Penetration Testing mailing list archives
Re: Wireless Pen Test
From: "anshuman sharma" <anshuman251 () gmail com>
Date: Fri, 28 Nov 2008 20:14:47 +0530
Thanks a lot to all of you for all your answers. To give you all move details. The authentication for getting the access to the Wireless Network is through RADIUS, thus you require domain logins for authentication. Then on AP WPA2 AES is used. So, is there any tool available to sniff the wireless traffic. I am taking an example that an employee near by to the office wants to log in to the network through wireless and near by another user using a tool (possible Wireshark) to sniff the traffic. Now when the user tries to login, he will send the credential for authentication and the AP will forward the request to RADIUS for authentication. Can this packet be sniffed and can the credential be recovered. Authentication type is EAP-MSCHAP. Thanks and Regards Anshuman On Thu, Nov 27, 2008 at 8:38 AM, Kevin Horvath <kevin.horvath () gmail com> wrote:
Assuming you are referring to WPA2-psk you can use aircrack-ng to brute force the WPA(2) passphrase by providing it a dictionary and the SSID which is used as the salt. Its not cracking the encryption (AES) is just brute forcing the hashed output to recover the key. If you have the passphrase in your dictionary and the 4 way handshake then you can recover it. WEP is broken and cracked but WPA (TKIP encryption) is not fully broken yet but the guys from the aircrack team (Hirte especially) already discovered the first kink in its armor. Although while its not fully broken you can perform the same bruteforce attack as mentioned above against it also. Also if your telling a client that using WPA(2) psk is secure then you are doing an injustice to your client....Yes even if the key is very long and complex and not in any dictionary. The whole point of having a shared key is insecure since all it takes is for one laptop to get hacked or stolen and then your compromised. If you want to tell a client they are secure then you need to be recommending wpa(2) enterprise using EAP-TLS or EAP-TTLS. Please dont tell a client WPA2/CCMP/AES - PSK is secure (for businesses that is) as you are only as secure as your weakest client. On Wed, Nov 26, 2008 at 10:37 AM, anshuman sharma <anshuman251 () gmail com> wrote:Hi All, Is there any tool available to break WAP2 encryption (I searched a lot but was not able to find any). I know using Aircrack (Airodump and Aireplay), WEP and WPA key can be breaked. But if the encyption is WPA2 can we give a reasonable assurance to the client that the Wifi network is secure from outside. Thanks and Regards Anshuman ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Wireless Pen Test anshuman sharma (Nov 26)
- Re: Wireless Pen Test Cedric Blancher (Nov 28)
- Re: Wireless Pen Test Leandro Machado (Nov 28)
- RE: Wireless Pen Test Harit, Saurabh (IE10) (Nov 28)
- Re: Wireless Pen Test m0rebel (Nov 28)
- RE: Wireless Pen Test Rui Pereira (WCG) (Nov 28)
- RE: Wireless Pen Test Cedric Blancher (Nov 28)
- Re: Wireless Pen Test Paul Melson (Nov 28)
- RE: Wireless Pen Test Rui Pereira (WCG) (Nov 28)
- Re: Wireless Pen Test Samuel Korpi (Nov 28)
- Re: Wireless Pen Test Joshua Wright (Nov 28)
- Message not available
- Re: Wireless Pen Test anshuman sharma (Nov 28)
- Re: Wireless Pen Test Kevin Horvath (Nov 28)
- Re: Wireless Pen Test Kevin Horvath (Nov 30)
- Re: Wireless Pen Test anshuman sharma (Nov 28)
- <Possible follow-ups>
- Wireless Pen Test christopher . riley (Nov 28)