There's no need to brute force WEP in the manner you describe. The protocol is so week that it's easily cracked just be collecting packets and running the available tools on BT to crack it.Originally Posted by Blackrose
Is it possible? Brute forcing WEP
I have been reading and experimenting for some time now with various wireless and backtrack experiments. Dang backtrack is stubborn to install on my old laptop (doesn't support usb booting) and has a cd-drive that sounds like an jet engine with a cough.
Anyhow I just got bt3b working again last night on the HD of my old laptop and I was wondering the concept of brute forcing a WEP. Is there a program, script or other method in which it would be possible to crack a WEP passphrase on a brute force basis. just to be clear by this I mean there will be no use of a dictionairy or wordlist.
It would be good, obviously if there were parameters at least if not priority parameters whereby for example it would go through (if we were talking numbers) from 0 - 10 then 10 - 100 rather than a complete random passphrase testing and ever increasing complexity of pasphrases until the passphrase s found.
Anyone have any ideas or up for the challenge?
There's no need to brute force WEP in the manner you describe. The protocol is so week that it's easily cracked just be collecting packets and running the available tools on BT to crack it.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
autopwn really work you can try that if not you can try my personal script that you would need to make work yourself
http://forums.remote-exploit.org/showthread.php?t=12767
If you just tried to brute force wep, you would really not be taking advantage of the security weaknesses associated with wep. In a sense, you are not really attacking the WEP protocol but actually the encryption protocol and that itself is very strong. So you would be trying to brute force a 64 or 128 bit RC4 encrypted stream which would take an infinite amount of time.
I thought I read somewhere, can't cite it though, that if you had enough computers to cover the surface of the earth, it would still take thousands of years to brute force something... but that might have been 256 bit.
Thanks but I know how to use search and google!
-The early bird catches the worm, but the second mouse gets the cheese.
Good news,bad news...
airbase can do it....
....but you need a $1000 pico card first!
http://openciphers.sourceforge.net/oc/wep.php
It really is easier (and cheaper) to do it the 'traditional' way using the aircrack suite!
The problem is your trying to brute-force a 10 digit (64 wep) or 26 (128 wep), and even when you reduce it to (A-F,0-9) charset thats still sh*tloads of combinations! i mean a really really really really really big number! I'm not sure exactly how many but i'm sure a maths wiz will jump in next post and tell you...
Actually maybe 64 bit would be poss, but really you would probably be able to drive somewhere, buy a good wireless card and drive home them crack it that way and still be quicker!
TT
64: 1,099,511,627,776
128: 43,608,742,899,428,874,059,776
But you just can't make this reduction (you have to assume that the key is in HEX). So, a 64 bit key has 2^64 possible combinations. That computes to 18,446,744 trillion different combos.
A 128 bit key has 2^128 different possibilities. That computes to 340 trillion-trillion-trillion different combos.
If you try to brute force the key, expect your machine to be running all night.
All night? Try through your next 3 generations worth of lifetimes....
"The goal of every man should be to continue living even after he can no longer draw breath."
~ShadowKill
Just wondering why you said the above? Am i missing/forgetting something?
since a wep key can only be in HEX (due to the RC4 algo) there doesn't seem to be any point in including G-Z and all the special characters on a keyboard into the brute-force script/wordlist, or even counting them in the total different possibilities, i mean its not like a HEX key could be xx : yy : zz : xx : yy : zz......
Apologies if i mis-understood you....
TT
The "HEX" format is a short hand representation of a 4 bit binary sequence (16 different possibilities). It runs 0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F (this is actually a BASE 16 system). With two "HEX" numbers, you can represent any letter of the alphabet, the numbers 0-9, all the control characters, plus a lot more. You are confusing the HEX numbers A,B,C,D,E,F with the alphabetic letters A,B,C,D,E,F.
So, a 64 bit WEP key does contains 2^64 possible combos and a 128 bit key does contain 2^128 possible combos.
Posting Permissions
