Hack Windows using winAUTOPWN 3.4 –Completing 4 years of windows hacking

winAUTOPWN has been an old favourite to automate windows hacking and vulnerability testing.  The project is the brainchild of Azim Poonawala of [C4]Closed Circuit Corporate Clandestine and saw its first release in 2009. Fast forward to 4 years; it has matured into a good exploitation framework with a plethora of options. As the Author states about it  -

Autohack your targets - even if you have consumed and holding a bottle of 'ABSOLUT' in one hand and absolute ease (winAUTOPWN) in the other.

In layman terms, winAUTOPWN is a unique exploit framework which helps in gaining shell access and pwning (aka exploiting vulnerabilities) to conduct Remote Command Execution, Remote File/Shell Upload, Remote File Inclusion and other Web-Application attacks. To add cherry on the top, it can also help in conducting multiple types of Denial of Service attacks on targets, furthermore, It can also be used to test effectiveness of IDS/IPS and other monitoring sensors/softwares.Hack Windows using winAUTOPWN 3.4 –Completing 4 years of autopwnage

You can -

  • Download winAUTOPWN from here / mirror
  • Read its documentation from here

An open letter to Pramit Jhaveri - Citibank India - No Resolution, Customer care sucks & they lie, a lot.

An open letter to Pramit Jhaveri - Citibank India - No Resolution, Customer care sucks & they lie, a lot.
Dear Mr Pramit Jhaveri ,

Last October an incident happened with me , on a fuzzy evening I went to the nearest ATM near my home - Deutsche Bank ATM where I provided my card to my cousin who went inside ATM to take money as I was on a concall with my office & guided some poor chap who required my help . Since you cant enter an ATM while talking on phone, I remained outside.

Turns out that there was no guard / money at ATM ,the machine gave an error after pin was entered and never dispensed the money. Also, there was one more guy who had the same experience.

Well, I finished call put my phone in my pocket & strolled to nearby Axis Bank ATM where we withdrew 1000/- INR and went home. Turns out some nasty surprises were waiting for me. I got a message from Citibank that 10K have been withdrawn from my account , flabbergasted I reported the incident to Citi on 7th October.

What happened next ? Ah well..to tell a long story short -

  1. Citi reversed my money in 2 days (that was fast) & said they are investigating the issue.
  2. Then they said the transaction was valid & reversed it again. 
  3. I disputed & said show me the CCTV footage -> no response.
  4. Called their Citiphone officers (sic) muliple times & they said to check with Deutsche Bank, I commented why they were not taking end to end responsibility, they said its out of their scope.
  5. Then I checked with Deutsche Bank and they said they will not entertain my request for CCTV footage.
  6. Citiphone officer advices me to lodge FIR & I duly oblige.
  7. Dec 2013 - Citi reverses money again & as per Simmy Sebastian (Citi escalation executive) on email, money is debited to my account & investigation continues.
  8. 5 months later (28 March 2014) Citi reverses money again :D with NO CONCLUSIVE INVESTIGATION & charged an overdraft of 3899/-.

Well Done Citi..

Now this pissed me off. I just survived humiliation at paying a bill because I thought there was money in my account when there was not. After fighting 38 minutes (at dead of night) with Citi IVR and their agent Chirag, I finally wrote an email to you , the acting Citibank CEO/hotshots describing the whole affair.

Here is the full email (which I expect you should have gone through by now, if not..then my faith is dwindling) -

(I have redacted my email address from all of the following email communication)
---------- Forwarded message ----------From: Rishabh Dangwal <XXXXXXX@gmail.com>Date: Sat, Mar 29, 2014 at 2:06 AMSubject: Attention !! // 020-486-450 // New Ref# SDN14026864 // Citi Transaction & Customer Service Failure at Grassroot level // WORST SERVICE & FEEDBACK.To: "india.branchbanking.head@citi.com" <india.branchbanking.head@citi.com>, india.consumerbanking.head@citi.com, india.ceo@citi.com, india.operations.head@citi.com, Executive Response <executiveresponsedesk@citi.com>, "head.customercare@citi.com" <head.customercare@citi.com>, vikram.saras@citi.comCc: "retail.dox.india@citi.com" <retail.dox.india@citi.com>, "nishashriram@citi.com" <nishashriram@citi.com>, r.singh@citi.com, rakesh.singh@citi.com, collection.external.ombudsman@citi.com, Rishabh Dangwal <admin@theprohack.com>

Mr Pramit / Mr Ashish / Mr Anand / Mr Vikram,
Gentlemen,
Let me bring incident 020-486-450 (New ref# SDN14026864 ) to your attention where Citibank has shamelessly ripped off all the rules of customer service. We all hate typing emails at 2 AM at night, ain't it ?
Short Summary : 
  1. On 7th October 2013 , a mis-transaction of 10000/- was done on my Debit Card at Deutsche Bank ATM for which Citi was *UNABLE* to provide any conclusive feedback for 5 straight months
  1. I was provided an immediate credit & it was agreed on email with Simmy Sebastian (Email attached) that Citi will provide me CCTV footage of ATM as an evidence before reversing any credit.  
  1. As discussed with *countless* Citiphone Officers (sic) they recommended to get in touch with Deutsche Bank (which I did) , raise FIR with police (which I did, again) but everything went futile & today (28 March 2014), Citi has reversed the transaction *WITHOUT INFORMING ME IN ANY FORMAL MANNER* & *WITHOUT PROVIDING ME CCTV FOOTAGE OF THE TIME OF INCIDENT*, & even penalized an overdraft of 3899/- .

Now points of concern are -
  • Citi *NEVER* informed me that they are closing investigation at their end and reversing credit, I barely survived humiliation when I thought I had money in my bank account when there was none, thanks to Citi as transaction was reversed.
  • FIR has been raised with police, CCTV Footage acts as an evidence in this regard. Citi didnt provided it & concluded it, then shall I sue Citi for causing hindrance in investigation ?
  • Citi failed to provide me the CCTV Footage & failed to meet the commitments & left me in a dire financial situation without explanation & information.
  • One sided followups were being done with NO PROACTIVE UPDATES on this matter.

I will be escalating the matter to RBI Ombudsman for failure of Citi to provide a conclusive feedback & failing at all echelons of customer service, its a huge disappointment at all grounds. I should infact also inform my colleagues at Orange Business Services (France Telecom) to migrate their accounts , its bad PR & its well justified if you ask me.
Right now, I had a word with Chirag Jain (Citiphone officer) at dead of night & in a 38 minute call I was unable to get to a senior person who can take responsibility & can be accounted for some justified action .  
Infact I am so frustrated with onesided followups that once its solved, I would close my account with Citi & encourage my finance head at Orange Business Services to do the same, somehow I believe from this incident that how broken is the customer service at a world renowned bank like Citi.
PS : I know you all might be busy, so I have finally decided to blog about it at Prohack (www.theprohack.com) where I can make note of the progress which Citi makes once an issue is reported to head honchos of a company. If this doesn't works out right now, I would then know if I can trust Citi again or not. 
I am attaching all the relevant documents of 
  1. Followups done with Citi
  1. Agreement done with Citi wrt CCTV footage
  1. FIR
  1. Followup with Deutsche Bank 
as a proof and testament of my words, lets see if Citi can finally provide me resolution.
I still want to believe & hope Citi stands for its customer values, requesting your urgent attention & complete cooperation in sorting this matter out.
Best Regards, ,


Rishabh DangwalNetwork Security Specialist 
,
Orange Business Services (France Telecom)RHCE | CCNA | ITIL | CEHWebsite:   www.ThePROHACK.com ,  www.RISH.co.in "Quis Custodiet Ipsos Custodes ?''


Trust me, if this isnt sorted out now, then I would recommend to NEVER TO OPEN an account with Citi since if a CEO cant sort a mess out, then of course a customer service is no good.
More over , its a huge fail in customer service that a guy is forced to address his concerns to CEO of Citi because the lower rungs of service and escalation fail to provide *any viable resolution*.

The best part Mr Pramit ?
Well..that ATM closed out, & I pointed it to Simmy/lots of other Citiphone folks that at max 2 months of video is stored in the ATM CCTV hard drive, and if you dont act fast, *YOU WILL NEVER BE ABLE TO GET THE CCTV FOOTAGE*. Turns out they are not having any and are now bullying me by keeping me in dark.

Well Mr Pramit, if Citi can charge me to withdraw money from any other ATM, then I expect some services from Citi that safeguards my interests. It makes me shudder how one-sided this whole affair has been, if only you have an idea, a complete fail of all the echelons.  If Citi can provide me CCTV footage since its a criminal case & stop taking independent conclusive actions without informing customer. Its a breach of customer trust and is an epic fail in code of conduct.

I still believe you guys have sensible online services, but customer service is one area in which Citibank India fails spectacularly.

I hope something could be done on it ? Aint it? Noone wants to type an email at 2 AM at night and blog at 2:40 AM about his horrible experience. If Citi wants that , then no thanks, I will close my account as soon as its sorted and will encourage my colleagues to do the same.
What a waste..

Rant aside..

I do hope something can be done in this regard. Wave your magic wand sire, I will be waiting for some concrete action..

Best Regards

Rishabh Dangwal


Update 29 March 2014 12:07 PM IST :
One long time blog reader & friend suggested to get it reported to RBI. Duly acknowledged, complaint have been raised with RBI.

Update 29 March 2014 04:05 PM IST :
Had a word with Citi CCE -Navneet/S Mahesh who confirmed that they will have some response by Friday 4 April 7 PM IST . Also confirmed if Overdraft will be reversed and money will be credited back on my account, he was affirmative. Mahesh Confirmed that he will have some update on CCTV and promised a call back by 31 March NBH. Provided this Blogpost URL as a timeline of incident.

Update 29 March 2014 04:50 PM IST :
Consumer complaint 82619.1.2014 lodged against Citi Bank .

Update 30 March 2014 08:25 PM IST :
47 minute call was finished with Citi Helpdesk with approximately 20 minutes of being on hold, excluding 2 minutes of fighting with IVR.
After 5 tries by Merin (Citi service desk) , her manager Manisha Sitaram (on duty floor manager) came on call.

  • Asked her about the status of investigation -> she was clueless.
  • Asked her why a callback was not arranged bacl -> She was clueless.
  • Asked her what the heck Chirag Jain (on duty floor manager) & S Mahesh (on duty floor manager) doing -> They were on leave / not available

Asked her to make note of 5 questions -

  1. Why Citibank did not provided me CCTV footage & why transaction was reversed.
  2. Why Citibank reversed transaction & did not intimate me , although it was agreed with Simmy Sebastian (Citi Executive response desk, Mumbai) that he will check & update regarding CCTV footage.
  3. Why is this incident being dragged on for 5 months.
  4. What is the status of followups being done for CCTV Footage with Deutsche Bank.
  5. Will Citibank credit money back (along with overdraft) since they have not provided any CCTV footage & they have no right to do it.

Provided her the URL of this blogpost , details of Simmy Sebastian, current executive incident owner Laxmiprabha Kotian at Citi end & asked her to arrange a call back by 31'st March 5 PM IST during NBH.

Lets see how Citi takes this incident up.


Update 30 March 2014 08:50 PM IST :
Shot an email to Citi again since they failed to acknowledge anything.

---------- Forwarded message ----------From: Rishabh Dangwal <XXXXXXX@gmail.com>Date: Sun, Mar 30, 2014 at 8:53 PMSubject: Re: Attention !! // 020-486-450 // New Ref# SDN14026864 // Citi Transaction & Customer Service Failure at Grassroot level // WORST SERVICE & FEEDBACK.To: "india.branchbanking.head@citi.com" <india.branchbanking.head@citi.com>, india.consumerbanking.head@citi.com, india.ceo@citi.com, india.operations.head@citi.com, Executive Response <executiveresponsedesk@citi.com>, "head.customercare@citi.com" <head.customercare@citi.com>, vikram.saraf@citi.com, arghya.dasgupta@citi.comCc: "retail.dox.india@citi.com" <retail.dox.india@citi.com>, "nishashriram@citi.com" <nishashriram@citi.com>, r.singh@citi.com, rakesh.singh@citi.com, collection.external.ombudsman@citi.com, Rishabh Dangwal <admin@theprohack.com>

Good Evening Gentlemen,
Seems like 40+ minutes calls , 5 months old pending incidents ( & still counting) , no call backs, one sided followups from customer end and unexpected/surprise charge-backs are becoming the new hallmarks of 201 years of Citi in India.
Is there anyone even working on the matter ? I am still waiting for an acknowledgement from your end.
Meanwhile the incident history is now live at goo.gl/LAcB0G  (just in case your executives/underlings are not providing your proactive updates) & you can have a look at the glorious way the incident is being handled by Citi. 
Awaiting some action on the matter since its now long overdue.
Best Regards, ,


Rishabh DangwalNetwork Security SpecialistOrange Business Services (France Telecom)RHCE | CCNA | ITIL | CEHWebsite:   www.ThePROHACK.com ,  www.RISH.co.in "Quis Custodiet Ipsos Custodes ?''


Update 30 March 2014 09:13 - 09:30 PM IST :
Finally got a revert from Citibank Vice president Jinit Thakkar, although it was on a separate email chain.

On Sun, Mar 30, 2014 at 9:13 PM, Thakkar, Jinit <jinit.thakkar@citi.com> wrote:
Dear Mr. Dangwal,
This refers to you email of March 30th 2014.
We acknowledge receipt of your email.
Due to an extended holiday, on occasion of Gudi Padwa, we will respond to you by Tuesday, April 1st 2014.
Would appreciate your understanding till then.
Regards,
Jinit Thakkar
Head- Executive Response Unit
022-61755648
Pat went the response.

---------- Forwarded message ----------From: Rishabh Dangwal <XXXXXXX@gmail.com>Date: Sun, Mar 30, 2014 at 9:30 PMSubject: Re: your email dated March 30' 2014 / SDN14026864 / old ref#020-486-450To: "Thakkar, Jinit" <jinit.thakkar@citi.com>Cc: Executive Response <executiveresponsedesk@citi.com>, "principal.nodal.officer@citi.com" <principal.nodal.officer@citi.com>, "india.branchbanking.head@citi.com" <india.branchbanking.head@citi.com>, india.consumerbanking.head@citi.com, india.operations.head@citi.com, india.ceo@citi.com, "head.customercare@citi.com" <head.customercare@citi.com>, rakesh.singh@citi.com, "nishashriram@citi.com" <nishashriram@citi.com>, vikram.saraf@citi.com, arghya.dasgupta@citi.com

Hello Jinit,
Lets not start one more email chain on this issue since there are already plenty , I will be looping you in the main email chain & I expect a revert on the same one. 

Please let me know if Citi will provide me some conclusive feedback by 1 April or will it be the same 5 month old weasel words/updates of "under investigation"/"being looked by internal team"/"awaiting confirmation from internal team" since Simmy / folks left the investigation in lurch & have wasted a lot of my research time in followups with Citi, mental harassment aside. 

Awaiting a LEAN & concrete feedback from Citi.
Best Regards


Rishabh DangwalNetwork Security SpecialistOrange Business Services (France Telecom)RHCE | CCNA | ITIL | CEHWebsite:   www.ThePROHACK.com ,  www.RISH.co.in "Quis Custodiet Ipsos Custodes ?''



Update 30 March 2014 09:43 PM IST :
Looks like even the Citi India Vice president Jinit Thakkar have got a taste of bad customer service, from folks at Samsung, had a #facepalm moment.

An amusing read at -
www.consumercomplaints.in/complaints/samsung-c303958.html

Somehow, it feels like a guilty pleasure. FYI details are - Jinit Thakkar Asst Vice President , Citibank India, mob : 9820401881 


Update 31 March 2014 12:43 PM IST :
Had a word with Manisha Shriram / Jinit Thakkar from Chennai, they required 1 more day to investigate the issue since its holiday at Mumbai. Also, internally escalated the matter to Orange / France Telecom Finance department.


Update 31 March 2014 06:00 PM IST :
Finally got the call from Simmy Sebastian (executive response unit), to cut a long story short-
  1. As per him he has retrieved the clippings.
  2. He has seen that cash is being dispensed.
  3. He asked if I was informed about cash reversal -> negative
  4. He asked if I had communication from Keerti -> positive
  5. Asked him to drop an email about it, he asked for 1 more day to have a conclusive feedback.
  6. Asked him if anything is required from my end , he said nothing else is required.
  7. He said he will provide a final stand on this regard by tomorrow.
Final Update : 

I am updating this in feb 2016, as I think it was long over due. Simmy called me and sent across the footage of ATM in a PKZIP encrypted file. Checked the footage and found out the ATM was misbehaving and another guy took out money. 

Bottom Line : 
No refund from Bank (Thank you Citibank :X ) . No action from Delhi Police. The ATM was tore down to make place for a new clinic. 

Welcome to India. 

Ngrep–Grep patterns in Network traffic

We have got a lot of packet sniffer/analyzer software out there, I am a self confessed Wireshark & Ettercap lover, but still, when it comes to analyzing network traffic from command line in a fast manner, ngrep is my one of my favourites. Written by Jordan Ritter its used to “grep” traffic patterns from the network interfaces. As per official documentation -

ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

ngrep runs on Windows & *nix platforms alike and you need WinPCAP to run it since it relies on it. 

Ngrep–Grep patterns in Network traffic - Theprohack.com

Once you install it, it by default uses the first interface on your machine, so , make sure to check the detected interfaces by running -

C:\Users\RISHABH\Desktop>ngrep -L
idx     dev
---     ---
1:     \Device\NPF_{4D491111-D331-42BC-9A33-98EF8C40D422} (Microsoft)
2:     \Device\NPF_{ADBF6AC1-D111-463D-8D99-C58FA1BEF979} (Sun)
3:     \Device\NPF_{6F801AE0-CA61-4A6D-B5FF-DCB7CE8FC529} (VMware Virtual Ethernet Adapter)
4:     \Device\NPF_{930B6EC8-A5E3-4FFA-B68F-F159FDFC2064} (VMware Virtual Ethernet Adapter)
5:     \Device\NPF_{D1999293-A041-4C2A-B63F-5D8B4906000F} (Realtek PCIe GBE Family Controller)
exit

Now for example you want to check out whats going on at port 23 using interface 5

C:\Users\RISHABH\Desktop>ngrep -d 5  port 23
interface: \Device\NPF_{D1999293-A041-4C2A-B63F-5D8B4906000F} (192.168.1.0/255.255.255.0)
filter: (ip or ip6) and ( port 23 )
exit
0 received, 0 dropped

Piece of cake.. and if you want to filter any website in you are searching for keyword "password" then :

ngrep -d 5 “password” port 80

Easy aint it ? Ngrep does it all : ] With some complex grep commands , you can become a pcap ninja.

Well, you can

  1. Download Ngrep from here
  2. Check out documentation and examples here
  3. Learn about Wireshark from here

Cisco Type 4 Passwords cracked–Coding mistake endangers devices

Cisco has issued a security advisory intimating that its new password hashing algorithm TYPE 4 is vulnerable,which allows Cisco TYPE 4 encoded hashes to be cracked easily. TYPE 4 is an update of TYPE 5 , and was supposed to salt passwords and apply 1000 iterations of SHA-256 .  Well, engineers at Cisco actually miscoded the algorithm by forgetting to salt passwords and setting the number of iterations to 1 which makes it even weaker than TYPE 5 algorithm .

“This approach causes a Type 4 password to be less resilient to brute-force attacks than a Type 5 password of equivalent complexity.”

Also, the code base (CISCO IOS 15) also disables TYPE 5 encryption on devices. Well..talk about rubbing salt on wounds.

Cisco Type 4 Passwords cracked–Coding misfire endangers hardware - - TheProhack.com

As per advisory -

"A device running a Cisco IOS or IOS XE release with support for Type 4 passwords lost the capability to create a Type 5 password from a user-provided plaintext password.Backward compatibility problems may arise when downgrading from a device running a Cisco IOS or IOS XE release with Type 4 password support and Type 4 passwords configured to a Cisco IOS or Cisco IOS XE release that does not support Type 4 passwords. Depending on the specific device configuration, the administrator may not be able to log in to the device or to change into privileged EXEC mode, requiring a password recovery process to be performed."

It was meant to be discovered inevitably. Folks at Hashcat - Philipp Schmidt and Jens Steube found it and were able to decode a hash posted at inetpro.org . Since hashes were weak, the information was more than enough to crack millions of hashes in hours if anyone gets their hands on hashes. 

The aftermath ? Cisco says it will be creating new password type to counter it with new as of now unknown commands to implement it.  In the meantime, Cisco says you “may” want to replace Type 4 password with Type 5 , as quoted -

There are two options to generate a Type 5 password:

  • Using another device running a Cisco IOS or Cisco IOS XE release without Type 4 support
  • Using the openssl command-line tool (part of the OpenSSL Project)

You can read the advisory here

You might also want to read  -

CARNA Botnet–Researcher maps Internet using botnet

Incredible

thats one word when you describe CARNA botnet, which is a single handed attempt to map the entire Internet by a researcher, which makes it a single most herculean feat I have witnessed in digital domain which both grips me with mixed feelings of  astonishment and Deja Vu.

CARNA Botnet–Researchers map Internet - theprohack.com

As the paper states, the basic theory behind CARNA was

After completing the scan of roughly one hundred thousand IP addresses, we realized the number of insecure devices must be at least one hundred thousand. Starting with one device and assuming a scan speed of ten IP addresses per second, it should find the next open device within one hour. The scan rate would be doubled if we deployed a scanner to the newly found device. After doubling the scan rate in this way about 16.5 times, all unprotected devices would be found; this would take only 16.5 hours. Additionally, with one hundred thousand devices scanning at ten probes per second we would have a distributed port scanner to port scan the entire IPv4 Internet within one hour.

Impressive..  and the payload they devised was small, surgical and targeted routers with insecure logins.

The binary on the router was written in plain C. It was compiled for 9 different architectures using the OpenWRT Buildroot. In its latest and largest version this binary was between 46 and 60 kb in size depending on the target architecture.

Well, the end results ? ~ 420,000 infected routers are identified with 1,300,000,000 geolocated IPV4 devices with about one-third of those responding directly to pings.

Incredible..as I earlier said. Sceptics will say that It can be a hoax, as its difficult to verify with a 586GB bittorrent file compressed with ZPAQ which will decompress to 9TB , it needs somewhat of super human effort to download, unpack and analyze data if it really exists. But again, if its true, Its .. its awesome.

You can

  1. Read the Paper here
  2. Download Bit Torrent file here
  3. See graphical results here

Like I said, prepare to be amazed.

Vulnerable SCADA systems in Finland – Shodan,Hackers and Security.

Security researchers in Finland have turned up thousands of unsecured Internet-facing SCADA systems in that country, using the Shodan search engine.The researchers, from Aalto University, ran their test in January, and found 2,915 exposed systems running functions from building automation to transport and water supply. Those responses were out of a total of 185,000 Finnish IP addresses that responded to an HTTP request. Vulnerable SCADA systems in Finland - Shodan, Hackers and Security

According to communications and networking professor Jukka Manner,exposed building automation systems, the researchers claimed, included a bank, a gaol, and a hospital.  Researchers claimed that many systems were vulnerable through their remote user interfaces.Interestingly, when the university re-ran its test in March, it found that a large number of the systems had been removed from the Internet, although 1,969 of the systems were still present.

A lot of problems can … still be hiding”,

according to research assistant Seppo Tillkainen, since as much as 30 percent of the Finnish IP address space is still not mapped by Shodan. While systems spotted in the Shodan search even included a wind turbine, the majority of poorly-secured systems were in office blocks and residential towers, the study says. The researchers did not go as far as to actually try to penetrate the systems, citing Finland's computer crimes laws.

A Google translation of the university's press release is here. For Finnish readers, the whole study is here.

 

Blogged on Android Via The Register

Wardriving at Delhi–Wardriving revisited

The last time I wardrived at Delhi was over 2 years ago, I was at Tulip Telecom then and was doing something of a personal project then. Well, now I am at Orange and thought of replicating the feat, this time I will be publishing the details of networks I wardrived while going to Gurgaon from Delhi. It was done using  combination of G-Mon,Kismet, Moocherhunter  and you just might find it useful. I intent to make a map of Delhi with all the access points , which does sounds incredulous & far fetched, but yep, I intend to do it and I am doing it bit by bit. It helps to analyse in layman terms -
  1. The security awareness of people and organizations
  2. The devices they are using
  3. The security mechanisms they are using.
  4. Wifi range analysis of individual device.
Wardriving at Delhi–Wardriving revisited - theprohack.com , image credits Textually
Well, in all you can find the data from below links -
  1. Hotspot details / BSSID (See if you are on the list) =))
  2. Google Maps KML Data (See it in Google Maps)
If you are interested in contributing to the data, please contact me at admin<at>theprohack.com

Happy Wardriving
- Rishabh Dangwal