it-wireless

Thursday, February 10, 2005

Wireless pentest - crack WEP

Based on recent mails regarding articles found here for wireless pentesting. Using all the tools desribed here requires capturinginteresting packets (unique RC4 IV) in a packet capture.http://www.securityfocus.com/infocus/1814

The problem relates to creating traffic on a wireless network in caseyou dont find a lot of traffic for a good capture. Is there any wayyou can create traffic on a WEP network without knowing- the IP Address (address range) the Access Point and wireless clientsare using- the WEP key being used (makes sense - that is why you are running a WEP crack)

IP Address of gateway: Use Ettercap
Create Traffic- ICMP Ping Flood Tool
WEP Key being used: Aircrak or Snort

Hope that helps, collecting enough WEP IV's in aircrack can take sometime, you will need approx. 200k-500l; depending on the amount oftraffic is on the network, that is where the ICMP ping flood toolcomes in. Aircrack will crack the WEP key in a few seconds, if youtell it how long the WEP key is, it will do it faster, otherwise youwill need to wait a few more seconds