RE: Cracking WEP and WPA keys

From: Josh Perrymon (perrymonj@networkarmor.com)
Date: Tue Dec 13 2005 - 14:51:48 EST

• Next message: Josh Perrymon: "RE: Nessus 3.0 released"
• Previous message: Renaud Deraison: "Re: Nessus 3.0 released"
• Maybe in reply to: Eduardo Espina: "Cracking WEP and WPA keys"
• Next in thread: pagvac: "Re: Cracking WEP and WPA keys"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To capture the weak Ivs you need to send De-auth packets. You will get
all the Ivs you need after some capture time.

The thing is... Who even worry about cracking WEP, WPA, LEAP so on????

All you have to do is create a FakeAP with a stronger signal. The hosts
will connect.

DHCP them and attack all you want. If the machines are patched then
Corrupt the DNS cache and point to your website that looks like Google
then have the users run some active-x code or something. Your in.

I guess I don't have patience to wait :)

Happy Holidays!!

J. Perrymon

-----Original Message-----
From: Shenk, Jerry A [mailto:jshenk@decommunications.com]
Sent: Tuesday, December 13, 2005 10:58 AM
To: Robin Wood; pen-test@securityfocus.com
Subject: RE: Cracking WEP and WPA keys

Cracking WEP depends on a ton of stuff. If you're cracking it looking
for weak IVs, you'll need an AP that has weak IVs. Most of the new ones
avoid them to one degree or another. What AP are you using? I used a
Linksys in my initial testing (a couple years ago) and cracked the key
in 4 hours. I also tried to crack a Cisco 350 (replaced by the 1200
series) and never was able to crack the key using that method, even
after running for days.

Another thing, that "crack in seconds" is based on already having hours
or days worth of traffic to use.

There are some new tools that generate traffic rather than having to
wait for it and some of the new cracking methods are better or worse,
depending on your perspective. I think some of these "WEP is worthless"
stories are overly sensational. Yes, WEP is broken, ok, possibly even
horribly broken but it stops a 'casual connector', it even stops quite a
few determined hackers (it stopped you;). If you're the NSA...ok, WEP
is worthless....the people attacking you are determined, well financed
professionals. If you're my mom, checking her e-mail from home with a
wireless laptop, I think WEP is perfectly fine. Installing everything
needed for a good PEAP implementation for my mom is absolutely insane.
Most people are gonna be someplace in the middle where a little bit of
risk evaluation is in order.

-----Original Message-----
From: Robin Wood [mailto:dninja@gmail.com]
Sent: Tuesday, December 13, 2005 5:09 AM
To: pen-test@securityfocus.com
Subject: Cracking WEP and WPA keys

Hi
I've just been on a wireless security course where there was a lot of
talk about WEP keys being poor security and easily crackable. I got home
and decided to put it to practice and use aircrack against my own WEP
key.

Using airodump and aireplay I collected 1 million IVs and set aircrack
off attacking it. After around 4 hours I got bored of waiting and on
another machine tried playing with aircracks debug option where you can
pass sections of the key you already know. I found if I passed the whole
key except the last digit it could be cracked with a fudge factor of 2,
if I removed the last 2 digits then I had to up the fudge factor to 5
and up it to 8 if I removed the last 3 digits. With anything less than
the fudge factor mentioned I was told that it couldn't crack the key.

All the examples I've seen seem to suggest that cracking should take
minutes not hours and all keys should be crackable. What experiences do
other testers have? Have I done something wrong? I abandoned the full
attack after
5 hours as it was running with the default fudge factor of 2 so would
probably not have managed to crack the key.

I've also seen a video on the Remote Exploit site showing a WPA key
cracked in 10 minutes using cowpatty and a dictionary attack. How
realistic is this?

Robin

------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on
your website. Up to 75% of cyber attacks are launched on shopping carts,
forms, login pages, dynamic content etc. Firewalls, SSL and locked-down
servers are futile against web application hacking. Check your website
for vulnerabilities to SQL injection, Cross site scripting and other web
attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------

**DISCLAIMER
This e-mail message and any files transmitted with it are intended for
the use of the individual or entity to which they are addressed and may
contain information that is privileged, proprietary and confidential. If
you are not the intended recipient, you may not use, copy or disclose to
anyone the message or any information contained in the message. If you
have received this communication in error, please notify the sender and
delete this e-mail message. The contents do not represent the opinion of
D&E except to the extent that it relates to their official business.

------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on
your website. Up to 75% of cyber attacks are launched on shopping carts,
forms, login pages, dynamic content etc. Firewalls, SSL and locked-down
servers are futile against web application hacking. Check your website
for vulnerabilities to SQL injection, Cross site scripting and other web
attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Josh Perrymon: "RE: Nessus 3.0 released"
• Previous message: Renaud Deraison: "Re: Nessus 3.0 released"
• Maybe in reply to: Eduardo Espina: "Cracking WEP and WPA keys"
• Next in thread: pagvac: "Re: Cracking WEP and WPA keys"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:15 EDT