New tool to crack WEP keys under GNU/Linux

Postby bigbadbaugh » Sun Sep 05, 2004 4:55 pm

Sounds good m8, keep up the good work...
bigbadbaugh
Mini Stumbler
 
Posts: 25
Joined: Sun Aug 29, 2004 4:12 pm

Postby firefighter99 » Mon Sep 06, 2004 8:37 am

topolb wrote:As regards the WPA, I also have it on my TODO list together with WPA2 and AES.


As far as I know WPA2==AES==802.11i
;)
firefighter99
Mini Stumbler
 
Posts: 17
Joined: Sat Apr 17, 2004 2:24 pm

Postby topolb » Tue Sep 07, 2004 12:17 am

[quote="firefighter99"]As far as I know WPA2==AES==802.11i
]

Yes. Still possible to launch bruteforce and dictionary attacks. :)
topolb
Mini Stumbler
 
Posts: 67
Joined: Tue Jun 08, 2004 2:51 am

Postby joswr1ght » Tue Sep 07, 2004 4:53 am

topolb wrote:Yes. Still possible to launch bruteforce and dictionary attacks. :)


I just finished a dictionary tool for WPA-PSK networks. I'm planning to release it the first week in November, so check back with me then if anyone is interested.

Note: pbkdf2(4096) makes dictionary attacks against WPA very slow.

-Josh/jwright@hasborg.com
joswr1ght
Mini Stumbler
 
Posts: 90
Joined: Wed Sep 01, 2004 4:18 am

Postby sylvain » Tue Sep 07, 2004 6:29 am

joswr1ght wrote:I just finished a dictionary tool for WPA-PSK networks. I'm planning to release it the first week in November, so check back with me then if anyone is interested.

Note: pbkdf2(4096) makes dictionary attacks against WPA very slow.

-Josh/jwright@hasborg.com


I'm definitevely interested.
sylvain
 
Posts: 175
Joined: Mon Jun 21, 2004 5:57 am
Location: Paris, France

Postby RaiD » Tue Sep 07, 2004 6:53 am

Same here...any preliminary screenshots? :D
"IRC is just multi-player notepad."
GET FIREFOX!
RaiD
 
Posts: 45
Joined: Tue Jul 22, 2003 3:50 pm
Location: St. Louis.MO

Postby joswr1ght » Tue Sep 07, 2004 11:11 am

RaiD wrote:Same here...any preliminary screenshots? :D


I'm not much for UI design (love those Unix tools though), but here goes. I'm going to release this tool in the first teaching of the SANS Wireless Auditing class in New Orleans in November (I am the author of this material), and will make it publicly available after that.

screen shot

This tool is an implementation of Robert Moskowitz's paper "Weakness in Passphrase Choice in WPA Interface" at http://wifinetnews.com/archives/002452.html. It kind of sucks, since it's pretty slow. I've done everything to optimize it that I believe can be done, but 4096 hmac-sha1 passes take quite a bit of time to derive the PMK from a dictionary word. I'm looking forward to comments after releasing publicly.

Thanks,

-Josh
-Joshua Wright
jwright@hasborg.com
http://home.jwu.edu/jwright/

Today I stumbled across the world's largest hotspot. The SSID is "linksys".


Check out the SANS advanced wireless auditing and assessment course:
Los Angeles
joswr1ght
Mini Stumbler
 
Posts: 90
Joined: Wed Sep 01, 2004 4:18 am

Postby RaiD » Tue Sep 07, 2004 1:43 pm

Hey that's really cool...you're right, there are a lot of words to try, but 185 seconds isn't bad for an 18 character password. Thanks for sharing that screenshot with us. :D
"IRC is just multi-player notepad."
GET FIREFOX!
RaiD
 
Posts: 45
Joined: Tue Jul 22, 2003 3:50 pm
Location: St. Louis.MO

Postby topolb » Tue Sep 07, 2004 2:15 pm

Good job josh!
It looks promissing.
topolb
Mini Stumbler
 
Posts: 67
Joined: Tue Jun 08, 2004 2:51 am

Windows

Postby Master1977 » Wed Sep 08, 2004 6:42 am

I am using weplab v0.1.0-beta-w32_01 for windows off course. Is it possible to use it to capture packets ?

If yes, how can I specify the interface and put it in monitor mode ??

weplab -c -i wlan0 --debug 1 --caplen 150 packets.log

Doesn't seems to be lucky enough.

Thanks for the help.
Master1977
Mini Stumbler
 
Posts: 9
Joined: Wed Sep 01, 2004 12:29 pm

Postby topolb » Wed Sep 08, 2004 1:03 pm

Master1977 wrote:I am using weplab v0.1.0-beta-w32_01 for windows off course. Is it possible to use it to capture packets ?

If yes, how can I specify the interface and put it in monitor mode ??

weplab -c -i wlan0 --debug 1 --caplen 150 packets.log

Doesn't seems to be lucky enough.

Thanks for the help.



Sorry, capture is not available for windows.
I suggest you to use another tool to capture packets (like Airopeek), then convert the files into pcap format with ethereal and finally use weplab.

For the moment I do no plan to use any commercial driver to make weplab capture on windows. Unless it appears a fully open source method to make it, (or I change my mind) you will need to use another tool for capture on win.
topolb
Mini Stumbler
 
Posts: 67
Joined: Tue Jun 08, 2004 2:51 am

Postby Master1977 » Thu Sep 09, 2004 3:07 pm

topolb wrote:Sorry, capture is not available for windows.
I suggest you to use another tool to capture packets (like Airopeek), then convert the files into pcap format with ethereal and finally use weplab.


That's cool. Which tool may I use ? Is there a freeware ?
Airopeek is not supported by my wireless card, a belkin 54Mb pci. :(
Ethreal seems to capture my wireless traffic smoothly, can I just use that ?
Hmm I see the traffic in clear in ethreal is that because I've put my key in the driver, I mean should I capture the traffic without the network key setup on the device that is capturing ? :confused:

Given I'll use a certain tool and convert the captured files with pcap is there any settings to specify in weplab to maximize the probability of success or reduce time (I dunno like --fcs)?

topolb wrote:For the moment I do no plan to use any commercial driver to make weplab capture on windows. Unless it appears a fully open source method to make it, (or I change my mind) you will need to use another tool for capture on win.


I see. Well capture it's not a big deal, you can always use third party tools.

By the way, really a great software can't wait to try it out, thanks for working on it and sharing it.

Ps: just to be a nag, are you gonna convert 0.11 for win32 ? :D
Master1977
Mini Stumbler
 
Posts: 9
Joined: Wed Sep 01, 2004 12:29 pm

Postby bigbadbaugh » Thu Sep 09, 2004 5:14 pm

You could always try Devines Aircrack that now users Airodump which can caputure packets on Windows.

You just need the Airopeek .DLL and a few other things to get it working.
bigbadbaugh
Mini Stumbler
 
Posts: 25
Joined: Sun Aug 29, 2004 4:12 pm

Postby devine » Fri Sep 10, 2004 12:47 am

Master1977 wrote:Ethreal seems to capture my wireless traffic smoothly, can I just use that ?


You can't capture 802.11 frames with Ethereal on Windows. With it you'll only be able to collect useless ethernet packets. Best advice I can give you is to boot a knoppix and see if your card is supported under Linux.
devine
 
Posts: 389
Joined: Thu Jul 29, 2004 10:09 am
Location: Paris

Postby Master1977 » Fri Sep 10, 2004 12:52 am

bigbadbaugh wrote:You could always try Devines Aircrack that now users Airodump which can caputure packets on Windows.

You just need the Airopeek .DLL and a few other things to get it working.

Just tried that, the first Dll it needs is peek.dll that after being copied to the right folder from Airopeek it says "PeekOpenAdapter() Failed". Still my card isn't supported. :mad:

Thanks for the help ! :o
Master1977
Mini Stumbler
 
Posts: 9
Joined: Wed Sep 01, 2004 12:29 pm

PreviousNext

Return to Unix/Linux

Who is online

Users browsing this forum: No registered users and 1 guest

cron