From: Seth Fogie (seth@fogieonline.com)
Date: Tue Dec 13 2005 - 13:40:27 EST
The amount of data isn't the only factor. You also have to consider the
quality of data. If your data contains very few or no weak IV's, then
you are wasting your time. On the other hand, if your packets are all
using weak IV's (not probably), then it will be fast.
I have repeatedly cracked it with 100k packets and four minutes from
start to finish using airodump/aircrack. None of this 2-4 hours and 5
million packets stuff...that is old.
Dave Bush wrote:
>On 12/13/05, Robin Wood <dninja@gmail.com> wrote:
>
>
>> All the examples I've seen seem to suggest that cracking should take minutes
>>not hours and all keys should be crackable. What experiences do other
>>testers have? Have I done something wrong? I abandoned the full attack after
>>5 hours as it was running with the default fudge factor of 2 so would
>>probably not have managed to crack the key.
>>
>>
>
>I don't think you captured enough data.
>
>I just finished NS621 - Applied Wireless Network Security at Capitol
>College as one of the final classes in my Masters in Network Security
>(as of tomorrow evening my Masters is complete!), and lab 5 for 621
>was cracking WEP. The long and the short of cracking WEP was making
>sure you captured enough data to get the key.
>
>When I did the WEP cracking lab I had my wife's laptop start copying 6
>GB of video files from a Linux server in my house so that IV
>collisions would happen more frequently than if just Internet surfing
>was going on. FWIW Her notebook was running Windows XP SP2 and an
>802.11G PCMCIA card, and the Linux server was running Samba to talk to
>my wife's notebook & connected to the home WLAN using a USB 802.11B
>dongle. I then had my notebook running airodump in Windows (worked
>fine in Linux too) and just let it do its thing for an hour or so. At
>that point I guessed that it'd probably captured enough so I ran
>aircrack against the file airodump created, and it cracked my home WEP
>key in about 10 seconds. No exaggeration - 10 seconds!
>
>It's important to note that I did not stop running airodump while
>running aircrack on the file. That way if I'd had to capture more IV
>collisions to be able to crack WEP, I could just try it again later.
>
>Running aircrack in Linux yielded similar results to running it in
>Windows as far as performance goes. (ie: 10 seconds in Linux too)
>
>I've never gotten Air Snort to work in either Windows or Linux. I'm
>running the drivers from Wild Packets in Windows, and everything I've
>read says it should work on my Atheros based chipset wirelss card but
>my results are obviously different. Running Air Snort in Linux will
>capture data, but after leaving it going overnight it never did crack
>WEP. This was while performing the same 6 GB copy from the Linux
>server to my wife's notebook, so I know enough IV collisions should
>have been captured.
>
>I also tried using aircrack against the tcpdump files that Kismet
>kicked out after letting Kismet run for hours, and that didn't work
>either.
>
>NOTE: You have to be careful how you set your card in Linux to get it
>to work right with airodump or most any other wireless tool. Here's
>the script I use to configure my Atheros card for stuff like this:
>
>#!/bin/bash
>#
># -----------------------------------------------------
># ! This script written by Dave Bush for use in !
># ! Capitol College's NS621-L01 Fall 2005 class !
># ! !
># ! This works well for me, and hopefully can be !
># ! used as a starting point for others exploring !
># ! wireless tools in Linux. I've used this for !
># ! setting up wireless for both Kismet and AirSnort. !
># ! !
># ! Please direct any questions to me at !
># ! hockeystatman@gmail.com !
># -----------------------------------------------------
>#
># Set card to 802.11b mode
>#
>iwpriv ath0 mode 2
>#
># Set the speed for 802.11b
>#
>iwconfig ath0 rate 11M
>#
># Set card to adhoc mode
>#
>iwpriv authmode 1
>#
># Clear any WEP key that has been set
>#
>iwconfig ath0 key off
>#
># Clear any SSID that has been set
>#
>iwconfig ath0 essid any
>#
># Set card into monitor mode
>#
>iwconfig ath0 mode monitor
>#
># -----------------------------------------------------
># ! The wireless card should now be ready for use by !
># ! Kismet, AirSnort, and other Linux-based wireless !
># ! auditing tools. !
># -----------------------------------------------------
>
>Long story short - airodump and aircrack worked fine for me once my
>card was correctly configured, but nothing else I've done has worked.
>
>
>
>> I've also seen a video on the Remote Exploit site showing a WPA key cracked
>>in 10 minutes using cowpatty and a dictionary attack. How realistic is this?
>>
>>
>
>Not sure, but I'm guessing it was WPA with a pre-shared key. Can you
>send a link to the video?
>
>Regards,
>- Dave
>--
>Dave Bush <hockeystatman@gmail.com>
>
>There are two seasons in my world - Hockey and Construction
>
>------------------------------------------------------------------------------
>Audit your website security with Acunetix Web Vulnerability Scanner:
>
>Hackers are concentrating their efforts on attacking applications on your
>website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>futile against web application hacking. Check your website for vulnerabilities
>to SQL injection, Cross site scripting and other web attacks before hackers do!
>Download Trial at:
>
>http://www.securityfocus.com/sponsor/pen-test_050831
>-------------------------------------------------------------------------------
>
>
>
>
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:15 EDT