Penetration Testing mailing list archives
RE: Cracking WEP and WPA keys
From: "Hamlesh Motah" <admin () hamlesh com>
Date: Thu, 15 Dec 2005 00:58:11 -0000
Out of interest, is WPA case sensitive? I take it an AP with MAC restricted access and a WPA such as; "cH2efROEfRleVouBL0noAN5amoUSiEHiafroUPHouPHlepHl0dLAsTluFroaBri" Would be fairly secure? Unless of course someone has that in their dictionary of course? What about special characters, does WPA take that into account? I could have just google'd that :) Hamlesh. : -----Original Message----- : From: Seth Fogie [mailto:seth () fogieonline com] : Sent: 13 December 2005 21:01 : To: pen-test () securityfocus com : Subject: Re: Cracking WEP and WPA keys : : I teach a wireless hacking class and perform this wep : cracking live in under 4 minutes with generated data. The : airoreplay method has taken between 6 and 20 minutes, : depending on luck and traffic generated. : However, this is in a controlled environment. One, you have : to be sure your airocrack is using the same frequency as your : wireless network. : Two, you have to be sure your using the same standard (b vs : g). If your airodump is capturing only b traffic, and your : network is primariy g, you will only see beacons...which are : worthless when cracking wep.. : : In addition, some vendors have taken steps to prevent these : types of attacks. I personally use a Linksys 54g router with : a Netgear G card set to 802.11b only during the tests...my : senao card also works. However, other cards and AP's I have : used aren't as crack friendly. : : WPA is a different story all together. I can crack WPA in : less than a second assuming my dictionary file is only one : word long and that word is my passphrase. All you need to do : is capture 4 packets and then use cowpatty to test the : dictionary words to see which one matches. : Depending on the passphrase setup in WPA, and its position in : the dictionary, your crack could be seconds or years...and if : the passphrase is not in your dictionary file...well, then it : won't be cracked. : : Seth Fogie : Airscanner : Moderator for wifisec () securityfocus com : : Shenk, Jerry A wrote: : : >Cracking WEP depends on a ton of stuff. If you're cracking : it looking : >for weak IVs, you'll need an AP that has weak IVs. Most of the new : >ones avoid them to one degree or another. What AP are you using? I : >used a Linksys in my initial testing (a couple years ago) : and cracked : >the key in 4 hours. I also tried to crack a Cisco 350 : (replaced by the : >1200 : >series) and never was able to crack the key using that method, even : >after running for days. : > : >Another thing, that "crack in seconds" is based on already : having hours : >or days worth of traffic to use. : > : >There are some new tools that generate traffic rather than having to : >wait for it and some of the new cracking methods are better : or worse, : >depending on your perspective. I think some of these "WEP : is worthless" : >stories are overly sensational. Yes, WEP is broken, ok, : possibly even : >horribly broken but it stops a 'casual connector', it even : stops quite : >a few determined hackers (it stopped you;). If you're the NSA...ok, : >WEP is worthless....the people attacking you are determined, well : >financed professionals. If you're my mom, checking her e-mail from : >home with a wireless laptop, I think WEP is perfectly fine. : Installing : >everything needed for a good PEAP implementation for my mom : is absolutely insane. : >Most people are gonna be someplace in the middle where a : little bit of : >risk evaluation is in order. : > : >-----Original Message----- : >From: Robin Wood [mailto:dninja () gmail com] : >Sent: Tuesday, December 13, 2005 5:09 AM : >To: pen-test () securityfocus com : >Subject: Cracking WEP and WPA keys : > : >Hi : >I've just been on a wireless security course where there was : a lot of : >talk about WEP keys being poor security and easily crackable. I got : >home and decided to put it to practice and use aircrack : against my own : >WEP key. : > : >Using airodump and aireplay I collected 1 million IVs and : set aircrack : >off attacking it. After around 4 hours I got bored of waiting and on : >another machine tried playing with aircracks debug option : where you can : >pass sections of the key you already know. I found if I passed the : >whole key except the last digit it could be cracked with a : fudge factor : >of 2, if I removed the last 2 digits then I had to up the : fudge factor : >to 5 and up it to 8 if I removed the last 3 digits. With : anything less : >than the fudge factor mentioned I was told that it couldn't : crack the : >key. : > : >All the examples I've seen seem to suggest that cracking should take : >minutes not hours and all keys should be crackable. What : experiences do : >other testers have? Have I done something wrong? I abandoned : the full : >attack after : >5 hours as it was running with the default fudge factor of 2 : so would : >probably not have managed to crack the key. : > : >I've also seen a video on the Remote Exploit site showing a WPA key : >cracked in 10 minutes using cowpatty and a dictionary attack. How : >realistic is this? : > : >Robin : > : >------------------------------------------------------------- : ---------- : >- : >------ : >Audit your website security with Acunetix Web Vulnerability Scanner: : > : >Hackers are concentrating their efforts on attacking applications on : >your website. Up to 75% of cyber attacks are launched on shopping : >carts, forms, login pages, dynamic content etc. Firewalls, SSL and : >locked-down servers are futile against web application : hacking. Check : >your website for vulnerabilities to SQL injection, Cross : site scripting : >and other web attacks before hackers do! : >Download Trial at: : > : >http://www.securityfocus.com/sponsor/pen-test_050831 : >------------------------------------------------------------- : ---------- : >- : >------- : > : > : > : > : > : >**DISCLAIMER : >This e-mail message and any files transmitted with it are : intended for the use of the individual or entity to which : they are addressed and may contain information that is : privileged, proprietary and confidential. If you are not the : intended recipient, you may not use, copy or disclose to : anyone the message or any information contained in the : message. If you have received this communication in error, : please notify the sender and delete this e-mail message. The : contents do not represent the opinion of D&E except to the : extent that it relates to their official business. : > : > : >------------------------------------------------------------- : ---------- : >------- Audit your website security with Acunetix Web Vulnerability : >Scanner: : > : >Hackers are concentrating their efforts on attacking applications on : >your website. Up to 75% of cyber attacks are launched on shopping : >carts, forms, login pages, dynamic content etc. Firewalls, SSL and : >locked-down servers are futile against web application : hacking. Check : >your website for vulnerabilities to SQL injection, Cross : site scripting and other web attacks before hackers do! : >Download Trial at: : > : >http://www.securityfocus.com/sponsor/pen-test_050831 : >------------------------------------------------------------- : ---------- : >-------- : > : > : > : > : > : : -------------------------------------------------------------- : ---------------- : Audit your website security with Acunetix Web Vulnerability Scanner: : : Hackers are concentrating their efforts on attacking : applications on your website. Up to 75% of cyber attacks are : launched on shopping carts, forms, login pages, dynamic : content etc. Firewalls, SSL and locked-down servers are : futile against web application hacking. Check your website : for vulnerabilities to SQL injection, Cross site scripting : and other web attacks before hackers do! : Download Trial at: : : http://www.securityfocus.com/sponsor/pen-test_050831 : -------------------------------------------------------------- : ----------------- : : : : : : : ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Cracking WEP and WPA keys, (continued)
- Re: Cracking WEP and WPA keys David M. Zendzian (Dec 14)
- Re: Cracking WEP and WPA keys Demetrio CarriĆ³n (Dec 16)
- RE: Cracking WEP and WPA keys Rui Pereira (WCG) (Dec 16)
- Re: Cracking WEP and WPA keys Cedric Blancher (Dec 16)
- Re: Cracking WEP and WPA keys Matthias.Vallentin (Dec 16)
- Re: Cracking WEP and WPA keys Robert Baldi (Dec 14)
- Cracking WEP and WPA keys Eduardo Espina (Dec 14)
- Re: Cracking WEP and WPA keys Fabien Degouet (Dec 14)
- Re: Cracking WEP and WPA keys Robin Wood (Dec 15)
- Re: Cracking WEP and WPA keys Fabien Degouet (Dec 17)
- Re: Cracking WEP and WPA keys Fabien Degouet (Dec 14)
- RE: Cracking WEP and WPA keys Hamlesh Motah (Dec 14)
- RE: Cracking WEP and WPA keys Rapaille Maxime (Dec 17)