digg

Facebook Connect Join Digg About

Cracking WEP With Windows : Tutorial, Part 1

antionline.com This is part one in a two part paper on Cracking WEP with Windows XP. This first part covers sniffing wireless traffic and obtaining the WEP key. Part Two will cover associating with a Wireless AP, spoofing your MAC address, trying to log on administratively to the AP and further things you can carry out on the WLAN once authenticated successfully.

Who dugg this? Made popular Jul 5, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

99 Comments

show profanity settings
expand all
  • hspr, on 10/12/2007, -1/+37There is a mirror here : http://www.tazforum.thetazzone.com/viewtopic.php?t=2069. A video component will be posted soon, for registered members (free !).
  • zenscope, on 10/12/2007, -2/+18This is exactly the type of information that accelerates security protocol development in the wifi area. Dugg.
  • Bandito, on 10/12/2007, -0/+11@Stealth99 - Maybe you're missing the point or maybe I'm way off base but....

    People who want to learn this will find a way. But now YOU have the same information that they do. Now YOU can take measures to test your own vulnerabilities and prevent these "rookie hackers" from getting in.

    just my 2 cents.
  • funbags, on 10/12/2007, -10/+20Go cry somewhere else.
  • nokia1, on 10/12/2007, -1/+11Hi guys/gals,

    Thanks for all your comments!

    Let me just clear something up though please - This is not meant or intended to teach people how to crack WEP - I am a Network Administrator and an IT Trainer and would not help just anyone to do things like this. My main reason for writing this is to demonstrate exactly how easy it is to break WEP...and that you don’t need to be a Linux guru to do it!

    Most people seem to think you need Linux to do anything like this, whilst this is partially true, it is not entirely true....I read a comment stating that now the poster knows that it can be done with Windows just as easily as it can be done with Linux he is going to think about not using WEP....which is exactly what I wanted to hear after writing this!!

    On its own this paper may not be enough to break a WEP key as it does not include anything on Packet Injection which is usually needed to break WEP unless you happen to stumble upon a fairly busy Wireless AP...

    Please feel free to join the site it is hosted on and post any questions / comments there, I am there most days as are other IT professionals and we will gladly respond to any posts made.

    For the people who think it should not have been posted here due to the nature of what it is.....please note I did not post it here and was surprised when I saw it, also the link back to Antionline is not the original posting for the paper, it was originally posted at www.tazforum.thetazzone.com. I had no control over it being posted here............considering the nature of its content, would I have posted it here myself? ...........no I wouldn't.

    Thanks again for all your comments!!

    Nokia
  • seinman, on 10/12/2007, -2/+11Some of us CAN'T do more to secure our access points. I'd love to use WPA, but not all of my devices support it, so i'm stuck with WEP.
  • theboohi, on 10/12/2007, -0/+8Increasing awareness about the vulnerabilities that exist should be the priority. Tutorials like this do a good job of showing how easy WEP can be broken. Hopefully people will catch on and realize that they need to do more to secure their access points.
  • Eazy~e, on 10/12/2007, -1/+9The poster cannot be "nailed some places for aiding and abetting a crime". Freedom of speech says you can say or write articles on whatever topic. Google would have lawsuit after lawsuit if that were true. As for places without freedom of speech.... good luck trying to extradite an american on those charges.

    If I wrote an article on how to kill yourself, I wouldn't be arrested...... I would be applauded by those in this thread.
  • NetElemental, on 10/12/2007, -1/+6@Hickeroar - Do universities teaching security get sued? Do penetration testers get sued for knowing or having to know this stuff? No.
  • boneill428, on 10/12/2007, -0/+5Part 2 = Being an uber script kiddie.
    Part 3 = Becoming the leetest script kiddie
  • metalstorm, on 10/12/2007, -1/+6Just use WPA like everybody else.
  • spyrochaete, on 10/12/2007, -1/+5Yeah, more educational because it's friggin impossible to get a PCMCIA or onboard wireless NIC working in linux.
  • thenativeraver, on 10/12/2007, -1/+4"There are cars everywhere on the road. There are plenty in my vicinity. Does that mean I can just use them for myself?"

    Yes, I give you permission.
  • NinjaBoy, on 10/12/2007, -3/+7No because you just sniff the data and pull out a mac address and then spoof your mac address.
  • thenativeraver, on 10/12/2007, -1/+5I'm using your router right now!
    Come get some, Bitch!
  • danglerman, on 10/12/2007, -1/+5@Hickeroer

    This shouldn't teach people to break the law, it should teach people how to better protect their wireless networks.



  • adml_shake, on 10/12/2007, -1/+5"Get a freakin clue. The poster of this story could get nailed some places for aiding and abetting a crime. This isn't some "say oh and let it go" matter. Digg could get sued/shut-down if someone used these instructions for "evil.""

    Get one your self, the poster of this would in no way be liable for showing how to do this. They teach this stuff in freaken college security classes for Christs sake. As long as you put up some sort of disclaimer (I can't see the website now since I'm at work) then your pretty much safe.
  • jnosanov, on 10/12/2007, -0/+4I agree with zenscope... this information should be public knowledge. Ignorance of vulnerability is no security. If this information makes your network less secure, then improve your network security until this information is worthless.
  • clearzen, on 10/12/2007, -0/+3@nokia1
    Actually I have done this on windows before and I found that I like linux much more because I have complete control over the programs. And you can write and compile code then integrate it into whatever you might be using, much faster with linux. Of course I haven't been doing this for nine years either. I just starting coding 2 years ago in college.
  • tatnall, on 10/12/2007, -0/+3Add then your neighbor starts a torrent server using your connection.
  • rderveloy, on 10/12/2007, -0/+3"The device in question is a Nintendo DS. No way to update the hardware or firmware: you're stuck with WEP. All my other devices support WPA, except for the DS."

    Well, if you're really concerned about your wireless security and if you know how to do so, you could always add another wireless network in your house. One could have WEP, one could have WPA. Simply make the DS the only machine that can log on the WEP network via MAC address filtering.
  • rderveloy, on 10/12/2007, -0/+3"Some of us CAN'T do more to secure our access points. I'd love to use WPA, but not all of my devices support it, so i'm stuck with WEP."

    Try updating the firmware on said devices that don't support WPA. If that doesn't work, you should seriously consider replacing the equipment that doesn't support WPA.

    In fact, the FBI openly demonstrated how WEP can be cracked in 3 minutes:
    http://www.tomsnetworking.com/2005/03/31/the_feds_can_own_your_wlan_too/
  • michaelschmitt, on 10/12/2007, -0/+3Didn't know how big a deal the difference between WPA and WEP was until I saw this on Digg. Switched to WPA as soon as I got home.
  • seinman, on 10/12/2007, -1/+4The device in question is a Nintendo DS. No way to update the hardware or firmware: you're stuck with WEP. All my other devices support WPA, except for the DS.
  • neiras, on 10/12/2007, -1/+4If you were using Linux and NetworkManager, you'd just click the 'sniff key and login automatically' checkbox. No further effort needed. See http://rlove.org/images/nm-screenshot-20060504.png
  • neuroplasma, on 10/12/2007, -0/+3Haha, that's the kind of attitude that allows others to get free internet access.

    Thanks.
  • nokia1, on 10/12/2007, -1/+4Hi Wubrgamer Im glad it makes you think that way as this was the original purpose of the paper..not to teach how to break WEP but to illustrate how easy it is and to encourage people to use a different means of security!

    WPA / PSK / RADIUS are all viable alternatives....post on the site it is hosted on if you need more info and I will be glad to help you as much as I can!
  • ldhertert, on 10/12/2007, -4/+6MAC address spoofing is trivial.
    WPA2 with a random key is the answer to all these WEP vulnerabilities.
  • nokia1, on 10/12/2007, -0/+2Part 2 = Connecting to the AP, things that can be done to other clients once connected to the AP, getting admin rights of the AP once connected amongst other things

    Part3 will be cracking WPA.
  • MrKite, on 10/12/2007, -0/+2But my router notifies me of duplicate mac addresses on the network, shows me the ip address, and then asks me if I want to block it.
  • BIGmog, on 10/12/2007, -0/+2If this is part 1, what will part 2 cover?
  • spyrochaete, on 10/12/2007, -0/+2This information IS public knowledge. This author has just taken publicly available data about international standards and written them in a certain order.
  • nokia1, on 10/12/2007, -1/+3Dont get me worng buddy Im not saying WIndows is better than Linux or vise versa...just that there are some app's on Windows that I like better than the Linux equivelent and there are some on Linux that I prefer to the WIndows ones.....

    I have always use both O/S's to get a accurate outcome to any pentest.....it is personal preference at the end of the day. If you think all the Linux app's are good enough thats fine, I have just found it better to mix 'n' match is all!

    You do make a good point about being able to complie and integrate your own code much fater with Linux though!
  • tatnall, on 10/12/2007, -0/+2It's been possible on XP for around a year using aircrack if memory serves me correctly.
  • michaelschmitt, on 10/12/2007, -0/+1Anyone who wants their home network to support the Nintendo Wi-Fi connection, at least for now. I decided I'd rather have better security. The DSes in the house will just have to play multiplayer with each other.
  • nokia1, on 10/12/2007, -0/+1Yep, thats a 40 bit WEP key buddy.

    Just enter 0004193928 in to the prompt when it asks you for the network key and you will be ok as long as there is no MAC filtering enabled on the AP. The colons are there for berevity reasons only and should not be used when entering the WEP key.

    Good Luck
  • nokia1, on 10/12/2007, -0/+1How short is it?

    WEP keys can be displayed seperated by colons depending on the output..it may be a 40 bit WEP key? Post what you have got and I will be able to help you more maybe.

    When entering it in to windows just remove any colons and enter the alphnumberic didgits only.
  • Hutch, on 10/12/2007, -0/+1@nokia1
    Looking forward to part2/the video. I signed up and looked around for both I assume neither is out yet :P
    Any idea when you'll get the time?
  • antdude, on 10/12/2007, -0/+1"Invalid thread specified. If you followed a valid link, please notify the webmaster"
  • Madgoldfish, on 10/12/2007, -0/+1Who has WEP anymore?
  • nokia1, on 10/12/2007, -0/+1The video has been made...just waiting for one of the site admins to stop faffing around with the FTP server... :-)... and get it up and running! ...Part Two will probably be ready for next weekend, maybe the weekend after...it will be on the same site as this, in the same forum so just keep popping in I suppose and checking on it!
    I will definatly be no later than next weekend though!
  • cyzoonic, on 10/12/2007, -0/+1This method will take hours and hours to get enough IV to crack. If you can't do packet injection whats the point of using windows?
  • nokia1, on 10/12/2007, -1/+2Obviously you dont do much pentesting my friend and are sitting on the Linux is king of the hackers band wagon...I have conducted pen test's for close to nine years and use Windows in conjuction with Linux...what ever gets the job done best IMHO.
  • jorel314, on 12/13/2008, -0/+1Here's a tutorial on how to crack WEP on a Mac...

    http://bit.ly/aiSw
  • nokia1, on 10/12/2007, -0/+1You can do packet injection....you will just have to work out how to do it for yourself.......and it took 26 minutes..........
  • cspaz, on 10/12/2007, -0/+1Exactly. I don't care if someone else uses some of my bandwidth. I also check my DHCP leases and scan my subnet every day just to see if anyone is using/has used it. Been running unprotected for 6 months now and not a single connection other than mine.
  • nokia1, on 10/12/2007, -1/+2You dont have to use the Wild Packet drivers.......It is just what I have used for this paper is all.....you may be able to upgrade the firmware of your Wireless Adaptor to make it more compatable depending on what one you have...
  • Poddo, on 10/12/2007, -0/+1Got a link to a tutorial? Enlighten us please.
  • clearzen, on 10/12/2007, -1/+2I've seen other articles on this site about cracking wep. This is old news all around. Just get Backtrack and use that. Windows is not what you use for pentesting.
  • nokia1, on 10/12/2007, -1/+2Will write one soon for it - keep an eye out on the site it is hosted on.
  • Fetching more discussions...
    Show 51 - 99 of 99 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.