63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

Embed Size (px)

Citation preview

  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    1/20

    K thut d kha WEP ca mng WiFi step by step

    Thursday, 22. May 2008, 08:14:00

    Hack

    Hng trm v c th l hng nghn bi bo vit v cch tn cng WEP, nhng c bao nhiu ngi thc

    s c th crack c WEP, nhng beginner thng nn lng vi nhng comand ca n v nhng loicard yu cu v nhng iu phc tp hn l khng wen vi mi trng linux. Trong phn ny chng tis hng dn tng bc cch hack WEP.

    Bi c u tin s gip cc bn xy dng mt m hnh m phng v hng dn lt qua nhng phnca crack WEP, vic tip cn mt cch tiu chun ha v a dng m bn c th tp trung vo nhngcng c crack WEP m khng b cn tr bi nhng li hardware hay software.

    Ton b qu trnh c lm vi nhng software c sn v khng yu cu nhng hardware c bit chmt vi ci laptop vi my ci card wireless l .Bi u tin s gip bn build mt ci lab v hng dn scanport ca crac wep, sau ht, cc bn cn

    kim mt ci document tm hiu trc khi c th crack nBi hai s m t cch kch hot thng access point to ra traffic v qu trnh s l d liu sau khi capture, sau hai bi ny bn c th crack c wep key ri .Bi ba s gip chng ta cc skill bo mt nhm chng li s xm nhp vo wireless.Mc d WEP crack c th lm c trn cng mt laptop nhng l tng nht l bn nn lm trn haimy, mt my thc hin tn cng kch thch lung data lng data bt c trong mt thigian ngn, trong khi my kia s sniff hoc capture lung data do my u to ra.

    Tht ra bn c th s dng trn mt my vi mt wireless card, nhng tui khuyn iu ny khng nnti thi im mi bt u, n thng bt gp nhng nhm ln trong nhng vic bn ang lm, v tuinhn ra rng nhng chng trnh audit thng hay gp mt cht khng n nh khi dng cch ny.

    ch rng dng mt ci active attack v mt ci passive capture s lm tng c hi thnh cng hn, vtng tc qu trnh crack bng cch n s gip sinh ra nhiu packet hn l mi trng bnh thng.v y l danh sch hardware cn thit c trong lab ca chng ta:

    http://my.opera.com/thuynt/blog/index.dml/tag/Hackhttp://my.opera.com/thuynt/blog/index.dml/tag/Hack
  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    2/20

    wireless accesspoint: s l ch ngm ca chng ta..hehe..loi no cng cmt laptop vi mt card wireless c th s dng c: y s l my target v khng quan trng cichipset ca thng wireless card. V n l my tha m..hhihihhai laptop c card wireless c chipset PRISM 2: mt vi chng trnh chng hn nh kismet c th htr a dng cc loi wireless card, nhng tui khuyn l nn dng card c chipset c ni nh trn, bnc th s dng nhng loi external c antennaes th cng good, nhng khng c cng chng sao( its upto you).

    Trong khi crack WEP key phi c nhng tool hack ch..hihihiti y th cc bn tm trn mng nhaAuditor security collection CD, hay ra my shop bn software tm nha hoc xi thng BACK TRACKy l phin bn mi ca thng trn, link down ftp://mirror.switch.ch/mirror/backtrack/bt2final.isoVic set up ng nh lab ca chng ta th rt l quan trng, bi v bn mun iu khin c mitrng bn lm vic, bn cng nn ngh ti vic ngn accident khng th lng trc c ti nhngaccess point ca hng xm ch ng khng no, bi vi trong phn hai mt vi attack ca chng ta cth kick off my thng client ca access point hahah nguy him tht, mun i tip ch?

    Bc u tin l phi config ci lab , mt target access point v ci thng laptop d tha mnh ni trn, ci access point c cu hnh security vi WEP key m chng ta s crack, security 64 bit, vnh t SSID.Bn nn note li nhng ci bn va cu hnh sau ny cn i chng ch:

    MAC address ca ACPSSIDCHANELKEY

    Sau config thng laptop d tha, kt ni bnh thng ti thng accesspoint,nh ng nhp c keyng hong nha.Sau ghi li ci MAC ca thng d tha ny.Ti y th mng WLAN ca mnh c configBy gi shutdown thng d tha c ri:n y chc mnh phi nh ngha cho tng thng laptop thui,s cc bn b nhm ln m

    Mng lab: WLANThng d tha: target computerlaptopA:laptop Baccesspoint: target ACP

    OK vo vic no: (i tip khng)( sc th i khng th ng ua nha)hiihiih n lc config laptopA v B m scan WLAN v sniff traffic tn cng ly lung trafficTrc tin l cho ci disk hack vo boot from cd (ko bt cc bn c bt lm ko nh) vo cmos chn firstl cd, nh l gn card wireless vo nhaSau khi iu chnh phn gii thch hp t auditor boot menu n s ci vo RAMV bn s mn hnh nh th ny y:

  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    3/20

    hai biu tng quan trng s l program v commandline pha di bn tri mn hnh

    trc khi tip tc lm bn nn chc rng wirelesscard gn vo ng v c config bng auditor:click vo biu tng command line ri wunh n.hihiihihIWCONFIG

    Trong s nhng thng tin m auditor x ra hy ch thng s wlan0 vy l card c chipset PRISM based card v auditor detect c card mng ca bn ri , bn c th cu hnh tng t vilaptopB, xong ri shutdown hihiihiiihi, v bn s khng cn n cho n phn hai, ni m bn s hclm sao kick data ci traffic v s capture bng laptopA. bt u dng kismet ri ( chin u thui)

    y l cng c hu ch detect WLAN, ACPN cng capture traffic nhng c mt chng trnh hay hn l airodump mt phn ca aircrack,

  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    4/20

    cng c rt tt trong cng vic crack WEP cho nn chng ta s dng v chc rng card wireless anglm hot ng scan wireless v capture traffic.Vo program icon, sau auditor- wireless scanner analyzer v cui cng l kismet

    Thm vo scan mng wireless, kismet s capture d liu vo mt file sau ny phn tch, chonn kismet yu cu ni lu file c capture, click vo desktop v sau ok

    Kismet cng yu cu mt ci prefix cho file c capture, thay tn mc nh bng capture.

    Khi kismet hot ng n s lit k tt c cc mng wireless trong mt range, bao gm c target ACPbn setup, channel ( ging knh o h),di ct CH column, nhng ci m bn ghi lc ny ,check li xem ging ko?.Nu kismet lit k nhiu ACP gn ci lab ca bn, th nn chuyn ci lab y ra xa ci ACP ca ngi tamt t (ng ti ko mang ho..hihihi).

  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    5/20

    Trong khi kismet dang hot ng bn s thy s packet ang thay i cho tt c cc ACP bn phimn hnh.Kismet hin ra tng s network c tm thy, s packet c capture v tng s packet cencrypted, thm ch c nhng target computer tt ngm i ri, th n cng c show ra nhngpacket t ACP ( v c khong vi giy thng ACP s pht ra n bo hiu v ni ( ly ng tui binyheheh).Kismet hot ng trong ch autofit nn s khng lit k y cc ACP theo th t ca n, nhn S

    sort, y bn c th xc nh th t sort, n s d nhn hn khi ta sort n.Nhn C th ACP s theo channel

    Kismet mc nh s nhy channel t 1 ti 11( hiphophihi) dng tr chut di chuyn highlight tiSSID ca bn v nhn L kissmet s kho ci channel ca SSID ,

    bn s ch rng s packet ca nhng ACP c th vn tip tc tng, iu ny l bi v cc channel sgi ln nhau theo th t.

  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    6/20

    By gi mt iu hp l l chng ta bit kissmet ang hot ng, chng ta s xem iu g s din ra khimy target computer trn mng bt u trao chuyn thng tin,bt u kt ni thng d tha vo mngtrong khi vn scan kismet, khi thng d tha boot vo window v kt ni vi ACP bn ch rng mtlng d liu c m ho nhanh chng c kissmet capture, bn s dng nhng gi ny attacktrong phn hai.Ti thi im ny bn bit cch c bn tip cn vi crack WEP, 1 ACP, 2 laptop sniff v attack

    ang hot ng, v cng wen vi vic tm ng vo ca software trong disk auditor, dng kismet tm ra range wireless.Phn hai chng ta s dng laptop B kick ci WLAN sinh ra traffic v chng ta s capture v thc scrack. Cho n khi bn thc s quen vi vic dng kismet, ti WLAN v khm ph vi cng ckhc c trong disk auditor.

    Phn hai: phn mt chng ta ch ra cch basic crack wep, config wlan v hai laptop sniff v attack.Trong phn ny chng ti s hng dn lm sao dng thm nhng cng c c trong auditor cd capture traffic v dng n crack wep, chng ti cng hng dn lm sao deauthentication ( chngthc li) v packetreplay kick WLAN sinh ra traffic l mt yu t chnh tit kim thi gian crack

    Tuy nhin trc khi bt u, chng ta hy lm mt vi im cn ch m c th tit kim thi gian vkh nng s dng nhng chng trnh s dng thnh cng, bn cn c nhng cn bn v thut ng network v nhng yu t cn bn, bncng nn bit cch ping mng, open command prompt v nhp nhng command, cn bn v linux thcng tt.Nhng quy tc yu cu v hardware c bn v phn 1Mt mng WLAN v mt thng d tha kt ni vi ACPV iu quan trng trong m hnh lab ny l khng c truy cp vo nhng ACP ca ngi khc mkhng c s ng ca chCng ch l iu ny c th thc hin trn ch mt laptop khng nht thit l hai my, nhng chor rng v trnh nhm ln chng ta nn s dng hai my laptop.

    4 tool chnh dng trong phn ny l AIRODUMP, VOID11,AIRREPLAY V AIRCRACK u c trndisk auditor.AIRODUMP : scan mng wireless v capture packet vo mt ni no VOID11: s deauthenticatiom ( chng thc li) computer t ACP , s p t cho chng kt ni li viACP, to ARP request ( ly MAC)AIRREPLAY: tm ci ARP request ri gi li ti thng ACPAIRCRACK: s ly nhng file capture c to ra bi AIRODUMP phn1: bn s dng kismet ly nhng thng tin, by gi hy ghi ra giy nh sau ny cn xi.

    MAC ca ACP

  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    7/20

    MAC ca thng d thaCHANNEL ang s dng ca ACPWEP KEY c set up trong ACPTrong i thc mt vi ngi mun break vo trong mng wireless thng thng ly nhng thng tin( MAC ca ACP , channel ca ACP, v target computer)Nhng iu ny gi l zero knowledge, nu nh k tn cng c tt c cc thng tin cn thit iu c gi l cuc tn cng full knowledge lc khng cn g l thch thc i vi h, chng ta c

    cho rng chng ta khng bt g ht v m t lm sao ly nhng thng tin cn thit.Tm MAC ca ACP th khng c g kh i vi chng ta vi vic xi thng kismet, hy lm tng tnh phn mt ti hng dn, ly c SSID, MAC, v CHANNEL ca ACP, vy l nhng zeroknowledge c chuyn qua tt c cc thng tin cn thit chy crack WEP

    c vi trng hp ngi ta s dng giu ci SSID khng cho broadcash ra ngoi nhm mc ch ngnchn mt s phn mm nhng i vi kismet th ng c nm m, n s lit k tt c nhng thng tinm n capture c.

    Tm MAC ca client:Chng ta cn mt thng tin cui cng bt u qu trnh crack, MAC ca client kt ni vi ACP,quay lai kismet nhn Q quay li menu chnh, sau nhn shift + C lit k danh sch MAC caclient, MAC s c lit k bn khung bn tri

  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    8/20

  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    9/20

    Bt u vi laptopB vi auditor cd c cho vo,sau m shell v nh vo lnh sau:

    Commands for setting up a void11 deauth attackswitch-to-hostapcardctl ejectcardctl insertiwconfig wlan0 channel THECHANNELNUMiwpriv wlan0 hostapd 1iwconfig wlan0 mode master

    void11_penetration -D -s MACOFSTATION -B MACOFAP wlan0Ch thay THECHANNELNUM = knh ang hot ng trn ACPMACOFSTATION l MAC ca target client v MACOFAP l MAC ca ACPTrong qu trnh chy c th VOID11 bo mt thng bo li nhng bn ng bn tm ( khng n nhmg ti ho bnh th gii c)Trong khi laptopB ang chy th chng ta hy xem iu g s xy ra trn my target computer nha,mng s t t chm xung thm ch ngng hn, v vi giy sau s b ngt lun ra khi mng ( c qu ha)

    Bn c th kim tra iu ny bng cch vn tip tc ping ti t target ti ACPy l trc khi chy VOID11 trn my laptopB

    V trong khi chy VOID11,nu bn stop VOID11 th ping s tr li bnh thng

  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    10/20

    V bn c th check mt cch c th trn property ca card mng wireless trn target

    V bn hy ch trn laptopA s IVs tng ln rt nhanh trong vi giy t 100 200, iu ny xy ra l

    v qu trnh kt ni li ca target v ACPPacket repaly da vo AIRREPALYTrong khi deauthentiace sinh ra traffic, n thng khng tng tc qu trnh lm cho IVs ca chngta tng nhanh, tng hu hiu to ra traffic chng ta s dng ti mt cng c l replay attack,replay attack hot ng da vo packet bt c do target sinh ra, sau la client l n nhn cpacket v lp li packet mt cch thng xuyn hn bnh thng.Stop deauthenticate attack sau m AIRREPLAY ln s dng nhng capture file, l nhng ARPrequest

    Chng ta hy bt u vi tnh trng clean, ngha l restar hai laptop A,B. v hy ch rng laptopA chchy AIRREPLAY vi mc ch kick traffic mng v IVs nhm tit kim thi gian crack v laptopBang s dng AIRODUMP, hay VOID11 v ang s dng AIRCRACK phc v cho vic crack davo nhng packet thu lm c

  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    11/20

    Trc tin chng ta hy khi ng AIREPLAY trn my laptopA v nhp vo cc command sau:Commands to set up aireplay to listen for an ARP packetswitch-to-wlanngcardctl eject

    cardctl insertmonitor.wlan wlan0 THECHANNELNUMcd /ramdisk

    aireplay -i wlan0 -b MACADDRESSOFAP -m 68 -n 68 -d ff:ff:ff:ff:ff:ff

    Ch switch-to-wlanng v monitor .wlan l nhng ci c tch hp sn trong disk n gin hokhi nhp commandthay th THECHANNELNUM = s channel m bn tm thy c trong cc bc trcv MACADDRESSOFAP = MAC ca ACPno by gi ti my target computer bt n ln kt ni vi ACP sau sang my laptopB bt VOID11

    v quan st, ta s thy rng tn hiu mng ca client t t gim xung v c khi mt hn, v bn cngthy rng AIREPLAY tng ln rt nhanh, thnh thong AIREPLAY thng bo mt packet tm c vhi bn c mun replay n khng

  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    12/20

    Bn s mun mt packet match nhng tiu chun sau: FromDS - 0 ToDS - 1 BSSID - MAC Address of the Target AP Source MAC - MAC Address of the Target computer

    Destination MAC - FF:FF:FF:FF:FF:FF

    Nhn ch n cho s khng ng v AIREPLAY s resume li v y xc nhn nu match nhng tiuchun trn AIREPLAY s chuyn t ch capture sang ch replay, ngay lp tc quay tr lilaptopB v stop VOID11Capture packet da vo deauthenticate c xem l phn gian xo nht trong phn crack. Trong khi nto ra traffic, nng n to ra khng c nhiu lm trong qu trnh client reconnect ti ACP, capture cth phc tp hn tu thuc vo driver ca card v h iu hnh ca client , VOID11 c th d dng po thng client bng vi mt deauthen packet thm ch khng c thi gian reconnect li.Thnh thong bn c th may mn t nhng packet u nhng thnh thong bn cng phi i cho tipacket cn match

    Trong command ca AIREPLAY mt tham s -d cho ch delayTi thi im ny th laptopA ang chy AIREPLAY c s IVs tm cho chng ta thc hin viccracking, stop VOID11 trn my laptop B v bt AIRODUMP ln, nh vo nhng command sau:Starting up airodump after stopping void11switch-to-wlanngcardctl ejectcardctl insertmonitor.wlan wlan0 THECHANNELNUMcd /ramdiskairodump wlan0 cap1

  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    13/20

    chc cc bn cng bit lm nh th no ri ng khng, ch c dng cui nu trong mng bn cnhiu mng wireless th bn hy g mt command ti cui dng lairodump wlan0 cap1 MACADDRESSOFAPchc lnh trn bn cng hiu phi khng no , mnh gii thch nhiu ri msau khi AIRODUMP khi ng bn s thy IVs tng ln rt nhanh khong 200 /s, cm n AIREPLAYtrn laptopAtrong khi AIRODUMP ang write IVs vo file ta hy bt u qu trnh chy AIRCRACK, ta c th cho

    chy song song, m AIRCRACK v nhp command sau :Starting aircrackcd /ramdiskaircrack -f FUDGEFACTOR -m MACADDRESSOFAP -n WEPKEYLENGTH -q 3 cap*.caplu FUDGEFACTOR l mt s nguyn v mc nh l 2MACADDRESSOFAP = MAC ca ACPWEPKEYLENGTH c chc cc bn cng hiu l chiu di bit ca WEBKEY thng thng l 64 v128

    bn c th thay s 2 bng mt s no ln hn nhng s lm qu trnh chm hn, nhng c kt quchc hn, n s give up nu nh khng tm thy 64 bit formatbn c th nhn ctrl + C stop v up arrow resart li lnh va ri ca AIRCRACK, n s updatepacket v tham s -p cho qu trnh multi process, thnh thong bn s c mn hnh nh sau:

  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    14/20

    chng ta hon tt qu trnh crack WEPKEY vi 64bit ch trong vng cha ti 5 pht bao gm qutrnh scan v crack vi AIRCRACK v kick traffic vi AIREPLAY ang chy, i khi bn c th crackkhi IVs ln n 25000 nhng hu ht l nn trn 100000 v 128 bit th cn hn na khong t 150000n 700000, c nhiu IVs th cng good cho vic crack, iu quan trng l bn phi in vo lenghkeym bn mun crack v khng c cng c no cung cp iu trong disk ny, nn bn nn th c hai64 v 128

    V y l lenghkey 128 bit. Bn cng nn c mt my c cu hnh mnh c cpu v mt lng kh vRAM, bn cng c th tch ring qu trnh s l bng cch lu file capture vo mt my khc my khng cn phi kt ni vo mng ch cn chy AIRCRACK s l nhng packet m AIRODUMP lmv, hoc c th lu trn thit b USB, ch vic m command len v nhp command sau:

    Saving capture files to USB flash drivemkdir /mnt/usbmount -t vfat /dev/uba1 /mnt/usb

    copy /ramdisk/cap*.cap /mnt/usbumount /mnt/usb

    Kt lun:bo mt bng wepkey khng phi l phuong php tt, wired equivalent privacy, chng ta nn s sngch bo mt cao hn l WPA2 WIFI PROTEC ACCESS version2

    sau y l summary commad:Commands for setting up airodumpiwconfig wlan0 mode monitoriwconfig wlan0 channel THECHANNELNUM

    cd /ramdiskairodump wlan0 capCommands for setting up a void11 deauth attack

    switch-to-hostapcardctl ejectcardctl insertiwconfig wlan0 channel THECHANNELNUMiwpriv wlan0 hostapd 1iwconfig wlan0 mode master

  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    15/20

    void11_penetration -D -s MACOFSTATION -B MACOFAP wlan0Commands to set up aireplay to listen for an ARP packetswitch-to-wlanngcardctl ejectcardctl insertmonitor.wlan wlan0 THECHANNELNUMcd /ramdisk

    aireplay -i wlan0 -b MACADDRESSOFAP -m 68 -n 68 -d ff:ff:ff:ff:ff:ffStarting up airodump after stopping void11switch-to-wlanngcardctl ejectcardctl insertmonitor.wlan wlan0 THECHANNELNUMcd /ramdiskairodump wlan0 cap1Starting aircrackcd /ramdiskaircrack -f FUDGEFACTOR -m MACADDRESSOFAP -n WEPKEYLENGTH -q 3 cap*.cap

  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    16/20

    D kha WEP ca mng WiFi v cch bo vFriday, 20 June 2008 04:08

    Hin nay cng ngh mng ko dy wifi kh ph bin, c nhiu nis dng v tnh tin dng ca n, nhng bn cnh vn bo mt chowifi cng gy nhc u cho ko t ngi, nht l ngi dng gia nh &ko chuyn. Bi vit ny ti xin cp n kh nng d kho m ho

    WEP (wep key) ca wifi v cc gii php phng chng.

    Gii thiu chung v wifi v WEP.

    WIFI WIreless FIdelity ( thut ng ny hin gi vn cn ang gytranh ci v n chng c ngha g c) l mt b giao thc cho thit b ko dy da trn chun 802.11x baogm cc Access Point v cc thit b u cui ko dy nh pc card, usb card, wifi PDA kt ni vinhau. Wifi s dng nhiu chun m ho khc nhau nhm bo v trnh s truy cp tri php, v tnh cth ca kt ni ko dy l ko th gii hn v mt vt l truy cp n ng truyn, bt c ai trong vngph sng u c th truy cp c, nn m ho l iu cn thit i vi ngi s dng cn s ring t,an ton. Wifi hin nay c 3 kiu m ho chnh gm: WEP-Wired Equivalent Privacy , WPA-Wireless

    Protected Access v WPA2. WEP l kiu m ho ra i sm nht v c h tr ph bin nht bi ccnh sx thit b wifi, a s thit b wifi u h tr wep s dng kho m ho di t 40-128 bits. Gn ynhiu ngi pht hin ra im yu trong phng thc m ho wep v a ra rt nhiu cng ccrack. Tuy nhin cng ko th t b WEP ngay c v n c s dng ph bin t lu, ko phi nhsx thit b no cng kp chuyn sang h tr cc kiu m ho khc vi cc thit b m h sx Vy imyu ca WEP l u ? Do wep s dng phng thc m ho dng (stream cipher), n cn 1 c chm bo hai gi tin-packet ging nhau sau khi c m ho s cho ra kt qu ko ging nhau nhm trnhs suy on ca hacker. Nhm t mc tiu trn, mt gi tr c tn IV (Initialization Vector) c sdng cng thm vi kho ca ta a vo, to ra kho khc nhau sau mi ln m ho d liu. IV l gitr c di 24 bit c thay i ngu nhin theo tng gi d liu, v vy thc t wep key chng tac ch nh ch cn 40bits vi kiu m ho 64bits v 104bit vi kiu 128bit trong cc AP(access

    point), v 24bit c dnh cho vic to cc IV ny(cc bn th xem, khi nhp mt m trong AP nuchn m ho 64bit ta ch c th nhp c 5 k t nu chn mt m kiu string, hay 10 k t nu chnkiu hexa, tng ng vi 40bit). Do khi thit b gi to ra IV 1 cch ngu nhin nn bt buc phic gi n thit b nhn dng ko m ho trong header ca gi tin, thit b nhn s s dng IV &kho gii m phn cn li ca gi d liu. IV chnh l im yu trong m hnh m ho WEP, v di ca IV l 24bits nn gi tr ca IV khong hn 16 triu trng hp, nu cracker bt gi 1 slng packet no th hon ton c th phn tch cc IV ny on ra kho-key m nn nhn angs dng. Phn tip sau y ti s m t m hnh mng wifi th nghim v cch thc d ra kho m.

    M hnh th nghim v cch d.

    M hnh th nghim ti gi lp l 1 mng wifi ging thc t bao gm 1 AP hiu DLink DI524 & 1 mytnh c card wifi, c gi l AP & client mc tiu, s dng kiu m ha WEP 64bits vi mt khu l1a2b3c4d5e dng hex (xem hnh 1).

    http://www.wirelessvn.com/index.php/wireless-security/49-bao-mat-mang-khong-day/218-do-khoa-wep-cua-mang-wifi-va-cach-bao-vehttp://www.wirelessvn.com/index.php/wireless-security/49-bao-mat-mang-khong-day/218-do-khoa-wep-cua-mang-wifi-va-cach-bao-ve
  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    17/20

    Hnh 1: Giao din Setup ca AP th nghim.

    Cng c crack ti dng bao gm b chng trnh phn mm Aircrack 2.4 chy trn linux, netstumbler,kismet, a live cd linux, 1 my laptop c 2 card wifi adapter hoc 2 my tnh mi my 1 card tngthch vi aircrack.

    Nh ngi ta thng ni: bit ngi bit ta trm trn trm thng, crack mng wifi mc tiu, u tinta phi bit r mi thng tin v mc tiu nh chnh ch nhn ca n vy (tt nhin ch c kha m lcha bit thi. Th nhng thng tin cn bit l g ?, l :

    - SSID hoc ESSID (Service Set IDentifier -hiu nm na l tn nhn din ca mng, ging nh tnworkgroup ca mng LAN ngang hng vy), m hnh th nghim ny ti t tn l thunghiem.- Knh channel ca mng, y ti l knh 11.- Kiu m ha, y l WEP 64 bit.- a ch MAC address ca AP & MAC card ca my mc tiu.

    Vy dng ci g thu thp nhng thng tin ny ?. l dng NetStumbler (xem hnh 2) chy trnwindows hoc Kismet trn linux, netstumbler ko xem c MAC ca client mc tiu nn ta dngkismet or chng trnh airodump trong b cng c aircrack thu thp.

  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    18/20

    Hnh 2: Dng netstumbler thu thp thng tin.

    Sau khi thu thp thng tin v mc tiu, ta tin hnh s dng b aircrack. Aircrack l b cng cngun m chy trn linux dng d tm kha m WEP/WPA rt mnh c pht trin bi ChristopheDevine, c rt nhiu cng c tng t nhng aircrack c a thch hn c v mnh & d dng, tuynhin n cng h tr kh t loi chipset wifi. B aircrack c 3 cng c chnh ta s dng l:

    - aireplay dng bm-injection lm pht sinh thm d liu lu thng trong mng mc tiu, i vinhng mng c qu t d liu lu thng mng ta phi dng n lm gim thi gian ch i bt gi s packet phc v cho vic d tm kha. (hnh v d 3)

    Hnh 3: deauth client, gi dng ARP & bm d liu tng lu thng mng

    - airodump dng monitor v capture-bt gi packet m AP pht ra, lu li thnh file capture.(hnh4)

    Hnh 4: bt cc gi d liu, di ct station l a ch MAC ca client- aircrack dng c filecapture v d tm kha.(hnh 5)

  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    19/20

    Hnh 5: d tm kha bng aircrack, ch c 1s l ra !!!

    Ti s ko ghi c th cc dng lnh & tham s ra y v ta c th dng tham s help h bit c phpc th. Nhng u tin ta phi a 2 card wifi ca chng ta qua ch monitor mode, xem help calnh ifconfig & iwconfig bit cch lm.V mng th nghim ca ti c qu t lu thng mng nn ti s dng aireplay bm cc gi tin ti AP.i khi cch hot ng ca aireplay l gi cc gi tin deauthentication n AP lm cho AP mt kt ni, client ra khi mng (nhiu ngi thng dng cch ny quy ph my qun caf wifi), client sphi gi cc yu cu ARP request kt ni li vi AP. Sau ta chy aireplay vi tham s khc cngvi /c MAC ca client bit gi dng gi cc ARP request ny lin tc ti AP, lm cho AP tr licc yu cu ny. Trong lc chy aireplay, ta chy airodump bt gi cc gi tin tr li t AP c chaIV (lu aireplay & airodump phi chy trn 2 card khc nhau, ko c cng 1 card). Sau khi chyairodump, theo di mn hnh ta s thy s IV ct #Data s tng nhanh chng cng vi s tng packet ct Beacons nu ta chy aireplay bm d liu.Ti liu c ni rng phi cn bt khong di 500 ngn IV gii m kha 64bit & t 500 ngn IV trln gii m kha 128bit, thc t y ti ch cn hn 300k IV l thnh cng. Khi thy airodump capture c kha kh, ta c n chy tip v m 1 ca s console khc v chy aircrack c ccIV t file m airodump lu d tm kha, tin trnh ny rt nhanh thng ko mt qu 5s vi myP4 Mobile ca ti. Tng thi gian bm d liu & d tm kha ko qu 1 ting, kh n tng phiko ?!.Ngoi ra cng c ny cn c th d c c kha m ha bng WPA, 1 phng thc an ton v mnhhn WEP nhiu. Do thi gian c hn nn ti ko trnh by trong bi vit ny.

    Cc phng php bo mt cho mng WiFi.

    Phn ny ti s trnh by cc cch bo mt cho mng wifi, phn tch cc mt u nhc ca tng cch, tcch n gin n phc tp, tuy nhin ai cng c th t lm c ht. Chng ta c th p dng ring ltng cch hay kt hp nhiu cch li u c.

    - Tt access point: khi xi xong or ko c nhu cu s dng mng na th ta c th tt in n i. Cch nynghe c v cc oan & bun ci nhng li l cch hiu qu 100%.- Tt ch SSID Broadcast: a s cc AP u cho php ta tt ch ny, n lm cho tin ch wirelesszero config trong winxp or cc ct scan wifi nh netstumble ko nhn thy c mng ca chng ta. Tuy

  • 8/3/2019 63110713 18364104 Ky Thuat Do Khoa WEP Cua Mang WiFi Step by Step

    20/20

    vy n cng ko ngn c 1 s ct scan mnh khc nh Kismet- Lc a ch MAC: AP u c tnh nng lc MAC ca cc client kt ni vo, c 2 cch lc l ch chophp v ch cm /c MAC no . Cch ny vn ko ngn c nhng cao th tm cch bit c /cMAC cc client trong mng ca ta & d dng gi dng chng thng qua thay i /c MAC ca cardmng wifi.- M ha: WEP, WPA/WPA2 l nhng kiu m ha thng dng trong cc AP, nu AP ca bn ch h tr

    WEP th hy xi key di nht c th (thng l 128bit), nu c h tr WPA th xi key ti thiu 128bitor 256bit. a phn cc AP c support WPA u xi kiu WPA-PSK (pre-shared key hoc passpharekey), WPA2 m ha th an ton hn na nhng phi cn thm 1 server Radius nhm mc ch xc thc.Chng ta nn t kha cng phc tp cng tt(bao gm k t hoa thng, s & k t c bit kt hpli), ko nn dng nhng t c ngha hay c trong t in, v cracker vn d c m kha WPA khidng t in d theo kiu brute force attack. Dng cch ny s lm gim tc ng truyn gia AP& client v cc thit b s mt nhiu nng lc gii/m ha kiu phc tp ny.- Dng cc kiu xc thc ngi dng, tng la, m ha d liu trn a & tp tin: cc cch ny s kongn c ngi khc d ra kha m ha wep/wpa. Nhng n ngn h ko xem cng nh can thip vc nhng d liu ang lu thng & ti nguyn trn mng ca chng ta.

    Li kt.Qua bi vit ny, chng ta thy 1 cch tng i tng qut v vn bo mt ca mng ko dy hin nay.Chng ta ko th t b hon ton c WEP v hin gi rt nhiu thit b wifi h tr tt cho n. N cng bc l kh nhiu im yu d b khai thc. Nhng cng ko phi l thm ha g nu chng ta bit cchs dng kt hp 1 vi cch phng th ph hp cho mng wifi ca chng ta.Vi bi vit ny ti mun gip mi ngi hiu thm v bo mt mng wifi. Ti s ko chu trch nhimv bt c iu g xy ra nu c ai s dng nhng thng tin trong bi ny vo mc ch ko tt khc,cng nh s ko tr li bt c cu hi no lin quan ti d tm key.