Weekend WiFi hack
A simple question by a friends on Friday night, and it determined what I would upto on weekend. My roomie's friend had dropped in from Pune, got the signal of my WiFi network, proudly broadcasting its SSID, OldTrafford. He requested for the access. And I was baffled for sometime, as It had been months, key was referred. Not that I was hesitant, but I could not recall that tricky hex key, so I had go thro' some older documents to share. It reminded me, of very well known fact that, WEP is vulnerable and can easily be cracked. An article published in Linux-For-You (Jan 09), was the last thing i could recall, which explained about the tools to stimulate the attack. So before I re-configure the router to more secure algorithm, I though of hacking my own wireless network. Nuts .
My work requires me to use Wireshark sniffer regularly, but all these time I had been capturing LAN traffic. But when it comes to wlan sniffing a certain set of tools and support from driver is needed. Most of the time stock driver needs to be patched for sniffing and particularly for packet injections. Once the driver is patched, a right sniffer is required to get started. Air-crack is the first choice among hackrs. If one does not want to go thro' fun of finding the right driver patch and then compiling it, he can go for Backtrack Linux distribution. BackTrack is the most widely used Linux live distribution, focused on network penetration testing. Its readily available with patched driver and Air-crack installed. So just boot from the disk and start hacking.
Since I'm running Ubuntu 8.10 on my Lenovo, I tried to patch my wlan drivers. The getting started section of Air-crack explains everything, you dont need to wander around anywhere for more info. The first step was to determine the chipset, there could be plenty of way to get it done, but the easiest way could be "lspci --vv" utility, which provides detailed info. My Centrino a/b/g chipset was using driver:- iwlan3945. Once chipset and drivers were identified, select the right patch from the list. Alas, here I ended up downloading a different version of patch. Build started throwing a lot compilation errors. And I conscientiously started fixing all errors one by one. After an hour or so I got it compiled successfully, never knowing that I'm using the wrong patch version. So when I did modprobe, I *realized* that I just screwed up my native driver. So forget about the sniffing but my wireless interface wont come up. Voila, I learnt another way of how it does not work, a la Thomas Edison style.
I switched to plan B,as it often happens in Hollywood movies, ownloaded Backtrack, burn it on the CD. Setup my Toshiba lappie to download heavily over Wi-Fi interface. Lenovo was running AIr-crack on BackTrack. After capturing around 45000 packets, I could actually cracked the encryption key. Ahh, so much, for cracking my own router key :). Crazy me.
Then it was time to fix my Ubuntu drivers. Its up and running fine, so i'll try again to patch this driver.
Observation:
1) The reason most ppl use 64 bit WEP at home is, it is the first security choice presented to users by router configuration tools,
2) Probably the installation guy does not know any other means router configuration for secure access.
3) Even after knowing, user is least concern about it.
You may wish to switch to 128 /256 bit encryption, even this version of keys are also breakable, it just takes longer to break in. Sometimes you dont even need any sniffer, cause most of the people uses their mobile number as the key. If you fall in this category, I immediately suggest you to change your key. People serious about beating your router can easily get your mobile number. The better thing would be switching to more secure algorithms like WPA.
WEP loopholes are well known for many years, I *felt* it now.
My work requires me to use Wireshark sniffer regularly, but all these time I had been capturing LAN traffic. But when it comes to wlan sniffing a certain set of tools and support from driver is needed. Most of the time stock driver needs to be patched for sniffing and particularly for packet injections. Once the driver is patched, a right sniffer is required to get started. Air-crack is the first choice among hackrs. If one does not want to go thro' fun of finding the right driver patch and then compiling it, he can go for Backtrack Linux distribution. BackTrack is the most widely used Linux live distribution, focused on network penetration testing. Its readily available with patched driver and Air-crack installed. So just boot from the disk and start hacking.
Since I'm running Ubuntu 8.10 on my Lenovo, I tried to patch my wlan drivers. The getting started section of Air-crack explains everything, you dont need to wander around anywhere for more info. The first step was to determine the chipset, there could be plenty of way to get it done, but the easiest way could be "lspci --vv" utility, which provides detailed info. My Centrino a/b/g chipset was using driver:- iwlan3945. Once chipset and drivers were identified, select the right patch from the list. Alas, here I ended up downloading a different version of patch. Build started throwing a lot compilation errors. And I conscientiously started fixing all errors one by one. After an hour or so I got it compiled successfully, never knowing that I'm using the wrong patch version. So when I did modprobe, I *realized* that I just screwed up my native driver. So forget about the sniffing but my wireless interface wont come up. Voila, I learnt another way of how it does not work, a la Thomas Edison style.
I switched to plan B,as it often happens in Hollywood movies, ownloaded Backtrack, burn it on the CD. Setup my Toshiba lappie to download heavily over Wi-Fi interface. Lenovo was running AIr-crack on BackTrack. After capturing around 45000 packets, I could actually cracked the encryption key. Ahh, so much, for cracking my own router key :). Crazy me.
Then it was time to fix my Ubuntu drivers. Its up and running fine, so i'll try again to patch this driver.
Observation:
1) The reason most ppl use 64 bit WEP at home is, it is the first security choice presented to users by router configuration tools,
2) Probably the installation guy does not know any other means router configuration for secure access.
3) Even after knowing, user is least concern about it.
You may wish to switch to 128 /256 bit encryption, even this version of keys are also breakable, it just takes longer to break in. Sometimes you dont even need any sniffer, cause most of the people uses their mobile number as the key. If you fall in this category, I immediately suggest you to change your key. People serious about beating your router can easily get your mobile number. The better thing would be switching to more secure algorithms like WPA.
WEP loopholes are well known for many years, I *felt* it now.