Announcement

Collapse
No announcement yet.

sugar and spice and everything Lophtcrack (802.11b)

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • sugar and spice and everything Lophtcrack (802.11b)

    So here's the scoop...

    I am testing the security of an 802.11b network in a lab environment for the purposes of defining a wireless implementation policy. While me and my fellow colleagues were quick to jump on the LEAP bandwagon, after further scrutiny, I'm now not so sure.

    While Cisco LEAP provides dynamic WEP key rotation, and 802.1x authentication, the authentication happens before WEP begins. This means that the EAP traffic is trasmitted in the clear text. With Ethereal installed on Linux, I can capture the EAP traffic and see NTChallenge and Response of a LEAP login session. From everything I've read, once this information is 'sniffed' off a network, the password can easily be cracked with say ... Loftcrack. This is where I hit a wall.

    Since Loftcrack runs on Windows, and my wireless sniffer is on Linux, is there a way to import the capture file to Loftcrack? Loftcrack has a built in sniffer, but getting windows drivers to work in promiscuous mode is problematic if not impossible. Loftcrack can import a .LCS file, but I can't find an example of one that I could tweek anywhere. or... Maybe there's just a Linux app that works similar to Loftcrack?

  • #2
    actually you would probably have better luck running windows xp and using VMWare to run *nix using a USB 802.11b client (eg: ORiNOCO USB Client)

    Comment


    • #3
      somehow I think that misses the boat though.... (having re-read the initial post)
      if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

      Comment


      • #4
        Oversight-- I had the same notion about running LC4 in Wine. I actually tried it, but couldn't get LC to install under wine. During setup, there was an error launching ikernel.exe. I spent quite a while trying to make this work with no success.

        Black-- I'm not sure what running VMWare with an 802.11b USB client would get me. I already have Linux running my sniffer properly on my current system. (This happens to be a dual boot Win2000/Gentoo laptop with Cisco wireless card.) So, 'getting' the wireless hashes is not a problem.

        While in LC4, there is an option to import hashes by opening either a .lc or .lcs file. I would think once the format of these files is known, one could use a text editor and put whatever hashes they wanted into the file. Maybe I'm grasping, but this seems like a doable thing... does anyone have an example .lc or .lcs file they could post here?

        Comment


        • #5
          Re: sugar and spice and everything Lophtcrack (802.11b)

          Originally posted by drovdiggin
          Since Loftcrack runs on Windows, and my wireless sniffer is on Linux, is there a way to import the capture file to Loftcrack?
          Yes and no. What I usually do is grab the raw NTLMs and crack them on my Palm Pilot. This saves a reboot to another OS, but requires manually grepping the traffic capture for NTLMs. Not elegant, but it works.

          Loftcrack has a built in sniffer, but getting windows drivers to work in promiscuous mode is problematic if not impossible.
          Out of curiosity, what NICs are you trying to do this on, and under which OSes? I haven't had that problem on any of the sniffer boxes I use with NT, 2000, or XP. In fact, even running the Win32 version of Ethereal I haven't seen anything like this unless the OS itself was fubared to hell and back.

          Comment


          • #6
            Originally posted by 0versight
            Its a long shot that Id doubt would work at all.... Stupid even, but its late and im just typing stupid shit, anyway, If you have a dual-boot of Windows/Linux, You can TRY to use Wine to run it, but I doubt it if it'll work, All the distros automatically support Fat32, but Im not too sure for NTFS, If you're running Red Hat, there is an rpm to support NTFS , it doesnt support it by default. Hope this helped.
            You'll have support for the NTFS under most newer kernels. But it's a READ ONLY access. The READ WRITE thing on NTFS partitions is particularly hazardous.

            But yeah, WINE is a good potential substitute. There's a product called Crossover Office that works particularly well under Mandrake and Slackware and lets us run most Windows proggies....

            Comment


            • #7
              Does Redhat even have an NTFS rpm for download? I couldn't find it on their site. I use this one:

              http://linux-ntfs.sourceforge.net/info/redhat.html

              Comment


              • #8
                Have you tried using Ethereal for Win32? Just a thought.


                Redhook

                Comment


                • #9
                  Yep, I have used ethereal for win32, but the problem is that the Cisco Aironet 350 card I'm sniffing with won't capture in promiscuous mode in windows. Windows dirver limitation I think :(

                  Comment

                  Working...
                  X