Page 1 of 6

WEP Cracking In Windows XP

PostPosted: Sat Aug 28, 2004 12:01 pm
by c0br4
I have a compaq nx5000 laptop, but I have not managed to et any WEP cracking tools at all that will run in windows, I have tried using P.H.L.A.K. but it will not support my wireless built into this laptop, and I cannot put LINUX on my laptop as I need windows XP for work and it would be a bit awkward having windows xp and linux on one 40gb hard drive, I need something to hack a WEP key that will run in windows XP,


Any help would be appreciated,

c0br4

PostPosted: Sat Aug 28, 2004 12:56 pm
by King_Ice_Flash
c0br4 wrote:I have a compaq nx5000 laptop, but I have not managed to et any WEP cracking tools at all that will run in windows, I have tried using P.H.L.A.K. but it will not support my wireless built into this laptop, and I cannot put LINUX on my laptop as I need windows XP for work and it would be a bit awkward having windows xp and linux on one 40gb hard drive, I need something to hack a WEP key that will run in windows XP,


Any help would be appreciated,

c0br4

S.O.L.
I have Fedora core 1, XP, and 98 on my laptop that has a 20GB HD. There are no wep cracking tools for xp.

PostPosted: Sun Aug 29, 2004 2:57 am
by agentgrn
Getting an el-cheapo laptop off eBay is your only real solution. XP doesn't have a lot of good toys since just about none of the drivers support monitor mode.

PostPosted: Sun Aug 29, 2004 6:04 am
by devine
agentgrn wrote:Getting an el-cheapo laptop off eBay is your only real solution. XP doesn't have a lot of good toys since just about none of the drivers support monitor mode.


Well, I just found out the Agere 7.82.0.550 driver supports my Prism2 card, and AiroPeek will happily use it to capture packets :cool:

For some reason this only works with XP, under Windows 2000 AiroPeek fails to capture any packet.

weplab for windows

PostPosted: Mon Aug 30, 2004 1:44 am
by topolb
King_Ice_Flash wrote:S.O.L.
I have Fedora core 1, XP, and 98 on my laptop that has a 20GB HD. There are no wep cracking tools for xp.


Actually weplab 0.1.0 is available for Windows at http://www.sourceforge.net/projects/weplab

Problem, is that capture does not work under Windows. People have reported to use Airopeek to capture packets, convert the file into pcap format with ethereal and then crack the WEP key with weplab.

PostPosted: Mon Aug 30, 2004 3:58 am
by Evil_Genius
I don't understand the mods' policy on this forum---they move my post to the "newbie bin" simply for calling another users' comments "flippant", BUT they allow you to discuss WEP cracking (which is against their board policy!) without the slightest criticism!?

PostPosted: Mon Aug 30, 2004 4:01 am
by King_Ice_Flash
Evil_Genius wrote:I don't understand the mods' policy on this forum---they move my post to the "newbie bin" simply for calling another users' comments "flippant", BUT they allow you to discuss WEP cracking (which is against their board policy!) without the slightest criticism!?

No, Wep cracking is a security risk which we are discussing. We are not telling you to go crack someone else's WIFI. Many of our forum members are hackers, this does not mean that they do illegal activities.

PostPosted: Mon Aug 30, 2004 4:11 am
by Chris
King_Ice_Flash wrote:No, Wep cracking is a security risk which we are discussing. We are not telling you to go crack someone else's WIFI. Many of our forum members are hackers, this does not mean that they do illegal activities.



Not to mention the fact that cracking WEP is basically a waste of time. Cracking a decently generated WEP key (in other words so that WEPAttack or other dictionary based crackers won't work) takes so long as to be counter productive. Ask around. Other than folks that have cracked their own WEP key there are very few people that have successfully cracked a WEP key. It just takes too long and there are other, easier ways to attack a network. We have discussed this repeatedly on this forum so I am not going to rehash it all here, but when you are doing a full penetration test (read: not just the WLAN) it makes more sense to attack something other than the WLAN first. You will find a much higher, quicker success.

PostPosted: Mon Aug 30, 2004 4:14 am
by King_Ice_Flash
Chris wrote:Not to mention the fact that cracking WEP is basically a waste of time. Cracking a decently generated WEP key (in other words so that WEPAttack or other dictionary based crackers won't work) takes so long as to be counter productive. Ask around. Other than folks that have cracked their own WEP key there are very few people that have successfully cracked a WEP key. It just takes too long and there are other, easier ways to attack a network. We have discussed this repeatedly on this forum so I am not going to rehash it all here, but when you are doing a full penetration test (read: not just the WLAN) it makes more sense to attack something other than the WLAN first. You will find a much higher, quicker success.

Should I mention you are one of the hackers?

PostPosted: Mon Aug 30, 2004 4:43 am
by topolb
Chris wrote:Not to mention the fact that cracking WEP is basically a waste of time. Cracking a decently generated WEP key (in other words so that WEPAttack or other dictionary based crackers won't work) takes so long as to be counter productive. Ask around. Other than folks that have cracked their own WEP key there are very few people that have successfully cracked a WEP key. It just takes too long and there are other, easier ways to attack a network. We have discussed this repeatedly on this forum so I am not going to rehash it all here, but when you are doing a full penetration test (read: not just the WLAN) it makes more sense to attack something other than the WLAN first. You will find a much higher, quicker success.


Will all respect. You seem to have no idea of what you are talking about.

It is possible to crack a 64 or 128 bit key in less than 30 seconds with enough packets. It is also possible to use statistical methods to crack the key even with patched firmware cards. And it is also possible to generate traffic on the wlan (without knowing the key) to gather enough packets to launch a sucesfull statistical based attack and recover the key.

And, many enterprises have their wlan directly connected to the lan, thus if you manage to crack the wep, you have bypassed their perimetral security (firewall). Sometimes (depending on the mode on which the AP is set) it is possible to launch an arp-poisson based sniffing from the wlan to get the traffic on the internal LAN, making password sniffing, connection hijacking, identify spoofing, and of course accessing many servers and services that can only be accessed from inside.

If you still think that there are only few people who have cracked WEP encryption, you should seek for the right tools to do it.

And finally, talking about security is legal. We are not talking about entering other's network, but talking about the security of the WEP encryption algorithm for wireless networks. But... perhaps, as Matrix said,... "en la ignorancia se encuentra la felicidad"...

Regards,

PostPosted: Mon Aug 30, 2004 4:52 am
by King_Ice_Flash
topolb wrote:Will all respect. You seem to have no idea of what you are talking about.

It is possible to crack a 64 or 128 bit key in less than 30 seconds with enough packets. It is also possible to use statistical methods to crack the key even with patched firmware cards. And it is also possible to generate traffic on the wlan (without knowing the key) to gather enough packets to launch a sucesfull statistical based attack and recover the key.

And, many enterprises have their wlan directly connected to the lan, thus if you manage to crack the wep, you have bypassed their perimetral security (firewall). Sometimes (depending on the mode on which the AP is set) it is possible to launch an arp-poisson based sniffing from the wlan to get the traffic on the internal LAN, making password sniffing, connection hijacking, identify spoofing, and of course accessing many servers and services that can only be accessed from inside.

If you still think that there are only few people who have cracked WEP encryption, you should seek for the right tools to do it.

And finally, talking about security is legal. We are not talking about entering other's network, but talking about the security of the WEP encryption algorithm for wireless networks. But... perhaps, as Matrix said,... "en la ignorancia se encuentra la felicidad"...

Regards,

Since we already derailed this thread, can you merge the pcap files from airopeek in ethereal? I don't get enough data in the short time they give you.

PostPosted: Mon Aug 30, 2004 5:02 am
by Chris
topolb wrote:Will all respect. You seem to have no idea of what you are talking about.

It is possible to crack a 64 or 128 bit key in less than 30 seconds with enough packets. It is also possible to use statistical methods to crack the key even with patched firmware cards. And it is also possible to generate traffic on the wlan (without knowing the key) to gather enough packets to launch a sucesfull statistical based attack and recover the key.

And, many enterprises have their wlan directly connected to the lan, thus if you manage to crack the wep, you have bypassed their perimetral security (firewall). Sometimes (depending on the mode on which the AP is set) it is possible to launch an arp-poisson based sniffing from the wlan to get the traffic on the internal LAN, making password sniffing, connection hijacking, identify spoofing, and of course accessing many servers and services that can only be accessed from inside.

If you still think that there are only few people who have cracked WEP encryption, you should seek for the right tools to do it.

And finally, talking about security is legal. We are not talking about entering other's network, but talking about the security of the WEP encryption algorithm for wireless networks. But... perhaps, as Matrix said,... "en la ignorancia se encuentra la felicidad"...

Regards,



Yep, you are right. I have absolutely no idea what I am talking about. I have never done any work with WEP cracking and am just talking out my ass. Thanks for pointing that out.

PostPosted: Mon Aug 30, 2004 5:06 am
by topolb
King_Ice_Flash wrote:Since we already derailed this thread, can you merge the pcap files from airopeek in ethereal? I don't get enough data in the short time they give you.


Sorry I have never used airopeek. It must be somewhere a tool that merges serveral pcap files. I do not remember if ethereal can do it.
How much packets (data packets) do you have?

PostPosted: Mon Aug 30, 2004 5:07 am
by sylvain
Chris wrote:Yep, you are right. I have absolutely no idea what I am talking about. I have never done any work with WEP cracking and am just talking out my ass. Thanks for pointing that out.


you should try the new tools : aicrack and weplab, especially with packets reinjection...maybe once you've managed to crack your key easily you won't be so aggresive...and realize that it is not hard to crack WEP keys..
for example it took me 15 minutes to crack the WEP keys (128 bits, changed every 30 minutes and generated to be "good" wep keys...)used in my firm...

PostPosted: Mon Aug 30, 2004 5:12 am
by topolb
Chris wrote:Yep, you are right. I have absolutely no idea what I am talking about. I have never done any work with WEP cracking and am just talking out my ass. Thanks for pointing that out.


Hey Chris. Don't be bothered!

Tell me why do you say that it is difficult to crack wep encryption. Do you know any firmware that avoid all statistical attacks?

Perhaps you meant WPA2 (AES) instead of WEP (rc4). Otherwise I cannot find any sense to your comment that cracking wep is nearly impossible.