China cold Dragon Hack wireless network WEP password latest execution Vulnerability-source China cold Dragon

Source: Internet
Author: User

Wireless technology has developed rapidly in recent years, and more and more users are using wireless devices to set up wireless networks in their homes, and wireless networks can be used to access the Internet in every corner of the home using laptops and wireless cards. There are a lot of articles about wireless security through the provision of WEP encryption to ensure that other computers and illegal users can not connect to our established wireless network.

But is that really the case? Is WEP, the so-called security encryption measure, really foolproof? The author through a long time study found that WEP is not safe. There are several tools that we can use to hack him so that we can invade a wireless network that has been encrypted with WEP without knowing it. The following author is divided into two articles for everyone to present the WEP encryption crack all raiders.

First, crack the difficulty:

Before the introduction of the crack operation, we must first understand the general user through what kind of method to improve their wireless network security.

(1) Change the SSID number:

Go to the Wireless device management interface and modify the default vendor SSID so that other users cannot guess the default vendor SSID to connect to the wireless network.

(2) Cancel the SSID broadcast function:

By default, when the wireless device turns on the wireless function, it sends its own SSID to the space, and in the area of the signal, any wireless network card can be scanned to find the SSID number. It's kind of like we used to broadcast a big horn, and anyone who could hear the sound knows what you're talking about. Also, we can avoid broadcasts by canceling the SSID broadcast function in a wireless device.

(3) Add WEP encryption feature:

WEP encryption can be said to be the most basic encryption measures in wireless devices, many users are configured to improve the security of wireless devices. We can enter a 10-bit cipher, such as 1111111111, by turning on WEP encryption for a wireless device and then choosing the number of encryption bits that is the length of the encryption, which is the shortest 64 bits. Enter ciphertext to turn on WEP encryption only know this cipher of wireless card can be connected to our set up a WEP encryption on the wireless device, so as to effectively ensure that no cipher people can not access the encrypted wireless network normally.

Second, the SSID broadcast basis:

So what do we do with the security encryption measures mentioned above? First, let's take a look at the SSID number hack.

Tips:
What is the SSID number? SSID (Service Setidentifier) can also be written as Essid, to distinguish between different networks, up to 32 characters, wireless network cards set a different SSID can enter different networks, the SSID is usually broadcast by the AP or wireless router, The ability to tearful the SSID in the current region can be achieved by using the scan feature that comes with XP. For security reasons, you can not broadcast the SSID, at which point the user will manually set the SSID to access the appropriate network. Simply put, the SSID is the name of a local area network, and only computers that are set to a value with the same SSID name can communicate with each other.

Then the SSID is actually a bit like a wired broadcast or multicast, and he is also from one point to multipoint or the entire network. The General wireless network card after receiving the SSID number sent by a router to compare whether it is configured to connect to the SSID number, if it is connected, if not, discard the SSID broadcast packet.

A reader who has experience in cable network maintenance must have heard of sniffer, through the sniffer we can monitor their network card, so that the network card will be all the packets he received to record, feedback to sniffer. There are many of these packets are the network card itself should receive the data, there are many are broadcast packets or multicast packets should be discarded packets, regardless of the network card should not receive the data, once the sniffer on top of him will be no return to record the data, Save this data information to the sniffer program. Therefore, wireless network can also be installed by wireless sniffer binding to the wireless card, so as to realize the SSID number detection and discovery.

Tips:
For a wireless network that already has an SSID broadcast, we can easily get his SSID name, even if he modifies the default name. Generally through the management of their network card Configuration tool or XP system comes with the wireless network management program can solve this problem.

If we set the SSID broadcast in the wireless device to cancel, can we detect this SSID broadcast packet by installing the sniffer software on our own computer in this case, as previously stated? The answer is yes. Let's do an experiment.

Lab Environment:

Wireless router--tp-link tl-wr541g 54M wireless Router
Wireless card--tp-link tl-wn510g 54M Wireless Card
Notebook--compaq EVO n800c
ADSL connection Beijing Netcom ISP

Step One: Access the Tp-link 541G 54M wireless Router management interface via the wired network, cancelling the SSID number broadcast function of the wireless router.



The second step: in order to ensure the accuracy of the experiment, the author deliberately modified the SSID to IT168, and the frequency band from the original 5 modified to 12, the speed is still 54M.

Step three: The "Save" button below the dot appears "Changes in wireless network settings will cause the wireless router to restart, are you sure?" "OK, let's set the wireless parameters to take effect."



Fourth step: Next we turn off the wired network card and connect the wireless card to the PCMCIA interface of the notebook.

Fifth step: After plugging in the wireless card, scan the entire wireless network through Tp-link management tools. It should be possible to see a wireless signal, the signal is using 12 channels, and wireless mode 54M. However, the SSID is not available because we prohibit the broadcast of the SSID number.



We need to use the sniffer tool to bind the wireless network card to detect the SSID number function.

Third, reinstall the wireless card driver:

I want to use the Wireless card sniffer tool is Winaircrackpack, but by default he and most of our wireless card driver is incompatible, we want to smooth use of the wireless card sniffer tool, the first should be installed with its compatible wireless card driver.

Before the various operations, I recommend a small toolkit called Winaircrackpack, which is a bundle of wireless tools, There are four programs, including Winaircrack.exe,wzcook.exe,airdecap.exe and Airodump.exe, which are used in each of these programs. The SSID number Discovery tool described in this article is Airodump.exe. His version is now 2.3. The kit is shipped with the attachment.

(1) Whether the test can be used directly:

Some readers may ask if they can use the sniffer tool without reinstalling the wireless card driver. That's what we need to check.

The first step: Unzip the downloaded toolkit and run the Airodump.exe inside.



The second step: Select the appropriate network card, enter the corresponding wireless network card before the serial number, for example, the author is 13.



Step three: Enter O or A to select the network card mode, which is related to the download and installation driver described later.

Fourth step: Select the search frequency band, input 0 is to represent all the frequency bands are detected meaning.

Fifth step: Next, you will be prompted to enter a save file so that the tool will put all sniffer down the packet into this file.



Sixth step: If only write WEP IVs detects only WEP encrypted packets, we select "Y".

Seventh step: At this point will appear a hint, probably meaning that the current driver is not supported, can not be sniffer operation. At the same time, the browser will automatically go to a page, we can download a compatible driver through this page, upgrade our wireless card so that the sniffer tool--airodump.exe can run smoothly.



(2) Download new driver for wireless card:

To download the appropriate wireless card, the new driver will need to go to the previous jump page mentioned.

The first step: Open the page address for Http://www.wildpackets.com/suppo ... t/airopeek/hardware, we can download the appropriate driver for our network card using Airodump.



Step Two: Select the brand and model of your wireless card in the Search Device page. The author chooses all the wireless products of Tp-link to inquire and see which driver should be downloaded.



Step three: In the Query results page we can see that our 510G network card should use the ar5005g driver provided by the site to use Airodump. (10)



Fourth step: Return to the Http://www.wildpackets.com/suppo...t/airopeek/hardware page again, you will see on the page content about the driver compatible Atheros card model, which will mention ar5005, Although our is ar5005g but can use. Click the wildpackets atheros wireless driverv4.2 link below the page to download.



Fifth step: Download wildpackets atheros wireless driver v4.2 drive to local hard drive.



Sixth step: Open after the inside there are three files, our wireless card upgrade work depends on these three files.



(3) Install the new wireless card driver:

The three files in the previously downloaded wildpackets atheros wireless driver v4.2 package are the protagonists of our installation drive.

The first step: Right-click on the Desktop Network Neighborhood icon and select Properties.

Step Two: Right-click on the local connection corresponding to your wireless card and select Properties.



Step three: In the Wireless Network Connection Properties window, under the "General" tab, click the "Configure" button next to the network card information.



Fourth step: Click the "Update Driver" button in the "Drivers" tab.



Fifth step: The Hardware Installation Wizard will appear, we select "Install from a list or a specified location (advanced), then click the" Next "button.



Sixth step: Then select "Do not search, I want to choose the driver to install", click the "Next" button to continue.



Seventh step: Because the driver we installed before is the official driver of the Tp-link 510G wireless card, the system will find the corresponding driver by default, we do not select them, click "Install from Disk".



Eighth step: Use the "Browse" button to find the WildPackets Atheros wireless driver v4.2 file We downloaded and unzipped to save the directory.



Nineth step: Select Atheros ar5005g CardBus Wireless network adapter and click "Next" to continue.



Tenth step: During the installation of the driver will appear compatibility prompts, we point "still continue" can.



11th Step: System replication must be a file to a local disk.



12th Step: Complete the Hardware Update Wizard, our Tp-link wireless network card has now become the Atheros ar5005g wireless card, so as to be able to use airodump this wireless LAN sniffer tool.



Iv. Summary:

Because of the more preparation of WEP cracking, so can not be presented in an article for the reader, but we through this article has been successfully updated to drive their own network card, which is the key to WEP encryption cracking, because the author of all the wireless network tools are based on the new driver work.

Please be sure to check your wireless card driver via the page you just said and download the installation. In the next article, I will show you how to find the SSID number of the banned broadcast on the wireless network card with the new driver installed and to crack the WEP encryption text.
The previous period introduces you to reinstall your NIC driver to use the wireless network detection and WEP decryption tool. Once we've updated the NIC driver, we'll look at how to find out which wireless networks have been disabled for the SSID broadcast and do the WEP decryption work.

First, use Airodump to crawl the wireless network packet and crack the SSID name:

Whether you are looking for a wireless network that has the SSID broadcast disabled or for WEP decryption, the first thing we need to do is to monitor the packets in the wireless network via the wireless network sniffer tool--airodump.

The first step: Open the downloaded Winaircrackpack Archive in the article to extract the contents of the compressed package.



The second step: Run the Airodump.exe program, this is our sniffer gadget, his normal operation is based on our wireless card has been updated driver.

Step three: At this point you will find that the information displayed is different from the installation driver, our Tp-link NIC name has been changed to Atheros Ar5005gcardbus wireless NetworkAdapter, This means that he has successfully updated the hardware to be compatible with Atheros. Let's enter the number 13 in front of it.



Fourth step: Next is to choose the type of wireless card, since said is compatible with Atheros, so directly enter "a" to choose.



Fifth step: The last article mentions that the author has canceled the SSID broadcast function of the wireless network, so we assume that we do not know which band and SSID number the wireless device uses. Enter 0 here, which will detect wireless packets for all bands.



Tips:
In fact, to know that a wireless network uses the frequency band is very simple, you can use the Wireless card management Configuration tool, as mentioned above, you can know the speed and frequency of the wireless network use, but unable to detect the SSID number.
Sixth step: Also enter a file to save the packet information, such as the author input softer. This can be used to write the detected packets along with the statistics to this file, and provide the base guarantee for using other tools.



Seventh Step: whether onlyCollect WEP data information, we point n ". This will detect not only WEP-encrypted data for all packets in the network.



Eighth step: Finally, Airodump will automatically detect all the bands in the network, the wireless network of wireless packets for statistical and analysis.



Nineth Step: When the statistics of the data packet more, you can automatically analyze the corresponding SSID number and wireless network MAC address and wireless speed, transmission frequency and whether encryption, in what way encryption, is not very air? For example, I set the wireless network SSID number is softer, the beginning of the statistics in Figure 7 has not been detected, when the data reached a certain number, such as 15651, you can see the Essid number is the SSID number is softer.



At this point we have successfully implemented the SSID number of the wireless network that does not have the SSID broadcast enabled through Airodump, so it is not possible to prevent illegal intruders from connecting to the wireless network by simply hiding the SSID and modifying the default name. Regardless of whether you turn on the SSID broadcast, we can find your real SSID name via the Sniffer tool on the wireless network.

However, one thing to pay special attention to is whether the ability to crack the SSID name is based on the fact that Airodump collects enough packets, which means that your wireless router may be on, but there is no wireless card to communicate with. This way, the airodump is unable to detect any wireless packets and analyze the cracking. I am writing this article in the experimental environment is also the case, that another piece of Tp-link wireless network card 510G installed in a Lenovo notebook and continue to download the BT through the wireless router to maintain always have wireless data transmission, so as to speed up the process of cracking.

Tips:
In addition, if the packet is not collected enough, Airodump will receive an error message, such as a wireless network that would otherwise be WEP encrypted, and may be detected as WPA. Users only need to wait more time for airodump to collect enough data to ensure the authenticity of the display results.

Second, use Winaircrack to crack WEP ciphertext:

Although we can detect the basic information of wireless network through Airodump, including transmitting band, SSID name of wireless network, wireless speed and so on. But for those wireless networks that use WEP encryption, there is nothing to do, even if we know that the SSID of the wireless network will not be able to connect to the network without the WEP cipher.

But the information that Airodump collects is also very valuable, and we can analyze the WEP cipher through another tool. The name of the tool is Winaircrack, which he also provided in the previous article for everyone in the zip package. Of course, in the use of winaircrack to crack airodump collected information must ensure that the amount of information collected airodump, the more it is not easy to crack the problem, and the shorter the time required to crack success.

The first step: Open the downloaded compressed package, run the inside of the Winaircrack.exe program.



Second step: Find General on the left, next click on the general interface below the click here to locate capture file ..., let's choose a capture files.



The third step: This file is the above mentioned airodump saved data statistics file, the Nineth step has a name called softer, then we go to Airodump.exe folder found Softer.cap file, this file is the capture file.



Fourth step: Go back to the general interface and choose WEP at encryption type.



Fifth step: On the left side of WEP, the WEP Settings tab detects 64-bit ciphertext first, and key index keeps auto auto. Because most users choose the simplest 64-bit cipher when setting up a wireless router for WEP encryption, he is also the shortest time to crack.



Sixth step: Set complete the bottom right corner of the "Aircrack the key ..." button, Winaircrack will automatically according to the statistics saved in softer.cap analysis, brute force to crack WEP ciphertext.



Seventh step: Because of the brute force method, it takes a lot of time, it takes hours or even more time to crack a 64-bit WEP cipher. When the WEP cipher is found, the content is displayed, for example, the author can discover that the WEP encryption information is 1111122222.
www.hackerschina.org


Three, Summary:

Actually cracked WEP ciphertext and SSID name is not a complex work, as long as the network card driver update, and then combined with the appropriate tools can be easily completed, but in the actual operation of the process will take longer, especially when the WEP cipher settings are more complex, For example, use multiple numbers or increase the number of encryption bits to 128 bits.

In addition, it is also critical to collect wireless data packets through Airodump, perhaps the other side of the router but not with the network card for large-traffic data transmission, so that even if you open airodump collected for several hours, you may not get enough packet problems. In addition this series of articles is only to communicate with you, I hope you do not use the method introduced in this article to invade other people's wireless network, the author wrote the purpose of this article is to let everyone understand that WEP encryption is not completely safe, so should try to use WPA security encryption method.

China cold Dragon Hack wireless network WEP password latest execution Vulnerability-source China cold Dragon

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.