The PTW attack is new. 95% probability of cracking WEP with 80,000 IVs.Originally Posted by heyaz
Surely you wouldn't even need to perform a vulnerability assessment on WEP, it's as vulnerable as hell and shamanvirtuel is not alone in being able to crack 104bit, (128bit), WEP in around 80 seconds!!!
Update your aircrack module to the latest stable version, 0.9.1 and your madwifi drivers...as you're using an Atheros chipset. Both will improve your injection rate and 0.9.1 allows you to use the PTW attack by adding -z to the script. You could try the latest 1.0 beta, although if you're using it professionally then I'd recommend using 0.9.1 because you don't want to beta testing whilst on a job.
With all due respect, if I contracted someone to test my security I'd expect them to know at least as much about WIFI cracking and encryption as I do!
The PTW attack is new. 95% probability of cracking WEP with 80,000 IVs.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
I rarely ever need more than about 30K even for 128bit WEP
I agree. If a company contacted me and asked for a security test of their wireless WEP encrypted network, I think I'd first sit them down and explain how weak WEP actually is, and that they should first upgrade to at least WPA before considering any further security audit. (Altho I guess if they paid me well enough, I'd be happy to go out and prove it)
Anyway, if you are having trouble, it could well be bad radio conditions, as previously mentioned. Try driving around the parkinglot to find a location with a better radio enviornment (ie: stronger Rx and less SNR).
**edit**
You mentioned this was a factory? Maybe they have some equipment causing interference in the 2.4 Ghz range? If you have a spectrum analyzer available, it could be worth to do a scan for narrowband interferers.
Thanks again for the help.
Today I used PTW and cracked the key with about 45000 IVs. I was unable to get any better injection speed (20 per second max), after trying many locations around the site.
At another site I was able to get a speed of 350 packets per second, but only when using one particular station. When trying other stations connected to the same AP, I could only get 1-5 packets per second.
Oddly enough, the PTW method wasn't able to crack this one at all - I gathered about 550,000 packets in 30 minutes. Old method didn't seem to work either. Out of this many packets could there really have been no weak IVs at all? To my knowledge, the station would have been a windows 98 or XP box.
edit:... it just dawned on me that most of the clients to which I was spamming ARP packets are handheld devices with built in wifi.. could my slow injection speed been due to them not being able to reply as fast as a desktop?
PTW attack does not require "weak" or "unique" IVs, just any random IV.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
does or does not?
Does not. Sorry. Typo fixed.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
Newb question, sorry if it's off-topic.
Does aircrack 0.9.1 come with BT2? Or is it an older version? (I'm using a LiveCD)
Sorry if this doesn't belong here.
Old something in the 0.7.* range if I remember right. Your best bet is to use a usb and create modules.
Μολὼν λαβέ - Great spirits encounter heavy opposition from mediocre minds.
Posting Permissions