PaulDotCom mailing list archives
Re: Advice on Attacking WEP Using 802.1X
From: Matt Neely <matt-lists () matthewneely com>
Date: Fri, 29 Oct 2010 00:12:42 -0400
You're the man Josh! Thanks for the advice! Cheers, Matt On 10/22/10 1:04 PM, Joshua Wright wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/21/2010 10:23 PM, Matt Neely wrote:Anyone have any advice on attacking a WEP network using 802.1X authentication? From reviewing a packet capture it appears like the network is specifically using PEAP. For PEAP I'd usually use OpenRADIUS with the WPE patch and a fake AP. But the AP I have on hand does not support enterprise authentication with WEP. Any thoughts, advice or pointers?Standard WEP cracking still applies, but you have to limit your packet capture to one AP<->STA connection (wlan.addr eq [clientmac]) and within one login sesssion (look for unencrypted EAP frames to identify reauthentication exchanges). Despite being called "dynamic WEP", keys are not dynamically rotated, so as long as the user is connected to the AP you can collect packets and use them with aircrack-ng to recover the WEP key. From there, you can't connect to the network easily, but you can decrypt all the traffic with airdecap-ng or Wireshark. Also, consider using the Aireplay-ng chopchop attack to decrypt some traffic, then use the keystream (.xor file) data with airtun-ng to inject some packets of your own (one-way injection only). - -Josh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzBxAMACgkQapC4Te3oxYzMtwCgk3CL8vlW0F/T0TK1agVVwISa 26cAoJI747fAwqV9/Rcl15SF2yDnCdmz =ffP6 -----END PGP SIGNATURE----- _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Advice on Attacking WEP Using 802.1X Matt Neely (Oct 21)
- Re: Advice on Attacking WEP Using 802.1X Colin Vallance (Oct 22)
- Re: Advice on Attacking WEP Using 802.1X Joshua Wright (Oct 22)
- Re: Advice on Attacking WEP Using 802.1X Matt Neely (Oct 29)