среда, 13 октября 2010 г.

Pentoo Linux: WEP key found!


Pentoo Linux: WEP key found!, originally uploaded by v.plessky.

Next try was Pentoo Linux. I downloaded it and wrote it to bootable USB Flash stick.
It is bigger in size comparing to Slitaz Linux (682MB downloadable ISO image), but has better support for modern graphics adapters, and more tools packaged.
Latest version Pentoo 2009.0 final has kernel 2.6.31.6 and "wifi stack 2.6.32_rc7 with injection and fragmentation patches".

Pentoo Linux, variation of Gentoo Linux, is USB stick bootable version of Linux, which is easy to use for security assessment.
Many people do not realize how insecure is their Wireless connection. In most cases they think that putting "some" security is enough. And that's WEP.

You can see on screenshot above that it took just 3 min. 58 seconds to crack WEP key!
And this was done using old, aged laptop with rather weak built-in wireless adapter.

To get things running, you need to enable (start) networking manually. This was probably the most complex task in my test, as networking in Pentoo/Gentoo is different from Fedora/OpenSUSE/Mandriva, and you won't find here NetworkManager or DrakNet.

Than I followed instructions on Aircrack Simple WEP crack page.

Setup for Wireless Access Point
Hardware (Access Point): ASUS WL-500G Premium v1, 802.11g/54Mbps, flashed with DD-Wrt v24-sp2 (10/10/09) mega. You can check Mac address

In fact, it's irrelevant what brand of AP or Wireless Router you have.
If you selected WEP for "securing your wireless connection", than you are vulnerable.
I just gave detailed description of hardware used, as some people may be curious about that.

Wireless client (Station): ASUS notebook. According to OUI Search, adapter has been made by AzureWave Technologies.

All equipment is mine, Router (AP) was located 1.5 m from Wireless Client during my tests.

PROTECT YOURSELF, DON'T USE WEP ENCRYPTION!
USE WPA-PSK or BETTER WPA2-PSK!

Комментариев нет: