Академический Документы
Профессиональный Документы
Культура Документы
WiFimaps: www.wifimaps.com
Wardriving:
Aerosol: www.sec33.com/sniph/aerosol.php
AirMagnet: www.airmagnet.com/products/index.htm
AiroPeek: www.wildpackets.com/products/airopeek
Airscanner: www.snapfiles.com/get/pocketpc/airscanner.html
AP Scanner: www.macupdate.com/info.php/id/5726
AP Radar: http://apradar.sourceforge.net
Apsniff: www.monolith81.de/mirrors/index.php?path=apsniff/
BSD-Airtools: www.dachb0den.com/projects/bsd-air
tools.html
dstumbler: www.dachb0den.com/projects/dstumbler.html
gtk-scanner: http://sourceforge.net/projects/wavelan-tools
gWireless: http://gwifiapplet.sourceforge.net/
iStumbler: http://istumbler.net/
KisMAC: www.binaervarianz.de/projekte/programmieren/
kismac/
Kismet: www.kismetwireless.net
MacStumbler: www.macstumbler.com/
MiniStumbler: www.netstumbler.com/downloads/
Network Stumbler: www.netstumbler.com/downloads
perlskan: http://sourceforge.net/projects/wavelan-tools
PocketWarrior: www.pocketwarrior.org/
pocketWinc: www.cirond.com/pocketwinc.php
Prismstumbler: http://prismstumbler.sourceforge.net
Sniff-em: www.sniff-em.com
Sniffer Wireless: www.networkgeneral.com/
WarKizniz: www.michiganwireless.org/tools/WarKizNiz/
Wellenreiter: www.wellenreiter.net/
Wi-Scan: www.michiganwireless.org/tools/wi-scan/
WiStumbler: www.gongon.com/persons/iseki/wistumbler/
index.html
Wireless sniffers
You know that old saw: a picture is worth a thousand words. Well, the message
from the saw applies to ethical hacking. Show someone his password
that you captured because it wasnt encrypted, and he gets it. Following are
some packet capture tools.
AirMagnet: www.airmagnet.com/
AiroPeek: www.wildpackets.com/products/airopeek
AirScanner Mobile Sniffer: http://airscanner.com/downloads/
sniffer/sniffer.html
AirTraf: http://airtraf.sourceforge.net/
Capsa: www.colasoft.com/products/capsa/index.php?id=75430g
CENiffer: www.epiphan.com/products_ceniffer.html
CommView for WiFi: www.tamos.com/products/commview/
ethereal: www.ethereal.com
Gulpit: www.crak.com/gulpit.htm
KisMAC: www.binaervarianz.de/projekte/programmieren/
kismac/
Kismet: www.kismetwireless.net/
LANfielder: www.wirelessvalley.com/
LinkFerret: www.baseband.com/
Mognet: www.l0t3k.net/tools/Wireless/Mognet-1.16.tar.gz
WEP/WPA cracking
If we had a dollar for every time someone said shes OK because she uses
WEP or WPA, we would retire to a nice island in the Caribbean. The following
tools should show them that they are not OK.
Aircrack: www.cr0.net:8040/code/network/
AirSnort: http://sourceforge.net/projects/airsnort/
Destumbler: http://sourceforge.net/projects/destumbler
Dwepcrack: www.e.kth.se/~pvz/wifi/
jc-wepcracker: www.astalavista.com/?section=dir&cmd=file&id=
3316
Lucent Orinoco Registry Encryption/Decryption program: www.
cqure.net/tools.jsp?id=3
WepAttack: http://wepattack.sourceforge.net/
WEPcrack: http://sourceforge.net/projects/wepcrack/
WEPWedgie: http://sourceforge.net/projects/wepwedgie/
WepLab: http://weplab.sourceforge.net/
WinAirSnort: www.nwp.nevillon.org/attack.html
WPA Cracker: www.tinypeap.com/page8.html
Cracking passwords
There are tools that will grab packets, look for passwords, and provide them
to you. Following are some of these very desirable tools.
Cain & Abel: www.oxid.it/cain.html
Dsniff: www.monkey.org/~dugsong/dsniff/
338 Part V: Appendixes
Dsniff (Windows port): www.datanerds.net/~mike/dsniff.html
Dsniff (MacOS X port): http://blafasel.org/~floh/ports/
dsniff-2.3.osx.tgz
But WPA is not without its problems. Basically, one can crack Wi-Fi Protected
Access Pre-Shared Keys that use short dictionary-wordbased passphrases.
You will find software to help with this as well. The WPA Cracker (www.tiny
peap.com/page8.html) tool is somewhat primitive, requiring that you enter
the appropriate data retrieved via a packet sniffer. The author recommends
you use ethereal.
Joshua Wright, who wrote asleap, offers us CoWPAtty (http://new.
remote-exploit.org/), which is another off-line WPA-PSKauditing tool.
For WPA, certain shorter or dictionary-based keys are easy to crack because
an attacker can monitor a short transaction or force that transaction to occur
and then perform the crack remotely.
So what do you do? Well, you can:
Choose better passphrases, especially ones that arent made up of
words in the dictionary. Select passphrases that are random and at least
20 characters in length.
Use WPA Enterprise or 802.1X with WPA.
Alternatively, you can use virtual