Hands-On Ethical Hacking and Network Defense Lecture 14 Cracking WEP Last modified 5-11-09.

Slides:



Advertisements
Similar presentations
Overview How to crack WEP and WPA
Advertisements

AARP Tax-Aide Sonoma/Napa District Bill Dornbush, TC Guide to Printer Sharing.
Crack WEP Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Wireless Cracking By: Christopher Zacky.
Crack WPA Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Presentation viewer : _ Mahmoud matter. Ahmed alasy Dr: Rasha Atallah.
1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Wireless Networks: Signaling and Security William Tucker CEN 4516: Computer Networks FGCU: Fort Myers, FL: 09/05.
Final Presentation Presented By: Gal Leibovich Liran Manor Supervisor: Hai Vortman.
FROM RICHARD RODRIGUES JOHN ANIMALU FELIX SHULMAN THE HONORARY MEMBERS OF THE Intercontinental Group 1.
The Trouble with WEP Or, cracking WiFi networks for fun & profit (not really) Jim Owens.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
December 17, Wi-Fi Mark Faggiano GBA 576. December 17, Purpose of the Project  I hear Wi-Fi, WLAN, everywhere  What does it all.
Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
Wi-Fi Structures.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Wireless Insecurity.
Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
Romney Bake Brian Peterson Clay Stephens Michael Hatheway.
Wireless Networking 102.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to 802: Managing and Troubleshooting PCs Fourth Edition (Exam.
Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation.
MASNET GroupXiuzhen ChengFeb 8, 2006 CSCI388 Project 1 Crack the WEP key Liran Ma Department of Computer Science The George Washington University
Confidential and Proprietary Capturing Air: Tools and Methods to Make Wireless Assessments a Breeze Leo Walsh, GSNA Professional Jefferson Wells.
1 Chapter Overview Wireless Technologies Wireless Security.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Wireless Technologies Networking for Home and Small Businesses – Chapter.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.
Networks LANS,. FastPoll True Questions Answer A for True and B for False A wireless infrastructure network uses a centralized broadcasting device, such.
Wireless Networking.
Version Slide 1 Format of lecture Introduction to Wireless Wireless standards Applications Hardware devices Performance issues Security issues.
Ethical Hacking Defeating Wireless Security. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.
Ethernet and Wifi Chapter 7 & 8. Send and Receive Data network adapter or network interface NIC card the most common wired Ethernet network interfaces.
Computer Concepts 2014 Chapter 5 Local Area Networks.
Laboratoires & Matériels WiFi
Chapter 8 Wireless Hacking Last modified
Presented by: Dr. Munam Ali Shah
1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.
Understanding Wireless Networking. WiFi Technology WiFi began as a way to extend home and small office network access without installing more cable. As.
Copyright Security-Assessment.com 2005 Wireless Security by Nick von Dadelszen.
Wireless Hacking. Wireless LANs and footprinting Wireless LANs l see basic conceptsbasic concepts Linux versus Windows footprinting l you need a card.
Wireless Encryption: WEP and cracking it. Eric Shea.
1. Outlines Introduction What is Wi-Fi ? Wi-Fi Standards Hotspots Wi-Fi Network Elements How a Wi-Fi Network Works Advantages and Limitations of Wi-Fi.
5 SECTION A 1 Network Building Blocks  Network Classifications  LAN Standards  Network Devices  Clients, Servers, and Peers  Physical Topology  Network.
Wireless? A wireless LAN or WLAN is a wireless local area network that uses radio waves as its carrier. The last link with the users is wireless, to give.
Chapter 8 Wireless Hacking Last modified
The University of Bolton School of Business & Creative Technologies Wireless Networks - Security 1.
Lesson 10: Configuring Network Settings MOAC : Configuring Windows 8.1.
Solving the Security Risks of WLAN Tuukka Karvonen
KSU 2015-Summer Cyber Security | Group 1 | Seul Alice Bang Get a Wifi Password.
Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.
Summary: Unlike WindowsXP, Windows2000 wireless client utilities are different from vendor to vendor and even within versions of a vendor’s client utility.
Securing A Wireless Home Network. Simple home wired LAN.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Submitted By:- Raushan Kr. Chaurasiya(68) Santu Thapa(75) Satyanarayan Prajapat(76)
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
Securing a Wireless Home Network BY: ARGA PRIBADI.
Tightening Wireless Networks By Andrew Cohen. Question Why more and more businesses aren’t converting their wired networks into wireless networks?
ICT Unit 4: Network and the effects of using them
ItrainOnline MMTK Last updated: 23 April 2006 T. Krag, B. Roger 1 Wireless Client Installation Developed by: Tomas Krag, wire.less.dk.
Understand Wireless Security LESSON Security Fundamentals.
Instructor Materials Chapter 6 Building a Home Network
Wireless Attacks: WEP Module Type: Basic Method Module Number: 0x00
Wireless Fidelity 1 1.
Wireless Local Area Network (WLAN)
Only For Education Purpose
Wireless Hacking.
Wi-Fi Technology.
Presentation transcript:

Hands-On Ethical Hacking and Network Defense Lecture 14 Cracking WEP Last modified

Legal Concerns Defeating security to enter a network without permission is clearly illegal Defeating security to enter a network without permission is clearly illegal Even if the security is weak Even if the security is weak Sniffing unencrypted wireless traffic may also be illegal Sniffing unencrypted wireless traffic may also be illegal It could be regarded as an illegal wiretap It could be regarded as an illegal wiretap The situation is unclear, and varies from state to state The situation is unclear, and varies from state to state In California, privacy concerns tend to outweigh other considerations In California, privacy concerns tend to outweigh other considerations See links l14v, l14w See links l14v, l14w

Equipment Wireless Network Interface Cards (NICs) and Drivers

The Goal All wireless NICs can connect to an Access Point All wireless NICs can connect to an Access Point But hacking requires more than that, because we need to do But hacking requires more than that, because we need to do Sniffing – collecting traffic addressed to other devices Sniffing – collecting traffic addressed to other devices Injection – transmitting forged packets which will appear to be from other devices Injection – transmitting forged packets which will appear to be from other devices

Windows v. Linux The best wireless hacking software is written in Linux The best wireless hacking software is written in Linux The Windows tools are inferior, and don't support packet injection The Windows tools are inferior, and don't support packet injection But all the wireless NICs are designed for Windows But all the wireless NICs are designed for Windows And the drivers are written for Windows And the drivers are written for Windows Linux drivers are hard to find and confusing to install Linux drivers are hard to find and confusing to install

Wireless NIC Modes There are four modes a NIC can use There are four modes a NIC can use Master mode Master mode Managed mode Managed mode Ad-hoc mode Ad-hoc mode Monitor mode Monitor mode See link l_14j See link l_14j

Master Mode Master Mode Master Mode Also called AP or Infrastructure mode Also called AP or Infrastructure mode Looks like an access point Looks like an access point Creates a network with Creates a network with A name (SSID) A name (SSID) A channel A channel

Managed Mode Managed Mode Managed Mode Also called Client mode Also called Client mode The usual mode for a Wi-Fi laptop The usual mode for a Wi-Fi laptop Joins a network created by a master Joins a network created by a master Automatically changes channel to match the master Automatically changes channel to match the master Presents credentials, and if accepted, becomes associated with the master Presents credentials, and if accepted, becomes associated with the master

Typical Wireless LAN Access Point in Master Mode Clients in Managed Mode

Ad-hoc Mode Nodes in Ad-hoc Mode Peer-to-peer network Peer-to-peer network No master or Access Point No master or Access Point Nodes must agree on a channel and SSID Nodes must agree on a channel and SSID

Monitor Mode Does not associate with Access Point Does not associate with Access Point Listens to traffic Listens to traffic Like a wired NIC in Promiscuous Mode Like a wired NIC in Promiscuous Mode Monitor Mode Master Mode Managed Mode

Wi-Fi NICs To connect to a Wi-Fi network, you need a Network Interface Card (NIC) To connect to a Wi-Fi network, you need a Network Interface Card (NIC) The most common type is the PCMCIA card The most common type is the PCMCIA card Designed for laptop computers Designed for laptop computers

USB and PCI Wi-Fi NICs USB USB Can be used on a laptop or desktop PC Can be used on a laptop or desktop PC PCI PCI Installs inside a desktop PC Installs inside a desktop PC

Choosing a NIC For penetration testing (hacking), consider these factors: For penetration testing (hacking), consider these factors: Chipset Chipset Output power Output power Receiving sensitivity Receiving sensitivity External antenna connectors External antenna connectors Support for i and improved WEP versions Support for i and improved WEP versions

Wi-Fi NIC Manufacturers Each wireless card has two manufacturers Each wireless card has two manufacturers The card itself is made by a company like The card itself is made by a company like Netgear Netgear Ubiquiti Ubiquiti Linksys Linksys D-Link D-Link many, many others many, many others But the chipset (control circuitry) is made by a different company But the chipset (control circuitry) is made by a different company

Chipsets To find out what chipset your card uses, you must search on the Web To find out what chipset your card uses, you must search on the Web Card manufacturer's don't want you to know Card manufacturer's don't want you to know Major chipsets: Major chipsets: Prism Prism Cisco Aironet Cisco Aironet Hermes/Orinoco Hermes/Orinoco Atheros Atheros There are others There are others

Prism Chipset Prism chipset is a favorite among hackers Prism chipset is a favorite among hackers Completely open -- specifications available Completely open -- specifications available Has more Linux drivers than any other chipset Has more Linux drivers than any other chipset See link l_14d See link l_14d

Prism Chipset Prism chipset is the best choice for penetration testing Prism chipset is the best choice for penetration testing HostAP Linux Drivers are highly recommended, supporting: HostAP Linux Drivers are highly recommended, supporting: NIC acting as an Access Point NIC acting as an Access Point Use of the iwconfig command to configure the NIC Use of the iwconfig command to configure the NIC See link l_14h See link l_14h

Cisco Aironet Chipset Cisco proprietary – not open Cisco proprietary – not open Based on Prism, with more features Based on Prism, with more features Regulated power output Regulated power output Hardware-based channel-hopping Hardware-based channel-hopping Very sensitive – good for wardriving Very sensitive – good for wardriving Cannot use HostAP drivers Cannot use HostAP drivers Not useful for man-in-the-middle or other complex attacks Not useful for man-in-the-middle or other complex attacks

Hermes Chipset Lucent proprietary – not open Lucent proprietary – not open Lucent published some source code for WaveLAN/ORiNOCO cards Lucent published some source code for WaveLAN/ORiNOCO cards Useful for all penetration testing, but require Useful for all penetration testing, but require Shmoo driver patches (link l_14l) to use monitor mode Shmoo driver patches (link l_14l) to use monitor mode

Atheros Chipset The most common chipset in a devices The most common chipset in a devices Best Atheros drivers are MadWIFI (link l_14m) Best Atheros drivers are MadWIFI (link l_14m) Some cards work better than others Some cards work better than others Monitor mode is available, at least for some cards Monitor mode is available, at least for some cards

Other Cards If all else fails, you could use Windows drivers with a wrapper to make them work in Linux If all else fails, you could use Windows drivers with a wrapper to make them work in Linux DriverLoader (link l_14n) DriverLoader (link l_14n) NdisWrapper (link l_14o) NdisWrapper (link l_14o) But all you'll get is basic functions, not monitor mode or packet injection But all you'll get is basic functions, not monitor mode or packet injection Not much use for hacking Not much use for hacking

Cracking WEP Tools and Principles

A Simple WEP Crack The Access Point and Client are using WEP encryption The Access Point and Client are using WEP encryption The hacker device just listens The hacker device just listens Hacker Listening WEP- Protected WLAN

Listening is Slow You need to capture 50,000 to 200,000 "interesting" packets to crack a 64-bit WEP key You need to capture 50,000 to 200,000 "interesting" packets to crack a 64-bit WEP key The "interesting" packets are the ones containing Initialization Vectors (IVs) The "interesting" packets are the ones containing Initialization Vectors (IVs) Only about ¼ of the packets contain IVs Only about ¼ of the packets contain IVs So you need 200,000 to 800,000 packets So you need 200,000 to 800,000 packets It can take hours or days to capture that many packets It can take hours or days to capture that many packets

Packet Injection A second hacker machine injects packets to create more "interesting packet" A second hacker machine injects packets to create more "interesting packet" Hacker Listening WEP- Protected WLAN Hacker Injecting

Injection is MUCH Faster With packet injection, the listener can collect 200 IVs per second With packet injection, the listener can collect 200 IVs per second 5 – 10 minutes is usually enough to crack a 64-bit key 5 – 10 minutes is usually enough to crack a 64-bit key Cracking a 128-bit key takes an hour or so Cracking a 128-bit key takes an hour or so Link l_14r Link l_14r

AP & Client Requirements Access Point Access Point Any AP that supports WEP should be fine (they all do) Any AP that supports WEP should be fine (they all do) Client Client Any computer with any wireless card will do Any computer with any wireless card will do Could use Windows or Linux Could use Windows or Linux WEP- Protected WLAN

Listener Requirements NIC must support Monitor Mode NIC must support Monitor Mode Could use Windows or Linux Could use Windows or Linux But you can't use NDISwrapper But you can't use NDISwrapper Software Software Airodump (part of the Aircrack Suite) for Windows or Linux (see Link l_14q) Airodump (part of the Aircrack Suite) for Windows or Linux (see Link l_14q) BackTrack is a live Linux CD with Aircrack on it (and many other hacking tools) BackTrack is a live Linux CD with Aircrack on it (and many other hacking tools) Link l_14n Link l_14n Hacker Listening

Injector Requirements NIC must support injection NIC must support injection Must use Linux Must use Linux Software Software void11 and aireplay void11 and aireplay Link l_14q Link l_14q Hacker Injecting

Sources Aircrack-ng.org (link l_14a) Aircrack-ng.org (link l_14a) Wi-Foo (link l_14c) Wi-Foo (link l_14c) Vias.org (link l_14j) Vias.org (link l_14j) smallnetbuilder.com (link l_14p) smallnetbuilder.com (link l_14p)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.