Ky Thuat Do Khoa WEP Cua Mang WiFi

8/4/2019 Ky Thuat Do Khoa WEP Cua Mang WiFi

1/20

K thut d kha WEP ca mng WiFi step by step

Hng trm v c th l hng nghn bi bo vit v cch tn cng WEP, nhng c bao nhiu ngi thc

s c th crackc WEP, nhng beginner thng nn lng vi nhng comand ca n v nhng loicard yu cu v nhng iu phc tp hn l khng wen vi mi trng linux. Trong phn ny chngti s hng dn tng bc cch hack WEP.

Bi c u tin s gip cc bn xy dng mt m hnh m phng v hng dn lt qua nhng phnca crack WEP, vic tip cn mt cch tiu chun ha v a dng m bn c th tp trung vonhng cng c crack WEP m khng b cn trbi nhng li hardware hay software.

Ton b qu trnh c lm vi nhng software c sn v khng yu cu nhng hardware c bit chmt vi ci laptop vi my ci card wireless l .Bi u tin s gip bn build mt ci lab v hng dn scanport ca crac wep, sau ht, cc bn cn

kim mt ci document tm hiu trc khi c th crack nBi hai s m t cch kch hot thng access point to ra traffic v qu trnh s l d liu sau khi capture, sau hai bi ny bn c th crackc wep key ri .Bi ba s gip chng ta cc skill bo mt nhm chng li s xm nhp vo wireless.Mc d WEP crack c th lm c trn cng mt laptop nhng l tng nht l bn nn lm trn haimy, mt my thc hin tn cng kch thch lung data lng data bt c trong mt thigian ngn, trong khi my kia s sniff hoc capture lung data do my u to ra.

Tht ra bn c th s dng trn mt my vi mt wireless card, nhng tui khuyn iu ny khng nnti thi im mi bt u, n thng bt gp nhng nhm ln trong nhng vic bn ang lm, v tuinhn ra rng nhng chng trnh audit thng hay gp mt cht khng n nh khi dng cch ny.

ch rng dng mt ci active attack v mt ci passive capture s lm tng chi thnh cng hn, vtng tc qu trnh crack bng cch n s gip sinh ra nhiu packet hn l mi trng bnh thng.v y l danh sch hardware cn thit c trong lab ca chng ta:


2/20

wireless accesspoint: s l ch ngm ca chng ta..hehe..loi no cng cmt laptop vi mt card wireless c th s dng c: y s l my target v khng quan trng cichipset ca thng wireless card. V n l my tha m..hhihihhai laptop c card wireless c chipset PRISM 2: mt vi chng trnh chng hn nh kismet c th htra dng cc loi wireless card, nhng tui khuyn l nn dng card c chipset c ni nh trn, bnc th s dng nhng loi external c antennaes th cng good, nhng khng c cng chng sao( its upto you).Trong khi crack WEP key phi c nhng tool hack ch..hihihiti y th cc bn tm trn mng nhaAuditor security collection CD, hay ra my shop bn software tm nha hoc xi thng BACK TRACKy l phin bn mi ca thng trn, link down ftp://mirror.switch.ch/mirror/backtrack/bt2final.isoVic set up ng nh lab ca chng ta th rt l quan trng, bi v bn mun iu khin c mitrng bn lm vic, bn cng nn nghti vic ngn accident khng th lng trc c ti nhngaccess point ca hng xm chng khng no, bi vi trong phn hai mt vi attack ca chng ta cth kick off my thng client ca access point hahah nguy him tht, mun i tip ch?

Bc u tin l phi config ci lab , mt target access point v ci thng laptop d tha mnh nitrn, ci access point c cu hnh security vi WEP key m chng ta s crack, security 64 bit, vnht SSID.Bn nn note li nhng ci bn va cu hnh sau ny cn i chng ch:

MAC address ca ACPSSIDCHANELKEY

Sau config thng laptop d tha, kt ni bnh thng ti thng accesspoint,nhng nhp c keyng hong nha.Sau ghi li ci MAC ca thng d tha ny.Ti y th mng WLAN ca mnh c configBy gishutdown thng d tha c ri:n y chc mnh phi nh ngha cho tng thng laptop thui,scc bn b nhm ln m

Mng lab: WLANThng d tha: target computerlaptopA:laptop Baccesspoint: target ACP

OK vo vic no: (i tip khng)( sc th i khng th ng ua nha)hiihiih n lc config laptopA v B m scan WLAN v sniff traffic tn cng ly lung trafficTrc tin l cho ci disk hack vo boot from cd (ko bt cc bn c bt lm ko nh) vo cmos chn firstl cd, nhl gn card wireless vo nhaSau khi iu chnh phn gii thch hp t auditor boot menu n s ci vo RAMV bn smn hnh nh th ny y:


3/20

hai biu tng quan trng s l program v commandline pha di bn tri mn hnh

trc khi tip tc lm bn nn chc rng wirelesscard gn vo ng v c config bng auditor:click vo biu tng command line ri wunh n.hihiihihIWCONFIG

Trong s nhng thng tin m auditor x ra hy ch thng s wlan0 vy l card c chipset PRISM based card v auditor detect c card mng ca bn ri , bn c th cu hnh tng t vilaptopB, xong ri shutdown hihiihiiihi, v bn s khng cn n cho n phn hai, ni m bn s hclm sao kick data ci traffic v s capture bng laptopA. bt u dng kismet ri ( chin u thui)y l cng c hu ch detect WLAN, ACPN cng capture traffic nhng c mt chng trnh hay hn l airodump mt phn ca aircrack,cng c rt tt trong cng vic crack WEP cho nn chng ta s dng v chc rng card wireless ang


4/20

lm hot ng scan wireless v capture traffic.Vo program icon, sau auditor- wireless scanner analyzer v cui cng l kismet

Thm vo scan mng wireless, kismet s capture d liu vo mt file sau ny phn tch, chonn kismet yu cu ni lu file c capture, click vo desktop v sau ok

Kismet cng yu cu mt ci prefix cho file c capture, thay tn mc nh bng capture.

Khi kismet hot ng n s lit k tt c cc mng wireless trong mt range, bao gm c target ACPbn setup, channel ( ging knh o h),di ct CH column, nhng ci m bn ghi lc ny ,check li xem ging ko?.Nu kismet lit k nhiu ACP gn ci lab ca bn, th nn chuyn ci lab y ra xa ci ACP ca ngi tamt t (ng ti ko mang ho..hihihi).


5/20

Trong khi kismet dang hot ng bn s thy s packet ang thay i cho tt c cc ACP bn phimn hnh.Kismet hin ra tng s networkc tm thy, s packet c capture v tng s packet cencrypted, thm ch c nhng target computer tt ngm i ri, th n cng c show ra nhngpacket t ACP ( v c khong vi giy thng ACP s pht ra n bo hiu v ni ( ly ng tui binyheheh).Kismet hot ng trong ch autofit nn s khng lit k y cc ACP theo th t ca n, nhn S

sort, y bn c th xc nh th t sort, n s d nhn hn khi ta sort n.Nhn C th ACP s theo channel

Kismet mc nh s nhy channel t 1 ti 11( hiphophihi) dng tr chut di chuyn highlight tiSSID ca bn v nhn L kissmet s kho ci channel ca SSID ,

bn s ch rng s packet ca nhng ACP c th vn tip tc tng, iu ny l bi v cc channel sgi ln nhau theo th t.


6/20

By gimt iu hp l l chng ta bit kissmet ang hot ng, chng ta s xem iu g s din ra khimy target computer trn mng bt u trao chuyn thng tin,bt u kt ni thng d tha vo mngtrong khi vn scan kismet, khi thng d tha boot vo window v kt ni vi ACP bn ch rng mtlng d liu c m ho nhanh chng c kissmet capture, bn s dng nhng gi ny attacktrong phn hai.Ti thi im ny bn bit cch cbn tip cn vi crack WEP, 1 ACP, 2 laptop sniff v attack

ang hot ng, v cng wen vi vic tm ng vo ca software trong disk auditor, dng kismet tm ra range wireless.Phn hai chng ta s dng laptop B kick ci WLAN sinh ra traffic v chng ta s capture v thc scrack. Cho n khi bn thc s quen vi vic dng kismet, ti WLAN v khm ph vi cng ckhc c trong disk auditor.

Phn hai:phn mt chng ta ch ra cch basic crack wep, config wlan v hai laptop sniff v attack.Trong phn ny chng ti s hng dn lm sao dng thm nhng cng c c trong auditor cd capture traffic v dng n crack wep, chng ti cng hng dn lm sao deauthentication ( chngthc li) v packetreplay kick WLAN sinh ra traffic l mt yu t chnh tit kim thi gian crack

Tuy nhin trc khi bt u, chng ta hy lm mt vi im cn ch m c th tit kim thi gian vkh nng s dng nhng chng trnh s dng thnh cng, bn cn c nhng cn bn v thut ng network v nhng yu t cn bn, bncng nn bit cch ping mng, open command prompt v nhp nhng command, cn bn v linux thcng tt.Nhng quy tc yu cu v hardware c bn vphn 1Mt mng WLAN v mt thng d tha kt ni vi ACPV iu quan trng trong m hnh lab ny l khng c truy cp vo nhng ACP ca ngi khc mkhng c sng ca chCng ch l iu ny c th thc hin trn ch mt laptop khng nht thit l hai my, nhng chor rng v trnh nhm ln chng ta nn s dng hai my laptop.

4 tool chnh dng trong phn ny l AIRODUMP, VOID11,AIRREPLAY V AIRCRACKu c trndisk auditor.AIRODUMP : scan mng wireless v capture packet vo mt ni no VOID11: s deauthenticatiom ( chng thc li) computer t ACP , s p t cho chng kt ni li viACP, to ARP request ( ly MAC)AIRREPLAY: tm ci ARP request ri gi li ti thng ACPAIRCRACK: s ly nhng file capture c to ra bi AIRODUMPphn1: bn s dng kismet ly nhng thng tin, by gihy ghi ra giy nhsau ny cn xi.MAC ca ACPMAC ca thng d tha


7/20

CHANNEL ang s dng ca ACPWEP KEY c set up trong ACPTrong i thc mt vi ngi mun break vo trong mng wireless thng thng ly nhng thng tin( MAC ca ACP , channel ca ACP, v target computer)Nhng iu ny gi l zero knowledge, nu nh k tn cng c tt c cc thng tin cn thit iu c gi l cuc tn cng full knowledge lc khng cn g l thch thc i vi h, chng ta ccho rng chng ta khng bt g ht v m t lm sao ly nhng thng tin cn thit.Tm MAC ca ACP th khng c g kh i vi chng ta vi vic xi thng kismet, hy lm tng tnhphn mt ti hng dn, ly c SSID, MAC, v CHANNEL ca ACP, vy l nhngzero knowledge c chuyn qua tt c cc thng tin cn thit chy crack WEP

c vi trng hp ngi ta s dng giu ci SSID khng cho broadcash ra ngoi nhm mc ch ngnchn mt s phn mm nhng i vi kismet th ng c nm m, n s lit k tt c nhng thng tinm n capture c.

Tm MAC ca client:Chng ta cn mt thng tin cui cng bt u qu trnh crack, MAC ca client kt ni vi ACP,quay lai kismet nhn Q quay li menu chnh, sau nhn shift + C lit k danh sch MAC caclient, MAC sc lit k bn khung bn tri


8/20

Nu nh bn khng thy MAC ca client th phi chc rng ci thng d tha kt ni ti ACP, nunh khng c th khng th thc hin cc bc tip theo, v lab ca chng ta cn c mt client ktni ti ACP.Capture d liu vi AIRODUMPKhng cn nhc n tc kinh khng ca n, nhng cng cn phi c packet lm vic trongqu trnh crack WEP, n c tc dng capture packet vo mt file sau ny phc v cho AIRCRACK,chng ta hy xem chng hot dng nh th no nh.Bn c th s dng laptop no cng c c, nhng trong lab ny chng ta s dng laptopA,Mairodump v g vo command sau:

Commands for setting up airodumpiwconfig wlan0 mode monitoriwconfig wlan0 channel THECHANNELNUMcd /ramdiskairodump wlan0 cap

Hy lu rng thay THECHANNELNUM=S CHANNEL m ACP bn ang xi/ramdisk l ni data b capture lunu nh gn ni bn c cc ACP khc nhng nu bn mun audit ci ACP ca bn, hy thm dnglnh nh sau cui command trnairodump wlan0 cap1 MACADDRESSOFAPiu ny s hng dn AIRODUMP ch lu nhng packet ca target ACPbn c th exit AIRODUMP bng cch nhn ctrl + C v nhn ls l s lit k ra cc file c lu v ch phn ui file l .cab nu capture thnh cng n s ch vi kb thiphn Ivs:

Trong khi AIRODUMP ang chy, bn s thy MAC ca ACP c lit ra BSSID phn bn tri, bncng thy packet count v Ivs count tng ln, y l iu thng din ra trong bt k traffic no thmch c khi bn khng ang lt web v nu nh bn duyt web hay email trn target computer th bns thy mc IVs tng ln, IVs l quan trng nht n quyt nh bn c th crackc hay khng,thng thng th thng s IVs trong khong 50.000 ti 200.000 cho 64bit v 200.000 ti 700.000 cho128 bit.Bn cng phi ch rng ch traffic bnh thng th IVs khng tng nhanh n c th mt mt gihay thm ch c ngy capture d liu cho vic crack thnh cng, nhng may thay chng ta c

mt cng c gip ta lm tng tc nyCch nhanh nht sinh ra nhiu packet l kick cho thng WLAN lun ch busy, chng ta c thth bng cch download file hoc ping t thng target ti mt a ch no Vd: ping t l 5000 (ip no )V ti y th VOID11 bt u vo cuc:VOID11 c dng deauthenticate gia target computer vi ACP, to ra traffic, target computers b kick off ra khi mng v tng kt ni li vi ACP, trong qu trnh kt ni li th traffic scsinh ra m capture


9/20

Bt u vi laptopB vi auditor cd c cho vo,sau mshell v nh vo lnh sau:

Commands for setting up a void11 deauth attackswitch-to-hostapcardctl ejectcardctl insertiwconfig wlan0 channel THECHANNELNUMiwpriv wlan0 hostapd 1iwconfig wlan0 mode master

void11_penetration -D -s MACOFSTATION -B MACOFAP wlan0Ch thay THECHANNELNUM = knh ang hot ng trn ACPMACOFSTATION l MAC ca target client v MACOFAP l MAC ca ACPTrong qu trnh chy c th VOID11 bo mt thng bo li nhng bn ng bn tm ( khng n nhmg ti ho bnh th gii c)Trong khi laptopB ang chy th chng ta hy xem iu g s xy ra trn my target computer nha,mng s t t chm xung thm ch ngng hn, v vi giy sau s b ngt lun ra khi mng ( c qu ha)Bn c th kim tra iu ny bng cch vn tip tc ping ti t target ti ACPy l trc khi chy VOID11 trn my laptopB

V trong khi chy VOID11,nu bn stop VOID11 th ping s tr li bnh thng


10/20

V bn c th check mt cch c th trn property ca card mng wireless trn target

V bn hy ch trn laptopA s IVs tng ln rt nhanh trong vi giy t 100 200, iu ny xy ra lv qu trnh kt ni li ca target v ACP

Packet repaly da vo AIRREPALYTrong khi deauthentiace sinh ra traffic, n thng khng tng tc qu trnh lm cho IVs ca chngta tng nhanh, tng hu hiu to ra traffic chng ta s dng ti mt cng c l replay attack,replay attack hot ng da vo packet bt c do target sinh ra, sau la client l n nhn cpacket v lp li packet mt cch thng xuyn hn bnh thng.Stop deauthenticate attack sau mAIRREPLAY ln s dng nhng capture file, l nhng ARPrequest

Chng ta hy bt u vi tnh trng clean, ngha l restar hai laptop A,B. v hy ch rng laptopA ch

chy AIRREPLAY vi mc ch kick traffic mng v IVs nhm tit kim thi gian crack v laptopBang s dng AIRODUMP, hay VOID11 v ang s dng AIRCRACK phc v cho vic crack davo nhng packet thu lm c


11/20

Trc tin chng ta hy khi ng AIREPLAY trn my laptopA v nhp vo cc command sau:Commands to set up aireplay to listen for an ARP packetswitch-to-wlanngcardctl eject

cardctl insertmonitor.wlan wlan0 THECHANNELNUMcd /ramdisk

aireplay -i wlan0 -b MACADDRESSOFAP -m 68 -n 68 -d ff:ff:ff:ff:ff:ff

Ch switch-to-wlanng v monitor .wlan l nhng ci c tch hp sn trong diskn gin hokhi nhp commandthay th THECHANNELNUM = s channel m bn tm thy c trong cc bc trcv MACADDRESSOFAP = MAC ca ACPno by giti my target computer bt n ln kt ni vi ACP sau sang my laptopB bt VOID11

v quan st, ta s thy rng tn hiu mng ca client t t gim xung v c khi mt hn, v bn cngthy rng AIREPLAY tng ln rt nhanh, thnh thong AIREPLAY thng bo mt packet tm c vhi bn c mun replay n khng


12/20

Bn s mun mt packet match nhng tiu chun sau: FromDS - 0 ToDS - 1 BSSID - MAC Address of the Target AP Source MAC - MAC Address of the Target computer

Destination MAC - FF:FF:FF:FF:FF:FF

Nhn ch n cho s khng ng v AIREPLAY s resume li v y xc nhn nu match nhng tiuchun trn AIREPLAY s chuyn t ch capture sang ch replay, ngay lp tc quay trlilaptopB v stop VOID11Capture packet da vo deauthenticate c xem l phn gian xo nht trong phn crack. Trong khi nto ra traffic, nng n to ra khng c nhiu lm trong qu trnh client reconnect ti ACP, capture cth phc tp hn tu thuc vo driver ca card v hiu hnh ca client , VOID11 c th d dng po thng client bng vi mt deauthen packet thm ch khng c thi gian reconnect li.Thnh thong bn c th may mn t nhng packet u nhng thnh thong bn cng phi i cho tipacket cn match

Trong command ca AIREPLAY mt tham s -d cho ch delayTi thi im ny th laptopA ang chy AIREPLAY c s IVs tm cho chng ta thc hin viccracking, stop VOID11 trn my laptop B v bt AIRODUMP ln, nh vo nhng command sau:Starting up airodump after stopping void11switch-to-wlanngcardctl ejectcardctl insertmonitor.wlan wlan0 THECHANNELNUMcd /ramdiskairodump wlan0 cap1


13/20

chc cc bn cng bit lm nh th no ri ng khng, ch c dng cui nu trong mng bn cnhiu mng wireless th bn hy g mt command ti cui dng lairodump wlan0 cap1 MACADDRESSOFAPchc lnh trn bn cng hiu phi khng no , mnh gii thch nhiu ri msau khi AIRODUMP khi ng bn s thy IVs tng ln rt nhanh khong 200 /s, cm n AIREPLAYtrn laptopAtrong khi AIRODUMP ang write IVs vo file ta hy bt u qu trnh chy AIRCRACK, ta c th chochy song song, mAIRCRACK v nhp command sau :Starting aircrackcd /ramdiskaircrack -f FUDGEFACTOR -m MACADDRESSOFAP -n WEPKEYLENGTH -q 3 cap*.caplu FUDGEFACTOR l mt s nguyn v mc nh l 2MACADDRESSOFAP = MAC ca ACPWEPKEYLENGTH c chc cc bn cng hiu l chiu di bit ca WEBKEY thng thng l 64 v128

bn c th thay s 2 bng mt s no ln hn nhng s lm qu trnh chm hn, nhng c kt quchc hn, n s give up nu nh khng tm thy 64 bit formatbn c th nhn ctrl + C stop v up arrow resart li lnh va ri ca AIRCRACK, n s updatepacket v tham s -p cho qu trnh multi process, thnh thong bn sc mn hnh nh sau:


14/20

chng ta hon tt qu trnh crack WEPKEY vi 64bit ch trong vng cha ti 5 pht bao gm qutrnh scan v crack vi AIRCRACK v kick traffic vi AIREPLAY ang chy, i khi bn c th crackkhi IVs ln n 25000 nhng hu ht l nn trn 100000 v 128 bit th cn hn na khong t 150000n 700000, c nhiu IVs th cng good cho vic crack, iu quan trng l bn phi in vo lenghkeym bn mun crack v khng c cng c no cung cp iu trong disk ny, nn bn nn th c hai64 v 128

V y l lenghkey 128 bit. Bn cng nn c mt my c cu hnh mnh c cpu v mt lng kh vRAM, bn cng c th tch ring qu trnh s l bng cch lu file capture vo mt my khc my khng cn phi kt ni vo mng ch cn chy AIRCRACK s l nhng packet m AIRODUMP lmv, hoc c th lu trn thit b USB, ch vic mcommand len v nhp command sau:

Saving capture files to USB flash drivemkdir /mnt/usbmount -t vfat /dev/uba1 /mnt/usb

copy /ramdisk/cap*.cap /mnt/usbumount /mnt/usb

Kt lun:bo mt bng wepkey khng phi l phuong php tt, wired equivalent privacy, chng ta nn s sngch bo mt cao hn l WPA2 WIFI PROTEC ACCESS version2

sau y l summary commad:Commands for setting up airodumpiwconfig wlan0 mode monitoriwconfig wlan0 channel THECHANNELNUM

cd /ramdiskairodump wlan0 capCommands for setting up a void11 deauth attack

switch-to-hostapcardctl ejectcardctl insertiwconfig wlan0 channel THECHANNELNUMiwpriv wlan0 hostapd 1iwconfig wlan0 mode master


15/20

void11_penetration -D -s MACOFSTATION -B MACOFAP wlan0Commands to set up aireplay to listen for an ARP packetswitch-to-wlanngcardctl ejectcardctl insertmonitor.wlan wlan0 THECHANNELNUMcd /ramdisk

aireplay -i wlan0 -b MACADDRESSOFAP -m 68 -n 68 -d ff:ff:ff:ff:ff:ffStarting up airodump after stopping void11switch-to-wlanngcardctl ejectcardctl insertmonitor.wlan wlan0 THECHANNELNUMcd /ramdiskairodump wlan0 cap1Starting aircrackcd /ramdiskaircrack -f FUDGEFACTOR -m MACADDRESSOFAP -n WEPKEYLENGTH -q 3 cap*.cap


16/20

D kha WEP ca mng WiFi v cch bo v

Friday, 20 June 2008 04:08Hin nay cng ngh mng ko dy wifi kh ph bin, c nhiu nis dng v tnh tin dng ca n, nhng bn cnh vn bo mtcho wifi cng gy nhc u cho ko t ngi, nht l ngi dng gianh & ko chuyn. Bi vit ny ti xin cp n kh nng d kho mho WEP (wep key) ca wifi v cc gii php phng chng.

Gii thiu chung v wifi v WEP.

WIFI WIreless FIdelity ( thut ng ny hin givn cn ang gytranh ci v n chng c ngha g c) l mt b giao thc cho thit b ko dy da trn chun 802.11xbao gm cc Access Point v cc thit bu cui ko dy nh pc card, usb card, wifi PDA kt nivi nhau. Wifi s dng nhiu chun m ho khc nhau nhm bo v trnh s truy cp tri php, v tnhc th ca kt ni ko dy l ko th gii hn v mt vt l truy cp n ng truyn, bt c ai trongvng ph sng u c th truy cp c, nn m ho l iu cn thit i vi ngi s dng cn sring t, an ton. Wifi hin nay c 3 kiu m ho chnh gm: WEP-Wired Equivalent Privacy , WPA-Wireless Protected Access v WPA2. WEP l kiu m ho ra i sm nht v c h trph binnht bi cc nh sx thit b wifi, a s thit b wifi u h trwep s dng kho m ho di t 40-128bits. Gn y nhiu ngi pht hin ra im yu trong phng thc m ho wep v a ra rtnhiu cng c crack. Tuy nhin cng ko th t b WEP ngay c v n c s dng ph bin tlu, ko phi nh sx thit b no cng kp chuyn sang h trcc kiu m ho khc vi cc thit b mh sx Vy im yu ca WEP l u ? Do wep s dng phng thc m ho dng (stream cipher),n cn 1 cchm bo hai gi tin-packet ging nhau sau khi c m ho s cho ra kt qu ko gingnhau nhm trnh s suy on ca hacker. Nhm t mc tiu trn, mt gi tr c tn IV (InitializationVector) c s dng cng thm vi kho ca ta a vo, to ra kho khc nhau sau mi ln m hod liu. IV l gi tr c di 24 bit c thay i ngu nhin theo tng gi d liu, v vy thc t wepkey chng ta c chnh ch cn 40bits vi kiu m ho 64bits v 104bit vi kiu 128bit trong cc

AP(access point), v 24bit c dnh cho vic to cc IV ny(cc bn th xem, khi nhp mt mtrong AP nu chn m ho 64bit ta ch c th nhp c 5 k t nu chn mt m kiu string, hay 10k t nu chn kiu hexa, tng ng vi 40bit). Do khi thit b gi to ra IV 1 cch ngu nhin nnbt buc phi c gi n thit b nhn dng ko m ho trong header ca gi tin, thit b nhn s sdng IV & kho gii m phn cn li ca gi d liu. IV chnh l im yu trong m hnh m hoWEP, v di ca IV l 24bits nn gi tr ca IV khong hn 16 triu trng hp, nu cracker bt gi 1 s lng packet no th hon ton c th phn tch cc IV ny on ra kho-key m nnnhn ang s dng. Phn tip sau y ti s m t m hnh mng wifi th nghim v cch thc d rakho m.

M hnh thnghim v cch d.

M hnh th nghim ti gi lp l 1 mng wifi ging thc t bao gm 1 AP hiu DLink DI524 & 1 mytnh c card wifi, c gi l AP & client mc tiu, s dng kiu m ha WEP 64bits vi mt khul 1a2b3c4d5e dng hex (xem hnh 1).
http://www.wirelessvn.com/index.php/wireless-security/49-bao-mat-mang-khong-day/218-do-khoa-wep-cua-mang-wifi-va-cach-bao-vehttp://www.wirelessvn.com/index.php/wireless-security/49-bao-mat-mang-khong-day/218-do-khoa-wep-cua-mang-wifi-va-cach-bao-vehttp://www.wirelessvn.com/index.php/wireless-security/49-bao-mat-mang-khong-day/218-do-khoa-wep-cua-mang-wifi-va-cach-bao-vehttp://www.wirelessvn.com/index.php/wireless-security/49-bao-mat-mang-khong-day/218-do-khoa-wep-cua-mang-wifi-va-cach-bao-vehttp://www.wirelessvn.com/index.php/wireless-security/49-bao-mat-mang-khong-day/218-do-khoa-wep-cua-mang-wifi-va-cach-bao-vehttp://www.wirelessvn.com/index.php/wireless-security/49-bao-mat-mang-khong-day/218-do-khoa-wep-cua-mang-wifi-va-cach-bao-vehttp://www.wirelessvn.com/index.php/wireless-security/49-bao-mat-mang-khong-day/218-do-khoa-wep-cua-mang-wifi-va-cach-bao-vehttp://www.wirelessvn.com/index.php/wireless-security/49-bao-mat-mang-khong-day/218-do-khoa-wep-cua-mang-wifi-va-cach-bao-vehttp://www.wirelessvn.com/index.php/wireless-security/49-bao-mat-mang-khong-day/218-do-khoa-wep-cua-mang-wifi-va-cach-bao-ve


17/20

Hnh 1: Giao din Setup ca AP thnghim.

Cng c crack ti dng bao gm b chng trnh phn mm Aircrack 2.4 chy trn linux, netstumbler,kismet, a live cd linux, 1 my laptop c 2 card wifi adapter hoc 2 my tnh mi my 1 card tngthch vi aircrack.

Nh ngi ta thng ni: bit ngi bit ta trm trn trm thng, crack mng wifi mc tiu, u tinta phi bit r mi thng tin v mc tiu nh chnh ch nhn ca n vy (tt nhin ch c kha m lcha bit thi. Th nhng thng tin cn bit l g ?, l :

- SSID hoc ESSID (Service Set IDentifier -hiu nm na l tn nhn din ca mng, ging nh tnworkgroup ca mng LAN ngang hng vy), m hnh th nghim ny ti t tn l thunghiem.- Knh channel ca mng, y ti l knh 11.- Kiu m ha, y l WEP 64 bit.- a chMAC address ca AP & MAC card ca my mc tiu.

Vy dng ci g thu thp nhng thng tin ny ?. l dng NetStumbler (xem hnh 2) chy trnwindows hoc Kismet trn linux, netstumbler ko xem c MAC ca client mc tiu nn ta dngkismet or chng trnh airodump trong b cng c aircrack thu thp.

Hnh 2: Dng netstumblerthu thp thng tin.


18/20

Sau khi thu thp thng tin v mc tiu, ta tin hnh s dng b aircrack. Aircrack l b cng cngun mchy trn linux dng d tm kha m WEP/WPA rt mnh c pht trin bi ChristopheDevine, c rt nhiu cng c tng t nhng aircrackc a thch hn c v mnh & d dng, tuynhin n cng h trkh t loi chipset wifi. B aircrack c 3 cng c chnh ta s dng l:

- aireplay dng bm-injection lm pht sinh thm d liu lu thng trong mng mc tiu, i vinhng mng c qu t d liu lu thng mng ta phi dng n lm gim thi gian chi bt gi

s packet phc v cho vic d tm kha. (hnh v d 3)

Hnh 3: deauth client, gi dng ARP & bm dliu tng lu thng mng

- airodump dng monitor v capture-bt gi packet m AP pht ra, lu li thnh file capture.(hnh4)

Hnh 4: bt cc gi dliu, di ct station l a chMAC ca client- aircrack dngc filecapture v d tm kha.(hnh 5)


19/20

Hnh 5: d tm kha bng aircrack, chc 1s l ra !!!

Ti s ko ghi c th cc dng lnh & tham s ra y v ta c th dng tham s help h bit c phpc th. Nhng u tin ta phi a 2 card wifi ca chng ta qua ch monitor mode, xem help calnh ifconfig & iwconfig bit cch lm.V mng th nghim ca ti c qu t lu thng mng nn ti s dng aireplay bm cc gi tin ti AP.i khi cch hot ng ca aireplay l gi cc gi tin deauthentication n AP lm cho AP mt ktni, client ra khi mng (nhiu ngi thng dng cch ny quy ph my qun caf wifi),client s phi gi cc yu cu ARP request kt ni li vi AP. Sau ta chy aireplay vi tham skhc cng vi /c MAC ca client bit gi dng gi cc ARP request ny lin tc ti AP, lm choAP tr li cc yu cu ny. Trong lc chy aireplay, ta chy airodump bt gi cc gi tin tr li tAP c cha IV (lu aireplay & airodump phi chy trn 2 card khc nhau, ko c cng 1 card). Saukhi chy airodump, theo di mn hnh ta s thy s IV ct #Data s tng nhanh chng cng vi stng packet ct Beacons nu ta chy aireplay bm d liu.Ti liu c ni rng phi cn bt khong di 500 ngn IV gii m kha 64bit & t 500 ngn IV trln gii m kha 128bit, thc ty ti ch cn hn 300k IV l thnh cng. Khi thy airodump capture c kha kh, ta c n chy tip v m1 ca s console khc v chy aircrackccc IV t file m airodump lu d tm kha, tin trnh ny rt nhanh thng ko mt qu 5s vimy P4 Mobile ca ti. Tng thi gian bm d liu & d tm kha ko qu 1 ting, kh n tng phiko ?!.Ngoi ra cng c ny cn c th d c c kha m ha bng WPA, 1 phng thc an ton v mnhhn WEP nhiu. Do thi gian c hn nn ti ko trnh by trong bi vit ny.

Cc phng php bo mt cho mng WiFi.

Phn ny ti s trnh by cc cch bo mt cho mng wifi, phn tch cc mt u nhc ca tng cch,t cch n gin n phc tp, tuy nhin ai cng c th t lm c ht. Chng ta c th p dng ringl tng cch hay kt hp nhiu cch li u c.

- Tt access point: khi xi xong or ko c nhu cu s dng mng na th ta c th tt in n i. Cchny nghe c v cc oan & bun ci nhng li l cch hiu qu 100%.- Tt ch SSID Broadcast: a s cc AP u cho php ta tt ch ny, n lm cho tin ch wireless


20/20

vy n cng ko ngn c 1 s ct scan mnh khc nh Kismet- Lc a ch MAC: AP u c tnh nng lc MAC ca cc client kt ni vo, c 2 cch lc l ch chophp v ch cm /c MAC no . Cch ny vn ko ngn c nhng cao th tm cch bit c /cMAC cc client trong mng ca ta & d dng gi dng chng thng qua thay i /c MAC ca cardmng wifi.- M ha: WEP, WPA/WPA2 l nhng kiu m ha thng dng trong cc AP, nu AP ca bn ch htrWEP th hy xi key di nht c th (thng l 128bit), nu c h trWPA th xi key ti thiu

128bit or 256bit. a phn cc AP c support WPA u xi kiu WPA-PSK (pre-shared key hocpassphare key), WPA2 m ha th an ton hn na nhng phi cn thm 1 server Radius nhm mcch xc thc. Chng ta nn t kha cng phc tp cng tt(bao gm k t hoa thng, s & k tcbit kt hp li), ko nn dng nhng t c ngha hay c trong tin, v cracker vn d c m khaWPA khi dng tin d theo kiu brute force attack. Dng cch ny s lm gim tc ng truyngia AP & client v cc thit b s mt nhiu nng lc gii/m ha kiu phc tp ny.- Dng cc kiu xc thc ngi dng, tng la, m ha d liu trn a & tp tin: cc cch ny s kongn c ngi khc d ra kha m ha wep/wpa. Nhng n ngn h ko xem cng nh can thip vc nhng d liu ang lu thng & ti nguyn trn mng ca chng ta.

Li kt.

Qua bi vit ny, chng ta thy 1 cch tng i tng qut v vn bo mt ca mng ko dy hinnay. Chng ta ko th t b hon ton c WEP v hin girt nhiu thit b wifi h trtt cho n. Ncng bc l kh nhiu im yu d b khai thc. Nhng cng ko phi l thm ha g nu chng tabit cch s dng kt hp 1 vi cch phng th ph hp cho mng wifi ca chng ta.Vi bi vit ny ti mun gip mi ngi hiu thm v bo mt mng wifi. Ti s ko chu trch nhimv bt ciu g xy ra nu c ai s dng nhng thng tin trong bi ny vo mc ch ko tt khc,cng nh s ko tr li bt c cu hi no lin quan ti d tm key.

Ky Thuat Do Khoa WEP Cua Mang WiFi

Documents

Transcript of Ky Thuat Do Khoa WEP Cua Mang WiFi