I’m working now in software branch for construction industry. After years of working together with my customers, I have found out that the IT security at the construction area is not getting enough attention. The world is moving on mobility and automation, people are trying to remotely control all equipment, to make everything working automatically or just to control the work progress. Same things happen to construction field too. We’re planning, developing many products so that we could optimize the workflow, centralize data, minimize risk… at best to save time and money for our customers.
Last week I’ve read small news on c’t magazine saying that the default password of EasyBox router used for Vodafone, Telecom, Arcor in Germany … was hacked by Sebastian Petters. That means if someone is using default settings of EasyBox, you can get his WLAN password easily and then access his network. This default password was generated by a algorithm and this algorithm was patented. Therefore like other patents, the complete description of algorithm was simply exposed on internet (http://www.patent-de.com/20081120/DE102007047320A1.html if you can read German). As you can see the algorithm is pretty simple, it just takes the MAC address of router, makes some computations with base changing, xor,plus… Therefore all we have to do is get the MAC address of victim, make a copy of the algorithm ourselves and then generate the default WLAN password.
Hacking WEP Password is not a new topic anymore since aircrack was first released in 2006. This software suite consists of many tools for detecting, analyzing, monitoring network, sniffing packing and hacking WEP / WPA (Dictionary attack) password. It only supports protocol 802.11x Wireless and network adapter with allows raw monitoring mode (a example list of this type of adapter you can find at following link http://www.aircrack-ng.org/doku.php?id=compatibility_drivers#list_of_compatible_adapters).
Monitor mode is one of 6 modes which a 802.11 wireless card can operate in: Ad-hoc, Master (acting as access point) , Mesh, Monitor, Repeater. Unlike promiscuous mode, which is also used for packet sniffing and can be used on both wired and wireless networks, monitor mode allows packets to be captured without having to associate with an access point or ad-hoc network first and only applies to wireless networks. Therefore be careful when choosing network adapter, you must choose the correct one which stands on the support list otherwise you can not sniff packet from victim network. When I mean “correct”, I mean that it must be exactly same as stated in list. In my demo, I’ll use the USB Wireless Network Adapter “Netgear Wg111v2” which costs about 6 Euro on Ebay. You can find the version of this series on the side of USB stick like the image below.