Introduction
In component a single we examined the newest era of passive WEP cracking equipment that use statistical or brute power techniques to recover WEP encryption keys from captured wireless network targeted traffic. This time, inside the second and ultimate report, we take a look at energetic equipment that use 802.11 transmissions to attack WEP networks.
All of those active wireless assault methods talked about in this article demand the ability to inject arbitrary packets onto a wireless network. Despite the fact that various injection strategies can be found, most call for Linux, are unsupported, and use hacked drivers that have assist and availability difficulties. All of them demand at least one wireless PCMCIA card depending on the Prism2 chipset (including the Senao 2511-CD-PLUS). Fortuitously, the Auditor Safety Collection [ref 1] dwell cd-rom can conserve you numerous headaches as it contains ready-to-use drivers for a number of lively assault instruments.
Beware of network disruptions which can be caused by energetic attacks. Employing these resources might have unpredictable results in various environments. In my testing, I have encountered some techniques that had to be rebooted as a way to perform once more following currently being bombarded with injected packets.
Quick site visitors generation
If you've spent much time sniffing wireless networks (and, if you are reading this informative article, I bet you have) then you probably have noticed that the source and destination MAC addresses are plainly visible for every packet even when the packet contents are encrypted with WEP. This allows you to uniquely identify hosts within the wireless network as well as hosts on a bridged, wired LAN. If you've never tried visitors analysis of an encrypted wireless network, I highly recommend the exercise. Find a busy network, fire up Ethereal [ref 2], and try to answer as many of the following questions as you can:
How many access points share the same ESSID?
Does the access point bridge or route targeted traffic?
Is EAP used? If so, what EAP type?
Is open system or shared key authentication in use?
What is the MAC address of the default gateway?
What are the NIC vendors for wireless hosts?
What are the NIC vendors for wired hosts?
What is the vendor of the access point?
Can you find a DNS transaction?
Can you find a TCP three-way handshake?
Can you find an HTTP transaction?
What hosts transmit/receive the most bytes/packets?
Does any targeted traffic occur with a distinct periodicity (like POP3 every 5 minutes)?
Can you find any ARP traffic? (hint: frame.pkt_len==68 and wlan.da==ff:ff:ff:ff:ff:ff)
No wireless network determined by WEP provides protection against replay attacks. With the right tools, you can take any captured packet and reinject it back onto the network. The packet will be correctly encrypted even though you have no idea of its contents. Then yet again, you could have a pretty good guess as to its contents according to site visitors analysis. You might choose something that is likely for being an ARP request, hoping that it will generate a response from another host around the network. If you're right, you could replay the same packet hundreds or even thousands of times per second, forcing that host to spew an enormous stream of responses, individually encrypted with different IVs.
This method described is exactly the method used by aireplay, a tool that comes with aircrack [ref 3]. A screenshot of aireplay is shown below in Figure one. As we discovered in part one particular, both aircrack and WepLab [ref 4]are capable of cracking WEP keys after collecting just several hundred thousand packets. With a successful aireplay attack,
Office 2010, you can generate that many packets in just a few minutes. Therefore,
Windows 7 X64, people who say that re-keying every 10 minutes makes WEP unbreakable are dead wrong. Per-session, per-user keys also don't stand a chance against this assault. WEP is truly dead. . . once again.
Figure 1. Aireplay at work.
The Auditor Protection Selection live cd-rom makes it relatively easy to try aireplay because it consists of aircrack's patched hostap driver by default, but you will need two wireless cards with at the very least a number of inches distance between their antennas. You may find it easier to use two laptops, one particular with a Prism2 card to replay captured packets,
Microsoft Office 2010 Home And Student, and a second to capture all the new visitors that is generated. Be prepared to spend some time finding an appropriate packet to replay; you may possibly need to conserve individual packets with Ethereal and feed them to aireplay.
Another tool that implements a similar attack has been around for much longer from the BSD world. Portion of OpenBSD's Wnet, reinj performs the same attack as aireplay and does it all with just one Prism2 card (as does the latest beta of aireplay). Whichever tool you use to generate visitors, I recommend WepLab or aircrack for cracking the WEP key.
Encrypted packet injection
Most of the WEP assault resources on the scene today focus on cracking WEP keys, but there are also other WEP vulnerabilities that can be exploited. WEPWedgie [ref 5], a tool released in 2003 by Anton Rager,
Office 2007 Activation, allows an attacker to craft an arbitrary plaintext packet and inject it into the wireless network without knowledge of the WEP key. The receiving stations accept the packet as if the sender used the correct key to encrypt the packet. The way WEPWedgie is able to accomplish this is by reconstructing the keystream that was used to encrypt a particular plaintext. With knowledge of some plaintext and the resulting ciphertext, a simple XOR operation yields the keystream that results from a particular IV. And because WEP allows the same IV for being used over and over once more, WEPWedgie can use the keystream to correctly encrypt and inject any variety of packets whose contents are limited only by the length of the known keystream.
There are quite a few ways that an attacker can discover the ciphertext for a known plaintext, but the method used by WEPWedgie's prgasnarf is to listen for shared key authentication. The 802.eleven standard defines two types of authentication, "open system authentication" (which you can think of as "no authentication") and "shared key authentication" (which you can think of as "the most misguided authentication mechanism ever devised"). In shared key authentication, the AP transmits 128 bytes of plaintext, and then the station encrypts the plaintext and transmits the resulting ciphertext utilizing the same key and cipher that are used by WEP to encrypt subsequent network targeted traffic. Believe it or not, this horrifying scheme is still becoming recommended by certain vendors [ref 6] as a security enhancement, but it is less common in practice than open system authentication.
Once a keystream has been captured (hint: spoofed deauthentication), WEPWedgie provides numerous interesting packet injection attacks. A simple 1 sends a ping to a target of your choice. The other attacks provide a method of port scanning targets within the wireless network employing a chosen source address. As long because the target network has Internet connectivity, you can use the address of a host you control on a remote network and sniff the results of your scan on that host. Interpretation of the results is up to you.
Figure 2. Wepwedgie injecting pings.
To try out WEPWedgie, you'll need a system running a Linux 2.4 kernel, a Prism2 card, and Abaddon's AirJack [ref 7] driver. Unfortunately the Auditor CD's 2.6 kernel isn't supported by AirJack, so you'll have to prepare a system on your own. You might find the Wi-Fi Dog of War [ref 8] instructions helpful to get AirJack working.
Single packet decryption
KoreK, the individual who brought us the improved algorithms used in aircrack and WepLab, released a tool a few months ago about the NetStumbler forums that enables an attacker to decrypt individual packets without knowledge of the WEP key. Called chopchop [ref 9], this tool replays a single encrypted packet, modifying one particular byte at a time. By monitoring the access point to find out if it accepts the modified packet, chopchop is able to determine the plaintext value of that particular byte and move on to the next. Within numerous seconds (and thousands of replayed packets), chopchop can decrypt an entire packet. It doesn't matter what encryption key was used, or if a separate key is used for each user,
Office 2010 Professional Plus, or if the key changes every hour or minute; any packet can be decrypted.
Figure 3. Chopchop decrypting a single packet.
You can use the Auditor CD and a single Prism2 card to try chopchop. Use the switch-to-wlanng script that Auditor provides, pop the card out and then back in yet again, and the linux-wlan-ng driver will be working, complete with KoreK's injection modifications.
The next generation
Since the release of chopchop, the task of acquiring a valid keystream for encrypted packet injection has become trivial for all WEP encrypted networks. Joshua Wright is working on a new version of WEPWedgie that incorporates the chopchop assault and works with newer drivers. Christophe Devine's upcoming version of aireplay, already released as a beta, uses the same technique to allow the forgery of any ARP request. Numerous people are working to improve wireless drivers, including implementation of packet injection with a wider number of hardware (prism54 is reported to work already), and construction of an abstraction layer for packet injection.
Conclusion
Some vendors continue to sell products that completely lack reasonable wireless safety features. In just two months since the publication of part 1 of this informative article, I've encountered multiple brand new devices, including Wi-Fi VOIP phones and an access point provided by a cable Internet provider, that provide no encryption capability other than WEP. As long as this continues, white hats and black hats alike will keep improving the assault tactics that render WEP even worse than useless.
For the most portion, the newer WEP assault tools exploit vulnerabilities that were described in theory four or more years ago. Perhaps people will learn from the history of WEP the lesson that theoretical vulnerabilities will become real vulnerabilities. Until they do, you can use these penetration testing tools to assess the weaknesses of your own network and maybe even convince someone that change is needed.
Instruments and links
[1] Auditor Security Assortment:
[2] Ethereal:
[3] aircrack:
[4] WepLab:
[5] WEPWedgie:
[6] Linksys recommends shared key authentication:
[7] AirJack:
[8] Wi-Fi Dog of War Mini How-To:
[9] chopchop:
About the author
Michael Ossmann is a security administrator for Exempla Healthcare.
Office 2007 Activation WEP Dead Again, Part 2 S
Hybrid Mode
