2008年6月3日 星期二

Cracking WEP and WPA Wireless Networks - Docupedia

Cracking WEP and WPA Wireless Networks - Docupedia

WPA Crackin

Differences

WPA is an encryption algorithm that takes care of a lot of the vunerablities inherent in WEP. WEP is, by design, flawed. No matter how good or crappy, long or short, your WEP key is, it can be cracked. WPA is different. A WPA key can be made good enough to make cracking it unfeasible. WPA is also a little more cracker friendly. By capturing the right type of packets, you can do your cracking offline. This means you only have to be near the AP for a matter of seconds to get what you need. Advantages and disadvantages.

WPA Flavours

WPA basically comes in two flavours RADIUS or PSK. PSK is crackable, RADIUS is not so much.

PSK uses a user defined password to initialize the TKIP, temporal key integrity protocol. There is a password and the user is involved, for the most part that means it is flawed. The TKIP is not really crackable as it is a per-packet key but upon the initialization of the TKIP, like during an authentication, we get the password (well the PMK anyways). A robust dictionary attack will take care of a lot of consumer passwords.

Radius involves physical transferring of the key and encrypted channels blah blah blah, look it up to learn more about it but 90% of commerical APs do not support it, it is more of an enterprise solution then a consumer one.

The Handshake

The WPA handshake was designed to occur over insecure channels and in plaintext so the password is not actually sent across. There are some fancy dancy algorithms in the background that turn it into a primary master key, PMK, and the like but none of that really matters cause the PMK is enough to connect to the network.

The only step we need to do is capture a full authenication handshake from a real client and the AP. This can prove tricky without some packet injection, but if you are lucky to capture a full handshake, then you can leave and do the rest of the cracking at home.

We can force an authenication handshake by launching a Deauthentication Attack, but only if there is a real client already connected (you can tell in airodump). If there are no connected clients, you're outta luck.

Like for WEP, we want to know the channel the WPA is sitting on, but the airodump command is slightly different. We don't want just IVs so we don't specify an IV flag. This will produce "lucid.cap" instead of "lucid.ivs". Assume WPA is on channel 6 and wireless interface is ath0.

 ./airodump ath0 lucid 6

Dictionary Brute Force

The most important part of brute forcing a WPA password is a good dictionary. Check out http://www.openwall.com/wordlists/ for a 'really' good one. It costs money, but its the biggest and best I've ever seen (40 Million words, no duplicates, one .txt file). There is also a free reduced version from the same site but i'm sure resourceful people can figure out where to get a good dictionary from.

When you have a good dictionary the crack is a simple brute force attack:

 ./aircrack -a 2 -b 00:23:1F:55:04:BC -w /path/to/wordlist

Either you'll get it or you won't... depends on the strength of the password and if a dictionary attack can crack it.

Using Aireplay

Aireplay is the fun part. You get to manipulate packets to trick the network into giving you what you want.

WEP Attacks

Attacks used to create more traffic on WEP networks to get more IVs.

ARP Injection

ARP Replay is a classic way of getting more IV traffic from the AP. It is the turtle. Slow but steady and almost always works. We need the BSSID of the AP and the BSSID of an associated client. If there are no clients connected, it is possible to create one with another WEP attack explained below: Fake Authentication Attack.

With airodump listening, we attack:

 ./aireplay -3 -b  -h  ath0

Note: The -3 specifys the type of attack (3=ARP Replay).

This will continue to run, and airodump, listening fron another terminal, will pick up any reply IVs.

Interactive Packet Replay

Interactive Packet Reply is quite a bit more advanced and requires capturing packets and constructing your own. It can prove more effective then simple ARP requests but I won't get into packet construction here.

A useful attack you might try is the re-send all data attack, basically you are asking the AP to re-send you everything. This only works if the AP re-encrypts the packets before sending them again (and therefore giving you a new IV). Some APs do, some don't.

 aireplay -2 -b  -h  -n 100 -p 0841 -c FF:FF:FF:FF:FF:FF ath0

Fake Authentication Attack

This attack won't generate any more traffic but it does create an associative client MAC Address useful for the above two attacks. Its definately not as good as having a real, connected client, but you gots to do what you gots to do.

This is done easiest with another machine because we need a new MAC address but if you can manually change your MAC then that'll work too. We'll call your new MAC address "Fake MAC".

Now most APs need clients to reassociate every 30 seconds or so or they think they're disconnected. This is pretty arbitrary but I use it and it has worked but if your Fake MAC gets disconnected, reassociate quicker. We need both the essid and bssid and our Fake MAC.

 ./aireplay -1 30 -e '' -a  -h  ath0

If successful, you should see something like this:

 23:47:29  Sending Authentication Request
23:47:29 Authentication successful
23:47:30 Sending Association Request
23:47:30 Association successful :-)

Awesome! Now you can use the above two attacks even though there were no clients connected in the first place! If it fails, there may be MAC Address Filtering on so if you really want to use this, you'll have to sniff around until a client provides you with a registered MAC to fake.

WPA Attacks

So far, the only way to really crack WPA is to force a re-authentication of a valid client. We need a real, actively connected client to break WPA. You might have to wait a while.

Deauthentication Attack

This is a simple and very effective attack. We just force the connected client to disconnect then we capture the re-connect and authentication, saves time so we don't have to wait for the client to do it themselves (a tad less "waiting outside in the car" creepiness as well). With airodump running in another console, your attack will look something like this:

 aireplay -0 5 -a  -c  ath0

After a few seconds the re-authentication should be complete and we can attempt to Dictionary Brute Force the PMK.

Conclusion

Well thats that. APs crack fairly often but sometimes there is just nothing you can do. Obviously you are not allowed to illegally crack other people's wireless connections, this is purely for penetration testing purposes and some fun.

小P:用WPA加密wireless連線好些。

沒有留言: