3.4 - Hirte attack against WEP encryption
- The Hirte attack extends the Caffe-Latte attack using fragmentation techniques. As the same way that with Caffe-Latte attack, there is no need of AP in the viccinity for the Hirte attack to be launched, being enough a WEP client isolated from the legitimate AP.
- Fragmentation attacks use the fact that the first 8 bytes of the encrypted packet consist of the Link Layer Control (LLC) header. Because this is sent into plaintext, the attacker can XOR it with the encrypted packet, achieving the first 8 bytes of the RC4 keystream, and using this keystream along with the matching IV to create encrypted packets. However, the amount of data it can fit into 8 bytes is only 4 bytes because the last 4 bytes are devoted to the WEP ICV. Fragmentation helps to send a maximum of 16 fragments per packet, allowing to send a packet of reassembled size 64 bytes. This fact will be used to inject packets like ARP request and replies.
- The Hirte attack sniffs an ARP packet and relocates the IP address in the ARP header to convert the reassembled packet into an ARP request for the wireless client. The client responds with an ARP reply, allowing the attacker to gather new data packets encrypted with the WEP key. Once enough number of packets are gathered, aircrack-ng can crack the WEP key rapidly.
- For this practice, the lab set is exactly the same that at previous Caffe-Latte attack. Now, the command airbase-ng uses the option -N to specify the Hirte attack, instead of the option -L for Caffe-Latte.
- After the legitimate AP is unplug, the client "roch" connects to the created fake aP by the attacker "kali". Only 1 minute later than the association,at 21:55:13, the Hirte attack is started up:
- Airodump-ng detects the association between the victim "roch" and the fake AP, writing the captured packets to the file Hirte-WEP:
- The file hirteWEP-01.cap and its derivatives are created:
- As usual, aircrack-ng finds the WEP key A8925DC44A5432DE814CE109F9 after no much time: