asoa’s blog

I have passed my Wireless# exam at first attempt on 11/06/2006 with a score of 80%. This was way below my expectation as I have been scoring 95-98% on the Practice tests.

I was initially studying for my CWNA exam when Wireless# came out. So thought to try it first. PrepLogic Megaguide and the Wireless# Practices tests (the answer explanations) was the most useful.

My references were.

1. CWNA book
2. CWSP book
3. CWAP book
3. PrepLogic MegaGuide
4. Practice Tests (Free Wireless#, CWNA, CWAP)
5. Intensified’s Spreadsheets.

Some people may consider my referencing to CWSP and CWAP as over studying. In fact I was studying for my CWNA. For that I was using CWAP as a reference. Then came the Wireless#. So I guess it cannot be classified as overstudying cos my ultimate goal is to attempt and pass all the CWNP certifications. No harm in gaining extra knowledge on the subject whether it comes on exam or not.

I’ll be attending my CWNA exam in another 2-3 weeks and will follow up with CWAP before CWSP.

While I was studying for my CWNA exam, the CWNP has released its Wireless# exam a few months back. Wireless# is entry-level and prepares people for working on home networks and small office networks, as well as learning the basics about many wireless technologies.

Since I was very thorough with CWNA materials, without a second thought I attempted Practice Test for Wireless# to see how I would be doing. It was way too tough than I expected and ended up with a score of 73%. That’s a PASS but I believed that I should have scored more than that.

Then I had a comparisson between Wireless# and CWNA and came to know that some technologies in the Wireless# are not really covered in detail in the CWNA. These include Bluetooth, WiMAX, RFID, IrDA. If you’re looking to gain conceptual and decision making knowledge related to these technologies Wireless# is a great benefit.

Time to read about these technologies, did that for a week and attempted the Practice Test again and the score was very much better this time at 98%. So thought to attempt the real exam before the Beta period expires (31st Jan 2006), called up the local VUE testing centre to find out that the testing centre is going through upgrades of their testing software. Seems this will take 1-2 weeks for completion.

No choice, I registered for the Final Wireless# exam on 1st Feb 2005 and has scheduled to take the exam on Saturday 11 Feb 2006 if the testing centre is back in operation. If everything goes well am also planning to attempt my CWNA exam in February 2006.

Wish me best of luck.

Introduction:

This tutorial explains how to crack most WEP encrypted Access Points out there. The tools used will be as follows:

Airodump
Aireplay
Aircrack

As for wireless cards, i recommend any Prism , Orinoco , or Atheros based cards (i used the Atheros based card mentioned above).

Getting Started:

Let’s see, First thing you are going to want to do is charge your laptop to the top (aireplay and aircrack drain the battery quite a bit) Next you are going to want to load up your favourite live CD (i used Auditor final) or Linux OS, then stumble across a encrypted WLAN, use Kismet to do so.

First off you are going to want to set your wireless card to the right mode, depending on what chipset depends on what commands you have got to use:

Since my Proxim card uses madwifi, I have to place the card in pure 802.11b mode first:

iwpriv ath0 mode 2

Then change the card into monitor mode

iwconfig ath0 mode monitor

Then bring the card up

ifconfig ath0 up

Going for the kill:

Open a terminal window and fire up Airodump to sniff the packtes.

airodump ath0 tocrack

Ok so now you have got a stream of packets from your target, you see the IV column, those are whats known as ‘weak key’ packets, we want as many of them as we can get (500k+ is a nice number, the more the better). Now we are going to capture a ‘weak key’ packet from on the network we are targeting and going to flood the Access Point with it in hope that we get lots of ‘weak key’ replies sent out so we can eventually crack the password. So now open another terminal window and execute aireplay

aireplay -i ath0


Here we are going to grab a few packets from the Access Point until we catch a ‘weak key’ packet which then aireplay will ask you if you want to use to then flood the Access Point with that packet. when it asks you if it can use one of the packets hit ‘y’ then return, but do not choose a packet with a destination address of FF:FF:FF:FF:FF:FF

If you flick back to your terminal with airodump running you should see the packets being captured will increase by a huge amount and with that the IV packets should also be increasing pretty damn fast aswell, if all went well in about 10mins you should have enough packets to then dump into aircrack.

Run aircrack to crack the wep from the captured file.

aircrack -q 3 -f 2 tocrack.cap

What i did there was set aircrack to read my packet file called tocrack.cap (what airodump creates). If all goes well you will get the key in a few mins.

Happy WarDriving.

Note: some portions of the texts of this article are extracted from the WEP Cracking by UmInAsHoE.