Solved

wep carck for windows

Posted on 2006-07-01
28
957 Views
Last Modified: 2013-12-04
Is there a free wep-cracking utility that is available for Windows and how well does it work?
0
Comment
Question by:jhurst
  • 8
  • 5
  • 4
  • +3
28 Comments
 
LVL 82

Expert Comment

by:oBdA
Comment Utility
If you have legitimate reasons to ask this question, you should elaborate.
Otherwise, check the EE Membership Agreement and the Help:
The Big Mistakes > Hacks, cracks and keys
http://www.experts-exchange.com/help.jsp#hi100
"We would like to think that everyone is using software that is legal, and that they aren't the people who try to defeat the security of networks. We also know better. The bottom line is that this site does not condone piracy or script kiddie exploits and we will do what we can to eliminate the sharing of this kind of knowledge on the site.
When asking a question, if it is a clear-cut violation of the member agreement concerning the defeating of security of networks or defeating the licensing of software then the question will be deleted and you will either get a warning or a suspension depending on your history and the circumstances. If the question is borderline or if it is not clear that your intent is innocent, do not be surprised if a moderator or admin requests clarification about your intent."
0
 
LVL 8

Author Comment

by:jhurst
Comment Utility
the legitimate reasons for asking this is that I am trying to persuade a client to upgrade beyond wep sinec all that I read tells me that it is insecure.

Good point, I should have stated that.

I use Linux myself and under Linux WEP is little more than useless.
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 43 total points
Comment Utility
Look at the tools available on sites like wardriving.com and you can read up on the ineffectiveness of WEP and even WPA... End-to-End solutions provide the best security for wifi, such as VPN software. Mac-Address filtering is also a good practice to use, but it doesn't protect the data from being sniffed, it just attempts to keep the unauthorized off the access point. http://en.wikipedia.org/wiki/802.11#Security  http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
http://www.wi-fi.org/white_papers.php
http://www.microsoft.com/downloads/details.aspx?FamilyID=67fdeb48-74ec-4ee8-a650-334bb8ec38a9&displaylang=en
-rich
0
 
LVL 18

Assisted Solution

by:PowerIT
PowerIT earned 41 total points
Comment Utility
I would like to correct rich on one point: Mac-address filtering is even more useless then WEP.
It's very easy to sniff a mac-address of an existing user and then change your Mac-address to that of the legit users card. There are lots of Wifi cards out there that allow this.
So you should NOT rely on max-address filtering. It's not even worth the time it takes to implement and maintain.

Once you convinced your customer have him move to WPA or WPA2, or depending on his infrastructure, to WEP + 802.1x or WAP + 802.1x or WAP Enterprise.
VPN's over wireless is a hasle to manage and also for the users. You should have very strong reasons to use VPN over wireless.

BTW, the current cracking of WPA only applies to WPA-PSK with TKIP and a weak PSK. Not something to be worried about in the real world if you use a strong key (upper/lowercase, special characters, numbers mixed in) of AT LEAST 20 characters (for now...). And AES is preferred with WPA, again if the equipment is up to it.

To demonstrate the vulnerability of WEP, you probably don't need a real cracker. Use an educational tool like http://weplab.sourceforge.net/
The best known real cracker is airsnort (also for Windows, http://sourceforge.net/projects/airsnort ) although the best one is probably aircrack ( http://freshmeat.net/projects/aircrack/ ).

J.


0
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
While MAC address filtering isn't fool proof, it is a good measure. Same with WEP, it's better than nothing. Mac address filtering as I pointed out, doesn't keep anyone from sniffing, but keeps a casual user, or even someone who accidently recieves a signal from your WAP, from logging on. Hacker's can spoof the mac, no problem, however the same rules apply to WiFi that apply to wired lan's that are undergoing such an ARP posioning. The re-transmits have a deleterious effect on both pc's using the same mac's as well as the WAP. Add static address's to the mac address filtering and it's easy to spot spoofers, but harder to do much about unless your firewall can do layer 2/3 combined in one rule, like IPTables can.
You should throw as many road-block up as possible. WPA, and WPA2 are now also becomming ineffective to hackers, as there are rainbow tables being created for passwords under 20 chars.
So if you don't want a leach on your network, you should consider Mac address filtering w/Radius authentication at a minimum. If WEP is all the Wireless Access Point supports, you should use it. If it supports WPA(2) use those.
VPN/Tunnel's are the best protection overal, you should still impliment all of the above. It's really not hard, most WAP's and Radius servers allow you to add mac address's easily and even add an expiration date for it to be removed after.
http://en.wikipedia.org/wiki/Wireless_security
-rich
0
 
LVL 18

Expert Comment

by:PowerIT
Comment Utility
OK, lets agree that we disagree ;-)
As long as we both know why.
Anyway, the original question was about showing a customer how Wep can be cracked, so we are getting out of scope.
Jhurst, do you have enough info?

J.
0
 
LVL 9

Expert Comment

by:maninblac1
Comment Utility
The question is easy to answer.  Yes, a program does exist.  To a person willing to go to the lengths of learning how to use it.  Most any WEP can be cracked in total user time of about 10 min.  Programs like Aircrack, Airsnort, Kismet etc were all created and can be used, not all necessarily on windows, but on linux or other clients.  The old problem was in order to crack a WEP you had to have enough vectors, on low traffic access points it could take days to generate enough vectors to calculate the key.  Now programs like Airplay allow that traffic to be generated artificially and a person can get all the vectors they need in a few minutes.  And then a few more minutes to crack what they caught.  Simple WEP keys require about 1000 vectors, or few seconds of traffic.  Complex WEP keys may need 100,000-10,000,000 vectors to crack, which take more time, under an hour.

If this is a home network, WEP is probably good enough for you.  If this is business, i wouldn't settle for less than WPA, and would press very hard for WPA2.  But it will depend on your hardware cabilities, old wireless points won't support WPA2 also known as 802.11i.  At home, even though WEP was enough for us, i wasn't satisfied, and after a homebrew firmware upgrade got my linksys router to support many many features it didn't before, including WPA2.  The only problem is that WinXP does not support WPA2 by default, and you have to download a patch to enable it.  This can have benifits, outside windows users would have to know that your network is WPA2, and would have to specifically install said patch before they could even try to use it.  As of now, WPA2 is essentially secure and to the home user, uncrackable.

I hope that helps.
0
 
LVL 8

Author Comment

by:jhurst
Comment Utility
Guys, I do appreaciate the discussion of MAC address filtering etc but this is not the point here.  Remember I need to demonstrate to this client that the WEP that he has is not good enough.

As to aircrack and airsnort, I can not find donwloadable versions of them.   Kismet on the other habd seems to need a modified router and this is not an option.
0
 
LVL 9

Assisted Solution

by:maninblac1
maninblac1 earned 41 total points
Comment Utility
This was posted on digg just today, i'm not positive on the effectiveness of this "walkthrough" but it should be simple enough that you should be able to follow it.  It comes in 3 parts, this is part 1.

http://www.tomsnetworking.com/2005/05/10/how_to_crack_wep_/
0
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
0
 
LVL 8

Author Comment

by:jhurst
Comment Utility
well basically I did not get an answer, so yes, I guess I too have given up on it
0
 
LVL 9

Expert Comment

by:maninblac1
Comment Utility
I provided a step by step guide on how to do this, in this guide it provided a link to the Auditor suite, an all inclusive operating system devoted to auditing WEP security, an even though it's a Linux Live CD, any person can download and use it on any machine with a wireless connection, even windows.  If that is not sufficient, a guide and the tools to it i'm not sure what is.
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 8

Author Comment

by:jhurst
Comment Utility
I never found any way to get any of your suggestions to work maninblack, sorry!
0
 
LVL 18

Expert Comment

by:PowerIT
Comment Utility
And rich pointed to the necessary information and I was the first to list all the asked tools.
I think that the general feel of all the contributors is that at least points should be split, when the author indeed received all information he asked for - and a lot more - and still does not think ge got an answer.
This is about the principle, not about those meagre 125 pts. Keith, you'll understand me when you take a quick look at the questions asked history of the author.

J.
0
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
Aircrack and Airsnort both work for me, windows or otherwise... what further info do you require?
-rich
0
 
LVL 8

Author Comment

by:jhurst
Comment Utility
ok - I guess I should have put my comment differently, I never was able to get a sucessful download of them, every link I found to them was broken.  
0
 
LVL 9

Expert Comment

by:maninblac1
Comment Utility
I see, they aren't broken, but the website has been changed, there seems to be some trouble with the page loading properly now from the link i gave, i couldn't get the "next" button to show up.
Here is a link to the Wireless index, you will find the 3 part guide near the bottom of the page.  By selecting it from the index i was able to get the "next" button to reappear.

http://www.tomsnetworking.com/wireless_tn/index.html

Here's a direct link to the auditor website and the auditor downloads

http://remote-exploit.org/index.php/Auditor_main
http://remote-exploit.org/index.php/Auditor_mirrors

It's probably too late now, but you may still be able to use it.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
I will leave this for a few days to see what pans out. if the asker wishes to accept an answer or a selection of answers then fine based on existing answers or more answers to come, that is the way I hope it will go. If not, I agree that enough info has been passed and I will split the points.

Regards
Keith
0
 
LVL 8

Author Comment

by:jhurst
Comment Utility
now I am really confused - what are these references to, they are not aircrack
0
 
LVL 18

Expert Comment

by:PowerIT
Comment Utility
0
 
LVL 9

Expert Comment

by:maninblac1
Comment Utility
Aircrack is the most popular tool for win users to break WEP encryption.  It is however not the easiest to use.  Mostly because a true windows user isn't used to the command line like aircrack requires.  And finding the right driver revision for windows can be challenging.
This is why most WEP crackers use linux, all the tools needed to do the task simply are readily available to anyone who has linux.  And all the syntax used in the programs use linux syntax, so they are familiar with how to format their instructions.

The auditor suite gives you the benefit of having all the tools preinstalled onto an operating system you can use anywhere with any computer.  A "Live CD".
Tools, like Kismet, the Aircrack suite, and others like the drivers needed to implement the tools on a wireless adapter, (note that by default the default drivers on most wireless adapters don't allow this kind of packet sniffing)

By having the tools all conviently on disk, operating in their native environment it makes executing the crack quick and simple, once you learn the process.

I know i've been singing the same song for a while, but download the Auditor suite and burn it to a CD (it's free, and any person who wants to crack a WEP would likely have this tool easily available), put the CD in a laptop and boot from the CD, linux will run in live mode and if you follow the guide you should be able to execute the attack.

However doing so is not the for the faint of heart because you will have to customize your commands to your hardware, for example if you're not using the wireless card family they have, instead you have atheros card, you would have to sub their wlan0 for ath0 or ath1.  Doing these minor substitutions is the hardest part of doing the attack.  You'll have to understand what each tool asks from you, though the help you will recieve at the commandline from each tool is likely good enough for you to manage.

However, it may be simple enough to present the disk to your boss as a good faith statement to say, anyone who wants to breaks into our network can download this CD, (show him the CD) and within minutes have access to our network, (proceed to boot up the laptop into auditor...which has windows installed....and show him how all the tools needed are included on disk, show him something like Kismet which would display all the network AP's) it might be fair enough to say, i simply don't have the knowledge to use the tools myself.  Unless it was your job to figure out how to use them.

To officially answer your question, is there a way to do it in windows, YES, is it preffered or simple, NO.  You must use the win32 version of the Aircrack suite and must have proper drivers to ensure that the sniffing capabilities are enabled.
Linux is the preffered OS for cracking WEP, any person who is looking to crack a WEP (as a hobby or otherwise) will have likely linux as a main OS, or will have a Live CD like Auditor to facilitate a quick and simple attack.  Does that help any?
To prove to your boss you can do it in windows may be more trouble than it's worth, since a windows user isn't likely to be attacking your WEP and will give up when they see it's protected.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Have any of the further posts assisted you?

Thanks
Keith
0
 
LVL 8

Author Comment

by:jhurst
Comment Utility
I have not yet had the oppurtunity to burn the disk and try this so at this time I can not tell whether this helps
0
 
LVL 8

Author Comment

by:jhurst
Comment Utility
I really never did get an answer but I am certainly comfortable with those guys getting points,  they did some work for me
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Thanks for the update and the agreement.

Regards
Keith
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now