RE: Cracking WEP and WPA keys

["Hamlesh Motah" <admin () hamlesh com>]

Out of interest, is WPA case sensitive?

I take it an AP with MAC restricted access and a WPA such as;

"cH2efROEfRleVouBL0noAN5amoUSiEHiafroUPHouPHlepHl0dLAsTluFroaBri"

Would be fairly secure?  Unless of course someone has that in their
dictionary of course?

What about special characters, does WPA take that into account?  I could
have just google'd that :)

Hamlesh.





 

: -----Original Message-----
: From: Seth Fogie [mailto:seth () fogieonline com] 
: Sent: 13 December 2005 21:01
: To: pen-test () securityfocus com
: Subject: Re: Cracking WEP and WPA keys
: 
: I teach a wireless hacking class and perform this wep 
: cracking live in under 4 minutes with generated data. The 
: airoreplay method has taken between 6 and 20 minutes, 
: depending on luck and traffic generated. 
: However, this is in a controlled environment. One, you have 
: to be sure your airocrack is using the same frequency as your 
: wireless network. 
: Two, you have to be sure your using the same standard (b vs 
: g). If your airodump is capturing only b traffic, and your 
: network is primariy g, you will only see beacons...which are 
: worthless when cracking wep..
: 
: In addition, some vendors have taken steps to prevent these 
: types of attacks. I personally use a Linksys 54g router with 
: a Netgear G card set to 802.11b only during the tests...my 
: senao card also works. However, other cards and AP's I have 
: used aren't as crack friendly.
: 
: WPA is a different story all together. I can crack WPA in 
: less than a second assuming my dictionary file is only one 
: word long and that word is my passphrase. All you need to do 
: is capture 4 packets and then use cowpatty to test the 
: dictionary words to see which one matches. 
: Depending on the passphrase setup in WPA, and its position in 
: the dictionary, your crack could be seconds or years...and if 
: the passphrase is not in your dictionary file...well, then it 
: won't be cracked.
: 
: Seth Fogie
: Airscanner
: Moderator for wifisec () securityfocus com
: 
: Shenk, Jerry A wrote:
: 
: >Cracking WEP depends on a ton of stuff.  If you're cracking 
: it looking 
: >for weak IVs, you'll need an AP that has weak IVs.  Most of the new 
: >ones avoid them to one degree or another.  What AP are you using?  I 
: >used a Linksys in my initial testing (a couple years ago) 
: and cracked 
: >the key in 4 hours.  I also tried to crack a Cisco 350 
: (replaced by the 
: >1200
: >series) and never was able to crack the key using that method, even 
: >after running for days.
: >
: >Another thing, that "crack in seconds" is based on already 
: having hours 
: >or days worth of traffic to use.
: >
: >There are some new tools that generate traffic rather than having to 
: >wait for it and some of the new cracking methods are better 
: or worse, 
: >depending on your perspective.  I think some of these "WEP 
: is worthless"
: >stories are overly sensational.  Yes, WEP is broken, ok, 
: possibly even 
: >horribly broken but it stops a 'casual connector', it even 
: stops quite 
: >a few determined hackers (it stopped you;).  If you're the NSA...ok, 
: >WEP is worthless....the people attacking you are determined, well 
: >financed professionals.  If you're my mom, checking her e-mail from 
: >home with a wireless laptop, I think WEP is perfectly fine.  
: Installing 
: >everything needed for a good PEAP implementation for my mom 
: is absolutely insane.
: >Most people are gonna be someplace in the middle where a 
: little bit of 
: >risk evaluation is in order.
: >
: >-----Original Message-----
: >From: Robin Wood [mailto:dninja () gmail com]
: >Sent: Tuesday, December 13, 2005 5:09 AM
: >To: pen-test () securityfocus com
: >Subject: Cracking WEP and WPA keys
: >
: >Hi
: >I've just been on a wireless security course where there was 
: a lot of 
: >talk about WEP keys being poor security and easily crackable. I got 
: >home and decided to put it to practice and use aircrack 
: against my own 
: >WEP key.
: >
: >Using airodump and aireplay I collected 1 million IVs and 
: set aircrack 
: >off attacking it. After around 4 hours I got bored of waiting and on 
: >another machine tried playing with aircracks debug option 
: where you can 
: >pass sections of the key you already know. I found if I passed the 
: >whole key except the last digit it could be cracked with a 
: fudge factor 
: >of 2, if I removed the last 2 digits then I had to up the 
: fudge factor 
: >to 5 and up it to 8 if I removed the last 3 digits. With 
: anything less 
: >than the fudge factor mentioned I was told that it couldn't 
: crack the 
: >key.
: >
: >All the examples I've seen seem to suggest that cracking should take 
: >minutes not hours and all keys should be crackable. What 
: experiences do 
: >other testers have? Have I done something wrong? I abandoned 
: the full 
: >attack after
: >5 hours as it was running with the default fudge factor of 2 
: so would 
: >probably not have managed to crack the key.
: >
: >I've also seen a video on the Remote Exploit site showing a WPA key 
: >cracked in 10 minutes using cowpatty and a dictionary attack. How 
: >realistic is this?
: >
: >Robin
: >
: >-------------------------------------------------------------
: ----------
: >-
: >------
: >Audit your website security with Acunetix Web Vulnerability Scanner: 
: >
: >Hackers are concentrating their efforts on attacking applications on 
: >your website. Up to 75% of cyber attacks are launched on shopping 
: >carts, forms, login pages, dynamic content etc. Firewalls, SSL and 
: >locked-down servers are futile against web application 
: hacking. Check 
: >your website for vulnerabilities to SQL injection, Cross 
: site scripting 
: >and other web attacks before hackers do!
: >Download Trial at:
: >
: >http://www.securityfocus.com/sponsor/pen-test_050831
: >-------------------------------------------------------------
: ----------
: >-
: >-------
: >
: >
: >
: >
: >
: >**DISCLAIMER
: >This e-mail message and any files transmitted with it are 
: intended for the use of the individual or entity to which 
: they are addressed and may contain information that is 
: privileged, proprietary and confidential. If you are not the 
: intended recipient, you may not use, copy or disclose to 
: anyone the message or any information contained in the 
: message. If you have received this communication in error, 
: please notify the sender and delete this e-mail message. The 
: contents do not represent the opinion of D&E except to the 
: extent that it relates to their official business.
: >
: >
: >-------------------------------------------------------------
: ----------
: >------- Audit your website security with Acunetix Web Vulnerability 
: >Scanner:
: >
: >Hackers are concentrating their efforts on attacking applications on 
: >your website. Up to 75% of cyber attacks are launched on shopping 
: >carts, forms, login pages, dynamic content etc. Firewalls, SSL and 
: >locked-down servers are futile against web application 
: hacking. Check 
: >your website for vulnerabilities to SQL injection, Cross 
: site scripting and other web attacks before hackers do!
: >Download Trial at:
: >
: >http://www.securityfocus.com/sponsor/pen-test_050831
: >-------------------------------------------------------------
: ----------
: >--------
: >
: >
: >
: >  
: >
: 
: --------------------------------------------------------------
: ----------------
: Audit your website security with Acunetix Web Vulnerability Scanner: 
: 
: Hackers are concentrating their efforts on attacking 
: applications on your website. Up to 75% of cyber attacks are 
: launched on shopping carts, forms, login pages, dynamic 
: content etc. Firewalls, SSL and locked-down servers are 
: futile against web application hacking. Check your website 
: for vulnerabilities to SQL injection, Cross site scripting 
: and other web attacks before hackers do! 
: Download Trial at:
: 
: http://www.securityfocus.com/sponsor/pen-test_050831
: --------------------------------------------------------------
: -----------------
: 
: 
: 
: 
: 
: 
: 

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------