Recovering wep keys... / Computer Science / Forums

Forums

4hv.org :: Forums :: Computer Science

« Previous topic | Next topic »

Recovering wep keys...

1 2 next

Move Thread

LAN_403

...

Tue May 23 2006, 10:59PM

Registered Member #56 Joined: Thu Feb 09 2006, 05:02AM
Location: Southern Califorina, USA
Posts: 2445

I realise this has a blackhat smell to it, but bear with me...

At my school we have laptop carts with an access point and a printer on them. Of course the access points are encrypted with 128bit wep, preshared key.
All is good...
Until some assaht decided to go around and type random crap into where the wep key goes in windows

So now half the the computers on the cart don't connect to the network, which makes then completely useless as they have no floppy drive, the no burners, and aren't sp2 so you can't plug in a thumbdrive (and of course we aren't admin so we can't install the drivers)

But there is hope, there are some that survived (they had a dead battery at the time of the attack, so they were safe) that still have the key in them... But of course it is starred out so we can't just copy it over.

The teacher put in a request for the it department to come and fix it, but it has been 3 days now and it really sucks to have so share like 4 people to a computer.

So I need to get the keys out. If I were an admin I would just run wzcook and things would be done, but we have limited accounts so it won't run

I suppose it would be possible get they key by sniffing the network and then generate a bunch of activity using a good laptop, but that would require me lugging in my laptop and is kind of crossing the fine line between helping and hacking. The teachers might freak if they see me with a terminal open

Is there any way to get the (encrypted I assume) keys stored on the computer and them decode them at home? Or a tool that gets them with just a limited account?

Ben

Tue May 23 2006, 11:05PM

Vigilatny
Registered Member #17 Joined: Thu Feb 02 2006, 02:47PM
Location: NL
Posts: 158

Enter google... Third result...

wrote ...
Before SP2 - under HKLM\\SOFTWARE\\Microsoft\\WZCSVC\\Parameters\\Interfac es\\ --PA "Philip Herlihy" <**link**> wrote in message news:**link**... > When I configure a WEP key into my wireless gadget using the vendor's > interface program, does the key I supply end up in Windows somewhere or in > the flash memory on the device itself? > > -- > #################### > ## PH, London > #################### > >

A couple years ago I got this to work...

...

Wed May 24 2006, 05:11AM

Registered Member #56 Joined: Thu Feb 09 2006, 05:02AM
Location: Southern Califorina, USA
Posts: 2445

I saw the forum you posted, but it referes to a registry location... Which as I said I can't acess.

As to using chopchop... As far as I can tell it is only available for *nix systems, and I doubt it will support the integrated wifi card, So I would have to bring in my laptop. Which puts me back at square one just trying to blindly hack into the schol

Steve Conner

Wed May 24 2006, 11:53AM

Registered Member #30 Joined: Fri Feb 03 2006, 10:52AM
Location: Glasgow, Scotland
Posts: 6706

I don't get it. If some kid without admin privileges could go round typing in the wrong keys, can't you just go round again and type in the correct ones? Or is the problem that nobody outside the IT department knows what the right keys should be?

Maybe you could log into the access point's web admin interface and just read the keys off it. On mine, I just type http://192.168.0.1 in a web browser, and enter a user name and password. If you're lucky, the user name will be "admin" and the password will be "password"

The IP address for admin, and the default username and password, are usually printed on a sticker somewhere on the AP. If you're lucky, the IT guy might have written the keys there too.

If that doesn't work, I don't see any other way to do it than bringing your own laptop in and sniffing the keys. Or waiting for the IT department (and while you're waiting, complain to the teacher about the lack of laptops and get all your classmates to complain too)

ragnar

Wed May 24 2006, 12:23PM

Registered Member #63 Joined: Thu Feb 09 2006, 06:18AM
Location:
Posts: 1425

Use a login recovery tool to get admin privs, then run wzcook. =)

Ben

Wed May 24 2006, 02:47PM

Vigilatny
Registered Member #17 Joined: Thu Feb 02 2006, 02:47PM
Location: NL
Posts: 158

... wrote ...

I saw the forum you posted, but it referes to a registry location... Which as I said I can't acess.

I don't see where you said that. By default normal users have read permissions on the registry(kinda necessary). Obviously these computers are configured so whatever type of user you are has permission to change the wep key....

You might try something like this. You said they don't have burners, did you mean CD drives?

...

Thu May 25 2006, 05:22AM

Registered Member #56 Joined: Thu Feb 09 2006, 05:02AM
Location: Southern Califorina, USA
Posts: 2445

well technically I don't have acess to regedit, which make the registry sorta hard to mess with

They have dvd/cd-rom drives, but they can't write disks (or I would just cary a cdr with me and leave them off the network)

I am armed with a password recover disk for tomorow, so hopefully I will be able to get an admin password and run wzcook XD

Part Scavenger

Thu May 25 2006, 12:33PM

Registered Member #79 Joined: Thu Feb 09 2006, 11:35AM
Location: Arkansas
Posts: 673

I don't know if this will work in your situation, but...

Run the wireless setup wizard on one of the good computers. Select add new computers to the existing network, and it should give you an option to use USB or print out the 32 digit key? Works on my computer...

If you can't get to control panel, open help, and it should open from there. I don't know way but that works on all the computers I've tried. You should also be able to get into the system information util and regedit IIRC.

McFluffin

Fri May 26 2006, 05:37AM

Registered Member #119 Joined: Fri Feb 10 2006, 06:26AM
Location: USA
Posts: 114

What program is being used to store the keys on the computers? Many of them show the keys with astrixs which might be easily revealed with a program that can reveal password boxes. I would definitly try the registry option if that fails. If you can't get the key from logging into the access point etc, try breaking it. My friend says he can break a 128 bit key in 10min by flodding deauth packets, but have no idea if this is true as I thought the only use of that was DOS, which I am heavily against.

...

Fri May 26 2006, 02:30PM

Registered Member #56 Joined: Thu Feb 09 2006, 05:02AM
Location: Southern Califorina, USA
Posts: 2445

It would be quite easy to crack it using the security hole in wep since I have access to a client that is connected to it, so be dragging some files on/off of the network I should be able to produce tons of interesting packets. But that involves me bringing my laptop...

Currently the keys are in the windows wireless network manager, although it wouldn't surprise me if they are in the dell software too. I am waiting on the admin password (cracking as I type) so hopefully tuesday I can get admin access to the computer and run wzcook. Unless you happen to know of any password revelers that run on limited accounts...

My best guess as to what you friend is doing is called 'packet injection' where you capture a packet from one of the clients, and constantly send it back at the router, and when it responds you get packets.

1 2 next

Moderator(s): Chris Russell, Noelle, Alex, Tesladownunder, Dave Marshall, Dave Billington, Bjørn, Steve Conner, Wolfram, Kizmo, Mads Barnkob