Packet injection on a WPA network

[compaq]

In about 3 months this contract that my business is working on, will have all most finshed doing our job, and the alarm and fire companys will if they don't change there minds will install alarm and fire systems with a wireless network. At that time our company will mention that it is insecure, more so than wired(bypassing external firewalls), and that they should hire our company to make it wired.

My question is, can I do what I can do on ettercap(replace packets that have certain info in a packet, with something else.If possiable we will explain that it is possiable to i've make there alarm go off at night when we won't or stop there alarm going of at night.

I have looked at airpwn and ettercap, but they only do wep decrypt(don't know yet, but I don't think they will be that bad), i've also tryed pipe commands from airodump-ng | airdecap-ng | ettercap | (need encrypt) | (then injection prog).

Thanks James

[imported_=Tron=]

My question is, can I do what I can do on ettercap(replace packets that have certain info in a packet, with something else.If possiable we will explain that it is possiable to i've make there alarm go off at night when we won't or stop there alarm going of at night.

Ettercap works regardless of the encryption that is used on the AP, but you will have to be connected to the AP for this to work. If you implement WPA encryption with a long random passphrase utilizing all allowed characters there should be no need to fear that anyone will gain unauthorized access through the wireless AP.

[compaq]

If you implement WPA encryption with a long random passphrase utilizing all allowed characters there should be no need to fear that anyone will gain unauthorized access through the wireless AP.

I will be trying to scare them and say that for $1000 you can buy 20 computers that can test 10000keys a seconds, and a 8char psk will take 83 seconds to crack.

The company that my boss subbies to has a hardware deivce that trys keys one after the other, and it broke a key for anought job in 3 months.
With ettercap, when I view the packets, text like "signal 403 ok" aren't showing, it more like tfburz5, I was trying on my computer to use ettercap to direct one of my computers to google no matter what site the went to with dns,I copyed the dns of google from the same IP of the computer that was going to be giving false dns, and replaced the start info of a packet like "tfbu" with tfburz(www.google.com, still no luck.
I don't need to stop the packets getting throught like to set off the alarm, but I would like to beable to record the packets from during the day when the alarm is set off, and replay it at night.

Thanks
James

[imported_=Tron=]

I will be trying to scare them and say that for $1000 you can buy 20 computers that can test 10000keys a seconds, and a 8char psk will take 83 seconds to crack.

I see, so scare tactics is the name of the game and apparently flat out lying is allowed too...
However, I would hardly classify a 8 character password as strong or long by any means. Since WPA will allow a 63 character passphrase why not utilize this to the fullest and use a password that looks something like this:

Code:

=^?by@Hi,|m3`4o$&|>D,,{0:-X4R-QR?.(RKLQl]+wMdVt`#(K7\&HdXn`rr/p

I ensure you that breaking a WPA password that looks like this will be beyond the scope of virtually all possible attackers of your wireless AP.

[compaq]

Originally Posted by compaq
I will be trying to scare them and say that for $1000 you can buy 20 computers that can test 10000keys a seconds, and a 8char psk will take 83 seconds to crack.

I see, so scare tactics is the name of the game and apparently flat out lying is allowed too...
However, I would hardly classify a 8 character password as strong or long by any means. Since WPA will allow a 63 character passphrase why not utilize this to the fullest and use a password that looks something like this:
Code:

A second hand computer you can get around $50, and useing airlib-ng you can get up to 10000keys, i worked out the time with 8*8*8*8*8*8*8*8 / 200000keys, is that wrong?

Yes and if you use 1million false positive encrypting you would be secure, but that below code is not going to be remembered or at least writing down to install on all stations.

[imported_=Tron=]

A second hand computer you can get around $50, and useing airlib-ng you can get up to 10000keys, i worked out the time with 8*8*8*8*8*8*8*8 / 200000keys, is that wrong?

You are missing the fact that the wordlist will have to be computed for the target SSID first with airolib-ng before you will reach these speeds. The computing process along with the time it will take to run the hash-table against the WPA handshake will actually be slower than to merely run the wordlist at a slow speed in the first place. It is this fundamental fact that your equation is missing.

Yes and if you use 1million false positive encrypting you would be secure, but that below code is not going to be remembered or at least writing down to install on all stations.

As the key only have to be inputted once per each machine that is going to access the wireless AP I do not see why it would be too hard to use a key of this sort.