Posts Tagged Wireless Security
60 seconds to Crack Wi-Fi encryption
Posted by Mourad Ben Lakhoua in News, Vulnerabilities on August 30, 2009
Researcher at the University of Hiroshima in Japan reported that they were able to develop a new method to crack wireless AP that uses WPA algorithm. The new method can take only 60 seconds to break Wi-Fi encryption.
Toshihiro Ohigashi and Masakatu Morii planned a conference on the 25th of September to provide the technical approach about exploiting this vulnerability.WPA cracking method has been demonstrated by experts from the last November but Japanese researchers have managed to be the first to transform it from theory to a real threat.
Up to now only WPA using algorithm Temporal Key Integrity Protocol (TKIP) are affected if the router works with the WPA2 that use the stronger Advanced Encryption Standard (AES) algorithm they still safe and not vulnerable to these attacks.
make sure you subscribe to my RSS feed!
Protect your Holiday! (part 3)
Posted by Mourad Ben Lakhoua in Pentesting, Tools on July 13, 2009
The idea of working with a wireless network is always risky unless you make sure of the WLAN security, as we talked in the last post of protect your holiday we will add some tools that can helps in pentesting your wireless network.
Unfortunately not everyone aware of the risk in using such a wireless network, let’s start here by Void11. Void11 is used to Deautheticate clients on the WLAN, or in our way ignoring a client from accessing the wireless network, after disabling the client from the network he will start to try acceding the WLAN, so you have to ignore him one more time. In each time the victim will try to connect he will send traffic with the authentication keys. While exchanging the keys the attacker can take the victims place on the network using his Mac address and by pass the Mac restriction. Unfortunately, this tool works well only under Linux system.
The next tool for this add is WIFIZOO, this tool demonstrate how it’s easy to detect different information in open WI-FI networks. Application objective is to get info from the whole network passively. The tool has a beautiful interface but not only gathers SSID data. It also adds client info like, IP addresses, and passwords of some protocols (Pop3/ftp/telnet). Mail traffic, Http traffic. As a result you can listen to the whole traffic in the wireless interface. But the disadvantage of using WIFIZOO that it has no channel hopping but you can configure Kismet to do this.
The last tool for this series is WIRELESSKEYVIEW, in some cases we forget our keys for the AP, and this tool is the perfect fit for this situation, in which it recovers system WEP/WPA keys. So this works like wireless zero configuration in windows XP and WLAN AutoConfig for Vista.
So think about securing your wireless network try these tools to check the security level of your network and it is always recommended to monitor all your event logs.
make sure you subscribe to my RSS feed!
Protect your Holiday! (part 2)
Posted by Mourad Ben Lakhoua in Pentesting, Tools on July 12, 2009
In this add we will go deeper in the WLAN pentesting. Not to test the performance of the Access points but to check the type of encryption and the level of encryption for this wireless network.
I picked Kismet for the fourth tool list. Kismet not only search for wireless network but also works as an Intrusion detection system and sniffer. The interesting feature in kismet which we do not find in Netstumbler or other tools is that it uses passive collecting packets, which make the operation undetectable. The method used helps in finding out some information about clients, even detecting the hidden network.
Kismet can automatically identify the user IP’s, capturing TCP, UDP, ARP and DHCP packets. Dumping information in format for wireshark / TCPDump and even identify the destination gateway (also supports GPS).
Aircrack-ng is a full package for cracking 802.11 WEP (Wired Equivalent Privacy) Encryption and WPA/WPA2-PSK keys for Wi-Fi Network.
The software package includes several tools airodump (network sniffer 802.11), aircrack (WEP and brute force WPA-PSK), airdecap( decoder for WEP/WPA files) .generally it is necessary for cracking WEP to have the exact number of packet capturing. As soon as you have the same number of network frame, aircrack will prepare a statistic attack on WEP key. Currently aircrack-ng includes three ways for recovering keys:
• First method with the PTW-attack , the main advantage of this technique is that you don’t need a big amount of packets to crack the WEP keys but the PTW-attack works only with the arp packets and this is the point of weakness , In a future version, aircrack-ptw could be extended to work with other packets too.
• The Second way with FMS/KoreK attack, in this method you will need a big amount of packets to crack WEP-keys and this work with the static influence (FMS,KoreK,Brut force).
• The third way with the dictionary attack (wordlist).
The full version of Aircrack-ng runs only under Linux system you can also find it in the BackTrack live CD. On the official website there is a windows version in which they warn that you need to develop your own DLLs to link aircrack-ng to your wireless card.
The final tool for this post will be Technitium, Technitium can help users change the Mac address of their machine. Network administrators are applying on the AP Mac restriction to not allow outsider get access to the network as a security measure this technique helps in providing network access only for machines that are listed by the administrator.
By using Airodump you can easily identify the clients Mac addresses on the network, but you will not be able to access the wireless network unless the client is connected.
On the next post of Protect your Holiday we will see how to ignore a user from a wireless network and take his place on the WLAN.
To be continued….
make sure you subscribe to my RSS feed!
(Picture from Scott Ableman)
Protect your Holiday!
Posted by Mourad Ben Lakhoua in Pentesting, Tools on July 11, 2009
Now a day we can find Wireless network everywhere in the airport, hotels, coffee shops and neighbors.
But if we search on these networks we rarely find secure ones that respect security issues for users, staff and also for home use, I wanted on this post to share some interesting tools at this time while summer is considered the season of holidays and leisure.
The first one is Netstumbler, this tool is considered as one of the best and most popular Wardriving tool. Network stumbler will search for the AP location and export info in a logfile which next can helps in converting the log in Google KML format and in a few seconds shows the location on Google Maps or Google Earth if you have it on your Pc.
For locating the active access points Netstumbler uses an active scanner so not just detecting the signal but in each second it sends a special frame (LC/SNAP frame) that helps to have a new IDS system.
Well the negative point in this tool that it runs just under windows XP and this scanner does not help in detecting the hidden access points and the information provided by this tool are not fantastic, for example it just indicates that the Wi-Fi are using encryption without providing information about the type of encryption used. So this tool we can start with to have some graphs and starting information about the network.
The second tool I have chosen is Vistumbler, Vistumbler supports Windows Vista and windows 7, supports GPS, and the funny point in this tool that it is developed using AutoIt Scripting Language.
Another utility for pentesting wireless network is inSSIDer the fact that Netstumbler do not support windows vista and even 64-bit XP Charle Pulney decided to make his own tool for searching wireless network that has been published in The Code Project. This application has a beautiful interface based on a Native Wi-Fi API and uses like Netstumbler the active method scan.
These tools can help in testing the performance of your WLAN but there still other to come.
To be continued….
make sure you subscribe to my RSS feed!
SUBSCRIBE
