Jump to content

Retrive WEP or WPA key from client


Recommended Posts

Sorry if someone already posted this, im at school right now so i am unable to check.

But i was wondering if it is possible to recieve the WEP or WPA key from a client trying to connect to the fon.

Currently i believe only open networks try and connect to karma on the fon.

Link to comment
Share on other sites

Does anyone know why non-open networks dont try to connect to the fon. My under standing is that the computer sends out a request looking for the SSID of the last network it was connected to and the fon replys that it is that network. So if its looking for a non-open network shouldnt the fon say that its the network and then the computer sends its key to authenticate. So couldnt the fon just say the key is correct the same way it said the SSID is correct.

I could be and probaly am compleatly wrong. But if my understsanding is correct it shouldnt be all that hard to make non-open networks connect.

Link to comment
Share on other sites

Does anyone know why non-open networks dont try to connect to the fon. My under standing is that the computer sends out a request looking for the SSID of the last network it was connected to and the fon replys that it is that network. So if its looking for a non-open network shouldnt the fon say that its the network and then the computer sends its key to authenticate. So couldnt the fon just say the key is correct the same way it said the SSID is correct.

I could be and probaly am compleatly wrong. But if my understsanding is correct it shouldnt be all that hard to make non-open networks connect.

WEP is broken to the point where it'd just be faster to crack the key using traffic from the AP, instead of trying to get it from the client (though it is not impossible to get WEP keys from a client).

Basically why this does not work for WPA is because of PSK (Pre-Shared Key). A request to connect to a network using WPA is encrypted using this key. Since the fon will not have the matching encryption key it will not understand the request (it just looks like random data), and not respond. Also the actual encryption key itself is never sent across the network, (PSK again) the computer is assuming the AP already has the key, so there is no need to send it, this is how passwords and PSK-encryption differ. When a client connects it preforms a "handshake" (similar to TCP/IP) from which a key can be found, however this process is very slow if the AP has a good password (several hundred million years slow).

Link to comment
Share on other sites

Spot on, and WEP is the same, the traffic is encrypted by (after some processing) by the password so Jasager can't pretend to be an encrypted AP.

You could look at the caffe latte attack to recover a WEP key from a client.

http://www.airtightnetworks.com/home/resou...affe-latte.html

If anyone wants to try to implement it let me know, I'd be happy to offer suggestions and I know some of the AirTight team so may be able to get any extra info if needed.

Link to comment
Share on other sites

That would work if you could get onto the box of the victim.

...and at that point the game is already over. They have much bigger problems if you have physical access to the computer, and can run executables. The tool linked to above by X3N retrieves keys from the client's registry and is run locally, see the usb-switchblade for more info on how to sneakily run this.

Link to comment
Share on other sites

yeah the reason i posted that is because of the title of the topic being "Retrive WEP or WPA key from client" the only way to do that is to have physical access to the machine.

Now if the title really means "how to crack wep or wpa" then that makes more sense in relation to what everyone is talking about here.

The use of the English language is a valuable skill to learn. If you are trying to communicate on an English message board.

Link to comment
Share on other sites

yeah the reason i posted that is because of the title of the topic being "Retrive WEP or WPA key from client" the only way to do that is to have physical access to the machine.

Now if the title really means "how to crack wep or wpa" then that makes more sense in relation to what everyone is talking about here.

The use of the English language is a valuable skill to learn. If you are trying to communicate on an English message board.

um this is the jasager forums and the OP makes complete since in relation to jasager.

"Sorry if someone already posted this, im at school right now so i am unable to check.

But i was wondering if it is possible to recieve the WEP or WPA key from a client trying to connect to the fon. "

no where in here is it asking for a windows utility (fon is running linux if you didnt know) or how to crack wep/wpa but if its possible to retrieve the key as the client is trying to access associate with jasager.

Link to comment
Share on other sites

yeah the reason i posted that is because of the title of the topic being "Retrive WEP or WPA key from client" the only way to do that is to have physical access to the machine.

Wrong.

It is possible to retrieve WEP keys from a machine over the wire, see my earlier post about caffe latte.

Now if the title really means "how to crack wep or wpa" then that makes more sense in relation to what everyone is talking about here.

The use of the English language is a valuable skill to learn. If you are trying to communicate on an English message board.

I agree with iyeman, the question was is it possible to retrieve WEP/WPA keys using Jasager and the answer is currently not but it is possible to build a caffe latte attack into it to make it do it.

Link to comment
Share on other sites

um this is the jasager forums and the OP makes complete since in relation to jasager.

"Sorry if someone already posted this, im at school right now so i am unable to check.

But i was wondering if it is possible to recieve the WEP or WPA key from a client trying to connect to the fon. "

no where in here is it asking for a windows utility (fon is running linux if you didnt know) or how to crack wep/wpa but if its possible to retrieve the key as the client is trying to access associate with jasager.

WEP and WPA keys are transmitted as an encrypted hash you can intercept a hash but cracking it is another story.

Your probably misunderstanding the way wireless sniffing works. The only information you could gather is the hash if the hash isn't correct then it wouldn't connect.

The reason a client would be able to connect to the fon is if it connected with no password.

the wireless passphrase is stored on the clients computer and on the device its connecting to. So the only way to "receive" or "retrieve" the passphrase is to compromise either the client or the original host access point.

and i did read up on the caffe latte attack and its pretty much still faster to crack WEP the old fashioned way. The process works in a similar way but instead of using RF packets it uses ARP packets.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...