Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wireless Pen Test

From: Joshua Wright <jwright () hasborg com>
Date: Thu, 27 Nov 2008 20:02:39 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Is there any tool available to break WAP2 encryption (I searched a lot
but was not able to find any). I know using Aircrack (Airodump and
Aireplay), WEP and WPA key can be breaked. But if the encyption is
WPA2 can we give a reasonable assurance to the client that the Wifi
network is secure from outside.


WPA2 can be TKIP or CCMP encryption.  Recently, TKIP encryption has
shown to be weak:

http://dl.aircrack-ng.org/breakingwepandwpa.pdf
http://www.willhackforsushi.com/presentations/TKIP_Attack_Webcast_2008-11-17.pdf

If the customer is using CCMP encryption, then we believe this crypto is
sound.  However, that does not qualify as a secure wireless network
alone.  Are there rogue AP threats?  What monitoring mechanisms are in
place to detect new rogue APs?  Is the EAP type strong, and is it
implemented well on clients
(http://www.willhackforsushi.com/presentations/PEAP_Shmoocon2008_Wright_Antoniewicz.pdf)?

Wireless penetration tests aren't just about identifying the use of WPA2
and getting a big gold star for effort.  There are many additional
factors to evaluate for exploit avenues.

- -Josh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkkvQy8ACgkQapC4Te3oxYynQACdG+k7dKqjoHlpCl+rpN8GjpXs
kZgAnRhNotusKdO047uPLESyuE+jK0Hl
=0QZZ
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: