I think we all agree that having the option of wireless
connectivity is great. It certainly helps to have it in a corporate
setting as well. The freedom to roam about the office with
your laptop helps worker efficiency, and is simply nice to have at home as well. No longer are we constrained by cables and such. Heck, I remember having a 100 foot length of CAT-5 in my home that I used to connect my laptop to my router. That was a pain in the butt believe me.
Well with this new found freedom have come certain risks. For everytime you introduce new technologies you can rest assured that exploits for it are soon to follow. So with this in mind it was no great surprise that 64 bit WEP was quickly found to be lacking in terms of its implementation. So the vendors upped the ante and came out with 128 bit WEP, and this in turn was also found to be lacking. It kind of makes you think of the old arms race doesn’t it? For every new weapon that comes out, there is quickly a counter-measure for it.
WiFi hacking has been around for some time now, and oddly enough has really received little press. Since 2001, 64 bit WEP has been breakable. That was also around the time that well known tools such as Airsnort gave the ability to break into wireless networks to the masses. This tool is only half of the equation though for you still require something to let you know if there are any wireless access points around you. We shall now go on to look at various tools which will allow you to do some WEP cracking. Some of the tools shown are Linux based, but some have since been ported to Win32. On that note let’s get to the business of profiling some of the tools used to pull off a WiFi hack.
What tools do you use to crack WEP?
There is a fairly decent variety of tools out there to help you crack WEP keys. One of them, I mentioned already, is Airsnort as coded by Snax of Shmoo group fame. Well much like any hack, there is typically a logical series of events that need to take place first. What do you think the first step would be? Well, seeing as we want to crack WEP keys, then our first step should be to find ourselves a wireless access point (WAP). To that end some tools which will help you detect WAP’s are as follows. Please bear in mind that not all of them are available in Win32. I will indicate as such where one of them is not.
This tool does a combination of things for you and is native to *nix. Kismet will not only detect WiFi networks, it is also capable of sniffing packets from them, and can act as an intrusion detection system as well. All in all, it is a very functional tool and is also one that is still actively maintained. Please note that you can run Kismet on your favorite Win32 operating system, but you will need to do so with cygwin. Though this tool is indeed very functional, some people find it a little confusing to work with. That said, should you wish to install it on your Win32 laptop then pleaseclick here for a good explanation of how to do it.
Now is a good time to point out that you will need an external wireless card to do WEP cracking as the onboard wireless card you have is simply not up to the task of detecting all WiFi networks that may be around you. Some of the cards that I suggest you get are the Cisco Aironet a/b/g (this is the one I have) 3Com 3CRPAG175 wireless card, and lastly the Linksys Dual Band wireless card. Please bear in mind that this is not an exhaustive list. All said and done I would go for the Cisco Aironet card as it will support both a/b/g modes.
Netstumbler is a tool which will allow you to detect WAP’s around you. It is fully functional on Win32, specifically W2K Pro and Win XP. You are once again limited by having to have a wifi card that is supported by Netstumbler. However, this software tool will not detect WAP’s that are configured to not broadcast their SSID. A rather limiting factor, and is the main reason why you would be better off using another tool during your discovery phase.
The tools shown above are both free tools available to you at no cost other then your time to configure them. This tool is commercial in nature, but does a far better job at finding WAP points, and a whole lot more. AirMagnet is also native to Win32 and can be used with ease, vice some of the problems you may have trying to get the above two noted working. Though some tools can do a good job of both detecting and then collecting WAP point traffic, you are likely best off splitting your tool kit into two. With that in mind I would use either Netstumbler or Airmagnet for WAP detection if you are trying to do so with only free tools.
Figure 1
We can see from the above screenshot that there are four wireless networks detected. These are all within range of my wifi card to detect, and in likelihood these networks belong to those of my neighbors. The topmost network with no SSID is mine as I have it set to not broadcast my SSID. Also of note is the fact that only three out of four networks have some form of WEP (64 or 128 bit) enabled.
Figure 2
With the above noted screenshot in mind we see how easy it would be to use this tool to associate yourself to a wireless network whose WEP you have broken. Once you have the key, it would be trivial then to insert yourself into the network. Anyhow I don’t wish to dwell on this tool as it is indeed a commercial one, and I prefer to show you tools that are free in nature. That said, this tool is extremely powerful and easy to use. If your company can afford to buy it then I for one would certainly counsel you to do so.
No comments:
Post a Comment