Penetration Testing mailing list archives

Re: Wireless wep crackin on windows

From: Andre Ludwig <andre.ludwig () gmail com>
Date: Tue, 25 May 2004 22:10:14 -0700

You guys might want to read up on wep attacks.

http://www.samspublishing.com/articles/article.asp?p=27666&seqNum=1

Is a decent link explaing the weak IV attack  used against wep. 

To date i havent seen any windows based tools that would capture the
proper packets (open source tools at least). Doesnt mean they arent
out there, just means i havent cared nuff to find them.

Andre Ludwig CISSP

On Tue, 25 May 2004 19:20:14 -0400, Jerry Shenk
<jshenk () decommunications com> wrote:


I don't believe the WEP key is passed across the network.  This will
however cause multiple associations and might generate extra traffic.
It might also enable the attacker (running Evil Twin) to pass encrypted
packets through to another Access Point.

I think the main use for this attack is for networks that do LEAP.  In
that case, the username and password hash are passed through the air and
are susceptible to a brute force or dictionary attack.  Other
EAP-related authentication schemes may also be vulnerable to this but
most of them use a better hash encryption than LEAP does....at least it
seems so for the moment;)


-----Original Message-----
From: E.Kellinis [mailto:me () cipher org uk]
Sent: Tuesday, May 25, 2004 2:28 PM
To: securityfocus () arkam it; pen-test () securityfocus com
Subject: Re: Wireless wep crackin on windows

Hello,

There is another method to find the key without trying to crack wep
data,
You can use Evil Twin  access point attack.

You setup another access point near by and you try to provide
stronger signal and exactly the same channel (and same SSID)
as the AP under attack , when this happen Clients will try to
connect to your access point that mimic a legitimate. Using this method
you might be able to retreive the WEP password.

All the needed info (SSID , channel etc) for this attack can be provided
by
many
WLAN analysis tools for windows .

I haven't done it, but it sounds reasonable

thx
Manos

=========================================================
*PK:http://www.cipher.org.uk/files/pgp/cipherorguk.public.key.txt
=========================================================

Current thread:

RE: Wireless wep crackin on windows, (continued)
- - RE: Wireless wep crackin on windows Chuck Herrin (May 20)
    - Re: Wireless wep crackin on windows - corrections Andrew A. Vladimirov (May 21)
- Re: Wireless wep crackin on windows R. DuFresne (May 20)
  - RE: Wireless wep crackin on windows Aaron Drew (May 21)
    - Re: Wireless wep crackin on windows Andrew A. Vladimirov (May 21)
- Re: Wireless wep crackin on windows Max (May 20)
  - RE: Wireless wep crackin on windows Aaron Drew (May 21)
    - Re: Wireless wep crackin on windows Andrew A. Vladimirov (May 21)
- Re: Wireless wep crackin on windows E.Kellinis (May 25)
  - RE: Wireless wep crackin on windows Jerry Shenk (May 25)
    - Re: Wireless wep crackin on windows Andre Ludwig (May 26)
- RE: Wireless wep crackin on windows pen-test (May 21)
- RE: Wireless wep crackin on windows securityfocus (May 24)
  - Re: Wireless wep crackin on windows Max (May 24)
  - RE: Wireless wep crackin on windows okrehel (May 24)
    - Re: Wireless wep crackin on windows vertex (May 25)
  - Re: Wireless wep crackin on windows Aaron Drew (May 25)
- Re: Wireless wep crackin on windows Al Smolkin (May 26)
- RE: Wireless wep crackin on windows securityfocus (May 27)
- RE: Wireless wep crackin on windows Al Smolkin (May 31)
- RE: Wireless wep crackin on windows Al Smolkin (May 31)