Wireless Monitoring Software
There are a few tools available that automate or aid in the automation of exploiting WEP weaknesses; in most cases the tools use a combination of packet capturing and packet cracking techniques to leverage these weaknesses
AirSnort is a collection of scripts and programs derived from the research conducted by Tim Newsham, the University of Maryland, and the University of California at Berkley. It is by far the most popular and best-know Linux tool in the industry specifically used for wireless packet cracking. Originally, it was a command-line Linux-based tool that merely captured 802.11b wireless packets and attempted to crack the packets via the weak IV flaw. It has since evolved to include a GUI, allowing for the quick configuration of the channel to scan and the ability to specify the strength of WEP key.Dowload this software now
WLAN-Tools/Godfather of Wireless Cracking It was original posting of coded exploits for utilizing the weaknesses within the WEP algorithm. Programmed to work in the Linux environment, WLAN-Tools, if properly modified, will also work on many flavors of UNIX, including BSD and Solaris. The toolset includes programs for 802.11 packet capturing and WEP-encryption packet cracking. The toolkit is an excellent resource for learning the coding aspect behind the vulnerabilities, and it also contains patches for the sniffer drivers. We thought it necessary to inform you of this toolset because it was the original exploiter, but due to user interface and program robustness, we believe it to be outdated. Our recommendation is t use the DWEPUtils from Dachb0den Labs if possible, or AirSnort. Dowload this software now
DWEPCrack is a tool specifically used to crack WEP-encrypted packets via the BSD platform. Dachb0den Labs prides itself as a security coalition dedicated to security and wireless research and is located in Southern California. The Dachb0den toolkit is into specific functions, thereby allowing each one to be used individually or scripted to work together. It is by far the most comprehensive toolkit available for exploiting numerous weaknesses within the WEP algorithm. In addition, the toolkit allows an attacker to exploit other infrastructure-based weaknesses, such as MAC-based access control lists, with a brute-force algorithm that attempts to brute-force the keyspace of MAC address in aspirations of unauthorized AP association. Dowload this software now
DWEPCrack allows you to specify a dictionary list for
brute-forcing the WEP key, in addition to option of brute-forcing
the entire keyspace until the proper key is found. Realize that if
the AP is using a 128-bit WEP key, it is quite possible that the key
will be change before you come across it. DWEPCrack parses through
the log, determining the number of packets, unique IVs, and
cooresponding cipher keys used to XOR the payload of packet. When it
determines whether the proper prerequisites exist for attempting a
WEP attack, it attempts to brute-force and output the WEP key. Here
is what you might expect to see when you execute DWEPCrack from the
command line when you provide it a WEP encrypted log of
packets:
cloud@gabriel ~$ dwepcrack -w ~/sniffed_wlan_log
*
dwepcrack v0.4 by h1kari <h1kari@dachb0den.com> *
*
Copyright (c) Dachb0den Labs 2002 [ht*p://dachb0den.com] *
reading
in captured ivs, snap headers, and samples... done
total
packets: 723092
calculating ksa probabilities...
0:
88/654 keys (!)
1:
2850/80900 keys (!)
2:
5079/187230 keys (!)
3:
5428/130824 keys (!)
4:
14002/420103 keys (!)
(!)
insufficient ivs, must have > 60 for each key (!)
(!)
probability of success for each key with (!) < 0.5 (!)
warming
up the grinder...
packet
length: 48
init
ventor: 58:f4:24
default
tx key: 0
progress: .....................................
wep keys
successfully cracked!
0:
XX:XX:XX:XX:XX *
done.
cloud@gabriel ~$
