Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Is it possible? Brute forcing WEP

  1. #1
    Just burned his ISO
    Join Date
    May 2008
    Posts
    10

    Default Is it possible? Brute forcing WEP

    I have been reading and experimenting for some time now with various wireless and backtrack experiments. Dang backtrack is stubborn to install on my old laptop (doesn't support usb booting) and has a cd-drive that sounds like an jet engine with a cough.

    Anyhow I just got bt3b working again last night on the HD of my old laptop and I was wondering the concept of brute forcing a WEP. Is there a program, script or other method in which it would be possible to crack a WEP passphrase on a brute force basis. just to be clear by this I mean there will be no use of a dictionairy or wordlist.

    It would be good, obviously if there were parameters at least if not priority parameters whereby for example it would go through (if we were talking numbers) from 0 - 10 then 10 - 100 rather than a complete random passphrase testing and ever increasing complexity of pasphrases until the passphrase s found.

    Anyone have any ideas or up for the challenge?

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Blackrose View Post
    I have been reading and experimenting for some time now with various wireless and backtrack experiments. Dang backtrack is stubborn to install on my old laptop (doesn't support usb booting) and has a cd-drive that sounds like an jet engine with a cough.

    Anyhow I just got bt3b working again last night on the HD of my old laptop and I was wondering the concept of brute forcing a WEP. Is there a program, script or other method in which it would be possible to crack a WEP passphrase on a brute force basis. just to be clear by this I mean there will be no use of a dictionairy or wordlist.

    It would be good, obviously if there were parameters at least if not priority parameters whereby for example it would go through (if we were talking numbers) from 0 - 10 then 10 - 100 rather than a complete random passphrase testing and ever increasing complexity of pasphrases until the passphrase s found.

    Anyone have any ideas or up for the challenge?
    There's no need to brute force WEP in the manner you describe. The protocol is so week that it's easily cracked just be collecting packets and running the available tools on BT to crack it.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    autopwn really work you can try that if not you can try my personal script that you would need to make work yourself
    http://forums.remote-exploit.org/showthread.php?t=12767

  4. #4
    Just burned his ISO
    Join Date
    Jul 2007
    Posts
    20

    Default

    If you just tried to brute force wep, you would really not be taking advantage of the security weaknesses associated with wep. In a sense, you are not really attacking the WEP protocol but actually the encryption protocol and that itself is very strong. So you would be trying to brute force a 64 or 128 bit RC4 encrypted stream which would take an infinite amount of time.
    I thought I read somewhere, can't cite it though, that if you had enough computers to cover the surface of the earth, it would still take thousands of years to brute force something... but that might have been 256 bit.
    Thanks but I know how to use search and google!
    -The early bird catches the worm, but the second mouse gets the cheese.

  5. #5
    Senior Member Talkie Toaster's Avatar
    Join Date
    Jun 2008
    Location
    Scotland
    Posts
    131

    Default Good news,bad news...

    airbase can do it....

    ....but you need a $1000 pico card first!

    http://openciphers.sourceforge.net/oc/wep.php

    It really is easier (and cheaper) to do it the 'traditional' way using the aircrack suite!

    The problem is your trying to brute-force a 10 digit (64 wep) or 26 (128 wep), and even when you reduce it to (A-F,0-9) charset thats still sh*tloads of combinations! i mean a really really really really really big number! I'm not sure exactly how many but i'm sure a maths wiz will jump in next post and tell you...

    Actually maybe 64 bit would be poss, but really you would probably be able to drive somewhere, buy a good wireless card and drive home them crack it that way and still be quicker!

    TT

  6. #6
    Junior Member SWFu64's Avatar
    Join Date
    Jan 2010
    Posts
    97

    Default

    64: 1,099,511,627,776
    128: 43,608,742,899,428,874,059,776

  7. #7
    Member
    Join Date
    Aug 2007
    Posts
    231

    Default

    Quote Originally Posted by Talkie Toaster View Post
    and even when you reduce it to (A-F,0-9) charset
    But you just can't make this reduction (you have to assume that the key is in HEX). So, a 64 bit key has 2^64 possible combinations. That computes to 18,446,744 trillion different combos.

    A 128 bit key has 2^128 different possibilities. That computes to 340 trillion-trillion-trillion different combos.

    If you try to brute force the key, expect your machine to be running all night.

  8. #8
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by SLK001 View Post
    But you just can't make this reduction (you have to assume that the key is in HEX). So, a 64 bit key has 2^64 possible combinations. That computes to 18,446,744 trillion different combos.

    A 128 bit key has 2^128 different possibilities. That computes to 340 trillion-trillion-trillion different combos.

    If you try to brute force the key, expect your machine to be running all night.
    All night? Try through your next 3 generations worth of lifetimes....



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  9. #9
    Senior Member Talkie Toaster's Avatar
    Join Date
    Jun 2008
    Location
    Scotland
    Posts
    131

    Question

    Quote Originally Posted by SLK001 View Post
    But you just can't make this reduction (you have to assume that the key is in HEX). So, a 64 bit key has 2^64 possible combinations. That computes to 18,446,744 trillion different combos.
    Just wondering why you said the above? Am i missing/forgetting something?

    since a wep key can only be in HEX (due to the RC4 algo) there doesn't seem to be any point in including G-Z and all the special characters on a keyboard into the brute-force script/wordlist, or even counting them in the total different possibilities, i mean its not like a HEX key could be xx : yy : zz : xx : yy : zz......

    Apologies if i mis-understood you....

    TT

  10. #10
    Member
    Join Date
    Aug 2007
    Posts
    231

    Default

    Quote Originally Posted by Talkie Toaster View Post
    Just wondering why you said the above? Am i missing/forgetting something?

    since a wep key can only be in HEX (due to the RC4 algo) there doesn't seem to be any point in including G-Z and all the special characters on a keyboard into the brute-force script/wordlist, or even counting them in the total different possibilities, i mean its not like a HEX key could be xx : yy : zz : xx : yy : zz......

    Apologies if i mis-understood you....

    TT
    The "HEX" format is a short hand representation of a 4 bit binary sequence (16 different possibilities). It runs 0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F (this is actually a BASE 16 system). With two "HEX" numbers, you can represent any letter of the alphabet, the numbers 0-9, all the control characters, plus a lot more. You are confusing the HEX numbers A,B,C,D,E,F with the alphabetic letters A,B,C,D,E,F.

    So, a 64 bit WEP key does contains 2^64 possible combos and a 128 bit key does contain 2^128 possible combos.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •