Description: This is the solution to the challenge posted here: http://www.securitytube.net/video/1856
Awesome! I hope you all enjoyed playing this challenge over the last 24 hours! :)
They key principle behind cracking this challenge is that if the WEP key is easy to guess (based on a dictionary word or derivative), it is possible to crack the WEP key with just 1 encrypted data packet. The idea here is not run the statistical algorithms like FMS, Korek or PTW, instead what we simple do is we try out different WEP keys and the one which is able to decrypt the packet successfully (the ICV matches post decryption) is the WEP key!
There are dictionary files available on BT4 which we use for this purpose but with a twist. To see the rest and a full demo, watch the video!
The code dump in the video is as follows: http://code.securitytube.net/Crack-1.py
Please do leave your comments behind on how you liked this challenge!
The next one will be based on WEP Cloaking. Here are the 2 videos you need to start preparing for it:
http://video.google.com/videoplay?docid=-4931602590970144801#
http://www.securitytube.net/video/125
All the best! Next challenge will be posted tonight! :)
Tags: wi-fi , security , hacking ,
I'm not speaking to you anymore....... ;-)
Sadly that i didn't have more than 30 min to think and solve the challenge. Anyway thanks a lot for this solution.
gonna kill myself
I dont feel sooooo bad now as I had guessed airdecap-ng was the tool to use. No idea about the scripting though....
Vivek, I would like to pledge USD100. towards the prizes for the expert level. please do let me know where to send it.
I told you'll it was easy :) Do you agree it is level 1 now? :) Other who participated, please post your experiences!
@Fitzroy Awesome! I think with $100 I can sponsor the next 2 challenges. I will send you a link to your email address. Thanks a ton!
If anyone else would like to make donations, please drop me an email. It will be used for prizes for the challenges.
this was fun, thanks vivek :)
I'm with Fitzroy... I was on to the airdecap-ng but didn't know enough about scripting to automate the trial and error. So now I'm looking for a good Python book.
Vivek, thanks for the challenge. I completely agree with you on the learning process. It is much better to be challenged to learn things. In the past 2 days I've done more reading on WEP and RC4 and XOR than I have ever done. Definitely looking forward to the next one...
Was great fun - really looking forward to the next one :-)
Just one thing i m committing suicide right now... hahaha :-D
BTW Vivek, can you post a link to the Python script? I know it would help me, and I'm sure it will help others. I'm particularly interested in how it implements regex/parsing.
Thanks again and have a great weekend.
lol, what a way to learn!! that was pretty cool. Will have to do better on the next one,... and learn python, indeed.
The code is in the description. I mean link to it :D
I continue to progress, thank you! I had always wondered if this was possible.
AWESOME!!! My python scripting is as rusty as my spanish. I can read it but forget about writing it correctly....hahaha.
I can't do much now as my brain will only hold so much but after my exam I'm gonna really dig in and start working these challenges hard.
I think I can speak for most here- I'm learning a lot with these videos and challenges.
Well....Well.....Well
im on Blackmarketeer side "will not speaking to you anymore"
But Really it was great idea ,Although that i spent the whole day at work and at home trying to crack it.
Thank you
I had a lot of fun trying to resolve this challenge but in two weeks I have my college exams :'( so It would be a long month without much time to spend trying to solve this challenges :((
Thanks a lot Vivek, for this good times
Vivek great challenge and great idea with the challenges. Im learning alot with these videos and getting ready for the next one.
Thank You Vivek a great has been lifted off my shoulders. I knew airdecap had something to do with it but i could work out how to get the WEP Hex. I would love it if you could do some videos on scripting as i am hoping to create my career in the security field. I have started by nearly finishing my Cisco CCNA Certfication (Just got the Pro Metric to take)
Thanks for the solution
--Chard
Hi, I was trying to modify your python script and I was attempting to change it to python 3 because that's what I script in but couldn't get
for line in f:
wepKey = re.sub(r'\W+', '', line)
to work. It keeps giving me an error saying
Traceback (most recent call last):
File "./test.py", line 8, in <module>
for line in f:
File "/usr/lib/python3.1/codecs.py", line 300, in decode
(result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf8' codec can't decode bytes in position 223-226: invalid data
Dose anyone know what I'm doing wrong?? It works in python 1 & 2.
Thanks
Acebond; I'm assuming you've made some customizations to the script; otherwise why not use the 2to3 tool? I just used that and it worked in Python 3 out of the box (as expected, the only real changes were to the print statements). That said, looks like there might be some issues with the file encoding in the wordlist you're passing back. Would you mind uploading it somewhere?
UnicodeDecodeError: 'utf8' codec can't decode bytes in position 223-226: invalid data makes me think that dgat16 is spot on.
thank you Vivek :)
Hello and Thanks You -
please make challenge for caffe latte attack - hirte attack - chop chop and fragmentation .
i waiting for next !
Vivek you got me with that Authentication part:D but thats good because i readed and readed about that and know more about that. And yes my python skills is to low to solve that in rigth way ... gota learn more . But thnx for good time !
just didnt get time to get to it either. Sorry Vivek, will try harder to make the time next turn.
awsome... as always!
Hello All !
Thanks for such an overwhelming response! :) I really loved the competition and as I said many of you would wanna kill me in the end :)
Regarding the Scripting tutorials - I will definitely try but here is a cool link on ST to get you started with Python from MIT:
http://www.securitytube.net/video/610
The next challenge has been posted! All the best:
http://www.securitytube.net/video/1862
Egats! I used the hints to bruteforce as you did but what tripped me up was the santization. I wasn't using perl but sed and egrep via a bash script and my regex in those didn't play well with 0x82h so I missed the word :( Still bugs me how to get a working regex for a shells script approach like I had going. Maybe I should use python from here on out :) Great tutorial/video btw -- keep them coming.
Awesome challenges and solution +video resources for learners like me thanks for providing everything ... :-)
Vivek... I had no idea MIT had posted these lectures. NICE. brb
well that made feel better :P i was on the right track in thinking that i had to use decap and parse a dictionary into hex to pass as arguements to decap. my problem is i gotta get to work on learning my scripting as i only have programming experience in java and didnt feel like writing anything that in depth to try this.
another interesting tidbit: when you mentioned that it was probably a simple password, my first thought was to my old job working for ATT Uverse and how when we setup peoples 2WIRE routers, we were instructed by default to set their wep key to their phone number ;) bit of social engineering could be useful in a IRL situation for any up and coming pen testers
I was correct in my thinking that a bruteforce & airdecap would be the way to go. My downfall was my next to zero experience in programming / scripting :'( and so couldn't get it to interface with the wordlist.
Good challenge though, and I'll get you on the next one!
Vivek, I had considered this approach but when searching for the passphrase->WEP key conversion magic a google search yielded the following information:
Quote "Nope-- there's no standard algorithm for turning a phrase -> WEP key. Given how few bytes comprise a WEP key, I'd guess most phrase converters are one-way anyway (since lots of words/phrases would hash into the same WEP key)."
Given that, I wrote a quick script (which will arrive at the result in about 300 years).
Is that quote true? I played with the pass-phrase converter built into my router (Belkin) and it appears to use a different algorithm to the one in your script.
Regards,
OutByOne
Thanks again this was a great challenge for me, I will take your script study it. learn to write wrapper's or script for tools. I like how you said don't be limited by the tools you have but by your imagination.
I know many have done this and moved on but as I have found this. I will be passing this one to others for educational purposes.
I would never thought of scripting even though I have wrote code in OOP/Flash
Thanks Vivek
If we have already assumed the wep keys to be 5 characters long and we can't find a suitable match in our wordlist what about creating a custom wordlist using maskprocessor from the hashcat suite ?
I know the files would get rather large (26^5 combinations just for l-alpha) and the brute forcing would take a long time but depending on just how tenacious the attacker is, would this approach be feasible?
I actually got to the point of coding my tool using airdecap with C, but overlooked that the password could contain only 5 or 13 alphanumerics which bored and made me press the ctrl+c . picking the last word was lean btw.
thanks for all ^^
Wooow, i didn't think good enough as i see :( ,, but any way it's good to have some think like that that help to understand much better :D .. thank s Vivek ... now one of the video you mention to see not work and other one has low quality ... can you please re-upload them !! and thanks in advance :D