In this phase of the audit, armed with the lists of APs and their respective encryption schema, the auditor attempts to crack the encryption scheme used by the target organization on a per-AP basis.
Wired Equivalent Privacy (WEP) was the first encryption standard implemented when the 802.11b wireless standard was first introduced. Until recently many APs only supported WEP for purposes of doing link encryption. Even for those that can support improved frame-level encryption schema, WEP is still widely used. Weaknesses in the WEP encryption implementation have been widely documented, with the definitive explanation being from a paper written by Fluhrer, Mantin, and Shamir in 2001 entitled "Weaknesses in the Key Scheduling Algorithm of RC4."
The first generation of WEP-cracking tools like Airsnort or even Dwepcrack relied solely on the number of frames that were captured that contained data encrypted with weak (termed interesting) initialization vectors (IVs). Thus, the auditor typically had to spend a long time collecting wireless packets (approximately 10 million encrypted data packets) before these first-generation cracking tools could discover the WEP key in use.
Sometime in 2004, a new WEP statistical cryptanalysis attack method was introduced that vastly reduced the number of frames needed to crack the WEP key. Aircrack-ng is an example of this type of second-generation tool, which uses the new technique together with an improved Fluhrer-Mantin-Shamir technique to make cracking much faster. Using Aircrack-ng, you no longer have to capture millions of frames, only just hundreds of thousands with unique IVs.
Included in the Aircrack-ng suite, Airodump-ng is a sniffing tool that was built to work in conjunction with Aircrack-ng. The output of Airodump-ng can be fed into Aircrack-ng, which can perform a simultaneous crack attempt as Airodump-ng is still capturing frames. The following output shows a running instance of Airodump-ng:
usage: airodump-ng <interface> <output prefix> [channel] [IVs flag]
Specify 0 as the channel to hop between 2.4 GHz channels. Set the optional IVs flag to 1 to only save the captured IVs - the resulting file is only useful for WEP cracking.
If the gpsd daemon is running, airodump-ng will retrieve and save the current GPS coordinates in text format.
[CH 7 ][ BAT: 1 hours 13 mins ][ 2006-10-23 14:32 ]
BSSID PWR Beacons # Data CH MB ENC ESSID
00:14:21:44:31:9C 46 15 3416 6 54. WEP the ssid
00:09:5B:1E:4E:1A 36 54 0 11 11 OPN NETGEAR
BSSID STATION PWR Packets Probes
00:14:21:44:31:9C 00:09:5B:EE:55:22 48 719 the ssid
00:14:21:44:31:9C 00:02:2D:CA:EB:1C 190 17 the ssid
Aireply-ng (another tool included in the Aircrack-ng suite) is primarily a packet injection tool. Its main purpose is to inject traffic into the wireless network so as to allow cracking to be done by Aircrack-ng. The tool can be executed in different modes. One particular mode causes the deauthentication of a connected client to force a reassociation by the client in order to generate ARP frames that the attacker can use in an ARP-replay attack. Other tools in the Aircrack-ng suite include Airdecap-ng, which decrypts WEP/ WPA capture files, as well as Packetforge-ng (used to forge wireless frames).
WiFi Protected Access (WPA) is a standard that was created in response to the serious weaknesses found in the WEP encryption schema. It improves on WEP by using dynamically created temporal encryption keys revolving around the Temporal Key Integrity Protocol (TKIP), 802.1x access control mechanism, and the Extensible Authentication Protocol (EAP) to secure network access. It was intended as an intermediate measure to replace WEP while the full 802.11i specification was being finalized. WiFi Protected Access 2 (WPA2, also known as RSN or Robust Security Network) was subsequently released and it implements the mandatory elements of 802.11i.
Specifically, it introduces a new AES-based algorithm, Counter-mode, CBC-MAC Protocol (CCMP), which is considered fully secure. As of the date of writing, no publicly released exploit for either WPA or WPA2 exists.
Although WPA is designed for use with an IEEE 802.1x authentication server functioning in an enterprise environment (hence the moniker WPA-Enterprise), a WPA variant exists that uses passphrases as a seed value to generate the temporal encryption key used to secure the data payload of wireless frames. This is known as the Pre-Shared Key (PSK) mode. WPA-PSK is designed for home users who have no resources to set up and maintain an authentication server. All that's required is that the APs and every user be given the same passphrase for software residing on the client called the WPA Supplicant to connect to the AP.
Unlike WPA, the WPA-PSK mode is exploitable via an offline dictionary attack. In WPA-PSK implementation, the PSK is the seed value from which the Pairwise Master Key (PMK) is created, which, in turn, drives the entire four-way handshake and the whole Pairwise Transient Key (PTK) keying hierarchy. The Password-Based Key Derivation Function v2.0 (PBKDF2) mathematical formula for converting a passphrase PSK to the 256-bit value needed for the PMK is already well-known. Thus, all that's needed is to find the correct PSK, which will generate the 256-bit PMK. All this information can be found in the WPA-PSK four-way handshake. Thus, in certain circumstances, it may be actually faster to crack a WPA-PSK-protected network than a WEP-protected one.
Before WPA-PSK cracking can be performed, the four-way handshake of a valid client needs to be captured first. Airodump-ng, together with Aireplay-ng, can be used to first deauthenticate a valid client and then subsequently capture the four-way handshake when the client tries to reassociate with the AP.
After the four-way handshake has been captured, the next thing is to pass it to a tool like CoWPAtty (http://sourceforge.net/projects/cowpatty). CoWPAtty was built to audit the strength of the Pre-Shared Key (PSK) selection for WPA-PSK networks. This code demonstrates the tool in use:
$ ./cowpatty -r test.cap -f dict -s myssid coWPAtty 2.0 - WPA-PSK dictionary attack. [email protected]
Collected all necessary data to mount crack against passphrase. Loading words into memory, please be patient ... Done (70000 words).
Starting dictionary attack. Please be patient.     The PSK is "passphrase".
Apart from CoWPAtty, Aircrack-ng can also be used as it has a WPA-PSK cracking mode. However, the problem with tools of this nature is that cracking the key is a very slow process. Each passphrase in the dictionary needs to be hashed 4096 times with SHA-1 with the resulting 256-bit output compared to the hash generated in the initial four-way handshake. To make things more complicated, the key hash can be different depending on the network's SSID since the SSID and the SSID length are seeded into the passphrase hash (e.g., passphrase of 'password' will be hashed differently on a network with an SSID of 'linksys' than it will on a network of 'default').
To increase cracking speed, a recent development by the Church of Wifi (http://www. renderlab.net/projects/WPA-tables) has released the algorithm as well as rainbow tables (generated using 1000 SSID's worth of hash tables from a 172,000 word dictionary) to make WPA-PSK dictionary cracking much faster. However, this is a time-space tradeoff as rainbow tables are essentially large tables generated ahead of time, which contain the results of hashes instead of having every instance of the cracking tool do the computation line-by-line during runtime. It is a time-space tradeoff because although it speeds up the process, rainbow tables frequently take up large amounts of space. In certain instances, it can be as big as 40 GB worth of data.
Was this article helpful?
Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.