addresses. Some people choose to post their MAC address while seeking help in a forum to solve
a problem. Gaining access to a computer through a Trojan horse and running the command "arp
-a" will also allow someone to obtain a MAC address on a Windows machine.
Step 2: Setting up your computer
The basic idea is to make your computer into an AP that spoof's the victims MAC. The way we
do this is to bridge the ethernet cable and wireless card. The wireless card will then act as the
access point of the spoofed victim. To run the bridging script run this command from the console
"./skyhack.sh 00:00:00:00:00:00". You need to changed the MAC to the 12 character MAC of
the victim. Your connection is now bridged and the routers DHCP will hand out a IP to your
mobile device when connected.
Step 3: Finding the approximate location
When you go to your Mobile device you should see the SSID "skyhack". Connect to "skyhack".
To ensure that your connection is working properly check that your IP address is not a
169.254.0.0 address. Your web browser should then be used to load a website to guarantee that
you are receiving internet traffic. If the above has worked, you are now ready to connect to
Google Maps and use the "locate me" feature. Make certain there are no other AP's around, if
there are, be sure that they are not in Skyhook's database as they can affect your results. By
using the "locate me" feature you should now be able to see the victims approximate location
within a 100m-200m diameter.
Step 4: Locating victims exact location
Use Google Map to give you driving directions to the approximate location given. To return
your computer to normal function run "./delbr0.sh". This removes the bridge between your
ethernet and wireless card, as well as returns your wireless card to managed or default mode.
Now drive to the approximate location and scan the local area with your laptop or mobile device
for the specific MAC address in question until the location pin pointed.
Prevention:
To prevent these types of security breaches keep your software patches up to date and use virus
and malware scanners to prevent intrusion by others who may then acquire the MAC of your
router. Also be wary of technical helpers over the phone or over the Internet who ask for your
MAC address. A more definite way to prevent intrusion is to use the "Clone MAC" feature that
can be found on most router configuration pages. This is primarily used to prevent the ISP from
blocking internet access to your newly acquired hardware so that only your PC can access the
internet. This tool can also be used to change the MAC address so that it will point intruders to
nowhere or will point them to someplace completely different. Always check that the newly
changed MAC address is not similar to a neighbor's. With Skyhook claiming it is not possible to
remove single AP's from their Database this is the best method as long as you change the MAC
often.