Recently, some media reported the exposure of Wireless LAN security vulnerabilities. At the wireless LAN security technology seminar held on the afternoon of June 13, September 11, the demonstration staff conducted a security test on the client. The tool downloaded from the internet cracked the password protection within five minutes. After quickly cracking the chindejine wireless network key, you can easily connect to the encrypted wireless LAN to obtain various confidential information and emails of legal users, and delete private files and emails, even spread computer viruses. This message attracted the attention of many netizens. How can we crack it? Related experts sent a copy of the "China-based Key cracking Law", detailing the method of cracking.
1. Introduction to cracking software
The WinAirCrackPack toolkit is a wireless LAN scanning and key cracking tool, including airodump and aircrack. It can monitor data transmitted in wireless networks, collect data packets, and calculate the WEP/WPA key.
2. Composition of the experiment environment system
2.1 hardware environment
Select a wireless router or AP with WEP and WPA encryption functions
Two laptops with a chinanceids (STA1 and STA2) are defined as valid wireless access users)
Capture a wireless network card
Ü one laptop (defined as STA3 as an intruder)
2.2 software environment
Intruders STA3: WinAirCrackPack toolkit,
Note: To enable STA3, choose Control Panel> Administrative Tools> services to enable the Wireless Zero Config service.
3. Experiment Topology
4. configure a Wireless Router Based on the actual network environment)
(1) connect STA1 to the wireless router (unencrypted by default ). Right-click the icon on the screen and select "view available wireless networks". The window shown in 1 is displayed.
It shows that there are multiple available wireless networks, double-click the TP-LINK to connect to the wireless router, then the connection is successful.
(2) Open IE and enter the IP address 192.168.1.1 (the default lan ip address of the wireless router ).
(3) log on to the wireless router Management Interface (username: admin, password: admin ).
Click the "LAN port settings" option under "Network Parameters" on the left side of the interface, set "ip address" to 192.168.1.8, and save it, as shown in figure 4.
(4) Open IE browser, enter the IP Address: 192.168.1.8, log on to the wireless router Management Interface (note that this experiment selected TP-LINK wireless router, other brands such as CISCO products have similar configuration options ), click the "Basic settings" option under "Wireless Settings" on the left side of the page.
1) Select "Mode" as "54 Mbps (802.11g )";
2) Select "Key format" as "ASCII code ";
3) Select "Key type" as "64-bit ";
4) Set "Key 1" to "pjwep ";
5) Click Save ".
(5) After the WEP Key is set for the wireless router, STA1 needs to reconnect to the wireless router (the entered key is the same as the key set for the wireless router), and the connection will be successful in a moment.
(6) Open IE, enter the IP address 192.168.1.8, log on to the wireless router Management page again, and click the "DHCP service" option under "DHCP server" on the left, click "do not enable" and save, as shown in figure 8. Click "restart vro" under "System Tools" to restart the vro.
5. Download Software for cracking WEP and WPA keys
To download the software used to crack the key from the Internet, take the following steps:
(1) Enter "WinAircrackPack download" on the Google search page to search, as shown in figure 9.
Click "Security Focus: Security Tool-winaircrackpack.zip" on the above page to bring up the following page.
(2) Click "Download" to save the software, which can be compressed to any location on the local disk (the following example shows how to decompress the software to the root directory of the E disk ).
6. Install a packet capture wireless network card
Note: The driver used to capture the wireless network card uses Atheros v4.2.1 (available from the ENI). The card must use the Atheros AR5001, AR5002, AR5004, AR5005 or AR5006 chipset. The following table can be used for NICs, in this experiment, we use Netgear's memory M wireless network adapter (model: wgw.t ).
(1) install the packet capture wireless NIC driver on the STA3 notebook. Insert a wireless network card. The window shown in 11 is displayed. Select "No, temporarily unavailable" and click "Next ".
(2) Select "Install from list or specified location" and click "Next ".
(3) Select "do not search" and click "Next ".
(4) Click "Install from disk", click "Browse" in the pop-up window, and select the net5211 file under the E: WinAircrackPackatheros421 @ (Note: atheros421 @ can be viewed from within) directory, click Open, click OK, and click Next. The window shown in Figure 15 is displayed during installation.
7. Crack the WEP Key
(1) reconnect STA1 and STA2 to the wireless router.
(2) Run airodump on the STA3 laptop. This tool is used to capture data packets. Select "16" as prompted: the serial number of the wireless network card used for cracking;
"A": select the chip type. Here, select the atheros chip;
"6", channel number, generally 1, 6, 11 is a commonly used channel number, select "0" to collect all channel information;
"Testwep" (the input file name can be arbitrary );
"Y": Select "y" When cracking WEP, and select "n" When cracking WPA ".
(3) Press enter to enter the following interface.
(4) When the AP's communication data traffic is extremely frequent (for example, STA1 and STA2 can be used to copy files to generate data traffic), the corresponding value of "Packets" will increase significantly. When 0.3 million Packets are caught (for example, 104-bit RC4 encryption requires 1 million Packets), close the airodump window and start WinAircrack.
(5) Click "General" on the left to set the file, select "WEP" as the encryption type, and add the captured file (testwep. ivs ).
(6) Click "Advanced" on the left and select the location of "Aircrack.
(7) after all settings are complete, click the "Aircrack the key" button in the lower right corner to bring up the following window.
(8) Select the BSSID of the network to be cracked (1 in this experiment), and press enter to obtain the final WEP Key ..
8. Crack the WPA key
(1) modify the wireless router encryption type and encryption method, and set to WPA-PSK authentication and TKIP encryption.
(2) Run airodump on the STA3 notebook. This tool is used to capture data packets. Select "16", "a", and "6" as prompted ", "testwpa" (the input file name can be arbitrary), "n ".
(3) enter the following page:
(4) Let STA1 reconnect to the wireless router. airodump will capture the four-way handshake process between a wireless router and STA1.
(5) Start WinAircrack.
(6) Click "General" on the left to set, select the encryption type as "WPA-PSK", add the captured file (testwpa. cap ).
(7) Click "Wpa" on the left and select a dictionary file (for example, lastbit.com/dict.asp ).
(8) After all settings are complete, click the "Aircrack the key" button in the lower right corner to bring up the following window. We can see that a handshake has been captured.
(9) Select the BSSID to crack the network (select "2" in this experiment), press enter, and after several minutes of calculation, the WPA key is obtained.
9. Network hazards caused by key cracking (counterfeit AP)
Once the attacker knows the WEP or WPA key of the wireless network, the attacker can connect to the local LAN. In this way, the attacker can have the same permissions as normal access users to access the entire network and conduct in-depth attacks. Intruders can use IPBOOK (www.skycn.com/soft/11014.html), SuperScan (www.skycn.com/soft/8061.html) and other similar tools to scan computers in the LAN, files, directories, or the entire hard drive in the computer can be copied or deleted, in other worse cases, such as keyboard records, Trojan horses, spyware, or other malicious programs, they can be installed into your system. The consequences are very serious.
(1) Introduction
When the WEP or WPA password is cracked, intruders may use this password and other wireless access points (APS) to construct a false network, when the disguised AP signal is stronger than the normal AP or the user is near the disguised AP, the normal user will naturally access the false network, and the user will not feel the network, when users send and receive emails normally, we can use tools like CAIN (www.ttian.net/website/2005/0908/458.html) to crack POP3, telnet, and other password attacks.
(2) POP3 PASSWORD cracking
1) Open CAIN.
2) Click "Configure" in the menu bar to bring up the following window.
3) Select a network adapter for packet capture, click "OK", select "" and "", and then click "" to start monitoring packet capture.
4) A normal user starts receiving emails. The software can capture the login name and password of the mailbox.
(3) hazards after being cracked
After hackers steal the username, password, POP3 server, and SMTP Server IP address of your mailbox, they can directly access your mailbox. Your email information will be completely exposed to hackers.