Getting WEP passphrases
Remember a bit ago when I blogged about getting wireless SSIDs out of the Registry? Well, a little while after that, the guys over at the secureme blog posted (but haven't done so in quite a while) about a Wireless Zero Configuration Information Disclosure issue. Aaron refers to this as a "local abuse" issue...I prefer to think of it as information gathering for the incident responder.
In the blog entry, there's a link to an executable that can be used to extract the WEP key right along with the SSID. The archive includes the source (in a .cpp file) so maybe we can use that information to further parse the contents of the Registry key.
However, the most interesting part of the blog entry is at the very end, where the ability to dump and decrypt the WEP keys has been added to Cain and Abel. The blog mentions version 2.77, but as of today, version 2.9 is available.
In the blog entry, there's a link to an executable that can be used to extract the WEP key right along with the SSID. The archive includes the source (in a .cpp file) so maybe we can use that information to further parse the contents of the Registry key.
However, the most interesting part of the blog entry is at the very end, where the ability to dump and decrypt the WEP keys has been added to Cain and Abel. The blog mentions version 2.77, but as of today, version 2.9 is available.
You may want to add something like this to your toolkit, particularly if you've already added things like the ability to view passwords in Protected Storage.