Saturday, November 04, 2006

Airsnort / WEP

Airsnort is the most widely used utility for cracking WEP. Get it on Ubuntu Dapper with sudo apt-get install airsnort. Here is a nice guide (with pictures!) to using airsnort on Linux. Airsnort uses an exploit described in this paper (postscript format) to obtain a WEP-encrypted password. Wikipedia has a more digestible summary of WEP flaws. wepcrack is another (and was the first) utility to implement the WEP exploit described above.

The way that Airsnort works is by passively monitoring all packets sent over a wireless network and then observing those packets for patterns it can exploit. The key to this is setting your wireless card to promiscuous mode: sudo iwconfig ethx mode Monitor. While you have this mode enabled, you will not be able to access the Internet.

One of the problems with monitoring traffic to crack WEP is if there is no traffic to montior in the first place! That is, the network isn't being heavily used. Solution: traffic injection. Aircrack-ng is a tool that supports this, among other things (homepage, tutorial, wikipedia page). Packet injection, however, is not a passive activity.

Books on the subject (links to Amazon.com pages):
TODO: Add sections about hidden SSIDs, MAC address filtering
http://www.cs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mateti-WirelessHacks.htm#_Toc77524653
http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks

No comments: