Oh yeah and use reinj.c to create enough packets to get the weak initialization vectors for cracking WEP. On 7/18/03 12:51, "Morgan, Andy" <Andy.Morganat_private> wrote: > Ian, > > There are some tools that will work to try to find a WEP key but they require > a lot of data and time. They exploit known vulnerabilities in the WEP > algorithm to find the keys. However it could take as much as 500 meg of data. > I don't have the links handy. Sorry. > > As far as brute forcing. ok idea but not very doable. to iterate through all > cobinations would be 2^128 possibilities which gets you to about > 3.4028236692093846346337460743177e+38 possible combinations. If you assumed > you could do 1 per second - which would be tough if you wait for DHCP to > respond it would take you 10790283070806014188970529154990 years to get > through all the combinations. Thats a long time. :) If somebody could check > my math that would be great. > > Thanks, > afm > > -----Original Message----- > From: Ian Chilvers [mailto:Ian.Chilversat_private] > Sent: Fri 7/18/2003 7:18 AM > To: pen-testat_private > Cc: > Subject: V/Scan for Wireless LANs > > > > Hi all > > We've been asked to perform a vulnerability assessment for a company that > has a Wireless LAN. The W/LAN is running WEP with a random key generated, > rather than a dictionary word. > > Are there any tools out there that can brute force a WEP. > > Take this example. A person parks the car in the car park and sniffs the > air waves with a product like NetStumbler. He discovers the W/LAN but with > WEP. > > Is there a tool he can use to discover the WEP key (possible by brute force) > > If there isn't such a tool, how does this sound for an idea. > > Run a app that starts at binary 0's and counts upto 128bits of 1's > For each sequence listen to see if there are any sensible packets or even > send out a DHCP discover request to see if you get a reply. This would then > possibly give you the WEP key. > > Any comments > > Ian.... > > > > --------------------------------------------------------------------------- > KaVaDo is the first and only company that provides a complete and an > integrated suite of Web application security products, allowing you to: > - assess your entire Web environment with a Scanner, > - automatically set positive security policies for real-time protection, > and > - maintain such policies at the Application Firewall without compromising > busines performance. > > For more information on KaVaDo and to download a FREE white paper on Web > applications - security policy automation, please visit: > http://www.kavado.com/ad.htm > ---------------------------------------------------------------------------- > > > --------------------------------------------------------------------------- KaVaDo is the first and only company that provides a complete and an integrated suite of Web application security products, allowing you to: - assess your entire Web environment with a Scanner, - automatically set positive security policies for real-time protection, and - maintain such policies at the Application Firewall without compromising busines performance. For more information on KaVaDo and to download a FREE white paper on Web applications - security policy automation, please visit: http://www.kavado.com/ad.htm ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Jul 18 2003 - 14:16:56 PDT