RE: V/Scan for Wireless LANs

From: Calderone, Denis (Denis.Calderone@cw.com)
Date: Fri Jul 18 2003 - 13:42:20 EDT

A side question for the group on this topic,

Has anybody successfully used WEPcrack or Airsnort to crack a 128bit key? I've never tried.

thanks

Denis Calderone

-----Original Message-----
From: Whiteside, Larry [contractor] [mailto:BAE14@SSP.NAVY.MIL]
Sent: Friday, July 18, 2003 12:48 PM
To: Ian Chilvers; pen-test@securityfocus.com
Subject: RE: V/Scan for Wireless LANs

Ian,

Try WEPcrack or Airsnort. Both are for Linux, but both are very nice tools. WEPCrack was the first to crack WEP, but Airsnort seems to be a bit more user friendly. I have not seen a solution for windows. Happy Cracking!

L
***************************
Larry Whiteside Jr.

-----Original Message-----
From: Ian Chilvers [mailto:Ian.Chilvers@prolateral.com]
Sent: Friday, July 18, 2003 8:19 AM
To: pen-test@securityfocus.com
Subject: V/Scan for Wireless LANs

Hi all

We've been asked to perform a vulnerability assessment for a company that
has a Wireless LAN. The W/LAN is running WEP with a random key generated,
rather than a dictionary word.

Are there any tools out there that can brute force a WEP.

Take this example. A person parks the car in the car park and sniffs the
air waves with a product like NetStumbler. He discovers the W/LAN but with
WEP.

Is there a tool he can use to discover the WEP key (possible by brute force)

If there isn't such a tool, how does this sound for an idea.

Run a app that starts at binary 0's and counts upto 128bits of 1's
For each sequence listen to see if there are any sensible packets or even
send out a DHCP discover request to see if you get a reply. This would then
possibly give you the WEP key.

Any comments

Ian....

---------------------------------------------------------------------------
KaVaDo is the first and only company that provides a complete and an
integrated suite of Web application security products, allowing you to:
 - assess your entire Web environment with a Scanner,
 - automatically set positive security policies for real-time protection,
   and
 - maintain such policies at the Application Firewall without compromising busines performance.

For more information on KaVaDo and to download a FREE white paper on Web applications - security policy automation, please visit:
http://www.kavado.com/ad.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
KaVaDo is the first and only company that provides a complete and an
integrated suite of Web application security products, allowing you to:
 - assess your entire Web environment with a Scanner,
 - automatically set positive security policies for real-time protection,
   and
 - maintain such policies at the Application Firewall without compromising busines performance.

For more information on KaVaDo and to download a FREE white paper on Web applications - security policy automation, please visit:
http://www.kavado.com/ad.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
KaVaDo is the first and only company that provides a complete and an
integrated suite of Web application security products, allowing you to:
 - assess your entire Web environment with a Scanner,
 - automatically set positive security policies for real-time protection,
   and
 - maintain such policies at the Application Firewall without compromising busines performance.
 
For more information on KaVaDo and to download a FREE white paper on Web applications - security policy automation, please visit:
http://www.kavado.com/ad.htm
----------------------------------------------------------------------------

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:37 EDT