CEH.V6.-.Module.20.Hacking.Wireless.Networks

4 gb you never have to have the wep key once you have

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Pad-Collection Attacks There is (should be) a different pad for every encrypted packet packet that is sent between an AP and a station By mapping pads to IVs, you can build up a table and skip the RC4 step: • The stream is never longer than 1500 bytes (the maximum Ethernet Ethernet frame size) • The 24 bit-IV provides 16,777,216 (256^3) possible streams, so all the pads can fit inside 25,165,824,000 bytes (23.4 GB) You never have to have the WEP key: • Once you have a complete table, it is as good as having the WEP it key EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited XOR Encryption 0 XOR 0 = 1 XOR 0 = 1 XOR 1 = (z XOR y) XOR y) (z XOR y) 0 1 0 XOR z = y XOR XOR y = z Works independently when z or y is the “plaintext,” "pad“, or “ciphertext” EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Stream Cipher Given an IV and secret key, the stream of bytes (pad) produced is always the same: • Pad XOR plaintext = ciphertext If an IV is ever reused, then the pad is the same then Knowing all pads is equivalent to knowing the secret Application to WEP: • The pad is generated from the combination between the IV and the WEP key passed through RC4 • Knowing all pads is equivalent to knowing the 40 or 104-bit secret: • "Weak" IVs reveal additional information about the secret IVs EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited WEP Tool: Aircrack Aircrack is a 802.11 sniffer and WEP key cracker It recovers 40-bit or 104-bit WEP key It implements FMS attack with some new attacks It supports Windows, Linux, and Mac OS EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Aircrack-ng Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program which recovers keys when the data packets are captured The features of Aircrack-ng are: • • • • • • EC-Council Better documentation(wiki, manpages) and support More cards/drivers supported More OS and platforms supported WEP dictionary attack Improved cracking speed Optimizations, other improvements, and bug fixing Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited WEP Tool: AirSnort Ai AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys LAN on 802.11b WEP networks It operates by passively monitoring transmissions and computing the encryption key when enough packets have been gathered It runs under Linux, and requires that the wireless NIC be capable of rf monitor mode, and that it passes monitor mode packets up via the PF PF_PACKET interface Source: http://airsnort.shmoo.com/ EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited AirSnort: Screenshot 1 EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited AirSnort: Screenshot 2 EC-Council...
View Full Document

This note was uploaded on 02/12/2013 for the course CEH v6 taught by Professor John during the Summer '13 term at West Point.

Ask a homework question - tutors are online