Description: Welcome to Part 8 of the WLAN Security Megaprimer! Please start this series by watching Part 1 http://www.securitytube.net/video/1756, if you have not done so already.
In this video, we will learn how to hack through various WLAN Authentication schemas - Open and Shared Authentication. As many of you may have guessed Open Authentication is a dud :) and nothing much to explore there apart from corner cases like using MAC address filtering like in the previous video. The focus of this video is breaking shared key authentication.
Shared Key Authentication (SKA) requires the use of WEP encryption and is fundamentally flawed. Its comes as a surprise to me how the IEEE committee let this slip past them during the design of the 802.11 security aspects. To beat SKA, a hacker has to collect the challenge text sent by the access point and the encrypted response sent by the client. He will then XOR both these data values to derive the keystream for the Initialization Vector (IV) and the WEP key. He can then use this to authenticate any challenge sent by the access point to him. We will do a live demo of these concepts in this video!
Tags: wireless , wlan , security , authentication , shared key , WEP , airodump , airreplay , megaprimer , 802.11 ,
Vivek:
Thank you for all the videos you have posted they very informative.
yes! this looks familliar:) Thanks!
you are the best teacher in the world
all of your video are easy to understand thank you
Thanks Vivek, checking it out now. Last one was very interesting :)
I'm waiting for a day to see some tutorials about RFI/LFI, SQL injection and Reverse Engineering. :D
vivek you are the besT.
Best tutorials
u are giving mashine guns in hand of monkey's
hehe
thank you thank you thank you VIVEK so much
you are the best teacher i ever seen
i only need one thing
i cant download the video .... is there a way to upload it on youtube or mediafire? please please
sorry for my bad english .... cuz i talk arabic
god help you on the megaprimer and the best site
i wait you.
I'm downloading the videos with IDM "Internet Download manager" So just install IDM and you're done.
Vivek, You are amazing,Keep it up, very clear!!!
is it applicable to send you an email asking for help!
Vivek, If you ever decide to charge for these videos I would be happy to pay...but HEY I am not trying to give you any ideas here...I am just saying.... cuz the videos and your style of presenting them is just simply wonderful.
Can't wait for the next one, keep them coming!
Awesome tutorial! I'm literaly glued to securitytube waiting for the next part.
Thanks for all the great comment! I was very happy to see so many of them in the morning today :) Even got a reason to convince my wife to allow me to make more videos over the weekend :)
@no_covers, sender, behrouz, shady, alokyadav15, NavS, Geekpirat Thanks a ton guys! Your comments keeps me going :)
@Fitzroy You just tempted me :) Na Kidding! The videos will always remain free. In fact I plan to release torrent versions very soon.
@zidane sure, but at times there may be a lag in my responses, but you will definitely get a reply.
@shady The easiest way is to go to Vimeo, register for free and download the videos from there, also, alternatives people have suggested on the thread would work as well.
@m0ei I am planning for a lot more of these magaprimers this year, so stay stunned :)
Thanks Vivek :-) Brilliant as always. St George's day greetings from the UK.
Shady: use JDownloader and right click video and copy video link.
i can download ...but when the download 95% the vimeo stops
sending data
because i have lower connection
please up loade it on youtube.
Shady: Yes I know;)this happens sometimes with vimeo..(just the last two episodes of wlan megaprimer tho)
Install JDownloader from
http://jdownloader.org/download/index
this works great I just downloaded this episode and it downloaded fine.
Shady: also it is definitely not your internet connection:)
i will try why not
thank you zendar
didnt work ... damn it.
i just downloaded it it must work with jdownloader
Guys, I am happy to see so many of you download the videos ans use it. But would please request you to take all discussions about downloading videos offline and 1-1. This way this thread can focus just on the videos and doubts pertaining to the concepts.
ST Moderator Team
thanks for anther great video.
You explain everything so much better then every other tutorial of the internet. I know have a much better understanding of how WEP works thanks.
Would it be possible to DELETE all the comments about downloading and leaching these videos? Not only is it really lame to ask how to do such simple, trivial things, but it is also very rude and distracts the actual subject matter.
If children can't work out how to download a simple web based video, then personally I don't think they should be getting on to any advanced level topics like this.
thanks vivek for making great videos for us.
i really thank u.
nice videos thank u thank u.
hi vivek, you have done awesome.
there is no any such type of information available in internet systematically.
I have a scenerio, a wifi has mac filtering and disable the dhcp, So that only authorized mac and ip user can get access.
it it possible, provide a video regarding these.
Thanks for sharing your knowledge.
@Blackmarketeer Will need to have Vivek help me with this. Will ask him.
Another impressive video!
Great video, keep it up.
@Blackmarketeer: amen brother!
guys want to hack, but cant download the videos, lol
@Hugo, I think its called laziness. Some people have now got into a habit of instead of using Google to search for a simple thing, they now want to be spoon-fed.
This is way way bad, bad dog!!!!!!
My apologies for going off-topic guys! couldn't resist helping.. due to viveks videos ;)
Didn't want to disrespect our Sensei by allowing laziness to foster! :D
Excellent! i have heard many times that WEP is totally broken and does not provide any real security but i have never looked into the technical aspects. This video has really helped me to understand the weakness of the WEP authentication process. Thanks Vivek!
Excellent! i have heard many times that WEP is totally broken and does not provide any real security but i have never looked into the technical aspects. This video has really helped me to understand the weakness of the WEP authentication process. Thanks Vivek!
Looking forward to the next 20. Thanks a lot.
vivek SIR, u r just awesome....
you have the best info sec videos i have ever seen. thanks for the time and knowledge.
I'm watching these videos because I want to learn something , every kid can learn how to hack WEP [ thanks to scripts ] , but to really understand the process behind the attack , the data flow , that is real knowledge , and please if you are planning to upload these videos somewhere do that on mediashare , cos on youtube you'll get tons of questions from people who ask before they watch videos.Vivek thanks a lot for your effort :) Greetings from Bosnia :)
Vivek,
Excellent work, once again!
I am seeing SKA on the WEP network, which indicates that an authentication challenge and response has been seen, but am not getting the .xor file. I will need to double check the capture file to see if the authentication challenge and request are there. Assuming I have these two packets, how would you manually create the xor file?
Thank you so much! I have been staying up late all week watching your videos. VERY nice job!
I don`t find *.xor too(((((
Thank you very much!!!!
what is xor'ing what is xor ?
@Vivek: i find your videos very informative n interesting..but when I manually try to do things, it just won't work..
I captured an encrypted packet (ARP), encrypted part was 36 bytes (which I saved onto a file), then I decrypted it using wireshark's decryptor (edit > preferences) (again saved onto a file)..
converted contents of both the files to Dec..
XORed them byte by byte..
the resultant stream should be the KeyStream right..
Then i generated by own KeyStream using a program which you showed in 1 of ur videos on RC4.. d seed i used was IV:WEP key
..the resultant keystream should match with the first keystream..
but it doesn't..
Then I tried using only d 1st 3 bytes of IV (repeated whole procedure) but still no success..
Where am I going wrong?
Or is it that the program you showed is incorrect???
(everything was converted in decimal b4 working, so im sure that's not d problem area)
please reply soon
H
H
HEY man your videos aare still great and very informative but i have a sugestion, apart from doing all these things on ur own wifi actually do it on someone elses that way we have 2 different examples and on top of that we can actually see how things are done in the real world because all the things you have ben teaching are good and they work but 90 percent work on my own wifi and i have no idea why, and when i try to do it on another wifi they dont seem to work
just a sugestion, your videos are still amazing thank you for them
Thanks for taking the time to make these videos!
Simply Aweesome! I'd love to have you as a teacher ! Keep the knowledge coming !
Hi guys,
I just tried this at home. I managed to capture the authentication process with wireshark (4 packets). Unfortunately, airodump didn't created the PRGA file needed for packet injection with aireplay.
I tried google to find a soft that given a pcap file, produce a PRGA file. Vain search... Do you know a tool like this?
Otherwise, I will try to do it manually. But I first can't figure out why challenge text is 128bytes whereas encrypted is 136bytes. Where those 8 extra bytes comes from?
Thanks Vivek for videos.
Sorry, I mean the xored file containing the keystream, instead of "PRGA file".
IN the last week I learned more about wireless security than in the last 7 mthns Thanks a lot Vivek.
Dude you are a godsend. I could be paying $2000 for a class like this that probably would not even be as good. You are amazing. I hope you continue making megaprimers.
Hi Vivek, Great series, muchos gracias :) I think I have the same issue as j_p. When I run the airodump-ng command and write to the file demo I get a Broken SKA comment where you have the keystream and no .xor file in local directory. Any ideas pls as I cannot figure it out...
darkAudax on aircrack forum says ..that "Some AP SKA dialogs are broken and can't be detected properly by airodump-ng."
http://forum.aircrack-ng.org/index.php?PHPSESSID=090d448bfcd8eb53ace1076717b3b262&action=printpage;topic=6276.0
And just for completeness ref above posts, the error was with a Netgear DG834G v4 router. Got my old BT homehub out and it worked fine, keystream and .xor found with np, DISCO. BTW, echoing all positive comments throughout series.. TY v much Vivek
@Th_Lugg4ge don't worry this is why manufacturers add extra bytes to 802.11 packets to identify AP models (or for other reasons) and airodump-ng doesn't know about these implementations..... but, if you are patient, you will learn to get around this as well :-D
BTW I got broken ska on three different AP as well (two linksys and a dlink)
Hi, my notes on this part are here: http://41j.com/blog/2011/10/megaprimer_notes_part8_hacking_authentication/
@new300 thanks for sharing your notes. me soooo lazy so i really appreciate it ^.^
@vivek I used aircrack tools before to noobly go where everyone has gone before... (crack my own WEP-key). I did this following tutorials posted on the backtrack forums, but no one ever explained the stuff behind the commands, so I was just stupidly executing commands without really knowing what they did. Thanks to you I now understand a little more about what really happens behind the scenes.
Hope you keep explaining basic theory whilst not forgetting to give us great practical demos.
u rule vivek.
+1 gally
This is so awesome, i can't sleep!!!! :D I was dreaming about packets and breaking authorization... hahaha
I loved the way you said "beautiful" when you had narrowed it down to four packets :)
kudos!!
@Th_Lugg4ge Here you go with a little trick to get over Broken SKA ;-)
http://www.albatr0ss.it/2011/11/14/defeating-broken-ska-in-wep-shared-key-authentication-attacks/
I am a bit ashamed now, seeing all holes that we left in our wireless network and how easy is to bypass our protection. Great job is in front of me. Thank you for this video series.
What about WEP with open authentication?
Yes thank you. Good Video. I am a student and purchased your book BT5 Wireless Pen Testing.Excellent. @albatrOss, ty for link. I was having same xor problem with Linksys ap. Cheers.
Hi, where can we find a tutorial about generating the xor file from the captured packets?
thanks
Hi vivek,
Thank you so much for these videos
I was wondering what the fakeauth was actually good for in both WEP & open authentication network if no mac filters were involved?
Much appreciated!
sir, I am really confused , i need help to understand this .. what should i know before listening to lecture-8.. plz reply !
Excelent videos you have made. You go into great detail explaining each step with pros and cons and have real time examples to go with them. Not even my IT instructers in school did this well of a job.
Perfect for the uneducated and great for the experienced professional to get a refresher when needed.
greet my teacher i hope you success full in you life lolzz i wish best for you !
I love these videos. This is exactly what I have been looking for. If you could point me to even more information about how to use more of the programs in Backtrack 5, it would be awesome! I am pretty sure this is the direction I would like to go as a career.
your videos are the best...
what if there is no client to use its auth ?
then this method will be useless ?
Oh the awesomeness. I knew WEP was broken but had no idea it was this easy.
You are awesome Vivek, sincerely the best.
Your videos are the best Vivek, Love them. I have seen many videos online but not one video with such intricate level of explanation and the will to go on for more videos. I will definitely pay for each video,they are that good. Keep it going.
Great job !!
Thanks again Vivek for this material! I wonder if anybody can help on this. When watching a WEP authentication take place and write the airodump data to a file I do not see any .xor file as it mentioned in the video. Does anybody know if the keystream is no longer acquired, or is it stored somewhere else now? Any help greatly appreciated.
Thanks