For example: aircrack-ng.exe -z mycapturefile.cap. Note 1: After recording this tutorial, I’ve become aware that, as of version 0.9, aircrack-ng.exe natively supports the PTW attack by using the -z switch. For further reading, Wikipedia has an excellent entry on WPA.Īccess Points are so cheap now that, if your AP doesn’t support WPA via a firmware upgrade, you can easily afford a new one with full WPA or WPA2 support. As you’ve seen in this video, WEP is just too easy to crack. The primary counter measure to this WEP attack is to cease using WEP and switch your Access Points to WPA encryption. It’s my first attempt at narration, and a little noisy, but I’m sure things will improve as time goes on! □ I added narration to the video this evening at 20:36. You’ll then be able to run aircrack-ptw.exe with just c:\airpcap\aircrack-ptw.exe mycapture.cap Optional: To make things easier, move the contents of the bin folder to c:\airpcap\. Move aircrack-ptw.exe to the bin folder (this is no longer required – see my notes) Install the beta drivers (or if you have AirPcap Tx, install the drivers from the CD-ROM) Now you’ll need to prepare the environment: You should not be using these methods to get “Free internet”!Īt least one client associated with the Access Point (to give us an initial ARP request)Ī standard AirPcap Adapter with the unsupported beta packet injection driver or a fully-supported AirPcap Tx. You should either be auditing, penetration testing, or demonstrating the weaknesses of WEP in a Test Lab environment. It’s important to point out that these methods should only be applied with permission from the owner of the target AP. For this you’ll be using the AirPcap USB adapter, Cain, aircrack-ptw, and the aircrack-ng suite. In this tutorial, I’ll guide you through the process of recovering a WEP key, via the PTW attack, in Windows. Update: CACE have released AirPcap Tx, which features fully supported packet injection, for an added premium. With the advent of the AirPcap USB adapter, and some unsupported beta drivers, it’s possible to inject packets in Windows. Until recently, packet injection was only possible in Linux. ARP requests can either be collected naturally, or can be generated via packet injection. Unlike the Weak IV attack, instead of collecting weak IVs, the PTW method collects ARP requests and responses to attack the encryption. In contrast, the new PTW method needs a mere 85,000 packets to have a 95% chance of recovering the WEP key. The older Weak IV attacks generally needed between 500,000 and 2,000,000 packets to recover a 128-bit WEP key. Recently a team of German cryptography researchers perfected methods to recover a WEP key faster than ever before. Every time you deploy a WEP Access Point, a fluffy kitty dies.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |