easside-ng
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
easside-ng [2007/09/02 20:52] – Updated usage screen mister_x | easside-ng [2009/09/08 01:20] – removed availability warning (1.0 is released) mister_x | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Easside-ng ====== | ====== Easside-ng ====== | ||
- | |||
- | ++++++ IMPORTANT ++++++\\ | ||
- | ++++++ IMPORTANT ++++++\\ | ||
- | ++++++ IMPORTANT ++++++\\ | ||
- | |||
- | This functionality will be available in a future release. It is NOT available currently. | ||
- | |||
- | ++++++ IMPORTANT ++++++\\ | ||
- | ++++++ IMPORTANT ++++++\\ | ||
- | ++++++ IMPORTANT ++++++\\ | ||
- | |||
===== Description ===== | ===== Description ===== | ||
Line 16: | Line 5: | ||
Easside-ng is an auto-magic tool which allows you to communicate via an WEP-encrypted access point (AP) without knowing the WEP key. It first identifies a network, then proceeds to associate with it, obtain PRGA (pseudo random generation algorithm) xor data, determine the network IP scheme and then setup a TAP interface so that you can communicate with the AP without requiring the WEP key. All this is done without your intervention. | Easside-ng is an auto-magic tool which allows you to communicate via an WEP-encrypted access point (AP) without knowing the WEP key. It first identifies a network, then proceeds to associate with it, obtain PRGA (pseudo random generation algorithm) xor data, determine the network IP scheme and then setup a TAP interface so that you can communicate with the AP without requiring the WEP key. All this is done without your intervention. | ||
- | There are two primary papers "The Fragmentation Attack in Practice" | + | There are two primary papers "The Fragmentation Attack in Practice" |
In order to access the wireless network without knowing the WEP key is done by having the AP itself decrypt the packets. | In order to access the wireless network without knowing the WEP key is done by having the AP itself decrypt the packets. | ||
Line 40: | Line 29: | ||
- Once the program has successfully authenticated then it associates with the AP. | - Once the program has successfully authenticated then it associates with the AP. | ||
- After sniffing a single data packet, it proceeds to discover at least 1504 bytes of PRGA by sending out larger broadcasts and intercepting the relayed packets. | - After sniffing a single data packet, it proceeds to discover at least 1504 bytes of PRGA by sending out larger broadcasts and intercepting the relayed packets. | ||
- | - It then decrypts the IP network by guessing the next three bytes of PRGA using multicast frames and the linear keystream expansion technique. | + | - It then decrypts the IP network by guessing the next four bytes of PRGA using multicast frames and the linear keystream expansion technique. |
- It creates a permanent TCP connection with the " | - It creates a permanent TCP connection with the " | ||
- ARPs to get the MAC addresses for the router and source IP. The defaults are .1 for the router and .123 for the client IP. | - ARPs to get the MAC addresses for the router and source IP. The defaults are .1 for the router and .123 for the client IP. | ||
Line 97: | Line 86: | ||
Basically, the program obtains a small amount of keying material from the packet then attempts to send packets with known content to the access point (AP). If the packet is successfully echoed back by the AP then a larger amount of keying information can be obtained from the returned packet. | Basically, the program obtains a small amount of keying material from the packet then attempts to send packets with known content to the access point (AP). If the packet is successfully echoed back by the AP then a larger amount of keying information can be obtained from the returned packet. | ||
- | The original paper, [[http:// | + | The original paper, [[http:// |
==== Linear Keystream Expansion Technique ==== | ==== Linear Keystream Expansion Technique ==== | ||
Line 326: | Line 315: | ||
The ideal situation is to have the buddy-ng server running on a separate system someplace on the Internet. | The ideal situation is to have the buddy-ng server running on a separate system someplace on the Internet. | ||
+ | |||
+ | |||
+ | ===== Tap interface under Windows ===== | ||
+ | |||
+ | To obtain a tap interface in a MS Windows environment, | ||
===== Usage Troubleshooting ===== | ===== Usage Troubleshooting ===== | ||
- | Make sure your card is in monitor mode. | + | * Make sure your card is in monitor mode. |
- | Make sure your card can inject by testing it with the [[injection_test|aireplay-ng injection test]]. | + | * Make sure your card can inject by testing it with the [[injection_test|aireplay-ng injection test]]. |
- | Make sure your card supports the fragmentation attack. | + | * Make sure your card supports the fragmentation attack. |
- | Make sure to delete prga.log if you are changing access points or if you want to restart cleanly. | + | * Make sure to delete |
- | There are a few known limitations: | + | * There are a few known limitations: |
- | * Only open authentication is support. | + | * Only open authentication is support. |
- | * Only B and G networks are supported. | + | * Only B and G networks are supported. |
easside-ng.txt · Last modified: 2013/03/19 18:21 by jano