26 replies to this topic

[biosphear]

I recently did an entire walkthough of just how insecure WEP is for a 4H computer competition and ended up winning...

Congrats for the Win.

And 3-4 minutes is nothing, in my demo I got past my test network's 64-bit WEP in a little over 1:30!

3-4 minutes is for 104 bit WEP (Also known as 128 bit. 104bit+24IV= 128. I think I have covered that already, but just in case).

And do you have a video of you cracking it in 1:30. I would like to see how you did it.

And once again. Once I find my walk through, I will post how to get 20 WEP Passwords in 30 seconds.

biosphear.

[icblkppl]

forgive me but isnt for WPA-PSK you need to capture the Handshake between a computer and the router ( thats how I learned it) then run it against a dic file?? using aireplay and airodump?

[icblkppl]

But for WEP just use backtrack 4 and VMware but u'll need A usb wireless card (sorry about the double post) I can post a guide if you need one

Edited by icblkppl, 06 September 2009 - 07:17 AM.

[Colonel Panic]

But for WEP just use backtrack 4 and VMware but u'll need A usb wireless card (sorry about the double post) I can post a guide if you need one

What do you need VMware for?

Backtrack can be booted from USB, CD or DVD.

[baby-Hackribs]

Quick question, and this is more aimed at AT&T Verizown and Comcast, WEP is riddled with security faults, granted I have been out of the scene for like a year or more, but WEP security was an issue in '06. Why on earth are routers still configured to use WEP by default? I really shouldn't talk, our router at home is completely unprotected, but seriously, people are still able to do this?

I guess the reason why I am having a hard time believing it is because I ran a kismet session as I drove up the highway from Boston to Amherst and the I only saw maybe 10 or 12 unencrypted networks (one of them was an insurance agency and another was a doctor's office *yikes*) and I only say maybe 9 WEP networks, the rest were WPA or WPA2. (I should mention that I snagged like... over 140 networks in total)

I would like to make another observation, most of the WiFi networks you are going to run into in the suburbs are not going to have a "SysAdmin" or "SysOP", or even in the cities for that matter (unless you are in a financial district or at an airport. Basically, I have pretty strong suspicion that your activity will go largely unnoticed until you do something like, turn of WEP or change the name of the network to "network-of-t3h-p\/\/n3d", "lul-usux" etc, etc.

Hell, I am not sure if a cop would even know what do with a kid if he caught them running kismet and aircrack-ng; this is assuming that you are not dressed in black crouching in the foliage with a laptop and smelling kind of odd... moving on.

I am intrigued though, I was never able to get WiFi cracking quite down, perhaps I was two impatient or my driver didn't support packet injection, it was most likely the latter.


Thanks for the link btw I will see about buying the Alfa, hell, looks like I could make my own amplifier for it!

[Kool-Aide]

Hey dude if you still can't get it to work on ubuntu try downloading the new version of Backtrack 4 http://www.remote-ex...t4-prefinal-iso

It has everything you need for cracking WEP pre-installed.
There is also a way to crack WPA now but it has to be TKIP. I don't remember the other type of WPA encrytion off the top of my head but there is some articles about it.

I could never get kismet to work for me in backtrack but I did some tweaking to my configurations.
I have an atheros and it won't set my card to monitor mode so I did some research and got it to work.
Such as:
ifconfig ath0 up
wlanconfig ath1 create wlanmode monitor wlandev wifi0
ifconfig ath0 down
wlanconfig ath0 destroy
ifconfig ath1 up

boom i now have my atheros card in monitor mode so i can use airodump.

if you want to crack wep though you should setup your airodump to capture only IV's from a certain channel.

And if anybody can correct me on this maybe i am wrong but I have cracked a WEP encryption before with no clients associated except for me. I did the fake auth... then ran ARP inject. while both were running i stopped fake auth and used Deauth... after about 5 seconds of deauthing... my arp inject shot up to sending/receiving 300+ IV packets a sec. and that router i cracked in 3 mins or less.
Turned out the password was the companies phone number. I have actually seen that alone. I tried calling it for fun and it turned out to be their fax number.

If i am wrong and that is not suppose to happen, correct me because i could had swore you had to be fully authed with a router to actually get it to catch the right IV packet to inject. I didn't think a fake auth would do it but I was just trying it for shits and gigs.

anyways i hope this helps you if not anybody else who is having trouble.

Hi.

I was recently reading an article here: http://www.hellbound...-fbi-style.html
explaining how to get the WEP key for a network in 3-4 mins.

I am very interested in this, and wish to try it out on my own network. Sadly I am having some trouble using the 2 main programs mentioned in this article "Kismet" and "Aircrack".

I am using Ubuntu at the moment, and am having some slight trouble downloading these two. (Sorry, I only started with Linux a week or two ago )

I can probably get by without Kismet, as I know the SSID and Channel of my current network, but for me to try this out, I really need Aircrack.

Could someone please help me in downloading these programs and give any ideas which might help as I am slightly confused on some things mentioned in this article.

Thanks very much.

[Skunkworks]

I recently did an entire walkthough of just how insecure WEP is for a 4H computer competition and ended up winning...

Congrats for the Win.

And 3-4 minutes is nothing, in my demo I got past my test network's 64-bit WEP in a little over 1:30!

3-4 minutes is for 104 bit WEP (Also known as 128 bit. 104bit+24IV= 128. I think I have covered that already, but just in case).

And do you have a video of you cracking it in 1:30. I would like to see how you did it.

And once again. Once I find my walk through, I will post how to get 20 WEP Passwords in 30 seconds.

biosphear.

I don't have the video offhand, but I was "cheating" a bit by having all the commands pre-typed up in a textfile including the SSID and mac address of my test AP. I was also using 64 bit wep. Then I just quickly pasted the commands into four different shells, and after about 1:30 I broke my test key. Sure its a bit unrealistic for a real world situation, but it really helped get the point across how insecure WEP really is.

I should make a video of it!

And I can do it in not significantly longer typing all the commands.