13:27 Attacks on wireless networks Part 2 | |
This is a continuation of the previous article, "Attacks on wireless access points with WEP-protected. In the second part series of articles on wireless security, we look at some unconventional attacks on WEP. In the latest (unstable) version of aircrack-ng added a few programs that implement new attacks on the WEP protocol. The first of them - wesside-ng. In fact - it is a script that automates the hack key. The program has several options, but for you simply give her the name of the network interface to use: wesside-ng-i wlan0 The algorithm works the same as for manual hacking: 1. Skipping through the channels found a network with WEP. 2. Produced fake authentication. If filtering is enabled on the MAC - changed to a valid address of the adapter. 3. Authentication is made. 4. Fragmentation attack produces 128 bits klyuchegogo flow. 5. Catch ARP-packet, IP address in the body stands. Based on these data, as well as key stream - create fake ARP-packet. 6. Network is filled with fake ARP-packets. 7. Runs ptw - attack to calculate the key. The second new program - easside-ng. It allows you to connect to a wireless network with WEP key itself does not know. [Caption id = «attachment_294» align = «alignnone» width = «500» caption = «Work Scheme easside-ng»] [/ caption] To implement this attack, you must be able to run the component easside -ng - buddy-ng server on the Internet. Also, the wireless network and a computer with which you are attacked, should be able to communicate with the buddy-ng. The scheme works is simple enough: 1. Fragmentation attack produced keystream maximum length (1504 bits). 2. Manipulation of the ARP-packets learn network addressing. 3. It connects to the server and verify its performance. Next, for a packet to the network - it is transformed, using the key stream, and sent. Decoding the received packet is a little harder - first added to it the information needed to deliver a packet to the server and it goes back to the wireless network. Access point, in turn, decrypts the packet and forwards it to the Internet. Server received the packet, send it to you in cleartext. This attack is very quiet and fast, it's not necessary to send tens of thousands of packages that favorably distinguishes it from traditional attacks on WEP. Program starts very simply: to an external server - buddy-ng And on your computer - easside-ng-f <network interface>-v <MAC attacked tochki>-c < ; point channel>-s <server address on the external> And the latest innovation - a new option in the program aireplay-ng. 2 new options allow you to carry out attacks on customers, getting WEP - a key outside the range of the corresponding network. Aireplay-ng -6-h <MAC network karty>-D <network interface> for the so-called "Caffe - Latte" attack, and aireplay-ng -7-h <MAC Network Card>-D <network interface> for "Hirta" attack. Both of them perform one function, but slightly different methods. Initially expected ARP - a request from any client within range of your network card. After that, the key stream produced short lengths and create ARP - a request which the client will respond. Next run airodump-ng, build packages, and the key is calculated using aircrack-ng. Finally, it is worth to notice that these new types of attacks, only further simplify hacking Wi-Fi networks with WEP protection. And the only option today is WPA2, PSK or Enterprise. In the next article, we consider in detail the possibility of cracking WPA-protected networks, as well as new attacks on the WPA-TKIP, and try to answer the question - whether the WPA can not give full confidence in the security of your wireless network. Author: Kozhara Jaroslav, Glaive Security Group | |
|
Total comments: 0 | |