How To Crack WEP

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Introduction

Hundreds, perhaps thousands of articles have been written about the vulnerability of WEP (W ired E quivalent P rivacy), but how many people can actually break WEP encryption? Beginners to WEP cracking have often been frustrated by the many wireless cards available and their distribution-specific commands. And things are further complicated when the beginner is not familiar with Linux.

In this three part series, we will give you a step by step approach to breaking a WEP key. The approach taken will be to standardize as many variables as possible so that you can concentrate on the mechanics of WEP cracking without being hindered by hardware and software bugs. The entire attack is done with publicly available software and doesn't require special hardware - just a few laptops and wireless cards....

To read the full article, click here...

Zeb - what are your views on this?

btw: Pete said it was ok for me to publish this article.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

LOL at anyone who even thinks WEP is remotely secure.

This article stole my thunder somewhat - I was going to write a tutorial on how to do it with BackTrack, Kismet and AirSnarf, but this article pretty much covers everything your friendly neighbourhood script kiddie could wish for. I remember how cool it was the first time I managed to sniff enough traffic to crack a WEP key - nowadays I could do it in my sleep and it would take a fraction of the time it did when I first found out the technique.

Incidentally - anybody sitting there looking smug 'cos they're running WPA, well WPA is crackable too. In fact, its quicker than rinsing WEP if you don't choose a strong passphrase. I'll post a tutorial on that in the next couple of weeks - since I've got some new guy starting at work and I want to walk him through a WLAN audit and the inherent insecurities associate with it. WPA is still pretty secure for most home users, provided you're sensible about the key you use (i.e. choose a long one and don't make it a dictionary word)

Most secure you can get for wireless is WPA with RADIUS authentication - thats pretty much uncrackable (at present)

 

Absolutely.

Its so trivial to change your MAC address that even clueless script kiddies can do it - so it represents absolutely no security at all other than protecting you from the most casual of attackers.

In fact, I'd argue that, with the mindset of most wannabe hAx0r$ being what it is, you're probably MORE likely to become a target as they want to try and show you that they '0wN' you - and no feeble attempt at locking down your WAP is going to protect you from their 'skillz'

I'll post a tutorial on changing your MAC later - I've got that knocking around somewhere from a couple of years back when I was consulting

 

You can change your MAC in Windoze in lots of different ways - one of them (if your WNIC supports it) is so quick it will take you less than thirty seconds. Another way is to go through your registry and change it there. There are also third party tools that will do the job for you at the click of a button.

I'll try and dig that tutorial out from somewhere

 

Yes, indeed I did. The reason that I think it's appropriate (in case anyone is wondering), is that everybody, especially if they are IT professionals, or they want to be, should be aware that WEP is not secure and hence not rely on it to protect your wireless network/s. Far too many people are using WEP still even though the information on how to crack it has been freely available to all and sundry on the net for yonks.

Use WEP at your own risk! WPA as Zeb has stated is also no longer considered secure. WPA2 is the latest incarnation of WPA.

Whether WPA2 is still secure or not, I will ask Zeb to clarify??

 

WPA2 is still virtually uncrackable at present. Many, many people are working on it, and there have been rumours of some success, but I've yet to see any evidence of this. That said - I don't have my ear as firmly stuck to the ground as I used to, so it may well be that some nerds somehwere have already hung it out to dry

Incidentally - WPA, provided you use a difficult passphrase, is still harder to crack than WEP. Whats frightening is that so many people believed the hype about it being 'infinitely more secure than WEP' that they configured it with relatively weak passwords - meaning it is often actually much QUICKER to crack than WEP by someone who knows what they are doing and is armed with the right tools. Cracking WPA only requires you to capture a few packets - and this can be achieved in seconds by implementing a widely-known ARP-replay attack - whereas cracking WEP will always take around 5-10 million captured packets to crack (that sounds like a lot but, on a reasonably busy WLAN, its only a couple of hours)

 

this stuff is intereseting and Zeb thanks for letting us know some of the stuff, cause I did not know that about the WPA2, I knew that WEP wasnt secure, and hence I never used it, I always stuck with WPA, but WPA2 is something for me to read about now. Thanks again Zeb

 

So let me get this right. WPA with a weak password is easier to crack than WEP?

Si

 

but people should use a strong password anyway, regardless of how uncrackable WPA or whatever is... if you use a weak password, expect to get penetrated hard...

 

OK, let's keep ourselves clean here ....

IMPORTANT NOTICE:


Please note that this post contains both facts and opinions as posted by this site's Members, and in no way constitutes the views, thoughts, beliefs, opinions or otherwise of CertForums. We in no way condone, or otherwise, any actions, techniques or suggestions posted here, and reserve the right to remove this thread at anytime if deemd to place CertForums in a legally unsound position.

Now, back to the discussion (with the above in mind !! )