Peter Van Eeckhoutte's Blog

Posts Tagged ‘wireless’

Just a quick note to let you know that 2 Japanese scientists (from Hiroshima and Kobe Universities) have found a practical way to crack WPA TKIP in about one minute, using a technique called “Beck-Tews”. This technique is not new. It has been discovered by some Germans back in november, but was somewhat limited in use (QoS was required) (and it took about 15 minutes to crack the key).

Now, this limitation has been broken using mitm + a new algorithm to apply the technique.

Their findings can be downloaded from http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%20on%20WPA.pdf

I guess it’s time to migrate to WPA2 (which has been supported on wi fi devices since 2006) AND never consider any wireless network as trusted… I always recommend using VPN on top of wireless networks, just to be safe & sure :-)

Other links :

http://www.net-security.org/secworld.php?id=7962

http://isc.sans.org/diary.html?storyid=7027&rss Read more »

Download backtrack from http://www.remote-exploit.org/backtrack_download.html. Current version at the time of writing is BT4 Pre-Final.This document is based on BT4 pre-final. Ergo, some of the instructions below may not work with other versions of BT. FYI : An excellent guide about Backtrack4 can be found at BackTrack 4 – The Definitive Guide    1. Installing Backtrack to a harddrive (using Ubiquity) http://www.offensive-security.com/videos/install-backtrack-hard-disk/install-backtrack-hard-disk.html Boot from the Backtrack DVD and choose “Start Backtrack in Text Mode” Backtrack will boot and will automatically end up at a …

Basic steps : Put interface in monitor mode Find wireless network (protected with WPA2 and a Pre Shared Key) Capture all packets Wait until you see a client and deauthenticate the client, so the handshake can be captured Crack the key using a dictionary file (or via John The Ripper)   I’ll use a Dlink DWL-G122 (USB) wireless network interface for this procedure.  In backtrack4, this device is recognized as wlan0. First, put the card in monitor mode : …

I know, there a probably already a zillion number of websites that show how to crack WEP. So I guess this will be website zillion+1 learning how to audit your own WEP security. To be honest, the main reason I’m putting this info on this blog because I just wanted it as a quick reference- or cheatsheet, in case I forget some about particular commands/parameters again :-)  And why rely on other websites that may or may not be reachable when you need them :-) Scenario 1 : WEP encryption, OPEN Authentication, MAC filtering enabled, active client on network The AP in my testlab uses MAC filtering and is configured to use WEP, using OPEN Authentication Method. In this scenario, I have 2 clients that are currently connected to the wireless network. My auditor …