Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: How do you speed up packet injection?

  1. #11
    Member
    Join Date
    May 2007
    Posts
    138

    Default

    Surely you wouldn't even need to perform a vulnerability assessment on WEP, it's as vulnerable as hell and shamanvirtuel is not alone in being able to crack 104bit, (128bit), WEP in around 80 seconds!!!

    Update your aircrack module to the latest stable version, 0.9.1 and your madwifi drivers...as you're using an Atheros chipset. Both will improve your injection rate and 0.9.1 allows you to use the PTW attack by adding -z to the script. You could try the latest 1.0 beta, although if you're using it professionally then I'd recommend using 0.9.1 because you don't want to beta testing whilst on a job.

    With all due respect, if I contracted someone to test my security I'd expect them to know at least as much about WIFI cracking and encryption as I do!

  2. #12
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by heyaz View Post
    Thanks guys. I will try aircrack-ptw against the IVs (I saved them on a usb drive) and see if I did indeed get enough to crack it. Some documentation for aircrack-ng was saying at least 400k could be needed for 108-bit or up to 1.5 million. I've done it before with 120k, but maybe that was luck?
    The PTW attack is new. 95% probability of cracking WEP with 80,000 IVs.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  3. #13
    Developer balding_parrot's Avatar
    Join Date
    May 2007
    Posts
    3,399

    Default

    I rarely ever need more than about 30K even for 128bit WEP

  4. #14

    Default

    Quote Originally Posted by TrialAndError View Post
    Surely you wouldn't even need to perform a vulnerability assessment on WEP, it's as vulnerable as hell and shamanvirtuel is not alone in being able to crack 104bit, (128bit), WEP in around 80 seconds!!!
    ....
    With all due respect, if I contracted someone to test my security I'd expect them to know at least as much about WIFI cracking and encryption as I do!
    I agree. If a company contacted me and asked for a security test of their wireless WEP encrypted network, I think I'd first sit them down and explain how weak WEP actually is, and that they should first upgrade to at least WPA before considering any further security audit. (Altho I guess if they paid me well enough, I'd be happy to go out and prove it )

    Anyway, if you are having trouble, it could well be bad radio conditions, as previously mentioned. Try driving around the parkinglot to find a location with a better radio enviornment (ie: stronger Rx and less SNR).

    **edit**

    You mentioned this was a factory? Maybe they have some equipment causing interference in the 2.4 Ghz range? If you have a spectrum analyzer available, it could be worth to do a scan for narrowband interferers.

  5. #15
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    23

    Default

    Thanks again for the help.

    Today I used PTW and cracked the key with about 45000 IVs. I was unable to get any better injection speed (20 per second max), after trying many locations around the site.

    At another site I was able to get a speed of 350 packets per second, but only when using one particular station. When trying other stations connected to the same AP, I could only get 1-5 packets per second.

    Oddly enough, the PTW method wasn't able to crack this one at all - I gathered about 550,000 packets in 30 minutes. Old method didn't seem to work either. Out of this many packets could there really have been no weak IVs at all? To my knowledge, the station would have been a windows 98 or XP box.

    edit:... it just dawned on me that most of the clients to which I was spamming ARP packets are handheld devices with built in wifi.. could my slow injection speed been due to them not being able to reply as fast as a desktop?

  6. #16
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by heyaz View Post
    Oddly enough, the PTW method wasn't able to crack this one at all - I gathered about 550,000 packets in 30 minutes. Old method didn't seem to work either. Out of this many packets could there really have been no weak IVs at all? To my knowledge, the station would have been a windows 98 or XP box.?
    PTW attack does not require "weak" or "unique" IVs, just any random IV.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  7. #17
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    23

    Default

    Quote Originally Posted by theprez98 View Post
    PTW attack does require "weak" or "unique" IVs, just any random IV.
    does or does not?

  8. #18
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by heyaz View Post
    does or does not?
    Does not. Sorry. Typo fixed.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  9. #19

    Default

    Newb question, sorry if it's off-topic.

    Does aircrack 0.9.1 come with BT2? Or is it an older version? (I'm using a LiveCD)

    Sorry if this doesn't belong here.

  10. #20
    Senior Member PrairieFire's Avatar
    Join Date
    Apr 2007
    Posts
    705

    Default

    Old something in the 0.7.* range if I remember right. Your best bet is to use a usb and create modules.
    Μολὼν λαβέ - Great spirits encounter heavy opposition from mediocre minds.

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •