Skip to Main Content
Wireless Hacks
book

Wireless Hacks

by Rob Flickenger
September 2003
Intermediate to advanced content levelIntermediate to advanced
304 pages
8h 39m
English
O'Reilly Media, Inc.
Content preview from Wireless Hacks

Cracking WEP with AirSnort: The Easy Way

Use a dictionary attack to test the security of your WEP key.

While widely publicized for its ability to crack a WEP key in real time by attacking weaknesses in the implementation, AirSnort requires a potentially large amount of data to be gathered before the attack is successful. AirSnort also comes with a largely unknown utility that will perform a dictionary attack on a relatively tiny sampling of network traffic.

Using the aptly named decrypt utility, you can attempt to decrypt a WEP stream by trying a list of potential candidates from a word list. This attack can be carried out in a matter of minutes, rather than the hours that would be required to collect the large traffic samples needed to interpolate a WEP key.

To use the decrypt utility, you first need a packet dump from a utility that can capture raw 802.11 frames (such as Kismet [Hack #31]). You will also need a list of suitable candidates, namely words that are either 5 or 13 characters long (for 40-bit or 104-bit WEP respectively). Invoke the utility like this:

# decrypt -f /usr/dict/words -m 00:02:2D:27:D9:22 -e encrypted.dump -d 
            [RETURN]
            
out.dump
Found key: Hex - 61:6c:6f:68:61, ASCII - "aloha"

Notice that you also need to specify the BSSID of the network you wish to attempt to decrypt. In this case, the BSSID is the same as the MAC address of the AP, but can be set to virtually anything. You can obtain this field from the Info pane inside Kismet when capturing the data

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Maximum Wireless Security

Maximum Wireless Security

Cyrus Peikari, Seth Fogie
Real Time Over Wireless

Real Time Over Wireless

Jerome Henry / Rob Barton
Troubleshooting Linux® Firewalls

Troubleshooting Linux® Firewalls

Michael Shinn, Scott Shinn

Publisher Resources

ISBN: 0596005598Catalog PageErrata