digg

Facebook Connect Join Digg About

How To Crack WEP and WPA Wireless Networks

docs.lucidinteractive.ca How to crack wireless networks protected by WEP or WPA keys.

Who dugg this? Made popular May 24, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

135 Comments

show profanity settings
expand all
  • nights0223, on 11/10/2007, -6/+108Because the world can never have enough script kiddies
  • expertninja, on 10/12/2007, -5/+51At least I could blame the script kiddies when the RIAA and/or the MPAA comes knocking at my door. "Bittorrent, what's that? Never heard of it."
  • streetstealth, on 10/12/2007, -1/+27All they offer for WPA PSK is brute-force dictionary attacks?

    Please.

    I'd like to see their dictionary come up with my PSK of JIK8EHEZBXSQS4O9DEBSDOPSNE8UFKSDI8 sometime before my router is in a landfill (or hopefully in a more ecologically-sound option).

    With a decent key, WPA PSK is hardly what I'd call vulnerable.

    And if you have anything on your network worth that much brute force time to a cracker, you're probably already using Radius.
  • Terc, on 10/12/2007, -2/+20It's very valuable for people to see that "wireless security" isn't so secure. Sure it sucks that more people will see how to do this, but hopefully many more will be made aware just how unsafe wireless is.
    To the front page with this!
  • jonnyeh, on 10/12/2007, -2/+17Get your completely unique, unbreakable, and random, WPA keys here: https://www.grc.com/passwords.htm
  • MatttK, on 10/12/2007, -8/+23And rightfully so. Some people might think "morons" deserve to have their networks cracked but they don't deserve it any more than a pretty girl in a dark alley deserves to get raped.
  • 16x9, on 10/12/2007, -1/+16With respect, Terc, that's not correct.

    WPA is completely safe provided that a long and completely random (cryptographically secure) passphrase is used.

    Do people always use long and completely random passphrases? Almost never. But my office safe wouldn't be secure either if I set the combinination to 0 to the left, 0 to the right and o to the left again. Actually, my office safe is just a fire safe so it's really not that secure anyway but I think you get my point.
  • burke, on 10/12/2007, -1/+13Alright, WEP is totally insecure. I think we can all agree on that. WPA, however, is actually not all that vulnerable. It relies on the strength of your passkey. Unless you pick a passkey like 'google', it should be pretty difficult to crack. If you use the 'set it and forget it method' (ie. generate 63 random characters), it's more or less completely secure. Computationally, that would take a practical infinity with anything less than a supercomputer to bruteforce.
  • dclowd9901, on 10/12/2007, -0/+11Damn. And to think I just secured my wireless with this crap today, and any curious kid could smoke their way right through it. sheeznite.
  • warrenfalk, on 10/12/2007, -0/+10To do it enough to avoid eavesdroppers, you would eliminate the benefits of wireless altogether.

    In other words, yes, they call it Ethernet.
  • dss311, on 11/12/2007, -2/+12Easier to understand instructions:

    http://www.tomsnetworking.com/2005/05/10/how_to_crack_wep_/
  • tuna1, on 10/12/2007, -4/+14I think you're kinda mixing apples and oranges, but I get your point.
  • Urusai, on 10/12/2007, -1/+11Don't forget TEMPEST attacks! You must use fiber optic exclusively, preferably with quantum entangled photons. Then, you must shoot anyone who knows the password, including yourself.
  • bshocked, on 10/12/2007, -0/+9https://www.grc.com/passwords.htm - ultra high security password generator. Great for wpa passwords, good luck remembering it.
  • killa62, on 10/12/2007, -2/+11site is very slow already
    duggmirror http://www.duggmirror.com/security/How_To_Crack_WEP_and_WPA_Wireless_Networks/
    google http://72.14.203.104/search?hs=sUq&hl=en&lr=&c2coff=1&q=cache%3Ahttp%3A%2F%2Fdocs.lucidinteractive.ca%2Findex.php%2FCracking_WEP_and_WPA_Wireless_Networks&btnG=Search
  • MrKite, on 10/12/2007, -0/+9By the time someone cracks the key there's another one generated. Let them spend all day trying to connect. Just keep your ip range tight and generate a new key list weekly (if you're that paranoid).

    Businesses are a different story. Never keep sensitive data on a wireless network.
  • dille, on 10/12/2007, -2/+10@jesusisapervert

    If someone can get through your WEP/WPA protection MAC filtering ain't gonna help you a lot. You can get the MAC address in a millisecond with sniffer. It's pretty much useless feature (if you use it as security feature).

    WPA so far is uncrackable if you use strong enough password. Of course if your WPA password is "password" in that case WPA or any other encryption ain't gonna help a lot.
  • sahaskatta, on 10/12/2007, -3/+10here are the coral links since the site seems to be dying :(

    http://docs.lucidinteractive.ca.nyud.net:8090/index.php/Cracking_WEP_and_WPA_Wireless_Networks
    http://docs.lucidinteractive.ca.nyud.net:8080/index.php/Cracking_WEP_and_WPA_Wireless_Networks

    hope that helps!
  • Terc, on 10/12/2007, -0/+7@16x9
    You're absolutely right, WPA is very much secure if set up correctly. I was just trying to say that this is a good way to make people aware of the weaknesses in wireless security (if they're even using it). I spent a couple days playing with the wireless tools available a year ago and honestly was very surprised how easily people could get past the TYPICAL security settings used. Personally, I'm using WPA... and I feel safe enough.

    Digg for your comment though, It's always best to question others
  • maseone, on 10/12/2007, -1/+8Here is an open source app that stores encrypted passwords (promoting the safe use of very-complex passwords) and generates them if needed.

    http://keepass.sourceforge.net/

    Highly recommended, and works well for saving complex PSK's in a safe place.

    Bless..
  • r00tus3r, on 10/12/2007, -0/+6At least now you know (because trust me, the hackers already do) better than to "protect" your network with this. With all the weaknesses that exist with wireless networks, I've simply turned the wireless capabilities of my modem off, but the average user doesn't even know how to do that. This makes me wonder how the RIAA is able to make any of the cases stick, when in truth and in fact, anyone with a modem that has built in wireless could easily have been hacked, and have someone who illegally gained access to their network, frame them for copyright infringement. How could these court cases possibly stand up in a court of law, would this not lead to reasonable doubt? How can we blame users for not securing their networks when the technology we give them to do it is far from fool proof. This issue needs to be looked at.
  • rocke86, on 10/12/2007, -12/+18[sarcasm]Great, Thanks for sharing![/sarcasm]
  • tuna1, on 10/12/2007, -6/+11LOL? Thats not funny.
  • pabster, on 10/12/2007, -1/+5A pretty lame article.

    WEP's security flaws are well documented and well known. If you are using WEP, you are a ***** idiot.

    WPA (and, preferably, WPA2) are VERY secure. With a 63 character passphrase, that lame ***** with his 40-million word dictionary will NEVER get in to your network.
  • chembro84, on 10/12/2007, -1/+5I've tried out Kismac for OS X and the only wep i've been able to crack is my own LOL (and I've tried like 10 just for fun)
  • burke, on 10/12/2007, -0/+4I highly doubt it. Maybe if you made your walls of lead and sealed your windows and doors (with lead).
  • abcb, on 10/12/2007, -0/+4So everyone will just switch to WPA security. So long as you don't acutally use recognizable words, they can't use dicitionary brute force to crack the AP.
  • ArchonSG, on 10/12/2007, -0/+4WEP is a known insecure "security" system. As for WPA, what was described only works if you use short, easily parseable dictionary referrenced password that can be stress cracked or bute forced hacked.
    Try using a WPA password like :

    Hkmwehe120^$&)#@MCA@#nafvakldreg

    Save that as a text file on a flash key drive to "authorise" other pcs when you need and you'd be safe. More so if you use all 60 odd characters that's available for the WPA encryption phase key generation.
  • Durrok, on 10/12/2007, -0/+4Would be nice if they would release these tools for windows. I can never get linux to pick up my wireless cards :(
  • saska, on 10/12/2007, -4/+7Wireless security: unplug your Ethernet cable.
  • miaow, on 10/12/2007, -0/+3this is the problem. script kiddies know of these things, and the ordinary public don't. the companies and rubbishy security websites mistakenly give the public a false sense of security and seem to fail to promote the basics. I have looked many times for this sort of information to know how safe wireless is. From what Im reading, Radius WPA is the only real safe version. PSK looks pretty safe but crackable.
  • adinb, on 10/12/2007, -3/+6er, 2? what was the other network? :P

    Just because binary jokes are in vogue right now...

  • jambarama, on 10/12/2007, -0/+3Some of the best passwords use ASCII characters, like the alt #### combinations. Rainbow tables are basically impossible when you include those (because there are hundreds, the tables bloom exponentially in size to petabytes of data), most bruteforcers don't bother checking (even if they did, it'd take a century) and no dictionary attack will work.

    I don't know if WPA specifically supports ascii - my VPN does as do most online passwords - but if they do it can make a relatively short password nearly invincible. Even just one ASCII can make a weak password very strong.
  • dbr_onix, on 10/12/2007, -0/+3Erm, they have? "259,000 for aircrack windows"
    It's unreliable as feck, and hard to get working.. Try the ubuntu live-cd, or Backtrack (live-CD also), those two seem to have the best hardware compatibilty of the ones I've tried, then it's easy to use apt-get to install kismet/aircrack on Ubuntu, and Backtrack has it set-up already..
    - Ben
  • jambarama, on 10/12/2007, -0/+3This article isn't terribly insightful. Want to crack WEP? I'll tell you how - Get auditor/backtrack/whax/knoppixSTD/nubuntu whatever security distro you want - run kismet for ten minutes when the network is active - throw the dump file into aircrack - presto. 15 minutes tops for the whole thing, it takes longer to download the security distro than crack wep.

    There are some wpa cracking tools out there, but they suck. You're looking at like a week plus of packet captures and IF they have a weak password you may crack it in a day with cowpatty. If they have a strong password, you may be looking at a month or more of packet captures and a week or more of cracking (or use some rainbow tables, but the packet capturing still takes forever).

    Seriously, if they're using WPA, you'l be much better off doing an nmap version scan, using f-secure (or equivalent) to find vulnerabilities in the unupdated software they're using, then using metasploit to take advantage of it. Much faster & more reliable than cracking WPA.

    WPA is secure, you aren't going to be cracking it all the time or very quickly. WEP sucks, everyone knows it - the only possible issue is that cracking the password is technically breaking the DMCA. Cain & Abel also has some wep cracking tools. Moral of the story - this is nothing new, if you want wireless security, set up a VPN or use WPA.
  • Acglaphotis, on 10/10/2007, -0/+3Who gives a *****?
  • rabasolo, on 10/12/2007, -2/+5No digg. After all the tech-speak, all it does is show the vulnerability of bad passphrases and it does not show any vulnerability with WPA.
  • bennyboy371, on 10/12/2007, -2/+5Warrant? Last I checked, the RIAA and MPAA wouldn't have police authority.
    Besides, covering tracks helps no one, have you ever heard of anyone getting their case thrown out? No? Because its guilty until proven innocent, and only the rich with principles to uphold look in that direction, and nothing has finished that way yet.
    My point? Acting stupid is a plenty good start.
  • miaow, on 10/12/2007, -0/+3apart from the obvious security suggestions, 2 other things I can think of are :

    switch the modem off when you're not using it
    set the signal to the least strongest strength that still gives you a good signal.

    at least it makes getting the packets physically awkward ??

  • metalstorm, on 10/12/2007, -0/+3I am satisfied with my WPA and find it sufficient enough. If someone wants to try and brute force my 17 char length random password they can go for it. I will be long gone before they get lucky enough. VPN is nice for when you want to keep isolated, but can be a hassle to use otherwise when WPA with a good password is sufficient.
  • 16x9, on 10/12/2007, -0/+2> Terc wrote: "...WPA is very much secure if set up correctly. ... It's always best to question others"

    Asking questions is often the best way to learn new things. :) You're are correct, of course, that a good passphrase is key (pardon the pun).

    I can't tell you how many times I've actually lost the argument with clients that they should use a good passphrase on their wireless routers. I understand my client's desire to keep the passphrase simple so that it doesn't frustrate any of their visiting clients/consultants, but the passwords they insist I use are little better than using no security at all. Worse, in fact, because it tends to give them a false sense of security.

    > jonnyeh wrote: "Get your completely unique, unbreakable, and random, WPA keys here: https://www.grc.com/passwords.htm"

    That's where I get mine.
  • rwelsh, on 10/12/2007, -1/+3@Specks: "Yea, only if you'e stupid enough to use words from a dictionary for a key or password." I think that's part of the point here. And it's not a matter of being stupid, it's a matter of not knowing the basic ins and outs of network security. The majority of home wifi network users are not up on the subject. They're average joes who know what an AP is, that it lets them get wireless, and that it can be secured with a "password". So they often use a word. Most words will be found in a 40 million word dictionary file. Home router manuals are now finally starting to stress the idea of a passKEY instead of a passWORD, emphasizing that random is better.

    But average joes don't know about wonderful open-source (what's that?!?) applications like KeePass that make keeping track of totally random characters just as easy as keeping track of easy-to-remember passwords.

    If I don't understand the importance of random characters over a tricky combination of two or three words - if that even - a password / -phrase that means something to me it is.
  • Snuffkin, on 10/12/2007, -0/+2No, the DMCA forbids the cracking of a -copy prevention- measure. Whereas cracking a WEP/WPA password falls into the whole category of "unauthorized access to a computer network", which I'm pretty sure is illegal by different laws, since the whole thing doesn't exactly have to do with copyright.
  • cphuntington97, on 10/12/2007, -1/+3Use a website to generate it, then rearrange and change several characters... that should be enough to foil any website's "I'm going to crack your network since I gave you the passphrase!" plan.
  • joeanon, on 05/28/2008, -0/+2You have to have the right wireless card or you can't crack some networks.

    Backtrack 3... is the way to go for penetration.
  • Specks, on 10/12/2007, -0/+2"A robust dictionary attack will take care of a lot of consumer passwords."

    Yea, only if you'e stupid enough to use words from a dictionary for a key or password. Use KeePass to make and keep your passwords. It's free as in beer and the executable is small enough to keep on a usb drive and if you lose it, the database is encrypted so good luck to the finder in cracking that. If they do, you've changed all the passwords by that time anyways. Remember always keep an up to date backup of the database.
  • rastan, on 10/12/2007, -0/+2@miaow
    Because until TLS becomes the norm, it would break name-based virtual hosting. Not to mention the PKI requirements and the computational overhead (less of an issue than it used to be).

    That's why all our traffic isn't https :) Unless you're using an SSL VPN or some sort, but that's not https, that's SSL, and it only covers the endpoints of the tunnel, and not a true end-to-end solution (unless your endpoints ARE the true endpoints, of course).
  • Specks, on 10/12/2007, -0/+2Oh forgot to put where you can get keepass.

    Get it here. http://keepass.sourceforge.net/

    @rwelsh
    You're absolutely right. Which is why its up to us. The ones "in the know" to teach individuals how to secure their APs so script kiddies who follow instructions like this don't wreck havok on unsuspecting consumers.
  • miaow, on 10/12/2007, -0/+2exactly Rwelsh. I think the term 'passphrase' can also confuse home users. They dont realise the basics of picking even a basic password.
  • rwelsh, on 10/12/2007, -0/+2Thanks for the link; never hurts to see another point of view on such an interesting topic.
  • Fetching more discussions...
    Show 51 - 100 of 135 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.