Cracking WEP using XP

keatronkeatron Security TinkererMember Posts: 1,213 ■■■■■■□□□□
Hi guys, I got a private message asking about cracking WEP on XP. I thought it might be beneficial to others if I posted my response here. Hope this helps someone.

Do you mean WEP Keys? One thing to know about most implementations of WEP is that it is symmetric, so the same key used to encrypt is essentially used to decrypt. This in itself is a serious flaw. But to answer your question. I usually use a combination of ethereal (sniffing), Netstumbler and Kismet (War driving, or site checking wireless vulnerability), airsnort and wepcrack (for the actual cracking of the keys). I usually run these types of exercises on linux, just because I often need to tweak source code to give me the results I desire. Every client is potentially different so always be prepared to change your arsenal up. These are measures I take when I'm dealing with a client that's got a security minded IT department. It's sad to say, but most clients I never even get to the good stuff like this, because most wireless LANs out there are doing silly things like broadcasting SSID in clear text, etc etc etc. I commute via public commuter train to my office everyday, and if I told you how many un-protected LANs I can pick up on the 1 hour train ride (about 25 miles) you'd probably be suprised (or maybe you wouldn't

Airsnort is nice on XP, I've used it on XP just because when I'm doing security training, (even though most of it is done on linux boxes) I always get questions and requests like "how do I do this on XP/windows". Here is a link to get it working on xp.

As a side note, remember that you won't have much luck trying to sniff wireless packets with your typical bestbuy or compusa wireless nic. You'll need something more robust like an Orinco (some of the cisco cards work nicely too). The key is being able to use the card in promiscuous mode.


Sign In or Register to comment.