I stumbled across a really cool new open source wireless hacking program that is installed on the new Backtrack 4 CD by default. It is a little gem that makes cracking not only WEP, but also WPA much easier. Not to mention it is a GUI program, so even your 12 year old nephew can run it. Isn’t that nice?
The program is called Grim WEPA. From their page, “GRIM WEPA's cracking methods are archaic and have been around for years. It simply uses the existing cracking methods in aireplay-ng (for WEP) and aircrack-ng (for WPA). Grim Wepa is similar in style and functionality to shamanvirtuel's Spoon series (SpoonWEP, SpoonWPA, and SpoonDRV). The Spoon suite is still available, though it is not kept updated.”
Here are the attacks they use from their page:
Attacks for WEP-encrypted Access Points
- ARP-Replay attack
- Chop-chop attack
- Fragmentation attack
- p0841 attack
- Cafe-Latte attack
- Cracking options:
- aircrack-ng is able to crack just about any WEP password after about 20,000 IV (Initialization Vector) data packets have been captured. The capture usually takes about 2 minutes, and the crack another 2-3 minutes.
Attacks for WPA-encrypted Access Points
- Basic deauthorization attack to get handshake.
- GRIM WEPA includes a 2MB default password list containing approximately 250,000 commonly-used passwords.
- Wordlist / Dictionary / Brute-force attack: Currently, there is only one consistent method of cracking WPA, and that is by brute force. aircrack-ng can crack hundreds of passwords per second, so this method is not nearly as arbitrary as has been proposed.
Here is a video (With no sound) of Grim WEPA being used in a WPA2 dictionary attack:
I think I am going to try to include this little toy in Bauer-Puntu 10.04 when it comes out. What do you think? Pretty cool right? Know of any other good WEP/WPA cracking tools? What about for Windows or Mac? Let us know your favorites in the comments!
NOTE: Grim Wepa is included in Bauer-Puntu 10.04!
NEW NOTE: Watch me use Grim Wepa to hack WEP in Episode 22!