| WIKI | FAQ | Tech FAQ | |
 http://csua.com/feed/ | |
| ||||||
| 4/7 |
| 2005/1/24-25 [Computer/Networking] UID:35875 Activity:moderate |
1/24 http://csua.org/u/at8 (zdnet.com) "WEP, as you probably already know, is an encryption scheme that can basically be broken by anyone smart enough to install Linux on a laptop." Okay, so we all know WEP < WPA < WPA2, but is hacking WEP as easy as implied above? The only way I see WEP having this big a problem is if there is a freeware program which obtains WEP keys for you. \_ http://airsnort.shmoo.com \_ thanks, I guess it is that easy, if you are constantly sniffing (e.g., your neighbor's wireless) \_ Well, it is not as easy as the software writer wants you to think. I tried to hack my *own* WEP key and could not. \_ From what I understand from the FAQ, you need six months of browsing the net when you're home at night to sniff enough packets to be able to get the WEP key for your own wireless AP/router. \_ See below. This is the trivial part--you can sniff a 'join' (which is cleartext) and use this to send fake disconnects. Most wifi drivers will attempt to reconnect to their last peered AP--washrinserepeat and you can collect enough traffic v. quickly. Oh, and WPA is also vulnerable: http://www.tinypeap.com/page8.html -John \_ Hacking WEP is not "simple". The principle behind it is simple, and ways to collect enough data to brute-force a key (i.e. faking joins/drops over the unencrypted carrier channel) are simple. Gathering enough traffic can take some time, and then you still have to brute force the key. 802.11b has some structural limitations anyway, and the main issue with WEP is its name, as it is no way equivalent to a wire (which is equally easy to break into if you know what you're doing) in terms of being a private medium. There are, however, enough tools out there to make it feasible for the average kiddie. For a very well designed and documented selection of tools, have a look at auditor at http://www.remote-exploit.org . -John |
| 4/7 |
|
| csua.org/u/at8 -> reviews-zdnet.com.com/AnchorDesk/4520-6033_16-5622160.html?tag=adss&tag=nl.e501-1 There were (and are) so many unsecured networks out there that the simple act of changin g your SSID or enabling WEP was enough to deter hackers--if "deter" mean t just redirecting them toward your hapless neighbor. That's not so much the case anymore--and it was bad, stopgap advice that created a weird sort of complacency about wireless security. Somehow, in our rush to set up wireless networks at home and work, we seemed to thi nk they were immune to the security woes of our wired networks, our e-ma il accounts, and our browsers. As Wi-Fi proliferated, demand outstripped actual standards development, and security was slow to catch up. reported this week that home us ers are more open to attacks once they install wireless networks, either because they don't take any security precautions, or because they're to o confused by their security software or protocols to even try. And a 20 02 study said some 70 percent of corporate wireless networks were actual ly unencrypted--even if they've gotten a bit wiser, most of them are "pr otected" only by WEP. WEP, as you probably already know, is an encryption scheme that can basic ally be broken by anyone smart enough to install Linux on a laptop. So, most companies an d homes are sitting on a bunch of hardware that supports only WEP, and m ost of them aren't going to, say, lock down their networks with MAC addr ess restrictions. Let's not forget that Wi-Fi networks are fundamentally insecure when it comes to denial- of-service (DoS) attacks. Anyone can point a powerful radio signal at a network and grind it to a halt--luckily, DoS attacks don't pose a real p rivacy threat, and most private or even corporate networks are not at ri sk. wireless phishing , wherein hackers trick you into logging on to a fake hot spot and offer ing up usernames, passwords, and even credit card numbers. I don't think there's a true crisis brewing, but the age of complacency has passed. There's no such thing a s a secure network, wireless or otherwise, and you can either choose to lock your door with a nice big deadbolt, rely on a junky old doorknob lo ck, or leave the door wide open for anyone who notices. Just don't come crying to me when you suffer a break-in. |
| airsnort.shmoo.com Old news Introduction AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. Ai rSnort operates by passively monitoring transmissions, computing the enc ryption key when enough packets have been gathered. WEPCrack, which was released about the same time as Air Snort, are the first publicly available implementaions of this attack. AirSnort requires approximately 5-10 million encrypted packets to be gath ered. Once enough packets have been gathered, AirSnort can guess the enc ryption password in under a second. AirSnort 026 Requirements AirSnort runs under Windows or Linux, and requires that your wireless nic be capable of rf monitor mode, and that it pass monitor mode packets up via the PF_PACKET interface. Orinoco Notes: The latest patches seem to smooth things out for all versi ons of Orinoco firmware. Z/wireless/orinoco_csc which will list the v ersion number in the first couple of lines. Windows information Some background information on the windows porting effort. Worth a read if you are going to attempt to build Airsnort on Windows. Its working in alpha, but require s some effort to install. If patching the orinoco drivers is too much for you then this is probably not for you either. Most of the code is already in CVS, but the installation instruction instructions are not available yet. This release fixes a bug in weak IV reporting and removes gnome dependencies. The decrypt tool is more like a dictionary based cracker now, but still has a way to go. |
| www.tinypeap.com/page8.html WPA Cracker White Paper Instruction 1 Please extract the files to some arbitrary directory. You will be asked to en ter the raw data in hex form from packet sniffing. The author recommends Ethereal as a tool to collect the packets needed. |
| www.remote-exploit.org We are just a group of people that like to experiment with computers. We hope that we can provide some information back to the public and support the ongoing process of learning. News: Customized releases of Auditor When you like to have a custom logo branded auditor release to use it as a give away to your customers in courses etc. News: Released a new website whith default settings and vulnerabilities I have just setup the first draft of the list of default settings of wire less products. I w ill add other vendor settings as soon i have some time. News: cowpatty-20 released Check out our newest release from Joshua Wright. coWPAtty is designed to audit the pre-shared key (PSK) sele ction for WPA networks based on the TKIP protocol. Supply a libpcap file that includes the TKIP four-way handshake to mount an offline dictionar y attack with a supplied wordlist. The Auditor Security Collection is the most advanced an d up-to-date penetration testing linux live distro available. Its perfec t for security analyses, wireless security analysis and ...... PS Send us some photo shots, which shows auditor in action. Append wher e you have been with it, so i know where auditor has been used so far. News: Requesting Auditor Security Collection actionshots Hi all, please send us your Auditor Security Collection - action-screensh ots. Send us your auditor action pictures at the usual place. org) News: Hotspotter 04 released Hotspotter 04 has been released right now. It fixes a bug and enhances the hotspotter with the a bility to execute a script before going to accesspoint mode. There you will find hotspotter 04 on it in addition to some fake daemon and automated dhcp/dns script for hot spotter. org Well we have updated the website right now, as you can see. |