http://www.dachb0den.com/projects/bsd-airtools.html
Someone mentioned another of h1kari's tools, reinj.c, in a previous response. My advice to "professional" testers is to be careful when using it. It works VERY well, but can cause cheap (Linksys, D-Link, etc) WAPs to choke and die, and has even caused my Aironet-350 to flake out a few times. If your contract or test plan excludes DoS, you might end up in some hot water.
Another warning about reinj.c: It works by sniffing for WEP packets that are of certain sizes and are either broadcast (arp) or addressed to a specific host (TCP acks). If it sees a packet that matches, it will re-transmit the packet a few times to test, then will begin flooding the wireless network with a replay of the captured packet. If the captured packet happens to be a TCP ack from somewhere on the Interweb, you might end up ack-flooding an innocent server at a very high rate. Not a big deal, but this could also get you in hot water if an over-zealous admin complains.
All the non-pros can disregard the warnings :P
slugbait
Ian Chilvers wrote:
Hi all
We've been asked to perform a vulnerability assessment for a company that has a Wireless LAN. The W/LAN is running WEP with a random key generated, rather than a dictionary word.
Are there any tools out there that can brute force a WEP.
Take this example. A person parks the car in the car park and sniffs the air waves with a product like NetStumbler. He discovers the W/LAN but with WEP.
Is there a tool he can use to discover the WEP key (possible by brute force)
If there isn't such a tool, how does this sound for an idea.
Run a app that starts at binary 0's and counts upto 128bits of 1's For each sequence listen to see if there are any sensible packets or even send out a DHCP discover request to see if you get a reply. This would then possibly give you the WEP key.
Any comments
Ian....
---------------------------------------------------------------------------
KaVaDo is the first and only company that provides a complete and an integrated suite of Web application security products, allowing you to:
- assess your entire Web environment with a Scanner,
- automatically set positive security policies for real-time protection, and
- maintain such policies at the Application Firewall without compromising busines performance.
For more information on KaVaDo and to download a FREE white paper on Web applications - security policy automation, please visit:
http://www.kavado.com/ad.htm
----------------------------------------------------------------------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
