WLSAT Section 3
04 - Cracking 802.11 Encryption & Authentication.v7
© 2007 Institute for Network Professionals
www.inpnet.org • www.HOTLabs.org
LAB 4.1: LEAP Cracking- Asleap/Pre-Hashed DictionaryFile
The purpose of this lab is to learn how to break Encryption and Authenticationmethods used in securing wireless networks.WEP encryption used for confidentiality and integrity on a wireless LAN utilizesa weak implementation of RC4 encryption. The RC4 keys initialization vector’sgenerated by a WEP Network connection are weak and therefore able to becracked. In order to successfully crack WEP 800,000 to 1,000,000 WEPencrypted frames must be captured. In this lab you will capture and crack aWEP key.WPA-PSK uses a passphrase for authenticating wireless clients to the network.The WPA passphrase is an 8-63 ascii character text string that is used toauthenticate wireless users. The WPA passphrase is susceptible to a dictionaryattack and this lab will show you how to capture and crack a WPA key.LEAP authentication is a Cisco proprietary mechanism to allow users to connectto a wireless network using a username and a password. The username is sentin cleartext and the password is hashed to protect it in transit on the wirelessnetwork. The hashing of the password can be broken with a tool called Asleap.
Where, When, Why
You have already learned how to capture passwords, web traffic, emailcontent, and sniff open wireless networks. But most enterprise class wirelessLAN’s implement some form of encryption and authentication. Some of thosesecurity mechanisms are weak and therefore susceptible to attack. A wirelesspen tested must know how to identify those threats and know the susceptibilityof the network to attack. Also, it is necessary to be able to perform the cracksto illustrate to a customer the weaknesses of the wireless network security.
Requirements / Dependencies
Airpcap USB adapter