Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Cracking WEP and WPA keys

from [Hamlesh Motah] Network Security [Permanent Link]
Subject: RE: Cracking WEP and WPA keys
Date: Thu, 15 Dec 2005 00:58:11 -0000 
Out of interest, is WPA case sensitive?

I take it an AP with MAC restricted access and a WPA such as;

"cH2efROEfRleVouBL0noAN5amoUSiEHiafroUPHouPHlepHl0dLAsTluFroaBri"

Would be fairly secure?  Unless of course someone has that in their
dictionary of course?

What about special characters, does WPA take that into account?  I could
have just google'd that :)

Hamlesh.





 

: -----Original Message-----
: From: Seth Fogie [mailto:seth@fogieonline.com] 
: Sent: 13 December 2005 21:01
: To: pen-test@securityfocus.com
: Subject: Re: Cracking WEP and WPA keys
: 
: I teach a wireless hacking class and perform this wep 
: cracking live in under 4 minutes with generated data. The 
: airoreplay method has taken between 6 and 20 minutes, 
: depending on luck and traffic generated. 
: However, this is in a controlled environment. One, you have 
: to be sure your airocrack is using the same frequency as your 
: wireless network. 
: Two, you have to be sure your using the same standard (b vs 
: g). If your airodump is capturing only b traffic, and your 
: network is primariy g, you will only see beacons...which are 
: worthless when cracking wep..
: 
: In addition, some vendors have taken steps to prevent these 
: types of attacks. I personally use a Linksys 54g router with 
: a Netgear G card set to 802.11b only during the tests...my 
: senao card also works. However, other cards and AP's I have 
: used aren't as crack friendly.
: 
: WPA is a different story all together. I can crack WPA in 
: less than a second assuming my dictionary file is only one 
: word long and that word is my passphrase. All you need to do 
: is capture 4 packets and then use cowpatty to test the 
: dictionary words to see which one matches. 
: Depending on the passphrase setup in WPA, and its position in 
: the dictionary, your crack could be seconds or years...and if 
: the passphrase is not in your dictionary file...well, then it 
: won't be cracked.
: 
: Seth Fogie
: Airscanner
: Moderator for wifisec@securityfocus.com
: 
: Shenk, Jerry A wrote:
: 
: >Cracking WEP depends on a ton of stuff.  If you're cracking 
: it looking 
: >for weak IVs, you'll need an AP that has weak IVs.  Most of the new 
: >ones avoid them to one degree or another.  What AP are you using?  I 
: >used a Linksys in my initial testing (a couple years ago) 
: and cracked 
: >the key in 4 hours.  I also tried to crack a Cisco 350 
: (replaced by the 
: >1200
: >series) and never was able to crack the key using that method, even 
: >after running for days.
: >
: >Another thing, that "crack in seconds" is based on already 
: having hours 
: >or days worth of traffic to use.
: >
: >There are some new tools that generate traffic rather than having to 
: >wait for it and some of the new cracking methods are better 
: or worse, 
: >depending on your perspective.  I think some of these "WEP 
: is worthless"
: >stories are overly sensational.  Yes, WEP is broken, ok, 
: possibly even 
: >horribly broken but it stops a 'casual connector', it even 
: stops quite 
: >a few determined hackers (it stopped you;).  If you're the NSA...ok, 
: >WEP is worthless....the people attacking you are determined, well 
: >financed professionals.  If you're my mom, checking her e-mail from 
: >home with a wireless laptop, I think WEP is perfectly fine.  
: Installing 
: >everything needed for a good PEAP implementation for my mom 
: is absolutely insane.
: >Most people are gonna be someplace in the middle where a 
: little bit of 
: >risk evaluation is in order.
: >
: >-----Original Message-----
: >From: Robin Wood [mailto:dninja@gmail.com]
: >Sent: Tuesday, December 13, 2005 5:09 AM
: >To: pen-test@securityfocus.com
: >Subject: Cracking WEP and WPA keys
: >
: >Hi
: >I've just been on a wireless security course where there was 
: a lot of 
: >talk about WEP keys being poor security and easily crackable. I got 
: >home and decided to put it to practice and use aircrack 
: against my own 
: >WEP key.
: >
: >Using airodump and aireplay I collected 1 million IVs and 
: set aircrack 
: >off attacking it. After around 4 hours I got bored of waiting and on 
: >another machine tried playing with aircracks debug option 
: where you can 
: >pass sections of the key you already know. I found if I passed the 
: >whole key except the last digit it could be cracked with a 
: fudge factor 
: >of 2, if I removed the last 2 digits then I had to up the 
: fudge factor 
: >to 5 and up it to 8 if I removed the last 3 digits. With 
: anything less 
: >than the fudge factor mentioned I was told that it couldn't 
: crack the 
: >key.
: >
: >All the examples I've seen seem to suggest that cracking should take 
: >minutes not hours and all keys should be crackable. What 
: experiences do 
: >other testers have? Have I done something wrong? I abandoned 
: the full 
: >attack after
: >5 hours as it was running with the default fudge factor of 2 
: so would 
: >probably not have managed to crack the key.
: >
: >I've also seen a video on the Remote Exploit site showing a WPA key 
: >cracked in 10 minutes using cowpatty and a dictionary attack. How 
: >realistic is this?
: >
: >Robin
: >
: >-------------------------------------------------------------
: ----------
: >-
: >------
: >Audit your website security with Acunetix Web Vulnerability Scanner: 
: >
: >Hackers are concentrating their efforts on attacking applications on 
: >your website. Up to 75% of cyber attacks are launched on shopping 
: >carts, forms, login pages, dynamic content etc. Firewalls, SSL and 
: >locked-down servers are futile against web application 
: hacking. Check 
: >your website for vulnerabilities to SQL injection, Cross 
: site scripting 
: >and other web attacks before hackers do!
: >Download Trial at:
: >
: >http://www.securityfocus.com/sponsor/pen-test_050831
: >-------------------------------------------------------------
: ----------
: >-
: >-------
: >
: >
: >
: >
: >
: >**DISCLAIMER
: >This e-mail message and any files transmitted with it are 
: intended for the use of the individual or entity to which 
: they are addressed and may contain information that is 
: privileged, proprietary and confidential. If you are not the 
: intended recipient, you may not use, copy or disclose to 
: anyone the message or any information contained in the 
: message. If you have received this communication in error, 
: please notify the sender and delete this e-mail message. The 
: contents do not represent the opinion of D&E except to the 
: extent that it relates to their official business.
: >
: >
: >-------------------------------------------------------------
: ----------
: >------- Audit your website security with Acunetix Web Vulnerability 
: >Scanner:
: >
: >Hackers are concentrating their efforts on attacking applications on 
: >your website. Up to 75% of cyber attacks are launched on shopping 
: >carts, forms, login pages, dynamic content etc. Firewalls, SSL and 
: >locked-down servers are futile against web application 
: hacking. Check 
: >your website for vulnerabilities to SQL injection, Cross 
: site scripting and other web attacks before hackers do!
: >Download Trial at:
: >
: >http://www.securityfocus.com/sponsor/pen-test_050831
: >-------------------------------------------------------------
: ----------
: >--------
: >
: >
: >
: >  
: >
: 
: --------------------------------------------------------------
: ----------------
: Audit your website security with Acunetix Web Vulnerability Scanner: 
: 
: Hackers are concentrating their efforts on attacking 
: applications on your website. Up to 75% of cyber attacks are 
: launched on shopping carts, forms, login pages, dynamic 
: content etc. Firewalls, SSL and locked-down servers are 
: futile against web application hacking. Check your website 
: for vulnerabilities to SQL injection, Cross site scripting 
: and other web attacks before hackers do! 
: Download Trial at:
: 
: http://www.securityfocus.com/sponsor/pen-test_050831
: --------------------------------------------------------------
: -----------------
: 
: 
: 
: 
: 
: 
: 

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Nortel PeriphonicsScanner, David M. Zendzian
Next by Date:  Re: Cracking WEP and WPA keys, Fabien Degouet
Previous by Thread:  Re: Cracking WEP and WPA keys, Fabien Degouet
Next by Thread:  RE: Cracking WEP and WPA keys, Rapaille Maxime
Indexes:  [Date] [Thread] [Top] [All Lists]