Page 8 of 10

PostPosted: Sun Sep 05, 2004 4:55 pm
by bigbadbaugh
Sounds good m8, keep up the good work...

PostPosted: Mon Sep 06, 2004 8:37 am
by firefighter99
topolb wrote:As regards the WPA, I also have it on my TODO list together with WPA2 and AES.


As far as I know WPA2==AES==802.11i
;)

PostPosted: Tue Sep 07, 2004 12:17 am
by topolb
[quote="firefighter99"]As far as I know WPA2==AES==802.11i
]

Yes. Still possible to launch bruteforce and dictionary attacks. :)

PostPosted: Tue Sep 07, 2004 4:53 am
by joswr1ght
topolb wrote:Yes. Still possible to launch bruteforce and dictionary attacks. :)


I just finished a dictionary tool for WPA-PSK networks. I'm planning to release it the first week in November, so check back with me then if anyone is interested.

Note: pbkdf2(4096) makes dictionary attacks against WPA very slow.

-Josh/jwright@hasborg.com

PostPosted: Tue Sep 07, 2004 6:29 am
by sylvain
joswr1ght wrote:I just finished a dictionary tool for WPA-PSK networks. I'm planning to release it the first week in November, so check back with me then if anyone is interested.

Note: pbkdf2(4096) makes dictionary attacks against WPA very slow.

-Josh/jwright@hasborg.com


I'm definitevely interested.

PostPosted: Tue Sep 07, 2004 6:53 am
by RaiD
Same here...any preliminary screenshots? :D

PostPosted: Tue Sep 07, 2004 11:11 am
by joswr1ght
RaiD wrote:Same here...any preliminary screenshots? :D


I'm not much for UI design (love those Unix tools though), but here goes. I'm going to release this tool in the first teaching of the SANS Wireless Auditing class in New Orleans in November (I am the author of this material), and will make it publicly available after that.

screen shot

This tool is an implementation of Robert Moskowitz's paper "Weakness in Passphrase Choice in WPA Interface" at http://wifinetnews.com/archives/002452.html. It kind of sucks, since it's pretty slow. I've done everything to optimize it that I believe can be done, but 4096 hmac-sha1 passes take quite a bit of time to derive the PMK from a dictionary word. I'm looking forward to comments after releasing publicly.

Thanks,

-Josh

PostPosted: Tue Sep 07, 2004 1:43 pm
by RaiD
Hey that's really cool...you're right, there are a lot of words to try, but 185 seconds isn't bad for an 18 character password. Thanks for sharing that screenshot with us. :D

PostPosted: Tue Sep 07, 2004 2:15 pm
by topolb
Good job josh!
It looks promissing.

Windows

PostPosted: Wed Sep 08, 2004 6:42 am
by Master1977
I am using weplab v0.1.0-beta-w32_01 for windows off course. Is it possible to use it to capture packets ?

If yes, how can I specify the interface and put it in monitor mode ??

weplab -c -i wlan0 --debug 1 --caplen 150 packets.log

Doesn't seems to be lucky enough.

Thanks for the help.

PostPosted: Wed Sep 08, 2004 1:03 pm
by topolb
Master1977 wrote:I am using weplab v0.1.0-beta-w32_01 for windows off course. Is it possible to use it to capture packets ?

If yes, how can I specify the interface and put it in monitor mode ??

weplab -c -i wlan0 --debug 1 --caplen 150 packets.log

Doesn't seems to be lucky enough.

Thanks for the help.



Sorry, capture is not available for windows.
I suggest you to use another tool to capture packets (like Airopeek), then convert the files into pcap format with ethereal and finally use weplab.

For the moment I do no plan to use any commercial driver to make weplab capture on windows. Unless it appears a fully open source method to make it, (or I change my mind) you will need to use another tool for capture on win.

PostPosted: Thu Sep 09, 2004 3:07 pm
by Master1977
topolb wrote:Sorry, capture is not available for windows.
I suggest you to use another tool to capture packets (like Airopeek), then convert the files into pcap format with ethereal and finally use weplab.


That's cool. Which tool may I use ? Is there a freeware ?
Airopeek is not supported by my wireless card, a belkin 54Mb pci. :(
Ethreal seems to capture my wireless traffic smoothly, can I just use that ?
Hmm I see the traffic in clear in ethreal is that because I've put my key in the driver, I mean should I capture the traffic without the network key setup on the device that is capturing ? :confused:

Given I'll use a certain tool and convert the captured files with pcap is there any settings to specify in weplab to maximize the probability of success or reduce time (I dunno like --fcs)?

topolb wrote:For the moment I do no plan to use any commercial driver to make weplab capture on windows. Unless it appears a fully open source method to make it, (or I change my mind) you will need to use another tool for capture on win.


I see. Well capture it's not a big deal, you can always use third party tools.

By the way, really a great software can't wait to try it out, thanks for working on it and sharing it.

Ps: just to be a nag, are you gonna convert 0.11 for win32 ? :D

PostPosted: Thu Sep 09, 2004 5:14 pm
by bigbadbaugh
You could always try Devines Aircrack that now users Airodump which can caputure packets on Windows.

You just need the Airopeek .DLL and a few other things to get it working.

PostPosted: Fri Sep 10, 2004 12:47 am
by devine
Master1977 wrote:Ethreal seems to capture my wireless traffic smoothly, can I just use that ?


You can't capture 802.11 frames with Ethereal on Windows. With it you'll only be able to collect useless ethernet packets. Best advice I can give you is to boot a knoppix and see if your card is supported under Linux.

PostPosted: Fri Sep 10, 2004 12:52 am
by Master1977
bigbadbaugh wrote:You could always try Devines Aircrack that now users Airodump which can caputure packets on Windows.

You just need the Airopeek .DLL and a few other things to get it working.

Just tried that, the first Dll it needs is peek.dll that after being copied to the right folder from Airopeek it says "PeekOpenAdapter() Failed". Still my card isn't supported. :mad:

Thanks for the help ! :o