WEP Cracking
debrat
Member Posts: 21 ■□□□□□□□□□
Hello,
I wanted to do a setup where I creat a WEP network having one or 2 users and I use my wireless laptop to sniff and crack the WEP. I just had a few questions. I downloaded the backtrack cd from remote-exploit. Are there any tutorials I can get to be able to do this? My idea is to be able to show that WEP is weak and WPA and 802.1x is a much better solution. Could you please give me a push in the right direction for this. Also if I have such a small setup, how can I have more date being sent to simulate a larger network with more data being passed so the WEP cracking can be faster?
Cheers,
Debrat
I wanted to do a setup where I creat a WEP network having one or 2 users and I use my wireless laptop to sniff and crack the WEP. I just had a few questions. I downloaded the backtrack cd from remote-exploit. Are there any tutorials I can get to be able to do this? My idea is to be able to show that WEP is weak and WPA and 802.1x is a much better solution. Could you please give me a push in the right direction for this. Also if I have such a small setup, how can I have more date being sent to simulate a larger network with more data being passed so the WEP cracking can be faster?
Cheers,
Debrat
Comments
-
mgeorge Member Posts: 774 ■■■□□□□□□□I don’t believe Techexams.net would support the discussion of WEP Cracking, considering it is in violation of several US Laws, and can be considered a Class B Felony in some states.
I suggest a forum mod lock this thread for example.There is no place like 127.0.0.1 -
sprkymrk Member Posts: 4,884 ■■■□□□□□□□mgeorge27 wrote:I don’t believe Techexams.net would support the discussion of WEP Cracking, considering it is in violation of several US Laws, and can be considered a Class B Felony in some states.
I suggest a forum mod lock this thread for example.
I wouldn't consider sniffing your own network in a lab environment for proof-of-concept an out of bounds discussion, but maybe I'm wrong.All things are possible, only believe. -
hduk Member Posts: 4 ■□□□□□□□□□Hi,
This is actually taught as material on the CEH course.
If you google knoppix wep crack video there is a cool tutorial on how to do it.
I think in essance it involves capturing packets with the valid wep encryption data then you play them back at the access point. (i think you need to spoof the mac of a valid host)
This then allows you to capture enough packets to use something like aircrack to recover the wep key.
People that know the mechanics well can do the whole process in about 10 minutes.
Sorry its vague but that is the jist of it. -
seuss_ssues Member Posts: 629mgeorge27 wrote:I don’t believe Techexams.net would support the discussion of WEP Cracking, considering it is in violation of several US Laws, and can be considered a Class B Felony in some states.
I suggest a forum mod lock this thread for example.
Who fed you that crap?
Its as legal as breathing to crack your own WEP. -
sprkymrk Member Posts: 4,884 ■■■□□□□□□□seuss_ssues wrote:mgeorge27 wrote:I don’t believe Techexams.net would support the discussion of WEP Cracking, considering it is in violation of several US Laws, and can be considered a Class B Felony in some states.
I suggest a forum mod lock this thread for example.
Who fed you that crap?
Its as legal as breathing to crack your own WEP.All things are possible, only believe. -
JDMurray Admin Posts: 13,101 AdminActually, in most states in the US it is illegal to simply associate with a wireless network without authorization from the network's owner--regardless if encryption is used or not. Think about that the next time you are taking a "free ride" on your neighbor's wireless Internet connection.
The speed of WEP cracking depends upon several factors, including the complexity of the WEP key, the number of WEP-encrypted packets that have been collected, and the speed of the machine performing the decryption on the collected packets. A weak key with lots of packets and a very fast machine with lot of free memory is your best-case scenario.
WEP cracking is really old news and, unless you are writing a paper on wireless security for a class project, there is nothing to be gained by performing a practical demonstration of how easy it is to crack WEP. How do you intend to attempt to crack WPA and WPA2 to prove that they are stronger than WEP? Simply cracking WEP alone doesn't prove that other wireless privacy solutions are stronger. -
debrat Member Posts: 21 ■□□□□□□□□□Thank you for the Input guys. Well, what I was thinking is that as part of my discussion as I will be discussing mechanisms of wireless security starting with WEP and MAC address filtering, I thought I would just show that this can be easily broken, and then I will move on to talk about how WPA and WPA2 with the use of 802.1x port based authentication is a more robust system. Because WEP does not do anything in which the AP authenticates itself to the wireless station. And then I also want to discuss about use of Wirless IDS and Firewalls and such sort of things. So just to give some shape to my project I wanted to incorporate this thing and Its also interesting to see how sometimes networks that people think are secure, can so easily be compromised.
-
debrat Member Posts: 21 ■□□□□□□□□□Also another quick question, are there only particular wireless cards that can be used to do the cracking? I have a Centrino, Intel Pro Wirless BG 2200 and was wondering if I could use that
-
JDMurray Admin Posts: 13,101 AdminThe wireless card is only used to collect packets and is not used in the actual WEP passphrase discovery process. The card and its firmware only need to recognize the packets in the air and route them up to your 802.11 sniffer app.
-
JDMurray Admin Posts: 13,101 Admindebrat wrote:... I will be discussing mechanisms of wireless security starting with WEP and MAC address filtering, I thought I would just show that this can be easily broken ...
Start off with a demo of of how passwords, email, IM chats, etc. on a open wireless network are easily visible to a wireless sniffer.
For a WEP cracking demo, use a short, simple WEP key that any brute force cracker can easily find, such as "12345678".
For a MAC address filter vulnerability demo, show how enabling a MAC filter will prevent a wireless client from associating with an access point, but allow another wireless client to associate and authenticate. Then, using a wireless sniffer, capture packets from the other client's traffic and show how easily it is to clone MAC address into WNIC firmware, thus getting around the MAC filter. You'll need a WNIC with firmware that allows you to change its MAC address, of course. -
debrat Member Posts: 21 ■□□□□□□□□□Thanks for the tips jdmurray, yeah I will try it out in this way. I got confused about the Wireless Card coz I thought for some wireless tools they only supported some hardware. Thanks for this.
-
sprkymrk Member Posts: 4,884 ■■■□□□□□□□Found this authoritative summary and commentary from the Shidler Journal of Law, Commerce and Technology:
http://www.lctjournal.washington.edu/Vol1/a009Ramasastry.html
It has some great information on a piece titled "Will Wi-Fi Make Your Private Network Public? Wardriving, Criminal and Civil Liability, and the Security Risks of Wireless Networks"
If the moderator would prefer to post this as a new topic instead of an add-on to this thread please feel free.All things are possible, only believe. -
JDMurray Admin Posts: 13,101 Admindebrat wrote:TI got confused about the Wireless Card coz I thought for some wireless tools they only supported some hardware. Thanks for this.