PoyBoy Posted May 23, 2006 Share Posted May 23, 2006 It would be really nice if some kind soul could explain the two and what they are used for. Also, my friend got a wireless router, upgraded from wired, and he kept telling me that because he used a 64-bit (hehe) WEP encryption, that I wouldn't be able to crack it. My plan is that next time I go over to his house, and spend the night, or something, I was going to bring a cheap laptop with my wifi card (usb, if it makes any difference) and plug it in someplace inconspicuous and let it run. Only problem is, I lack the understanding of the above tools to properly audit trafic running through a network. The other problem is that I believe his main computer, which is the only one besides a nintendo DS, is wired directly to the router. Is there a way around this to allow snooping? Maybe plugging the laptop into the router also? Also, One more question: are the WEP keys stored locally on a machine? I have no idea. Any help would be apreciated!!!! ***post if you need more info on something!!!*** -PoyBoy the hacking unenlightened (as of yet!!) Quote Link to comment Share on other sites More sharing options...
sentinel Posted May 23, 2006 Share Posted May 23, 2006 First off I'd like to thank you for asking intelligent, coherant questions. :) We don't see enough of that around here. You asked a lot of questions, so I'm only going to touch on a few and let someone else fill in the blanks. Ethereal is a tool for grabbing data as it flows through the network. http://en.wikipedia.org/wiki/Ethereal Cain & Abel is an easy to use program which combines many different security and password-related tools. http://www.oxid.it/cain.html There are tutorials for both all around the web. Search google and watch Hak.5 episodes 3 & 4. (I think it was those) As you may know, a WEP key (especially only 64-bit) is very insecure. It's very possible that a skilled individual could crack it in a matter of a few minutes. (if you want more information relating to this, go to http://grc.com/securitynow.htm and listen to the shows from the beginning. 10, 11, and 13 are specifically related) You probably won't be able to snoop traffic from a computer if it's wired in. Security Now ep.10 explains this more. (and it's mentioned in 15, 16, 29, and probably others) WEP keys are in fact stored on the computer. Cain & Abel could be used to retrieve them as they are normally hidden. Obviously, a computer that is plugged in to the router will not need this key and will not have it. And you can't run C&A on a DS ;) It is possible to run Cain off of one of those USB flash drives so maybe that would work if you have a few minutes of access to a computer of his that's wireless, but don't want to install anything. As far as actually cracking the WEP key (without touching his computers), that's very possible, but can be hard if you don't have the experience and are still learning. Download this episode to get an idea of what it involves: http://stashbox.fromtheshadows.tv/download.php?b=3.0 I hope that helps a bit. EDIT: w00t! 100th post!! :) Quote Link to comment Share on other sites More sharing options...
VaKo Posted May 23, 2006 Share Posted May 23, 2006 Don't forget social enginering, its an often overlooked part of hacking. Quote Link to comment Share on other sites More sharing options...
PoyBoy Posted May 23, 2006 Author Share Posted May 23, 2006 thanks for the great responses!! I'll have to see/hear the episodes you mentioned!!! Quote Link to comment Share on other sites More sharing options...
G0053 Posted May 25, 2006 Share Posted May 25, 2006 also for wep cracking this is what tought me to do. i just like the deuath attacks on wifi areas Quote Link to comment Share on other sites More sharing options...
sentinel Posted May 25, 2006 Share Posted May 25, 2006 also for wep cracking thisis what tought me to do. i just like the deuath attacks on wifi areas Yeah, pretty great article. The guy who wrote it shows you how to do parts of it in that FromTheShadows episode I pointed out.I also noticed this one on digg today. Quote Link to comment Share on other sites More sharing options...
programertobe Posted May 26, 2006 Share Posted May 26, 2006 my school uses Ethereal for packet sniffing. Is this legal? Quote Link to comment Share on other sites More sharing options...
Sparda Posted May 26, 2006 Share Posted May 26, 2006 errrm... yes... Quote Link to comment Share on other sites More sharing options...
TheZ Posted May 26, 2006 Share Posted May 26, 2006 When you are at school you sign all of your privacy away :D plus it is there network :) Quote Link to comment Share on other sites More sharing options...
Sparda Posted May 26, 2006 Share Posted May 26, 2006 I would not concern your self about this however, in my experiance schools higher people with Microsoft certificates to maintain there network, these kind of people don't know what a TCP or UDP packet is... alot of the time... Quote Link to comment Share on other sites More sharing options...
cooper Posted May 26, 2006 Share Posted May 26, 2006 I'd also say you don't have a lot to worry about, but for a rather different reason: Do you have ANY IDEA how much traffic goes across a school network on a daily basis? They only way they're gonna find out you're messing about is if you go ouot of your way to stand out in the traffic, or if they were already keeping an eye on you in the first place. I also don't know many schools who can afford to have their admins keep an eye on the students. They're WAY too busy keeping the systems running and pached up, installing and testing new software, administerring the network and what have you. Quote Link to comment Share on other sites More sharing options...
degoba Posted May 26, 2006 Share Posted May 26, 2006 First off I'd like to thank you for asking intelligent, coherant questions. :) We don't see enough of that around here.You asked a lot of questions, so I'm only going to touch on a few and let someone else fill in the blanks. Ethereal is a tool for grabbing data as it flows through the network. http://en.wikipedia.org/wiki/Ethereal Cain & Abel is an easy to use program which combines many different security and password-related tools. http://www.oxid.it/cain.html There are tutorials for both all around the web. Search google and watch Hak.5 episodes 3 & 4. (I think it was those) As you may know, a WEP key (especially only 64-bit) is very insecure. It's very possible that a skilled individual could crack it in a matter of a few minutes. (if you want more information relating to this, go to http://grc.com/securitynow.htm and listen to the shows from the beginning. 10, 11, and 13 are specifically related) You probably won't be able to snoop traffic from a computer if it's wired in. Security Now ep.10 explains this more. (and it's mentioned in 15, 16, 29, and probably others) WEP keys are in fact stored on the computer. Cain & Abel could be used to retrieve them as they are normally hidden. Obviously, a computer that is plugged in to the router will not need this key and will not have it. And you can't run C&A on a DS ;) It is possible to run Cain off of one of those USB flash drives so maybe that would work if you have a few minutes of access to a computer of his that's wireless, but don't want to install anything. As far as actually cracking the WEP key (without touching his computers), that's very possible, but can be hard if you don't have the experience and are still learning. Download this episode to get an idea of what it involves: http://stashbox.fromtheshadows.tv/download.php?b=3.0 I hope that helps a bit. EDIT: w00t! 100th post!! :) Ethereal is so much more than that. Quote Link to comment Share on other sites More sharing options...
sentinel Posted May 26, 2006 Share Posted May 26, 2006 Ethereal is so much more than that.True, good point. I was trying to over-simplify it. ;) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.