Re: Wireless Pentest Question

[Joshua Wright <jwright () hasborg com>]

Arvind,

Arvind Sood wrote:
>  The problem relates to creating traffic on a wireless network in case
> you dont find a lot of traffic for a good capture. Is there any way
> you can create traffic on a WEP network without knowing
> - the IP Address (address range) the Access Point and wireless clients
> are using
> - the WEP key being used (makes sense - that is why you are running a WEP crack)

Besides aireplay (not sure why you are getting a SEGFAULT, it worked OK 
for me - maybe check the Aircrack documentation?), you could use 
WEPWedgie.  This tool was written by Anton Rager a few years ago, and 
allows you to inject packets into the network after determining PRGA 
from the WEP challenge/response mechanism. 
http://www.sf.net/projects/wepwedgie/

The current version relies on the Airjack drivers for operation, meaning 
you'll have to run it on a Linux 2.4 kernel system.  I wrote a small 
patch to add an option to send ICMP echo requests to the broadcast 
address (since you might not know any internal addresses), which is 
available at http://home.jwu.edu/jwright/code/ww-broadcasticmp.diff.

Unfortunately, Airjack has some timing issues which makes it somewhat 
ineffective for injecting large quantities of packets, but this will get 
you started.  While at Shmoocon (you guys rock!) I started re-writing 
WEPWedgie to port it to a more reliable packet injection framework (and 
code cleanup) for another project, I'll make that available when I get 
it finished.

Good luck,

-Josh
--
-Joshua Wright
jwright () hasborg com
http://home.jwu.edu/jwright/

pgpkey: http://home.jwu.edu/jwright/pgpkey.htm
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73

Today I stumbled across the world's largest hotspot.  The SSID is "linksys".