Sign in to follow this  
Followers 0
indexphinger

Cracking Wep Keys On the fly while wardriving.

20 posts in this topic

Now then, I don't have space for gigabytes of rainbow tables, is there a valid way to quickly brute-force a key other than sniffing for it? any pointers? I'd like to go wardriving soon and mapping out the area because. Quite literally you can walk 2 feet and get an entirely new batch of Access Points!

0

Share this post


Link to post
Share on other sites

You can't crack wep keys with Rainbow Tables because of the way the algorithm works. The Aircrack-ng group has made a few somewhat automated tools to crack wep. You still a few thousand packets of data to crack the key

What is your setup?

0

Share this post


Link to post
Share on other sites
You can't crack wep keys with Rainbow Tables because of the way the algorithm works. The Aircrack-ng group has made a few somewhat automated tools to crack wep. You still a few thousand packets of data to crack the key

What is your setup?

MSI Megabook, toshiba wifi (I'm doing this with my buddy andre so I dotn has the specs offhand).

;) I have a few Ralink RT2500 based sticks around too because they're definately supported.

0

Share this post


Link to post
Share on other sites

I am retyping my guide to cracking 64/128 bit WEP, when I get done, I will post is up.

Should only take 10 Min.

EDIT:

Here it is.

Tell me what you think.

If you find any errors on it, please tell me, so I may fix them. :D

This guide does not explain exactly what is going on just what the functions do. I have an guide that gets more in depth, but need to retype that as well (flash drive broke :(...)

They are the same file, one is a .doc and the other is .txt, the .doc is easier to read.

64_bit_and_128_bit_WEP_Cracking.doc

Wep_Cracking.txt

Edited by biosphear
0

Share this post


Link to post
Share on other sites

i was told backtrack 3 would be perfect for cracking

is that correct ?

suggestions any

0

Share this post


Link to post
Share on other sites

I doubt you would consider backtrack 3 perfect for anything. Cracking anything seems to be a time consuming task. You can't expect to stick a CD in a drive and expect everything.

Edited by Meman5150
0

Share this post


Link to post
Share on other sites
i was told backtrack 3 would be perfect for cracking

is that correct ?

suggestions any

Personally i havnet used backtrack for wep cracking, but any Linux distro will work. You just need to install airocrack-ng suite and made sure your drivers are patched. Then some documentation online. Cracking a wep key will only take about 20 min from start to finish and only about 10 secs to crack the actual key :P

0

Share this post


Link to post
Share on other sites

Just got my Belkin F5D9050 v.3002 to say it's packet injection is working.. I am so psyched. I'm not sure if it was updating the RT73 driver or the iwpriv command that did it... but it seems to be happy now.

For testing: Would this work? I have a Linksys WUSB54Gv2 usb adapter.. if I used it with ndiswrapper and another computer.. set it up as a wep access point w/o internet access.. Should that be sufficient to let me get this aircrack stuff figured out?

edit: all of this will be done on Ubuntu boxes.

Edited by PurpleJesus
0

Share this post


Link to post
Share on other sites
Just got my Belkin F5D9050 v.3002 to say it's packet injection is working.. I am so psyched. I'm not sure if it was updating the RT73 driver or the iwpriv command that did it... but it seems to be happy now.

For testing: Would this work? I have a Linksys WUSB54Gv2 usb adapter.. if I used it with ndiswrapper and another computer.. set it up as a wep access point w/o internet access.. Should that be sufficient to let me get this aircrack stuff figured out?

edit: all of this will be done on Ubuntu boxes.

Do you mean turning a Ubuntu box into a wireless router? Never tried it that way, but i dont see why it wouldnt work. Before i had a wireless router i did a similar thing but putting it in adhoc mode and no encryption. Cracking wep for the first time can be quite difficult because there are so many different variables involved (e.g. wireless chipset, drivers, attack types etc). I would suggest, if possible, using a wireless router in wep mode to practice on then you at least know that the router is work as it should. If you're worried about security just make sure to monitor your logs and connections and you should be fine and put it back to wpa when you're done.

0

Share this post


Link to post
Share on other sites
Just got my Belkin F5D9050 v.3002 to say it's packet injection is working.. I am so psyched. I'm not sure if it was updating the RT73 driver or the iwpriv command that did it... but it seems to be happy now.

For testing: Would this work? I have a Linksys WUSB54Gv2 usb adapter.. if I used it with ndiswrapper and another computer.. set it up as a wep access point w/o internet access.. Should that be sufficient to let me get this aircrack stuff figured out?

edit: all of this will be done on Ubuntu boxes.

Do you mean turning a Ubuntu box into a wireless router? Never tried it that way, but i dont see why it wouldnt work. Before i had a wireless router i did a similar thing but putting it in adhoc mode and no encryption. Cracking wep for the first time can be quite difficult because there are so many different variables involved (e.g. wireless chipset, drivers, attack types etc). I would suggest, if possible, using a wireless router in wep mode to practice on then you at least know that the router is work as it should. If you're worried about security just make sure to monitor your logs and connections and you should be fine and put it back to wpa when you're done.

Yeah, you got it.. I was thinking of using my slow machine as an AP w/ the eithernet cable unplugged for testing, and security. Then use my Palm TX to generate some traffic on it. I could drop my WPA stuff from my router and do it that way too - that would be a better real-world exercise anyways.

0

Share this post


Link to post
Share on other sites

If the router broadcasts UPnP (default for most routers) WEP can be cracked in under 15 minutes with no clients using the Chop Chop attack. If ARP reinjection is used and sufficient data is collected a 128 bit will basically be cracked on the fly using the latest aircrack-ng cracking algorithm.

0

Share this post


Link to post
Share on other sites

With the guide I put out (my other post) I was able to crack WEP in 5 minuets and 12 seconds.

Look at the guide it is easy to understand and gives a step by step on how to do it.

0

Share this post


Link to post
Share on other sites
If the router broadcasts UPnP (default for most routers) WEP can be cracked in under 15 minutes with no clients using the Chop Chop attack. If ARP reinjection is used and sufficient data is collected a 128 bit will basically be cracked on the fly using the latest aircrack-ng cracking algorithm.

im not sure exactly what you mean here. i dont see howUPnP has anything to do with initialization vectors. UPnP is part of the capability information contained in the management/probe response packets. its not a packet type. capability information of the router wouldnt do you any good if youre trying to crack wep.

0

Share this post


Link to post
Share on other sites
With the guide I put out (my other post) I was able to crack WEP in 5 minuets and 12 seconds.

Look at the guide it is easy to understand and gives a step by step on how to do it.

what other post - where is it ?

ok i found it-

it says about 64 and 128 bit wep -

can anyone explain that to a newman

is that the type my neighbor could have i mean

Edited by deickos
0

Share this post


Link to post
Share on other sites
If the router broadcasts UPnP (default for most routers) WEP can be cracked in under 15 minutes with no clients using the Chop Chop attack. If ARP reinjection is used and sufficient data is collected a 128 bit will basically be cracked on the fly using the latest aircrack-ng cracking algorithm.

im not sure exactly what you mean here. i dont see howUPnP has anything to do with initialization vectors. UPnP is part of the capability information contained in the management/probe response packets. its not a packet type. capability information of the router wouldnt do you any good if youre trying to crack wep.

http://www.codeproject.com/KB/IP/PortForward.aspx

http://74.125.45.132/search?q=cache:RVPXGz...lient=firefox-a

to function it sends data packets. Usually they are unicast (239.x.x.x i believe) port 1900. The chopchop attack can use these packets, byte by byte break the encryption. At that point packetforge-ng can make an ARP to reinject.

0

Share this post


Link to post
Share on other sites

Kismet first to find the AP

Start monitoring it

Run the Injector

Create injection requests

Now you have your packets

Yay

Edited by R4p1d
0

Share this post


Link to post
Share on other sites
Kismet first to find the AP

Start monitoring it

Run the Injector

Create injection requests

Now you have your packets

Yay

I do like Kismet, but only use it for cracking WPA.

airodump-ng does everything you need to when cracking WEP (and comes in handy when cracking WPA)

All one has to do is read my guide.

I need more feed back on it, also I know there are a few errors, I have fix them but do not have the file with me because I am at work.

0

Share this post


Link to post
Share on other sites
Kismet first to find the AP

Start monitoring it

Run the Injector

Create injection requests

Now you have your packets

Yay

I do like Kismet, but only use it for cracking WPA.

airodump-ng does everything you need to when cracking WEP (and comes in handy when cracking WPA)

All one has to do is read my guide.

I need more feed back on it, also I know there are a few errors, I have fix them but do not have the file with me because I am at work.

Well airodump-ng is passive, if you want your packets fast use aireplay-ng to do an active attack, much more efficient, but it pretty much kicks everyone off the network.

Edited by R4p1d
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0