pwtb - wep cracking, the fbi way - werzit - intel cracking... · passwords. it’s pretty nifty for...

pwtb - WEP Cracking, the FBI Way http://web.archive.org/web/20070113030344/http://www.primary0.com/...

1 of 12 10/26/2008 4:10 PM

WEP Cracking, the FBI WayWEP cracking usually takes hours. Lots of hours, depending on the amount oftraffic on the access point. A few months ago, two FBI agents demonstrated howthey were able to crack a WEP enabled access point within a couple of minutes.3 minutes to be exact. This is unbelievable when compared to, say 3 days ofwork. Here is how they did it, and how you can do it. You may need to know yourway with each and every of these tools to get this done. You can ask Google forthat. Anyway, if you are familiar with them, just do as follows :

Run Kismet to find your target network. Get the SSID and the channel.Run Airodump and start capturing data.With Aireplay, start replaying a packet on the target network. (You canfind a ‘good packet’ by looking at the BSSID MAC on Kismet andcomparing it to the captured packet’s BSSID MAC).Watch as Airodump goes crazy with new IVs. Thanks to Aireplay.Stop Airodump when you have about 1,000 IVs.Run Aircrack on the captured file.You should see the WEP key infront of you now.

The software runs on Linux, they are all available on the Knoppix Linux LiveCD. And finally, I think you should always use a combination of 2 or moresecurity features. As for what you need, get Aircrack (Includes Airodump,Aireplay, Aircrack and optional Airdecap for decrypting WEP/WPA capture files)and get Kismet .

Update: Kismet for Windows (Kiswin32 ) is available now.

Saturday, June 4th, 2005


2 of 12 10/26/2008 4:10 PM

45 Responses to “WEP Cracking, the FBI Way”

Wayne D. Berg Says:

WOW, this really works. Anyillegalities I should be aware of whencracking WEP encryption in myhobby? Is it illegal to cracksomeone’s code?

January 23rd, 2006

primary0 Says:

think of it as lock picking. if its urlock - no problem. if it is someoneelse’s, u need permission and it wudbe illegal otherwise i suppose.

January 23rd, 2006

Joe B Says:

Going to test it when i have sometime on the WEPS in my workoffices if it can be cracked thateasily I will stop using wep andmove to other encryptions alltogether.

March 8th, 2006

h4x0r Says:

Any chance of Aircrack comming outfor PC?

June 28th, 2006

Dave N Says:

WPA and WPA2 is crackable aswell (but a lot harder). There is noreal secure wireless network. WEPis sufficient for home use, but not forcorporate use.

Possibly related stuff

No related posts


3 of 12 10/26/2008 4:10 PM

June 28th, 2006

Dave N Says:

Aircrack is out for PC, but aireplaydoes not work for the PC due todrivers.

June 28th, 2006

Geeks Are Sexy] Tech. News Says:

Yeah, cracking WEP has neverbeen easier.

Just go on youtube and do a searchfor WEP cracking, you’ll end up on acouple of video presentation aboutwhat you just posted.

Even WPA isn’t safe anymorenow…

June 28th, 2006

shawn m Says:

It’s not sufficient to say WPA andWPA2 are “a lot harder” to crack.With sufficiently strong keys, itwould take current computersmillions of years to crack via bruteforce.

I also disagree that WEP issufficient for home use. All youron-link banking may be secured viaSSL, but your email and all yoursurfing is easily accessible.Someone snooping would knowwhat banks you deal with, whatcompanies you buy from, and evenknow when to expect deliveries ifthey pick up shipping confirmationssent in email. If you live in a sparselypopulated area, it’s low risk. If youlive in a dense neighborhood orapartment building, you should justassume someone is trying to get toyour network and lock it downtightly.

June 28th, 2006

Mark Says:

Well, It made the front page of digg.WEP is officialy dead.

I, a 14 year old kid with linux, cancompramise your home network in 3minutes.


4 of 12 10/26/2008 4:10 PM

June 28th, 2006

stephengilroy[dot]com » Blog Archive » WEP Cracking , the FBI Way Says:

[…] Cheers to you, Stephenreadmore | digg story […]

June 28th, 2006

Thermoplyae » Blog Archive » Hacking WLAN in 3 Minu tes. Says:

[…] About a year ago the FBIdemonstrated how they can hack awireless WEP encrypted network inthree minutes, prior to this I it wouldtake hours! Today I found an articlewhich gives you step by stepintructions on how to do it, but youwill need to run linux! […]

June 28th, 2006

Stork Says:

WPA is safe if you put a nice juicypassword such as

”+26]RkW\>mjk>D$BM9S1s28DN2E.*rw@_Zya!”Bl]JBs,3)VF;EHA7.t!04`IT5”

But WPA will be audited if everyoneuses their passwords as” macintosh ”

So please, If you have a neighborwho uses WEP, be a good neighborand crack it and use a nice programsuch as airpwn(which is on auditor)to remind them that they could losea poop-load of valuable informationif they don’t get a WPA router.

June 28th, 2006

The bandito Says:

Just tell your router not to acceptconnections from anything but yourapproved MAC addresses. Is thereany way around that?

June 28th, 2006

dibbs online Says:

1000 IV’s is not enough, even theaircrack docco says this.

June 28th, 2006


5 of 12 10/26/2008 4:10 PM

ardos Says:

you can spoof mac address so thatsi not a way around the problem

June 28th, 2006

Matt Says:

Bandito:

Once you’ve cracked the WEP key,just sniff enough packets and pullout which MAC addresses AREallowed, then spoof. Bingo.

June 28th, 2006

stone Says:

Spoofing MAC addresses is actuallypretty easy…

June 28th, 2006

Rob Says:

@bandito - First, you can oftenoverride the MAC address to beanything you want, so you couldsimply take one of the approvedMAC addresses if you want toconnect through the network. Thiswould probably only work when theother computer is off though.

Second, if you only want to monitortraffic, then you don’t need toconnect, you just have to sit thereand listen to the traffic going by.

June 28th, 2006

Interiot Says:

@Dave N

Wireless networks *can* be secure,you just have to run a wrapper likeSSH+SOCKS or IPSec over them.

June 28th, 2006

Stephen Says:

I find myself rather suprised thatpeople are still using WEP whenWPA-PSK is so easily available andeasy to configure. If you use a 20character password minimum w/alphanumerics and such - which youcan keep written down in case you


6 of 12 10/26/2008 4:10 PM

forget, and which will already besaved on your computers anyway -then WPA-PSK is virtuallyimpregnable. It’s ridiculously simpleto migrate to WPA, and if you’reusing WEP, you should’ve switchedyears ago.

Heck, just use Mac Address filteringif you’re really worried.

cmd prompt: ipconfig /alland pop that mac addy into yourrouter.

June 28th, 2006

makingfunofh4x0r Says:

omglol111!!!111some idiot named h4×0r needsaircrack on a pc… your not h4×0ryour n00bx0r

June 28th, 2006

AlbanyWiFi.com » Blog Archive » WEP Cracking, the F BI Way Says:

[…]www.primary0.com/2005/06/04/wep-cracking-the-fbi-way/[…]

June 28th, 2006

RE: To bandito Says:

RE: The banditoyes, there is an easy way around it,you simply wait for an authorizedclient to use the network and grabthier mac address and simply spoofyour mac to be thiers

June 28th, 2006

Don Says:

What kind of wireless card(s) didyou use for your auditing?

June 28th, 2006

rych Says:

not all drivers are compatibleairodump.

June 28th, 2006

Killagoat Says:


7 of 12 10/26/2008 4:10 PM

With a combination of hidden SSIDand MAC authentication you’reabout 20x more secure than usingWEP. The cheap wal-mart linksysrouters can do this and I’ve not yetbeen able to find a way to getaround it.

June 28th, 2006

Jack Says:

Well - I run AES encryption with along [ > 60 letter password] - is thatsafe?

June 28th, 2006

thru9 Says:

anytime soon for Max X?

June 28th, 2006

marticus Says:

“Just tell your router not to acceptconnections from anything but yourapproved MAC addresses. Is thereany way around that?”

once someone figures out the MACaddress of any on your network theycan simple use a MAC “spoofer” thatwill allow them to access thenetwork hosting your MAC address.

So, no.

June 28th, 2006

Fred Says:

This is just for n00bs … you can’tcrack a WEP with 1000 IVs. Youprobably need 400000 or even600000 IVs!!!

What the FBI did in his demo, wasconfusing/disconnecting Windowsworkstations by sending themdeauth packets to be sure to createmore traffic. The more traffic youhave, the more IVs you can get.

Everybody can write down what hethinks … everybody should what hewrites down … because I’m sureGod is a 3m high guy.

June 28th, 2006


8 of 12 10/26/2008 4:10 PM

Aryss Ska'Hara Says:

So, if that’s your private network -disable SSID broadcasting. Those,who need to know SSID will know itfrom you.

June 28th, 2006

Tom Wright Says:

@Aryss Ska’HaraDisabling SSID broadcasting won’thelp (although it will reduce yourpower usage) because traffic canstill be sniffed when it goes betweenlegitamate clients and the node.They will inform the brat next door ofyour SSID making the wholeexercise pointless.

June 28th, 2006

thewebguy Says:

Matt:

I was going to ask if something likethat was possible. I used MACfiltering instead of any encryptionrecently thinking it might be faster(and it would be fun to piss offpeople in my apartment complextrying to piggy back because theydidn’t see a required password,HAH)

It ended up not being so great.

June 28th, 2006

Jason’s Random Tech Stuff » WEP Cracking, the FBI W ay Says:

[…] WEP cracking usually takeshours. Lots of hours, depending onthe amount of traffic on the accesspoint. A few months ago, two FBIagents demonstrated how they wereable to crack a WEP enabledaccess point within a couple ofminutes. 3 minutes to be exact.readmore | digg story […]

June 28th, 2006

误误误误入世界入世界入世界入世界 » links for 2006-06-28 Says:

[…] pwtb » WEP Cracking, the FBIWay (tags: web crack) […]

June 28th, 2006


9 of 12 10/26/2008 4:10 PM

adam Says:

I’m a fan of the SecurityNow podcast(Steve Gibson and Leo Laporte) andwell, Steve has a page atgrc.com/password that creates longpasswords. It’s pretty nifty forgenerating long, secure passwords.

June 29th, 2006

误误误误入世界入世界入世界入世界 » links for 2006-06-29 Says:

[…] pwtb » WEP Cracking, the FBIWay (tags: web crack) […]

June 29th, 2006

Init (){ Ririn.toString(); } :: WEP Cracking, the F BI Way :: June :: 2006 Says:

[…] U can check the details here […]

June 29th, 2006

otro blog m ��s » Unos cuantos de seguridad inform ��tica Says:

[…] Y un par m�s sobre WiFi:Cracking WEP and WPA WirelessNetworks y WEP Cracking, the FBIWay. […]

July 4th, 2006

EveryDigg » Blog Archive » WEP Cracking, the FBI Wa y Says:

[…] WEP cracking usually takeshours. Lots of hours, depending onthe amount of traffic on the accesspoint. A few months ago, two FBIagents demonstrated how they wereable to crack a WEP enabledaccess point within a couple ofminutes. 3 minutes to be exact.readmore | digg story […]

July 8th, 2006

kalyank.net » Blog Archive » WEP Cracking, the FBI Way Says:

[…] [source] WEP cracking usuallytakes hours. Lots of hours,depending on the amount of trafficon the access point. A few monthsago, two FBI agents demonstratedhow they were able to crack a WEPenabled access point within a coupleof minutes. 3 minutes to be exact.This is unbelievable when comparedto, say 3 days of work. Here is howthey did it, and how you can do it.You may need to know your way


10 of 12 10/26/2008 4:10 PM

with each and every of these tools toget this done. You can ask Googlefor that. Anyway, if you are familiarwith them, just do as follows : […]

July 16th, 2006

cw Says:

I figure that for a home network,WPA2 personal AES PSK with thelongest key you can create,non-broadcasting SSID, MAC filtersand DHCP turned off, no APmanagement from the wifi side, noWAN management, disable uPnP, isabout the best you can do, unlessyou want to go with a RADIUSserver (my attempts at buildingopenradius on one of my OpenBSDboxes was a mess, so I’ve notplayed with that). Tweaking(increasing) some of the timeoutvalues for beaconing might cause ajoyrider to miss the network if usingwellenreiter. Seems with tools likekarma and all the hostap basedapps that impersonate an AP thatthere are many ways to 0wn a wifinet/host. At work we run an802.11b/g net on a non-routed10.x.x.x VLAN that’s isolated fromthe main network via an IPSEC VPNthat requires auth from the centralcredential store. It’s also got afeature that won’t allow the clients totalk with one another even at layer 2(helps mitigate or stop ARP trix forMitM and spoofing). Once someoneauthenticates their profile allocateswhich IP pool they use. From there,unless the Cisco ACS server appliesa downloadable ACL, the VPN useris on the internal network andunfortunately the Cisco clientdoesn’t seem to have anyremeditation or NAC-based checksso you haveunprotected/compromisedendpoints.I’m sure there is some way to breakthe security but so far it’s resistedmy attempts to pentest it.

September 15th, 2006

michael Says:

I’m going to try this tonight, if itworks ill warn my neibour (im notsad) btw, im frm New Zealand anyone else? or just U.S.A?


11 of 12 10/26/2008 4:10 PM

September 28th, 2006

Bob Says:

Yeah brute forcing WPA might takeenternity, but the truth of the matteris when its your dogs name “fluffy”with numbers 12 or 21 after suchname to equal the min characters of8 (fluffy12), I can assure you thatbrute force takes no more than 20minutes when adding min numberstrings to the end of your lists. Thatsthe sad truth behind 80% of wirelessnetwork users password schemes.

November 9th, 2006

aneel Says:

Some tips on aircrack-ng commandline. Aircrack never seems to endeven in 20 million years ahead

December 6th, 2006

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

Submit Comment


12 of 12 10/26/2008 4:10 PM

no rights reserved. primary0.com

Recent Comments

eXpo on Internet Cats"hehe the last two pics are the best :P..."

moyameehaa onInternet Cats"this is a kewl one u must see....."

subcorpus on Internet Cats"thats a lot of cats ...hehe ......"

anon on Internet Cats"fuck man , your wierd..."

n3m6 on Internet Cats"in your blogspamming your comments..."

haha on The True Furqan, The Fake Quran"nobody knows the truth...."

subcorpus onResolution?"amen!..."

Credits

WordPressUrbanGiraffeShazeen Samad Photography

10 Most Popular Posts

WEP Cracking, the FBI WayGeek vs NerdMega Yachts - Pelorus and Carinthia VIICommand and Conquer 3 (Tiberium Wars) ScreenshotsEnlightenment DR17 on Fedora Core 4The Golden Ratio and the Marquardt Mask (1:1.618)Courier and Postfix with MySQL on Fedora CorePerl MSN SnifferWorld's Most Expensive Coffee: Kopi LuwakThe True Furqan, The Fake Quran

Explore

blogging code culture elsegaming hardware internet linux

maldives music sciencesoftware

Search

Search

About

About MeContact

Feeds

Entries RSSComments RSS

pwtb - wep cracking, the fbi way - werzit - intel cracking... · passwords. it’s pretty nifty for...

Documents