Network encryption cracking
Network encryption cracking is the breaching of network encryptions (e.g., WEP, WPA, ...), usually through the use of a special encryption cracking software. It may be done through a range of attacks (active and passive) including injecting traffic, decrypting traffic, and dictionary-based attacks.
Methods
As mentioned above, several types of attacks are possible. More precisely they are:
- Decrypting traffic based on tricking access points (active attack)
- Injecting traffic based on known plaintext (active attack)
- Gathering traffic and performing brute force/dictionary based attacks
- Decrypting traffic using statistical analysis (passive attack)
Injecting traffic
Injecting traffic means inserting forged encrypted messages into the network. It may be done if either the key is known (to generate new messages), or if the key is not known and only an encrypted message and plaintext message is gathered, through comparison of the two. Programs able to do the latter are Aireplay and WepWedgie.
Decrypting
Decryption often requires 2 tools; 1 for gathering packets and another for analysing the packet and determining the key. Gathering packets may be done through tools such as WireShark or Prismdump and cracking may be done through tools such as WEPCrack, AirSnort, AirCrack, and WEPLab.
When gathering packets, often a great amount of them are required to perform cracking. Depending on the attack used, 5-16 million frames may be required. The attack command itself, however, is surprisingly simple.
WEPCrack
Commands to be inputted into WEPCrack are:
$ perl \progra~1\wepcrack\pcap-getIV.pl
This command generates a log-file (ivfile.log) from a captured packet obtained by WireShark or prismdump A packet with at least 5 million frames is required.
$ perl \progra~1\wepcrack\wepcrack\.pl ivfile.log
This command asks WEPCrack to determine the key from the log file.[1]
AirCrack
Aircrack is another program that's even simpler to use, as no command need to be entered; instead the user is asked to type in some parameters and click some buttons.
First airodump is started to gather the packets; herefore channel and MAC-filter are asked, yet the user does not need to know them per se (instead 0 and p may be inputted respectively). Then, AirCrack is started, the file just created by airodump is accessed, a 0 needs to be entered and the program determines the key.
AirSnort
AirSnort is a software program that passively collects traffic on an IEEE 802.11b network that was released in August 2001.[2] After enough packets have been collected, the program can then compute the key for the wireless network. As the software makes use of brute-force attack however, cracking the encryption can take between a few hours to several days, based on the activity on the network.[3]
References
- ↑ Beaver, Kevin; Davis, Peter (2005). Hacking Wireless Networks For Dummies (1st ed.). For Dummies. ISBN 978-0764597305.
- ↑ Delio, Michelle. "Wireless Networks in Big Trouble" (in en-US). Wired. ISSN 1059-1028. https://www.wired.com/2001/08/wireless-networks-in-big-trouble/. Retrieved 2023-01-16.
- ↑ "AirSnort pokes holes in AirPort network security" (in en). https://www.macworld.com/article/162585/airsnort.html.
External links
- A comparison of the tools listed above may be found at Security Focus
 |  |
