Wireless Cracking Guide
Páginas: 30 (7435 palabras)
Publicado: 14 de abril de 2011
In this guide we'll try to discuss the many vulnerabilities affecting the WEP and WPA protocols. We'll also show you some techniques that can be used to break these protection schemes. Feel free to add any missing questions. Thanks :)
Greetings: c0sm4ky, bender0, CyberPK, Giulia and Buffer, Rageman.
Contents[hide] * 1 What are WEP, WPA and WPA2? In what they differ? * 2 Which wirelesscard do I need? * 3 My card can do these things, what now? * 4 How do I build an external antenna? * 5 Which operating system do I need? * 6 Yeah but... I don't want to install that on my laptop! * 7 Lie, it won't run! * 8 What's a BIOS? * 9 All right, I booted distro XYZ, what now? * 10 Are there any problems with the Intel PRO/Wireless 3945 A/B/G card? * 11 My card is recognized.We should have a beer now, shan't we? * 12 How do I discover which algorithm is in use? * 13 I know which algorithm is used, how do I crack it? * 14 How can I log traffic? * 15 How much traffic should I log? * 16 How do I merge a bunch of dumps in a single file? * 17 Ok, I merged those packets, but how do I crack the key? * 18 What if the network uses WPA? * 19 What is the WPAvulnerability I heard about in 2008? * 20 What if the network I'm attacking has no traffic? * 21 What if I have a Centrino card? * 22 What are the other tools in the AirCrack-NG suite for? * 23 How do I get around a MAC address filter? * 24 How do I associate with the Access-Point once I have the key? * 25 What if the network is using WPA-PSK? * 26 What are the main vulnerabilities inWEP? * 27 What about FMS and Chopchop? * 28 Can I modify a packet bypassing the CRC? * 29 I heard about a Fragmentation Attack, what is it? * 30 How do I discover the gateway if there's no DHCP? * 31 Shall we talk about ARP request injection? * 32 What is a deauthentication attack and how is it done? * 33 Breaking WEP in less than 60 seconds, it's possible! * 34 How do I generate arandom WEP/WPA key? |
What are WEP, WPA and WPA2? In what they differ?
WEP stands for Wired Equivalent Privacy, an unlucky acronym as we all know; it is the implementation of the wireless communication standard IEEE 802.11. The WEP scheme is based on a secret key, only known to the clients which can connect to the network, and on the corresponding Access-Point. The key is used to initialize anRC4 stream needed to encrypt the packets' payload, in order to guarantee their privacy.
WPA, on the other hand, stands for Wi-Fi Protected Access, a protocol born to replace WEP after its failure, and to provide a temporary alternative while waiting for the - now complete - IEEE 802.11i standard to be finished. The encryption algorithm used is again RC4, but this time the initialization vector is48 bits long (vs 24 in WEP). A protocol (TKIP) has been introduced, capable of dynamically changing the key every few minutes, and the old checksum algorithm CRC has been replaced with the new Micheal, to avoid many attacks well known by WEP users. WPA is certainly harder than WEP, but if you take a close look at it, you'll find out it's not much different to its predecessor.
WPA2, finally, isan implementation of the IEEE 802.11i standard, which differs from its ancestors in the encryption algorithm, not RC4 but AES (Advanced Encryption Standard, brother of Rijndael, the only difference being that Rijndael can handle variable sized data blocks while AES only deals with 128 bit blocks). This standard takes advantage of technologies similar to those used on VPNs to guarantee data privacyand integrity, and to unambiguously identify the sender. It also introduces authentication monitoring technologies and a new 4-way authentication protocol. WPA2 comes in two flavors:
WPA2-Personal: also called WPA2-PSK, PSK meaning Pre-Shared Key. It is used in SoHo networks. The password is unique and shared among all of the users: if a random string is chosen as a password the security of...
Greetings: c0sm4ky, bender0, CyberPK, Giulia and Buffer, Rageman.
Contents[hide] * 1 What are WEP, WPA and WPA2? In what they differ? * 2 Which wirelesscard do I need? * 3 My card can do these things, what now? * 4 How do I build an external antenna? * 5 Which operating system do I need? * 6 Yeah but... I don't want to install that on my laptop! * 7 Lie, it won't run! * 8 What's a BIOS? * 9 All right, I booted distro XYZ, what now? * 10 Are there any problems with the Intel PRO/Wireless 3945 A/B/G card? * 11 My card is recognized.We should have a beer now, shan't we? * 12 How do I discover which algorithm is in use? * 13 I know which algorithm is used, how do I crack it? * 14 How can I log traffic? * 15 How much traffic should I log? * 16 How do I merge a bunch of dumps in a single file? * 17 Ok, I merged those packets, but how do I crack the key? * 18 What if the network uses WPA? * 19 What is the WPAvulnerability I heard about in 2008? * 20 What if the network I'm attacking has no traffic? * 21 What if I have a Centrino card? * 22 What are the other tools in the AirCrack-NG suite for? * 23 How do I get around a MAC address filter? * 24 How do I associate with the Access-Point once I have the key? * 25 What if the network is using WPA-PSK? * 26 What are the main vulnerabilities inWEP? * 27 What about FMS and Chopchop? * 28 Can I modify a packet bypassing the CRC? * 29 I heard about a Fragmentation Attack, what is it? * 30 How do I discover the gateway if there's no DHCP? * 31 Shall we talk about ARP request injection? * 32 What is a deauthentication attack and how is it done? * 33 Breaking WEP in less than 60 seconds, it's possible! * 34 How do I generate arandom WEP/WPA key? |
What are WEP, WPA and WPA2? In what they differ?
WEP stands for Wired Equivalent Privacy, an unlucky acronym as we all know; it is the implementation of the wireless communication standard IEEE 802.11. The WEP scheme is based on a secret key, only known to the clients which can connect to the network, and on the corresponding Access-Point. The key is used to initialize anRC4 stream needed to encrypt the packets' payload, in order to guarantee their privacy.
WPA, on the other hand, stands for Wi-Fi Protected Access, a protocol born to replace WEP after its failure, and to provide a temporary alternative while waiting for the - now complete - IEEE 802.11i standard to be finished. The encryption algorithm used is again RC4, but this time the initialization vector is48 bits long (vs 24 in WEP). A protocol (TKIP) has been introduced, capable of dynamically changing the key every few minutes, and the old checksum algorithm CRC has been replaced with the new Micheal, to avoid many attacks well known by WEP users. WPA is certainly harder than WEP, but if you take a close look at it, you'll find out it's not much different to its predecessor.
WPA2, finally, isan implementation of the IEEE 802.11i standard, which differs from its ancestors in the encryption algorithm, not RC4 but AES (Advanced Encryption Standard, brother of Rijndael, the only difference being that Rijndael can handle variable sized data blocks while AES only deals with 128 bit blocks). This standard takes advantage of technologies similar to those used on VPNs to guarantee data privacyand integrity, and to unambiguously identify the sender. It also introduces authentication monitoring technologies and a new 4-way authentication protocol. WPA2 comes in two flavors:
WPA2-Personal: also called WPA2-PSK, PSK meaning Pre-Shared Key. It is used in SoHo networks. The password is unique and shared among all of the users: if a random string is chosen as a password the security of...
Leer documento completo
Regístrate para leer el documento completo.