From: Robin Wood (dninja@gmail.com)
Date: Tue Dec 13 2005 - 17:28:37 EST
I was going off what airodump was reporting and stopped collecting
data when it showed around 1 million IV packets, I assumed that that
was what I was after.
The docs for aircrack suggest 300,000 for 64bit and 1,000,000 for
128bit so I'll go for a million again, it didn't take that long to
generate them.
I'm going to try again with aireplay replaying an IV from the result
of a deauth attack, see what happens.
Robin
On 12/13/05, Seth Fogie <seth@fogieonline.com> wrote:
> The amount of data isn't the only factor. You also have to consider the
> quality of data. If your data contains very few or no weak IV's, then
> you are wasting your time. On the other hand, if your packets are all
> using weak IV's (not probably), then it will be fast.
>
> I have repeatedly cracked it with 100k packets and four minutes from
> start to finish using airodump/aircrack. None of this 2-4 hours and 5
> million packets stuff...that is old.
>
> Dave Bush wrote:
>
> >On 12/13/05, Robin Wood <dninja@gmail.com> wrote:
> >
> >
> >> All the examples I've seen seem to suggest that cracking should take minutes
> >>not hours and all keys should be crackable. What experiences do other
> >>testers have? Have I done something wrong? I abandoned the full attack after
> >>5 hours as it was running with the default fudge factor of 2 so would
> >>probably not have managed to crack the key.
> >>
> >>
> >
> >I don't think you captured enough data.
> >
> >I just finished NS621 - Applied Wireless Network Security at Capitol
> >College as one of the final classes in my Masters in Network Security
> >(as of tomorrow evening my Masters is complete!), and lab 5 for 621
> >was cracking WEP. The long and the short of cracking WEP was making
> >sure you captured enough data to get the key.
> >
> >When I did the WEP cracking lab I had my wife's laptop start copying 6
> >GB of video files from a Linux server in my house so that IV
> >collisions would happen more frequently than if just Internet surfing
> >was going on. FWIW Her notebook was running Windows XP SP2 and an
> >802.11G PCMCIA card, and the Linux server was running Samba to talk to
> >my wife's notebook & connected to the home WLAN using a USB 802.11B
> >dongle. I then had my notebook running airodump in Windows (worked
> >fine in Linux too) and just let it do its thing for an hour or so. At
> >that point I guessed that it'd probably captured enough so I ran
> >aircrack against the file airodump created, and it cracked my home WEP
> >key in about 10 seconds. No exaggeration - 10 seconds!
> >
> >It's important to note that I did not stop running airodump while
> >running aircrack on the file. That way if I'd had to capture more IV
> >collisions to be able to crack WEP, I could just try it again later.
> >
> >Running aircrack in Linux yielded similar results to running it in
> >Windows as far as performance goes. (ie: 10 seconds in Linux too)
> >
> >I've never gotten Air Snort to work in either Windows or Linux. I'm
> >running the drivers from Wild Packets in Windows, and everything I've
> >read says it should work on my Atheros based chipset wirelss card but
> >my results are obviously different. Running Air Snort in Linux will
> >capture data, but after leaving it going overnight it never did crack
> >WEP. This was while performing the same 6 GB copy from the Linux
> >server to my wife's notebook, so I know enough IV collisions should
> >have been captured.
> >
> >I also tried using aircrack against the tcpdump files that Kismet
> >kicked out after letting Kismet run for hours, and that didn't work
> >either.
> >
> >NOTE: You have to be careful how you set your card in Linux to get it
> >to work right with airodump or most any other wireless tool. Here's
> >the script I use to configure my Atheros card for stuff like this:
> >
> >#!/bin/bash
> >#
> ># -----------------------------------------------------
> ># ! This script written by Dave Bush for use in !
> ># ! Capitol College's NS621-L01 Fall 2005 class !
> ># ! !
> ># ! This works well for me, and hopefully can be !
> ># ! used as a starting point for others exploring !
> ># ! wireless tools in Linux. I've used this for !
> ># ! setting up wireless for both Kismet and AirSnort. !
> ># ! !
> ># ! Please direct any questions to me at !
> ># ! hockeystatman@gmail.com !
> ># -----------------------------------------------------
> >#
> ># Set card to 802.11b mode
> >#
> >iwpriv ath0 mode 2
> >#
> ># Set the speed for 802.11b
> >#
> >iwconfig ath0 rate 11M
> >#
> ># Set card to adhoc mode
> >#
> >iwpriv authmode 1
> >#
> ># Clear any WEP key that has been set
> >#
> >iwconfig ath0 key off
> >#
> ># Clear any SSID that has been set
> >#
> >iwconfig ath0 essid any
> >#
> ># Set card into monitor mode
> >#
> >iwconfig ath0 mode monitor
> >#
> ># -----------------------------------------------------
> ># ! The wireless card should now be ready for use by !
> ># ! Kismet, AirSnort, and other Linux-based wireless !
> ># ! auditing tools. !
> ># -----------------------------------------------------
> >
> >Long story short - airodump and aircrack worked fine for me once my
> >card was correctly configured, but nothing else I've done has worked.
> >
> >
> >
> >> I've also seen a video on the Remote Exploit site showing a WPA key cracked
> >>in 10 minutes using cowpatty and a dictionary attack. How realistic is this?
> >>
> >>
> >
> >Not sure, but I'm guessing it was WPA with a pre-shared key. Can you
> >send a link to the video?
> >
> >Regards,
> >- Dave
> >--
> >Dave Bush <hockeystatman@gmail.com>
> >
> >There are two seasons in my world - Hockey and Construction
> >
> >------------------------------------------------------------------------------
> >Audit your website security with Acunetix Web Vulnerability Scanner:
> >
> >Hackers are concentrating their efforts on attacking applications on your
> >website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> >login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> >futile against web application hacking. Check your website for vulnerabilities
> >to SQL injection, Cross site scripting and other web attacks before hackers do!
> >Download Trial at:
> >
> >http://www.securityfocus.com/sponsor/pen-test_050831
> >-------------------------------------------------------------------------------
> >
> >
> >
> >
> >
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:16 EDT