View
217
Download
0
Category
Tags:
Preview:
Citation preview
MASNET Group Xiuzhen Cheng Feb 8, 2006
CSCI388 Project 1Crack the WEP key
Liran Ma Department of Computer ScienceThe George Washington University
lrma@gwu.edu
MASNET Group Xiuzhen Cheng Feb 8, 2006
Project resolutions
Experiment with IEEE 802.11b/g networks.
Learn how to use different network analysis tools.
Exploit 802.11 (WEP) security properties.
MASNET Group Xiuzhen Cheng Feb 8, 2006
Warning
Do not hack any wireless networks other than the one provided for this course.
It is your sole responsibility for your actions!
MASNET Group Xiuzhen Cheng Feb 8, 2006
Notes (1/2)
No laptop will be provided for this project. If you really can not have a laptop, talk to me after class.
Linux OS is highly recommended for this project, though Windows can do the same job as well. The best practice is to use a special security
Linux distribution (such as WHAX, backtrack and etc) with
A USB flash drive with 1G above capacity.
MASNET Group Xiuzhen Cheng Feb 8, 2006
Notes (2/2)
A “good” 802.11b/g wireless card, which must be able to run in promiscuous mode. Not all cards will do this, especially USB
based ones. Most PCMCIA cards will do promiscuous
mode just fine though. You are not required to follow exactly the
procedures/steps mentioned below as long as you answer the question correctly. Those steps are just meant to provide you
with some guidelines.
MASNET Group Xiuzhen Cheng Feb 8, 2006
Wireless Access Point (AP) Location
There is only one AP located in 719, which is near to AC 725, running both 802.11b and 802.11g. You can work at AC 725 because it is an open lab.
The network name, i.e., the SSID is CSCI388. Please report to cheng@gwu.edu if the AP
seems to be failing.
MASNET Group Xiuzhen Cheng Feb 8, 2006
Step 1: network survey
You will have to find the detailed information about the wireless network: AP’s MAC address. Security protocol running. Encryption key length. Clients association. Any other information that can help you to crack the key.
For windows users, survey the site using Netstumbler. For Linux users, use either Kismet or Air snort.
MASNET Group Xiuzhen Cheng Feb 8, 2006
Step 1: (snap shot of netstumbler)
MASNET Group Xiuzhen Cheng Feb 8, 2006
Step 2: Data collection
Due to the broadcasting feature of the wireless communication, you can sniff the traffic even you are not a legitimate user. Collect data packets using tools such as Ethereal,
Kismet. After collecting enough encrypted data (ranges
from 500 mega to 1G), you are ready to crack the WEP.
For extra credits, you need to detect which service the server is running and figure out how to get the file via hacking that service.
MASNET Group Xiuzhen Cheng Feb 8, 2006
Step 2: (snap shot of ethereal)
MASNET Group Xiuzhen Cheng Feb 8, 2006
Step 3: crack the key
Crack the WEP key using the collected data. You can recovery the key by: The weakness of the key scheduling in RC4. Active dictionary attack. Or any other attacking measures (some
attacking method can make your life much easier. Last year’s record is two hours).
Once you recovery the key (in ASCII format, convert it to ASCII if you get a key in hexadecimal format), you know you did it right.
MASNET Group Xiuzhen Cheng Feb 8, 2006
Extra credits: Hack into the server
Use the data collected in step 2: Detect which service the server is running. figure out the user name and password. Then, get the file from the server using the
user name and password. You may need a little extra works in order
to associate with the AP and get access to the server.
MASNET Group Xiuzhen Cheng Feb 8, 2006
What to turn in
A zip or tar ball file that contains: Detailed cracking steps (including what tools are
used, how to install and run them, provide snapshot if necessary).
The WEP encryption key. One legitimate MAC address. Answers to the questions.
Extra credits: The user account and its password of the
service that is running on the server. The file you see after you hack into the server.
MASNET Group Xiuzhen Cheng Feb 8, 2006
Available tools Windows Wireless Security Tools
Ethereal – a free network protocol analyzer (sniffer) http://www.ethereal.com/ WinPcap – for capturing packets http://winpcap.polito.it/default.htm Netstumbler – site surveying utility http://www.netstumbler.com/ tinyPEAP – Official tinyPEAP site http://www.tinypeap.com Change MAC address: http://www.nthelp.com/NT6/change_mac_w2k.htm or
http://students.washington.edu/natetrue/macshift/ WepLab – a Wep Security Analyzer. http://weplab.sourceforge.net/
Linux Wireless Security Tools Ethereal – a free network protocol analyzer (sniffer) http://www.ethereal.com/ LibPcap – should be available with your distribution of Linux. Kismet – A VERY good tool for surveying wireless networks puts Netstumbler to
shame http://www.kismetwireless.net/ Airsnort – A utility for cracking WEP keys. Also, you can get information about
Monitor mode on the Airsnort page. You may find this useful, although not essential. http://airsnort.shmoo.com/
For changing you MAC address in Linux, use ifconfig <iface> hw ether <mac address>.
WepLab – a Wep Security Analyzer. http://weplab.sourceforge.net/ WepAttack – this tool uses different approach (active dictionary attack) to crack
the WEP. You are welcome to try it. http://wepattack.sourceforge.net/
MASNET Group Xiuzhen Cheng Feb 8, 2006
Questions?
Good luck and have fun!
MASNET Group Xiuzhen Cheng Feb 8, 2006
Backup slides: Snapshot of Kismet
MASNET Group Xiuzhen Cheng Feb 8, 2006
Backup slides: Snapshot of AirSnort
Recommended