Presentation is loading. Please wait.

Presentation is loading. Please wait.

Crack WEP Lab Last Update 2014.08.12 1.1.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com.

Published byRahul Rollins Modified over 9 years ago

Similar presentations

Presentation on theme: "Crack WEP Lab Last Update 2014.08.12 1.1.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com."— Presentation transcript:

1 Crack WEP Lab Last Update 2014.08.12 1.1.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com

2 Objective In this lab we will see how to recover the WEP PSK using the tools included with Kali Linux Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 2

3 Source This lab is based on the article –Tutorial: Simple WEP Crack from the aircrack-ng.org website Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 3

4 Equipment Used In this example the wireless network will be created using a Linksys WAP55AG access point with these settings Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 4

5 WAP55AG Wireless Networks Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 5

6 WAP55AG WEP Key Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 6

7 Equipment Used To recover the WEP key, tools included with Kali Linux will be run from a Virtual Box virtual machine The wireless NIC attached to the computer running the virtual machine is an Alfa AWUS036H This NIC was selected as it is supported natively by both Windows and Linux Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 7

8 Equipment Used It also can inject frames into the network which is a requirement for this method Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 8

9 Install the NIC Plug the Alfa NIC into the computer with just the base operating system running Let the operating system install the driver and activate the NIC Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 9

10 Create the Virtual Machine Start Virtual Box Using the normal procedures create a virtual machine using these settings –Operating System Ubuntu 32 bit –Memory 1024 –Hard Drive Size 16 Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 10

11 Install Kali Linux Copy Kali Linux to a location on the computer where you can find it Start the virtual machine created above When it asks for the location of the operating system file, click on the small file folder and select the location of the Kali Linux iso file Wait for Kali Linux to load and run Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 11

12 Attach NIC to Kali Linux As the wireless NIC is a USB device it must be attached to this virtual machine To do this in Virtual Box from the Kali Linux virtual machine menu bar select –Devices USB Devices –The name of the wireless NIC The device driver for the virtual machine will be loaded Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 12

13 Attach NIC to Kali Linux The wireless NIC will appear in Kali Linux Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 13

14 WEP Key Recovery Method WEP is a perfectly acceptable method to use to restrict access to an 802.11 based wireless network in the appropriate environment For example, where I live the nearest neighbor is about ½ a mile away To access a wireless network I might secure with WEP someone would have to be on my property or in a neighbor’s field Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 14

15 WEP Key Recovery Method In addition they would have to know the procedure for cracking a WEP key This is not very likely where I live If nothing else is available WEP might then be a suitable security method On the other hand if this wireless network was in a college dormitory populated by engineering or IT majors, then WEP would be a poor choice Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 15

16 WEP Key Recovery Method Why is WEP so easy to break Recall that the key to breaking a code is repetition of something in the traffic WEP’s use of an initialization vector which is repeated is the lock which is easily broken Let’s go break this lock Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 16

17 WEP Key Recovery Method The method used here is to utilize aireplay-ng to replay an ARP frame in order to generate new unique initialization vectors Then aircrack-ng uses these new unique IVs to crack the WEP key ARP frames are created in order to have enough traffic on the network to create the number of IVs needed Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 17

18 WEP Cracking Steps The steps required to break WEP are –Start the wireless interface in monitor mode on the channel being used by the access point –Ensure that the wireless NIC can inject frames into the wireless stream Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 18

19 WEP Cracking Steps –Start airodump-ng on the channel with a filter based on the access point’s MAC address to collect the new unique IVs –Use aireplay-ng to perform a fake authentication with the access point –Start aireplay-ng in ARP request replay mode to inject packets –Run aircrack-ng to crack the key using the IVs collected Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 19

20 Start NIC in Monitor Mode The NIC needs to be in monitor mode so that it can hear all wireless frames instead of just the ones addressed to it A frame from this inclusive stream will be selected for injection back into the stream Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 20

21 Start NIC in Monitor Mode To do this start a terminal session Stop the NIC by entering where wlan0 is the name of the NIC you are using as displayed from the Linux command line using the iwconfig program –airmon-ng stop wlan0 Run iwconfig again to be sure there are no other wireless NICs running Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 21

22 Start NIC in Monitor Mode Start the NIC in monitor mode –airmon-ng start wlan0 6 where 6 is the channel number the access point is using The OS should report that the NIC is in monitor mode It may take a minute or so It should look similar to this Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 22

23 Start NIC in Monitor Mode Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 23

24 Start NIC in Monitor Mode If it also lists some processes that need to be turned off so that they do not interfere with this process turn them off using the kill command For example in my case –kill 2479 –kill 2509 –kill 3381 Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 24

25 Test Frame Injection To test the ability of the NIC to send frames to the access point by running this command all on one line –aireplay-ng -6 –e linksys-g –a 00:0C:41:14:A4:BB wlan0 where -6 is the channel, linksys-g is the SSID, and 00:0C:41:14:A4:BB is the MAC address of the access point Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 25

26 Test Frame Injection The system should respond with a message saying that the injection worked Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 26

27 Test Frame Injection Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 27

28 Capture IVs With Airodump-ng Now we will generate the IVs we need to have enough to break WEP Start another terminal session Run this command all on one line –airodump-ng –c 6 --bssid 00:0C:41:14:A4:BB –w output wlan0 Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 28

29 Capture IVs With Airodump-ng –where 6 is the channel, 00:0C:41:14:A4:BB is the MAC address of the access point, output is the file name the system will store the data in, and wlan0 is the name of the NIC Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 29

30 Authenticate With Aireplay-ng An access point will not accept a frame from a device that is not authenticated It tracks this by MAC address A MAC address of an already associated NIC can be used or a fake authentication session can be created We will use the fake authentication method Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 30

31 Authenticate With Aireplay-ng Open another terminal session All on one line run the command –aireplay-ng -1 0 -e linksys-g -a 00:0C:41:14:A4:BB -h 00:0F:B5:88:AC:82 wlan0 Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 31

32 Authenticate With Aireplay-ng where 1 is for fake authentication, 0 is the reassociation time in seconds, linksys-g is the SSID, 00:0C:41:14:A4:BB is the MAC address of the access point, and 00:0F:B5:88:AC:82 is the NIC MAC address Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 32

33 Authenticate With Aireplay-ng Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 33

34 Start Aireplay-ng in ARP Mode Aireplay-ng is used now to listen for ARP requests and then reinject them back into the network in order to generate IVs Anything could be used that will cause the access point to create an IV ARP is just convenient for this purpose All on one line run this command –aireplay-ng -3 -b 00:0C:41:14:A4:BB -h 00:0F:B5:88:AC:82 wlan0 Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 34

35 Run Aircrack-ng The last step is to use aircrack-ng to recover the key by examining the output file just created Start another console session and enter – aircrack-ng -b 00:0C:41:14:A4:BB output*.cap Let it run In a minute or two we will have the answer Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 35

36 WEP Key Recovered In the case as the aircrack-ng terminal screen shows it is AA:BB:CC:DD:EE:FF Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 36

37 WEP Key Recovered Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 37

38 Finish the Lab Stop all of the programs running in the terminal windows by using Ctrl C Close all of the terminal windows Logout of Kali Linux Stop the virtual machine Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 38

Download ppt "Crack WEP Lab Last Update 2014.08.12 1.1.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com."

Similar presentations

FatMax 2007. Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 LicenseCreative Commons Attribution-NonCommercial-ShareAlike 2.5.

FatMax Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 LicenseCreative Commons Attribution-NonCommercial-ShareAlike 2.5.
Overview How to crack WEP and WPA

Overview How to crack WEP and WPA
AARP Tax-Aide Sonoma/Napa District Bill Dornbush, TC Guide to Printer Sharing.

AARP Tax-Aide Sonoma/Napa District Bill Dornbush, TC Guide to Printer Sharing.
1 Practical stuff Crack the WPA key of this laptop. SSID: « Philips WiFi » Password list and cowpatty table available on CD (only useful today).

1 Practical stuff Crack the WPA key of this laptop. SSID: « Philips WiFi » Password list and cowpatty table available on CD (only useful today).
Copyright 2008-2011 Kenneth M. Chipps Ph.D. www.chipps.com Cisco CCNA Exploration CCNA 2 Routing Protocols and Concepts Chapter 7 RIP Version 2 Last Update.

Copyright Kenneth M. Chipps Ph.D. Cisco CCNA Exploration CCNA 2 Routing Protocols and Concepts Chapter 7 RIP Version 2 Last Update.
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com Software Defined Networking Lab Using Mininet and the POX Controller Last Update 2014.02.04 2.1.0.

Copyright 2014 Kenneth M. Chipps Ph.D. Software Defined Networking Lab Using Mininet and the POX Controller Last Update
ACM Wi-Fi Workshop Presented By: Chris Rawlings Brad Emge.

ACM Wi-Fi Workshop Presented By: Chris Rawlings Brad Emge.
PPPoE Last Update 2011.07.21 1.4.0 Copyright 2000-2011 Kenneth M. Chipps Ph.D. www.chipps.com 1.

PPPoE Last Update Copyright Kenneth M. Chipps Ph.D. 1.
Microsoft Virtualization Last Update 2011.01.01 1.0.0 1Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com.

Microsoft Virtualization Last Update Copyright 2011 Kenneth M. Chipps Ph.D.
Wireless Cracking By: Christopher Zacky.

Wireless Cracking By: Christopher Zacky.
Crack WPA Lab Last Update 2014.06.11 1.0.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com.

Crack WPA Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
WLAN Security: Cracking WEP/WPA

WLAN Security: Cracking WEP/WPA
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Getting your Arduino to Work: Microsoft Windows 1.Install Arduino programming environment 2.Install Arduino Uno driver 3.Make sure you can download a program.

Getting your Arduino to Work: Microsoft Windows 1.Install Arduino programming environment 2.Install Arduino Uno driver 3.Make sure you can download a program.
Copyright 2009 Kenneth M. Chipps Ph.D. www.chipps.com Host Addressing Last Update 2009.07.14 1.1.0 1.

Copyright 2009 Kenneth M. Chipps Ph.D. Host Addressing Last Update
Lab6 – Debug Assembly Language Lab

Lab6 – Debug Assembly Language Lab
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
The Trouble with WEP Or, cracking WiFi networks for fun & profit (not really) Jim Owens.

The Trouble with WEP Or, cracking WiFi networks for fun & profit (not really) Jim Owens.
COMPREHENSIVE Windows Tutorial 10 Improving Your Computer’s Performance.

COMPREHENSIVE Windows Tutorial 10 Improving Your Computer’s Performance.
Downloading and Installing AutoCAD Architecture 2015 This is a 4 step process 1.Register with the Autodesk Student Community 2.Downloading the software.

Downloading and Installing AutoCAD Architecture 2015 This is a 4 step process 1.Register with the Autodesk Student Community 2.Downloading the software.

Similar presentations

Ads by Google