Wireless Hacks. 1917 IndustrialStrength Tips and Tools [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

Wireless Hacks. 1917 IndustrialStrength Tips and Tools [Electronic resources] - نسخه متنی

Rob Flickenger

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید












Hack 88 Cracking WEP with AirSnort: The Easy Way




Use a dictionary attack to test the security of
your WEP key.



While widely publicized for its
ability to crack a WEP key in real time by attacking weaknesses in
the implementation, AirSnort requires a potentially large amount of
data to be gathered before the attack is successful. AirSnort also
comes with a largely unknown utility that will perform a dictionary
attack on a relatively tiny sampling of network traffic.


Using the aptly named
decrypt utility, you can attempt to decrypt a
WEP stream by trying a list of potential candidates from a word list.
This attack can be carried out in a matter of minutes, rather than
the hours that would be required to collect the large traffic samples
needed to interpolate a WEP key.


To use the decrypt utility, you first need a
packet dump from a utility that can capture raw 802.11 frames (such
as Kismet [Hack #31]). You will also
need a list of suitable candidates, namely words that are either 5 or
13 characters long (for 40-bit or 104-bit WEP respectively). Invoke
the utility like this:


# decrypt -f /usr/dict/words -m 00:02:2D:27:D9:22 -e encrypted.dump -d [RETURN]
out.dump

Found key: Hex - 61:6c:6f:68:61, ASCII - "aloha"


Notice that you also need to specify the BSSID of the network you
wish to attempt to decrypt. In this case, the BSSID is the same as
the MAC address of the AP, but can be set to virtually anything. You
can obtain this field from the Info pane inside Kismet when capturing
the data [Hack #31]. If successful,
the decrypt utility displays the WEP key, decrypts the entire stream
(specified by the -e switch), and saves it to a
file of your choice (specified by the -d switch).


This output file is suitable for import into any standard
packet-analysis tool, such as tcpdump ([Hack #37]) or Etherereal [Hack #39].


Of course, this attack succeeds only if the WEP key actually appears
in your list of words to try. Unix password crackers have
developed utilities over the years that will not only try words from
the dictionary, but will try common (and even unusual) variations on
these words until a match is found. The use of these tools is left as
an exercise to whatever demented individuals find it worth their
while to do so.


Again, the point of this hack isn't to encourage you
to go around breaking into people's networks, but to
stress the importance of strong encryption and proper network
configuration. It is just plain foolish to expect WEP to answer all
of your security needs when tools like AirSnort so easily demonstrate
its inherent weaknesses.


You can download AirSnort
from http://airsnort.shmoo.com/.
There is also a wealth of information there about passive monitoring,
WEP implementations, and wireless security in general.



/ 158