Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Location based WEP attack - no injection needed

  1. #1
    Junior Member
    Join Date
    Nov 2008
    Posts
    32

    Default Location based WEP attack - no injection needed

    I have found that a third of WEP networks use a phone number as the key.

    I have written a script for NYC

    http://forum.aircrack-ng.org/index.p...=5944.0;id=505

    that generates a wordlist of possible phone numbers based on area codes and exchanges. Then it can be used to test a capture file with

    Code:
    aircrack-ng -w h:<wordlist> <capture file>
    The benefit is that while it will not work all the time, it only needs 4 IVs of data, so one can casually roam the area capturing, then test each network against the list.

    If you do use this method please report your success rate and city. Also, I used area-codes.com for the areacode/exchange data, for those of you not in NYC. If you have trouble with running or personalizing the script, let me know.

    Oh, when running the script, give it time, the output will be large.

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by custode View Post
    I have found that a third of WEP networks use a phone number as the key.

    I have written a script for NYC

    http://forum.aircrack-ng.org/index.p...=5944.0;id=505

    that generates a wordlist of possible phone numbers based on area codes and exchanges. Then it can be used to test a capture file with

    Code:
    aircrack-ng -w h:<wordlist> <capture file>
    The benefit is that while it will not work all the time, it only needs 4 IVs of data, so one can casually roam the area capturing, then test each network against the list.

    If you do use this method please report your success rate and city. Also, I used area-codes.com for the areacode/exchange data, for those of you not in NYC. If you have trouble with running or personalizing the script, let me know.

    Oh, when running the script, give it time, the output will be large.
    So you're pretty much advocating cracking random networks without permission?

    How exactly is this doing a Pen-Test?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Junior Member
    Join Date
    Nov 2008
    Posts
    32

    Default

    Quote Originally Posted by streaker69 View Post
    So you're pretty much advocating cracking random networks without permission?

    How exactly is this doing a Pen-Test?
    Actually, you never interact with the networks. It is a general study to see how prevalent this weak key type is, which is why I am curious to see success rates.

  4. #4
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by custode View Post
    Actually, you never interact with the networks. It is a general study to see how prevalent this weak key type is, which is why I am curious to see success rates.
    No offense, but it is proven fact that wep is weak, since your script is based on wep attacks it really helps to prove nothing. Nice contribution I suppose.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  5. #5
    Junior Member
    Join Date
    Nov 2008
    Posts
    32

    Default

    Agreed, WEP is broken, not trying to prove that, just curious about key selection. Some businesses (including a financial firm included with permission) are effectively posting their key on their front door and business cards.

  6. #6
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    23

    Default

    custode, very nice idea on the script, I myself have noticed that many clients Ive worked for have used phone numbers for both WEP / WPA keys. Although a phone number is a good set of random numbers, its still very easily cracked and figured out.

  7. #7
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by custode View Post
    Agreed, WEP is broken, not trying to prove that, just curious about key selection. Some businesses (including a financial firm included with permission) are effectively posting their key on their front door and business cards.
    I fail to see where this is any business of yours what and where they post this information. Again I mean no offense to your creativity this is not in question at all but rather the way you have advertised yourself here with your thread on the subject.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  8. #8
    Junior Member
    Join Date
    Nov 2008
    Posts
    32

    Default

    Quote Originally Posted by archangel.amael View Post
    I fail to see where this is any business of yours what and where they post this information. Again I mean no offense to your creativity this is not in question at all but rather the way you have advertised yourself here with your thread on the subject.
    Ok, that's a valid comment. I should have titled it differently. It's my business because my business is writing about infosec in financial services. My goal was to have a decent set of cross country data to support a point such as "despite the known weakness of WEP and high profile wireless related breaches such as TJX, many networks still use WEP, and of those, YY% use their phone number as the key."

  9. #9
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by custode View Post
    Ok, that's a valid comment. I should have titled it differently. It's my business because my business is writing about infosec in financial services. My goal was to have a decent set of cross country data to support a point such as "despite the known weakness of WEP and high profile wireless related breaches such as TJX, many networks still use WEP, and of those, YY% use their phone number as the key."
    Now doesn't that sound better, than the original?
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  10. #10
    Junior Member DeadlyFoez's Avatar
    Join Date
    Jul 2009
    Posts
    42

    Default

    I have to agree, I know too many people who used their phone number as the wep key. Lack of knowledge leads to problems. I guess it just seems too easy for people to use their phone number when they need an easy to remember 10 digit key. What a joke using wep 64. might as well just leave it unsecured.
    If at first you don't succeed, keep sucking until you do suck seed. --Curly

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •