17.4 Practical WEP Cracking

 <  Day Day Up  >  

Now that we have reviewed the theory, let's examine the practical steps for cracking WEP. The most important resource for cracking a WEP-encrypted signal is time. The longer you capture data, the more likely you are to receive a collision that will leak a key byte. Based on empirical data, there is only about a five percent chance of this happening. On average, you need to receive about five million frames to be able to crack a WEP-encrypted signal. In addition to a wireless sniffer, you'll need a series of Perl scripts available from http:// sourceforge .net/projects/wepcrack/, called (appropriately) WEPCRACK .

Once you have acquired the necessary tools, perform the following steps for cracking a WEP-encrypted signal:

  1. Capture the WEP-encrypted signal using your wireless sniffer (about five milion frames).

  2. From a command prompt, execute the prism-getIV.pl script with the following syntax:

      prism-getIV.pl capturefile_name  
  3. where capturefile_name is the name of your capture file from step 1. When a weak IV is found, the program creates a file named IVfile.log .

  4. Run WEPcrack.pl , which looks at the IVs IVfile.log and attempts to guess at a WEP key. The output of WEPcrack.pl is in decimal format. You will need a decimal-to-Hex conversion chart.

  5. Take the Hex version of the key and enter it into your Client Manager, and you're done!

 <  Day Day Up  >  


Security Warrior
Security Warrior
ISBN: 0596005458
EAN: 2147483647
Year: 2004
Pages: 211

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net