Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Download
Standard view
Full view
of .
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
04 Encryption and Authentication Mechanisms.v7

04 Encryption and Authentication Mechanisms.v7

Ratings:
(0)
|Views: 16|Likes:
Published by Chris Muncy
http://wirelesslanprofessionals.com/wireless-lan-penetration-testing-course/
“Wireless LAN Security Assessment Toolkit” – and it was a course than not only taught wireless hacking, but also came with all the parts one might have needed. Spectrum Analyzers, 5 WLAN NICs, access points, hand-held client devices, and all the software pre-configured, and finally, even a laptop to run it all on.
Below is PDFs of the printed student materials included in the Wireless LAN Security Assessment Toolkit course. Yes, these are a couple of years out of date… but many of the concepts and techniques used are still valid today.
http://wirelesslanprofessionals.com/wireless-lan-penetration-testing-course/
“Wireless LAN Security Assessment Toolkit” – and it was a course than not only taught wireless hacking, but also came with all the parts one might have needed. Spectrum Analyzers, 5 WLAN NICs, access points, hand-held client devices, and all the software pre-configured, and finally, even a laptop to run it all on.
Below is PDFs of the printed student materials included in the Wireless LAN Security Assessment Toolkit course. Yes, these are a couple of years out of date… but many of the concepts and techniques used are still valid today.

More info:

Published by: Chris Muncy on Jan 13, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

01/13/2011

pdf

text

original

 
WLSAT Section 3
04 - Cracking 802.11 Encryption & Authentication.v7
© 2007 Institute for Network Professionals
 
1/12/11 1
www.inpnet.org • www.HOTLabs.org
 
Section 4
 
Cracking 802.11 Encryption and Authentication
In the previous section we showed the vulnerabilities of Open Wireless LANs. In this section we’ll showsome of the techniques and tools used to break the wireless encryption. Once you have cracked theencryption, you can use all the tools from the previous section to ‘see’ what everyone is doing.Some of these techniques are specific to vendor and protocol specific attacks. We’ll use both Windowsand Linux tools to crack encryption and authentication!
 
WLSAT Section 3
04 - Cracking 802.11 Encryption & Authentication.v7
© 2007 Institute for Network Professionals
 
1/12/11 2
www.inpnet.org • www.HOTLabs.org
 
LAB 4.1: LEAP Cracking- Asleap/Pre-Hashed DictionaryFile
The purpose of this lab is to learn how to break Encryption and Authenticationmethods used in securing wireless networks.WEP encryption used for confidentiality and integrity on a wireless LAN utilizesa weak implementation of RC4 encryption. The RC4 keys initialization vector’sgenerated by a WEP Network connection are weak and therefore able to becracked. In order to successfully crack WEP 800,000 to 1,000,000 WEPencrypted frames must be captured. In this lab you will capture and crack aWEP key.WPA-PSK uses a passphrase for authenticating wireless clients to the network.The WPA passphrase is an 8-63 ascii character text string that is used toauthenticate wireless users. The WPA passphrase is susceptible to a dictionaryattack and this lab will show you how to capture and crack a WPA key.LEAP authentication is a Cisco proprietary mechanism to allow users to connectto a wireless network using a username and a password. The username is sentin cleartext and the password is hashed to protect it in transit on the wirelessnetwork. The hashing of the password can be broken with a tool called Asleap.
Product InformationSource
Omnipeek PersonaL
Free
http://wildpackets.com
 
Asleaphttp://asleap.sourceforge.net/
 
Where, When, Why
You have already learned how to capture passwords, web traffic, emailcontent, and sniff open wireless networks. But most enterprise class wirelessLAN’s implement some form of encryption and authentication. Some of thosesecurity mechanisms are weak and therefore susceptible to attack. A wirelesspen tested must know how to identify those threats and know the susceptibilityof the network to attack. Also, it is necessary to be able to perform the cracksto illustrate to a customer the weaknesses of the wireless network security.
Requirements / Dependencies
 
Omnipeek Personal
 
Wireshark
 
Airpcap USB adapter
 
WLSAT Section 3
04 - Cracking 802.11 Encryption & Authentication.v7
© 2007 Institute for Network Professionals
 
1/12/11 3
www.inpnet.org • www.HOTLabs.org
 
 
Aircrack
 
Tamosoft Commview
 
Aireplay
 
Nokia N800 wireless client
 
CoWPAtty
 
Asleap
 
Large Dictionary file
Running an ASLEAP Crack against a LEAP Authentication
Step 1.
 
Prepare to Capture the LEAP authentication with
Omnipeek
.Step 2.
 
Instructor will tell you went to start the capture and on what
channel
.Step 3.
 
Start your capture to ‘catch’ the LEAP conversation.Step 4.
 
Save capture file
as a TCP Dump file.Step 5.
 
Open a
command prompt
.Step 6.
 
Change to the Asleap directory
.Step 7.
 
Run
 
Asleap
 
against the capture file using the pre hashed dictionary.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->