student gets into an altercation on campus where Police have to get involved)

Subpoenaed Comcast 3 weeks ago, and it takes 12 days to process a subpoena, but when I called the cop yesterday asking about the subpoena status, he asked me what subpoena? And then tried to say he had submitted it weeks ago but Comcast had not gotten back to him yet. So I’m assuming that this is a dead end.

I got the information by recording what he does on the computer using Logmein Central. But, to date, he has yet to do anything with an address, just mostly facebook and pron.

The goal of this is to get the address, or a contact number for the home so the police can reclaim the laptop and possibly some of the other 5 grand in equipment that was stolen. I've got access to the command prompt (Logmein Central allows you to run it in the background), a way to drop files into the computer and the ability to remote control the laptop.

Open to basically anything, I just want my stuff back.


1) http://www.whatismyip.com/tools/ip-address-lookup.asp
2) get the ISP
3) call the ISP you got the guys last name ;)
4) get the address from the ISP
CCENT, A+, Network+, Security+
<<

dmuzial

Post Wed Jun 22, 2011 11:25 am

Re: Trackingdown via Wardriving

I wish. But the ISP wont disclose that information without a Subpoena and I don't have enough information about him to BS my way through it.
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 219

Joined: Sat Feb 03, 2007 4:01 pm

Post Wed Jun 22, 2011 11:42 am

Re: Trackingdown via Wardriving

Well doing that would be wrong and get you into trouble.  You know who the kid is from the school right, could you ask the school for his address?  maybe find it on his facebook page? 
CCENT, A+, Network+, Security+
<<

jsm725

User avatar

Newbie
Newbie

Posts: 36

Joined: Mon Mar 22, 2010 5:13 pm

Post Wed Jun 22, 2011 11:57 am

Re: Trackingdown via Wardriving

People tend to focus too much on the technical side of recon. Sometimes you need to think outside of the box.

I am assuming he is living at home since he is a minor.  So you should be able to look up his parents property tax info by last name, which would give you an address. Completely free information that can be obtained legally on the internet.

If you know what this guy looks like (facebook and dating sites usually have pictures) and his general location...why not just do some old fashion detective work and stake out the neighborhood? Wait till you see him and figure out which house he goes into. Completely legal since you are observing people in a public place. Just don't go looking through windows.
CISSP, PCI-QSA, OSWP
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 219

Joined: Sat Feb 03, 2007 4:01 pm

Post Wed Jun 22, 2011 1:14 pm

Re: Trackingdown via Wardriving

Good call on the tax info, you are right sometimes get to excited and forget about the simple stuff :-D
CCENT, A+, Network+, Security+
<<

dmuzial

Post Wed Jun 22, 2011 3:15 pm

Re: Trackingdown via Wardriving

How would I search tax information by name? Ideas/links?
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Wed Jun 22, 2011 4:10 pm

Re: Trackingdown via Wardriving

I'd recommend county property records. For instance, Google "<county name> <state name> county property search". Here's an example:

http://www.brevardpropertyappraiser.com/asp/record.asp

http://www.spokeo.com/ and http://www.intelius.com/ are also very useful. I like using Tineye as well if I have a photo or link to a photo of someone. it will show you other instances of the same photo on the net. If photos are geotagged you can download the images and harvest GPS coordinates from the EXIF data. maybe try http://www.sno.phy.queensu.ca/~phil/exiftool/

You can also sometimes get registrant address info from Whois lookups if the guy has a domain. I also like Maltego a lot but I've never used it for a private party so not sure how useful it will be here. For domains and companies it's amazing.

Google groups is a great resource for recon as well. Especially if you know the guys common handles. Doubt it will give you address but might complete the picture for you or give you new avenues to check.

Lastly, one of my new favorites is FOCA from http://www.informatica64.com/FOCA/ . Might not be much help here b ut I include it for general reference. It queries search engines for a target domain for downloadable files like pdf, doc, etc and then harvests the metadata from the files. I've found internal usernames, dns info, server names, IP addresses, installed applications (Adobe Acrobat 6?! Sweet!) and various other juicy info.
Last edited by tturner on Wed Jun 22, 2011 4:20 pm, edited 1 time in total.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 219

Joined: Sat Feb 03, 2007 4:01 pm

Post Wed Jun 22, 2011 4:39 pm

Re: Trackingdown via Wardriving

Thanks, for the good sites man I will add them to my arsenal!
CCENT, A+, Network+, Security+
<<

WCNA

User avatar

Full Member
Full Member

Posts: 187

Joined: Wed Mar 02, 2011 8:05 am

Location: Florida

Post Thu Jun 23, 2011 9:19 pm

Re: Trackingdown via Wardriving

Because you have remote access to the computer, you should be able to find what is in the preferred network list for the wireless interface. With that info, you can run airbase-ng when you do your wardriving and with a directional antenna pinpoint the exact location. You should look at the wireless megaprimer series at securitytube.net if you need help figuring out what I'm talking about.
ISC2 Associate, WCNA, CWNA, OSCP, Network+
Next

Return to Wireless

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software