who has cracked WEP enabled AP's?

Configuration and operational information about stumbled AP's

Postby Guest » Fri Dec 21, 2001 11:01 am

Jerry, have you tried the Wepcrack scripts instead of just AirSnort? Try throwing those against your already captured dumps and see if anything happens.

http://wepcrack.sourceforge.net/


John K.
Guest
 

Postby Guest » Fri Dec 21, 2001 1:20 pm

Nope, haven't tried that. I tried getting it a bit ago and had trouble.....definitely will have to try that route again.....especially if that will crack/try existing captured data.
Guest
 

need crack for airopeek

Postby Guest » Mon Feb 04, 2002 6:40 pm

Anyone out there?
Guest
 

Just to mention it again:

Postby Guest » Thu Feb 07, 2002 11:44 pm

THIS IS NO WAREZ BOARD!
Guest
 

Postby Guest » Mon Feb 18, 2002 10:57 am

I don't see how Airopeek could aid in cracking WEP keys. Am I missing something? Is there a tool that could process the airopeek dumps?
Guest
 

Postby Guest » Mon Feb 18, 2002 10:58 am

Does anyone know how to spoof the MAC address on a Cisco or Lucent card?

thx
Guest
 

No luck so far

Postby Guest » Sat Feb 23, 2002 10:03 am

I captured around 1000 interesting packets with airsnort, but crack (breadth 1-4) did not find the key . The setup has WEP with a 128-bit key enabled.
Did anyone succeed so far ?

greets

nrgetic
Guest
 

Successfully cracked WEP key

Postby Guest » Mon Feb 25, 2002 11:38 pm

Ok I succesfullly broke a 128-bit key after capturing 3600 interesting packets. The calculation itself took only two seconds. I'm trying to figure out what the minimum amount of interesting packets is to succesfully break it.

greetz

nrgetic
Guest
 

Postby Guest » Tue Feb 26, 2002 5:39 am

nrgetic,
How long did it take you to capture the 3600? Did you use a flood or was it regular traffic? Some of the messages above indicate that it takes quite a while. Fungus reports over a week; JoeTampa got it down to 3-4 hours with a UDP flood.

I haven't tried and cracking, but I want to setup a test unit in my lab soon. Just trying to get a feel for how much of a "real world" threat this is.

Cheers,
Thorn
Guest
 

second test

Postby Guest » Tue Feb 26, 2002 6:09 am

Ok ,my setup is a Cisco 340 AP and a compaq WL110 on the client notebook and WEP with a 128-bit key.
Transfer rate between server and client measured with bing (linux bandwitdh test tool)is 2.6 Mbps.
It took a total of 7 hours to capture and to crack the key.
During that time I continously ran bing and captured 16 million encrypted packets. Out of this 16 million packets, there were 1551 interesting (airsnort) packets.
Then I ran ./crack -b 2 -l 128 dump.file and it found the key within seconds. The time it takes to capture enough data heavily depends on the amount of traffic over the wireless link.If you can push the transfer rate higher than 2.6 Mbps than you will probably find the key faster.
Next I would like to find out how long it takes for a 40-bit key.

greetz

nrgetic
Guest
 

Postby Guest » Tue Feb 26, 2002 8:39 am

How big was the captured file?

Are you running this on a linux box?
Guest
 

Interesting Info

Postby Guest » Tue Feb 26, 2002 9:17 am

16 million packets captured over a 7 hour period with a continuos 2.6Mb transfer to obtain 1500 intersting packets.

Now if we could just extrapolate the data - in a normal environment, let's take Avis as an example (Avis can't limit coverage, they need to have access in the parking lot - plus, would they notice one extra car just sitting there?), with all those hand helds, being used to login all those returned rentals, how long would it take to capture those 1500 packets?
Guest
 

can't remember

Postby Guest » Tue Feb 26, 2002 10:18 am

Hi,

can't remember how big the captured file size was, but I believe it was under 200KB. I will check tomorrow.
Yes airsnort runs only on Linux.
I tried to use udpflooder to speed up the whole process, but I get much better results with bing, although I have to admit I tried a windows flooder. I will try a linux flooder tomorrow. Anyhow in real life environment you have no influence over the traffic volume. It's just for the lab.

@fordem
Find it out and let us know ;-)

greetz

nrgetic
Guest
 

I wish I could ..

Postby Guest » Tue Feb 26, 2002 2:56 pm

BUT I live in a technologically backward country, where I know of only one WLAN (besides the one in my lab), so my first problem would be finding a WEP enabled access point
:(
Guest
 

Thanks...

Postby Guest » Tue Feb 26, 2002 7:00 pm

for the info.

I'm planning on set up a test myself, real soon now. This will help.

Cheers,
Thorn
Guest
 

PreviousNext

Return to AP Information

Who is online

Users browsing this forum: No registered users and 3 guests