Re: Wireless Pentest Question

From: Brandon Kovacs (liljoker771@gmail.com)
Date: Mon Feb 07 2005 - 12:00:42 EST

• Next message: Stelios Tigkas: "VoIP"
• Previous message: Erik Winkler: "Re: Wireless Pentest Question"
• In reply to: Joshua Wright: "Re: Wireless Pentest Question"
• Next in thread: Berdt van der Lingen: "Re: Wireless Pentest Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yes...

IP Address of gateway: Use Ettercap
Create Traffic- ICMP Ping Flood Tool
WEP Key being used: Aircrak or Snort

Hope that helps, collecting enough WEP IV's in aircrack can take some
time, you will need approx. 200k-500l; depending on the amount of
traffic is on the network, that is where the ICMP ping flood tool
comes in. Aircrack will crack the WEP key in a few seconds, if you
tell it how long the WEP key is, it will do it faster, otherwise you
will need to wait a few more seconds

-Brandon Kovacs

On Mon, 07 Feb 2005 07:06:22 -0500, Joshua Wright <jwright@hasborg.com> wrote:
> Arvind,
>
> Arvind Sood wrote:
> > The problem relates to creating traffic on a wireless network in case
> > you dont find a lot of traffic for a good capture. Is there any way
> > you can create traffic on a WEP network without knowing
> > - the IP Address (address range) the Access Point and wireless clients
> > are using
> > - the WEP key being used (makes sense - that is why you are running a WEP crack)
>
> Besides aireplay (not sure why you are getting a SEGFAULT, it worked OK
> for me - maybe check the Aircrack documentation?), you could use
> WEPWedgie. This tool was written by Anton Rager a few years ago, and
> allows you to inject packets into the network after determining PRGA
> from the WEP challenge/response mechanism.
> http://www.sf.net/projects/wepwedgie/
>
> The current version relies on the Airjack drivers for operation, meaning
> you'll have to run it on a Linux 2.4 kernel system. I wrote a small
> patch to add an option to send ICMP echo requests to the broadcast
> address (since you might not know any internal addresses), which is
> available at http://home.jwu.edu/jwright/code/ww-broadcasticmp.diff.
>
> Unfortunately, Airjack has some timing issues which makes it somewhat
> ineffective for injecting large quantities of packets, but this will get
> you started. While at Shmoocon (you guys rock!) I started re-writing
> WEPWedgie to port it to a more reliable packet injection framework (and
> code cleanup) for another project, I'll make that available when I get
> it finished.
>
> Good luck,
>
> -Josh
> --
> -Joshua Wright
> jwright@hasborg.com
> http://home.jwu.edu/jwright/
>
> pgpkey: http://home.jwu.edu/jwright/pgpkey.htm
> fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73
>
> Today I stumbled across the world's largest hotspot. The SSID is "linksys".
>

-- 
-Brandon

• Next message: Stelios Tigkas: "VoIP"
• Previous message: Erik Winkler: "Re: Wireless Pentest Question"
• In reply to: Joshua Wright: "Re: Wireless Pentest Question"
• Next in thread: Berdt van der Lingen: "Re: Wireless Pentest Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:15 EDT