170 likes | 194 Views
CSCI388 Project 1 Crack the WEP key. Liran Ma Department of Computer Science The George Washington University lrma@gwu.edu. Project resolutions. Experiment with IEEE 802.11b/g networks. Learn how to use different network analysis tools. Exploit 802.11 (WEP) security properties.
E N D
CSCI388 Project 1Crack the WEP key Liran Ma Department of Computer Science The George Washington University lrma@gwu.edu
Project resolutions • Experiment with IEEE 802.11b/g networks. • Learn how to use different network analysis tools. • Exploit 802.11 (WEP) security properties.
Warning • Do not hack any wireless networks other than the one provided for this course. • It is your sole responsibility for your actions!
Notes (1/2) • No laptop will be provided for this project. If you really can not have a laptop, talk to me after class. • Linux OS is highly recommended for this project, though Windows can do the same job as well. • The best practice is to use a special security Linux distribution (such as WHAX, backtrack and etc) with • A USB flash drive with 1G above capacity.
Notes (2/2) • A “good” 802.11b/g wireless card, which must be able to run in promiscuous mode. • Not all cards will do this, especially USB based ones. • Most PCMCIA cards will do promiscuous mode just fine though. • You are not required to follow exactly the procedures/steps mentioned below as long as you answer the question correctly. • Those steps are just meant to provide you with some guidelines.
Wireless Access Point (AP) Location • There is only one AP located in 719, which is near to AC 725, running both 802.11b and 802.11g. You can work at AC 725 because it is an open lab. • The network name, i.e., the SSID is CSCI388. • Please report to cheng@gwu.edu if the AP seems to be failing.
Step 1: network survey • You will have to find the detailed information about the wireless network: • AP’s MAC address. • Security protocol running. • Encryption key length. • Clients association. • Any other information that can help you to crack the key. • For windows users, survey the site using Netstumbler. • For Linux users, use either Kismet or Air snort.
Step 2: Data collection • Due to the broadcasting feature of the wireless communication, you can sniff the traffic even you are not a legitimate user. • Collect data packets using tools such as Ethereal, Kismet. • After collecting enough encrypted data (ranges from 500 mega to 1G), you are ready to crack the WEP. • For extra credits, you need to detect which service the server is running and figure out how to get the file via hacking that service.
Step 3: crack the key • Crack the WEP key using the collected data. You can recovery the key by: • The weakness of the key scheduling in RC4. • Active dictionary attack. • Or any other attacking measures (some attacking method can make your life much easier. Last year’s record is two hours). • Once you recovery the key (in ASCII format, convert it to ASCII if you get a key in hexadecimal format), you know you did it right.
Extra credits: Hack into the server • Use the data collected in step 2: • Detect which service the server is running. • figure out the user name and password. • Then, get the file from the server using the user name and password. • You may need a little extra works in order to associate with the AP and get access to the server.
What to turn in • A zip or tar ball file that contains: • Detailed cracking steps (including what tools are used, how to install and run them, provide snapshot if necessary). • The WEP encryption key. • One legitimate MAC address. • Answers to the questions. • Extra credits: • The user account and its password of the service that is running on the server. • The file you see after you hack into the server.
Available tools • Windows Wireless Security Tools • Ethereal – a free network protocol analyzer (sniffer) http://www.ethereal.com/ • WinPcap – for capturing packets http://winpcap.polito.it/default.htm • Netstumbler – site surveying utility http://www.netstumbler.com/ • tinyPEAP – Official tinyPEAP site http://www.tinypeap.com • Change MAC address: http://www.nthelp.com/NT6/change_mac_w2k.htm or http://students.washington.edu/natetrue/macshift/ • WepLab – a Wep Security Analyzer. http://weplab.sourceforge.net/ • Linux Wireless Security Tools • Ethereal – a free network protocol analyzer (sniffer) http://www.ethereal.com/ • LibPcap – should be available with your distribution of Linux. • Kismet – A VERY good tool for surveying wireless networks puts Netstumbler to shame http://www.kismetwireless.net/ • Airsnort – A utility for cracking WEP keys. Also, you can get information about Monitor mode on the Airsnort page. You may find this useful, although not essential. http://airsnort.shmoo.com/ • For changing you MAC address in Linux, use ifconfig <iface> hw ether <mac address>. • WepLab – a Wep Security Analyzer. http://weplab.sourceforge.net/ • WepAttack – this tool uses different approach (active dictionary attack) to crack the WEP. You are welcome to try it. http://wepattack.sourceforge.net/
Questions? Good luck and have fun!