From: Hamlesh Motah (admin@hamlesh.com)
Date: Wed Dec 14 2005 - 19:58:11 EST
Out of interest, is WPA case sensitive?
I take it an AP with MAC restricted access and a WPA such as;
"cH2efROEfRleVouBL0noAN5amoUSiEHiafroUPHouPHlepHl0dLAsTluFroaBri"
Would be fairly secure? Unless of course someone has that in their
dictionary of course?
What about special characters, does WPA take that into account? I could
have just google'd that :)
Hamlesh.
: -----Original Message-----
: From: Seth Fogie [mailto:seth@fogieonline.com]
: Sent: 13 December 2005 21:01
: To: pen-test@securityfocus.com
: Subject: Re: Cracking WEP and WPA keys
:
: I teach a wireless hacking class and perform this wep
: cracking live in under 4 minutes with generated data. The
: airoreplay method has taken between 6 and 20 minutes,
: depending on luck and traffic generated.
: However, this is in a controlled environment. One, you have
: to be sure your airocrack is using the same frequency as your
: wireless network.
: Two, you have to be sure your using the same standard (b vs
: g). If your airodump is capturing only b traffic, and your
: network is primariy g, you will only see beacons...which are
: worthless when cracking wep..
:
: In addition, some vendors have taken steps to prevent these
: types of attacks. I personally use a Linksys 54g router with
: a Netgear G card set to 802.11b only during the tests...my
: senao card also works. However, other cards and AP's I have
: used aren't as crack friendly.
:
: WPA is a different story all together. I can crack WPA in
: less than a second assuming my dictionary file is only one
: word long and that word is my passphrase. All you need to do
: is capture 4 packets and then use cowpatty to test the
: dictionary words to see which one matches.
: Depending on the passphrase setup in WPA, and its position in
: the dictionary, your crack could be seconds or years...and if
: the passphrase is not in your dictionary file...well, then it
: won't be cracked.
:
: Seth Fogie
: Airscanner
: Moderator for wifisec@securityfocus.com
:
: Shenk, Jerry A wrote:
:
: >Cracking WEP depends on a ton of stuff. If you're cracking
: it looking
: >for weak IVs, you'll need an AP that has weak IVs. Most of the new
: >ones avoid them to one degree or another. What AP are you using? I
: >used a Linksys in my initial testing (a couple years ago)
: and cracked
: >the key in 4 hours. I also tried to crack a Cisco 350
: (replaced by the
: >1200
: >series) and never was able to crack the key using that method, even
: >after running for days.
: >
: >Another thing, that "crack in seconds" is based on already
: having hours
: >or days worth of traffic to use.
: >
: >There are some new tools that generate traffic rather than having to
: >wait for it and some of the new cracking methods are better
: or worse,
: >depending on your perspective. I think some of these "WEP
: is worthless"
: >stories are overly sensational. Yes, WEP is broken, ok,
: possibly even
: >horribly broken but it stops a 'casual connector', it even
: stops quite
: >a few determined hackers (it stopped you;). If you're the NSA...ok,
: >WEP is worthless....the people attacking you are determined, well
: >financed professionals. If you're my mom, checking her e-mail from
: >home with a wireless laptop, I think WEP is perfectly fine.
: Installing
: >everything needed for a good PEAP implementation for my mom
: is absolutely insane.
: >Most people are gonna be someplace in the middle where a
: little bit of
: >risk evaluation is in order.
: >
: >-----Original Message-----
: >From: Robin Wood [mailto:dninja@gmail.com]
: >Sent: Tuesday, December 13, 2005 5:09 AM
: >To: pen-test@securityfocus.com
: >Subject: Cracking WEP and WPA keys
: >
: >Hi
: >I've just been on a wireless security course where there was
: a lot of
: >talk about WEP keys being poor security and easily crackable. I got
: >home and decided to put it to practice and use aircrack
: against my own
: >WEP key.
: >
: >Using airodump and aireplay I collected 1 million IVs and
: set aircrack
: >off attacking it. After around 4 hours I got bored of waiting and on
: >another machine tried playing with aircracks debug option
: where you can
: >pass sections of the key you already know. I found if I passed the
: >whole key except the last digit it could be cracked with a
: fudge factor
: >of 2, if I removed the last 2 digits then I had to up the
: fudge factor
: >to 5 and up it to 8 if I removed the last 3 digits. With
: anything less
: >than the fudge factor mentioned I was told that it couldn't
: crack the
: >key.
: >
: >All the examples I've seen seem to suggest that cracking should take
: >minutes not hours and all keys should be crackable. What
: experiences do
: >other testers have? Have I done something wrong? I abandoned
: the full
: >attack after
: >5 hours as it was running with the default fudge factor of 2
: so would
: >probably not have managed to crack the key.
: >
: >I've also seen a video on the Remote Exploit site showing a WPA key
: >cracked in 10 minutes using cowpatty and a dictionary attack. How
: >realistic is this?
: >
: >Robin
: >
: >-------------------------------------------------------------
: ----------
: >-
: >------
: >Audit your website security with Acunetix Web Vulnerability Scanner:
: >
: >Hackers are concentrating their efforts on attacking applications on
: >your website. Up to 75% of cyber attacks are launched on shopping
: >carts, forms, login pages, dynamic content etc. Firewalls, SSL and
: >locked-down servers are futile against web application
: hacking. Check
: >your website for vulnerabilities to SQL injection, Cross
: site scripting
: >and other web attacks before hackers do!
: >Download Trial at:
: >
: >http://www.securityfocus.com/sponsor/pen-test_050831
: >-------------------------------------------------------------
: ----------
: >-
: >-------
: >
: >
: >
: >
: >
: >**DISCLAIMER
: >This e-mail message and any files transmitted with it are
: intended for the use of the individual or entity to which
: they are addressed and may contain information that is
: privileged, proprietary and confidential. If you are not the
: intended recipient, you may not use, copy or disclose to
: anyone the message or any information contained in the
: message. If you have received this communication in error,
: please notify the sender and delete this e-mail message. The
: contents do not represent the opinion of D&E except to the
: extent that it relates to their official business.
: >
: >
: >-------------------------------------------------------------
: ----------
: >------- Audit your website security with Acunetix Web Vulnerability
: >Scanner:
: >
: >Hackers are concentrating their efforts on attacking applications on
: >your website. Up to 75% of cyber attacks are launched on shopping
: >carts, forms, login pages, dynamic content etc. Firewalls, SSL and
: >locked-down servers are futile against web application
: hacking. Check
: >your website for vulnerabilities to SQL injection, Cross
: site scripting and other web attacks before hackers do!
: >Download Trial at:
: >
: >http://www.securityfocus.com/sponsor/pen-test_050831
: >-------------------------------------------------------------
: ----------
: >--------
: >
: >
: >
: >
: >
:
: --------------------------------------------------------------
: ----------------
: Audit your website security with Acunetix Web Vulnerability Scanner:
:
: Hackers are concentrating their efforts on attacking
: applications on your website. Up to 75% of cyber attacks are
: launched on shopping carts, forms, login pages, dynamic
: content etc. Firewalls, SSL and locked-down servers are
: futile against web application hacking. Check your website
: for vulnerabilities to SQL injection, Cross site scripting
: and other web attacks before hackers do!
: Download Trial at:
:
: http://www.securityfocus.com/sponsor/pen-test_050831
: --------------------------------------------------------------
: -----------------
:
:
:
:
:
:
:
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:16 EDT