I have been reading and experimenting for some time now with various wireless and backtrack experiments. Dang backtrack is stubborn to install on my old laptop (doesn't support usb booting) and has a cd-drive that sounds like an jet engine with a cough.
Anyhow I just got bt3b working again last night on the HD of my old laptop and I was wondering the concept of brute forcing a WEP. Is there a program, script or other method in which it would be possible to crack a WEP passphrase on a brute force basis. just to be clear by this I mean there will be no use of a dictionairy or wordlist.
It would be good, obviously if there were parameters at least if not priority parameters whereby for example it would go through (if we were talking numbers) from 0 - 10 then 10 - 100 rather than a complete random passphrase testing and ever increasing complexity of pasphrases until the passphrase s found.
Anyone have any ideas or up for the challenge?
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
If you just tried to brute force wep, you would really not be taking advantage of the security weaknesses associated with wep. In a sense, you are not really attacking the WEP protocol but actually the encryption protocol and that itself is very strong. So you would be trying to brute force a 64 or 128 bit RC4 encrypted stream which would take an infinite amount of time.
I thought I read somewhere, can't cite it though, that if you had enough computers to cover the surface of the earth, it would still take thousands of years to brute force something... but that might have been 256 bit.
Thanks but I know how to use search and google!
-The early bird catches the worm, but the second mouse gets the cheese.
airbase can do it....
....but you need a $1000 pico card first!
It really is easier (and cheaper) to do it the 'traditional' way using the aircrack suite!
The problem is your trying to brute-force a 10 digit (64 wep) or 26 (128 wep), and even when you reduce it to (A-F,0-9) charset thats still sh*tloads of combinations! i mean a really really really really really big number! I'm not sure exactly how many but i'm sure a maths wiz will jump in next post and tell you...
Actually maybe 64 bit would be poss, but really you would probably be able to drive somewhere, buy a good wireless card and drive home them crack it that way and still be quicker!
A 128 bit key has 2^128 different possibilities. That computes to 340 trillion-trillion-trillion different combos.
If you try to brute force the key, expect your machine to be running all night.
since a wep key can only be in HEX (due to the RC4 algo) there doesn't seem to be any point in including G-Z and all the special characters on a keyboard into the brute-force script/wordlist, or even counting them in the total different possibilities, i mean its not like a HEX key could be xx : yy : zz : xx : yy : zz......
Apologies if i mis-understood you....
So, a 64 bit WEP key does contains 2^64 possible combos and a 128 bit key does contain 2^128 possible combos.