Yes Portable Penetrator Software Suite finds the WEP key fast.
It can take anywhere from 10 minutes to a few hours depending on Signal strength, router brand and how many users connected.
How to audit WEP Encryption on networks.
Penetration testing of wireless networks incorporates many of the same methodologies used for penetration testing of individual systems. Information gathering, footprinting, enumeration, assessment, and exploitation are all important aspects of penetration testing and apply in wireless penetration testing just as they do in other aspects of this profession. Our approach and the tools that we discuss will follow this methodology. The first step in wireless penetration testing is to find your target. There are a number of tools that can be used for this and we'll discuss some in the Open source tools section of this chapter. After locating the target network, you will then need to determine the level of security used by the network and develop an approach to compromising it.
For example, you can use certain utilities such as Mac changer to easily change your system's Media Access Control (MAC) address and bypass low-level security measures such as MAC address filtering. Other tools can allow you to determine the type of encryption your target network is using and capture any clear-text information that may be beneficial to you during your penetration test. Once you have determined the type of encryption in place, several different tools provide the capability to crack different encryption mechanisms. The venerable air crack-ng suite (most notably air dump-ng, airplay-ng, and fair crack-ng) allows you to capture traffic, re-inject traffic, and crack Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) keys; and with the recent addition of the aircrack-ptw attack, cracking WEP is significantly faster. CoWPAtty performs offline dictionary attacks against WPA-PSK networks. Exploiting the time/memory trade-off by using pre made hash tables (or creating them with the genpmk tool) provides faster WPA cracking on the order of three magnitudes.
The astute penetration tester should also consider Bluetooth as a legitimate wireless attack vector, especially for information-gathering purposes. In that vein, there are a number of tools such as btscanner, bluesnarfer, and bluebugger to extract information from vulnerable Bluetooth devices. This Bluetooth wireless attack option is often forgotten as people tend to focus on the more traditional 802.11 wireless networks.
Before beginning a penetration test against a wireless network, it is important to understand the vulnerabilities associated with Wireless Local Area Networks (WLANs). The 802.11 standard was developed as an "open" standard; in other words, when the standard was written, ease of accessibility and connection were the primary goals. Security was not a primary concern, and security mechanisms were developed almost as an afterthought. When security isn't engineered into a solution from the ground up, the security solutions have historically been less than optimal. When this happens, multiple security mechanisms are often developed, none of which offers a robust solution.
This is very much the case with wireless networks as well. The 802.15.1 standard (based on Bluetooth technology) was developed as a cable replacement technology for the exchange of information between wireless personal area networks (PANs), specifically relating to devices such as mobile phones, laptops, peripherals, and headsets. Although security was a justifiable concern when developing the standard, vulnerabilities are still associated with Bluetooth devices.
Due to WEP´s vulnerabilities, many public tools have been developed to crack it. Airsnort is one of the most famous WEP cracking tool available in the market. By displaying an intuitive human-machine interface, Airsnort is very convenient for people to use to discover networks and crack WEP. Besides cracking WEP, Airsnort can also be used to dump wireless packets and to save them as pcap-format files. Wepcrack is another program to crack WEP. It uses theoretical attacks into practice, wepcrack consists of a collection of Perl scripts such as WEPcrack.pl. It can collect packets with initialization vectors and save the weak Ivs in a log file called Ivfile log. Then attackers can simple use the following command to crack WEP protocol. WEP tools is another program in this series. Basically all of them do the same, crack the lock and find the WEP key.
|➤ Related pages|
Powerful UTM Firewall, Vulnerability Scanner, WiFi Penetration Testing software
SecPoint is specialized to deliver the best IT security solutions and products.