Ingeniero
Páginas: 15 (3718 palabras)
Publicado: 5 de diciembre de 2012
Nowadays, many people tend to use wireless connections since utp cables are sometimes not acceptable. When their routers become access points, too few of them are properly protected. Most of them tend to use WEP as a means to protect their internet connection. Well, this is surely better than leaving the connection without any key, but it’s still not enough. From now on you’re highly adviced touse WPA2 for your internet connection security and you’ll shortly see why
For starters, for such tasks it’s a whole lot easier to use a linux system. I suspect that most of you have one if you’re looking at that tutorial or at least can easily get to one. We’ll be using aircrack-ng for this task, so go ahead and install it to your system.
At first open a root shell and issue the command:iwconfig |
This will show your your wireless connection adapter name and information. Remember what its name is, most probably it would be something like wlan0 or wifi.
If you need to be totally anonymous while doing this, you can also masquarade your mac number with the command:
macchanger --mac 00:11:22:33:44:66 [wireless interface name] |
(don’t forget that you need to install macchanger if youdo that, since it’s not an aircrack tool)
The first thing to do is put your wireless card in monitor mode. If you use a packet sniffer on your network, you’ll have probably heard of promiscuous mode. This is the mode in which ethernet cards work when a sniffer is fired. At this mode, when a network card gets associated to a network, the root user can capture every packet from every connection ofthe network. Monitor mode is something like that, but for wireless networks, with the important difference that one does not need to associate with the access point to monitor the traffic(which is great of course ).
In order to put our card into that mode and start sniffing around, we need to issue the command :
airmon-ng stop [wireless interface name] |
Now our wireless connection gets lostif we are connected to some router and we can now sniff freely. First of all, let’s see what wireless access points are out there.
airodump-ng [wireless interface name] |
This command dumps all the wireless access points along with any clients that are probably connected to them. Just pick a wireless access point and see if it uses WEP. If it does, note its BSSID(which is in fact the macaddress), its ESSID, which is its appearing name and channel(column CH).
Let me now tell you what the attack will be like. WEP used to be the standard for protecting a wireless network. WEP uses an RC family encryption algorithm, RC4 particularly. However, since RC4 is a stream cipher, statistical analysis is a real threat and it so happens that it’s devastating to WEP. At the process to follow, youwill see that IVs are the important information to collect. If you need to know why WEP is not a good idea, read this great analysis at http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html and especially the part i paste below :
WEP uses the RC4 encryption algorithm, which is known as a stream cipher. A stream cipher operates by expanding a short key into an infinite pseudo-random key stream. Thesender XORs the key stream with the plaintext to produce ciphertext. The receiver has a copy of the same key, and uses it to generate identical key stream. XORing the key stream with the ciphertext yields the original plaintext.
This mode of operation makes stream ciphers vulnerable to several attacks. If an attacker flips a bit in the ciphertext, then upon decryption, the corresponding bit in theplaintext will be flipped. Also, if an eavesdropper intercepts two ciphertexts encrypted with the same key stream, it is possible to obtain the XOR of the two plaintexts. Knowledge of this XOR can enable statistical attacks to recover the plaintexts. The statistical attacks become increasingly practical as more ciphertexts that use the same key stream are known. Once one of the plaintexts...
For starters, for such tasks it’s a whole lot easier to use a linux system. I suspect that most of you have one if you’re looking at that tutorial or at least can easily get to one. We’ll be using aircrack-ng for this task, so go ahead and install it to your system.
At first open a root shell and issue the command:iwconfig |
This will show your your wireless connection adapter name and information. Remember what its name is, most probably it would be something like wlan0 or wifi.
If you need to be totally anonymous while doing this, you can also masquarade your mac number with the command:
macchanger --mac 00:11:22:33:44:66 [wireless interface name] |
(don’t forget that you need to install macchanger if youdo that, since it’s not an aircrack tool)
The first thing to do is put your wireless card in monitor mode. If you use a packet sniffer on your network, you’ll have probably heard of promiscuous mode. This is the mode in which ethernet cards work when a sniffer is fired. At this mode, when a network card gets associated to a network, the root user can capture every packet from every connection ofthe network. Monitor mode is something like that, but for wireless networks, with the important difference that one does not need to associate with the access point to monitor the traffic(which is great of course ).
In order to put our card into that mode and start sniffing around, we need to issue the command :
airmon-ng stop [wireless interface name] |
Now our wireless connection gets lostif we are connected to some router and we can now sniff freely. First of all, let’s see what wireless access points are out there.
airodump-ng [wireless interface name] |
This command dumps all the wireless access points along with any clients that are probably connected to them. Just pick a wireless access point and see if it uses WEP. If it does, note its BSSID(which is in fact the macaddress), its ESSID, which is its appearing name and channel(column CH).
Let me now tell you what the attack will be like. WEP used to be the standard for protecting a wireless network. WEP uses an RC family encryption algorithm, RC4 particularly. However, since RC4 is a stream cipher, statistical analysis is a real threat and it so happens that it’s devastating to WEP. At the process to follow, youwill see that IVs are the important information to collect. If you need to know why WEP is not a good idea, read this great analysis at http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html and especially the part i paste below :
WEP uses the RC4 encryption algorithm, which is known as a stream cipher. A stream cipher operates by expanding a short key into an infinite pseudo-random key stream. Thesender XORs the key stream with the plaintext to produce ciphertext. The receiver has a copy of the same key, and uses it to generate identical key stream. XORing the key stream with the ciphertext yields the original plaintext.
This mode of operation makes stream ciphers vulnerable to several attacks. If an attacker flips a bit in the ciphertext, then upon decryption, the corresponding bit in theplaintext will be flipped. Also, if an eavesdropper intercepts two ciphertexts encrypted with the same key stream, it is possible to obtain the XOR of the two plaintexts. Knowledge of this XOR can enable statistical attacks to recover the plaintexts. The statistical attacks become increasingly practical as more ciphertexts that use the same key stream are known. Once one of the plaintexts...
Leer documento completo
Regístrate para leer el documento completo.