Penetration Testing mailing list archives
Re: Wireless Pen Test
From: "Paul Melson" <pmelson () gmail com>
Date: Fri, 28 Nov 2008 10:51:38 -0500
On Thu, Nov 27, 2008 at 1:00 AM, m0rebel <m0rebel () banditdefense com> wrote:
WPA and WPA2 both can be cracked with aircrack-ng. They both have the same weakness, and in terms of using aircrack, they're exactly the same thing. You need to sniff traffic on the WPA or WPA2 network until you capture the 4-way handshake when someone is connecting. If someone is already connected, you can speed this up by kicking them off the network with a deauth attack and wait for them to reconnect, if you don't mind an active attack. Once you have the handshake, you can crack it by doing a dictionary attack (aircrack-ng -w dictionary.txt dump.cap).
To be clear, this only applies to WPA access points that use a pre-shared key for authentication. If EAP/PEAP are being used, then dictionary or brute-force attacks aren't going to work. PaulM ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Wireless Pen Test anshuman sharma (Nov 26)
- Re: Wireless Pen Test Cedric Blancher (Nov 28)
- Re: Wireless Pen Test Leandro Machado (Nov 28)
- RE: Wireless Pen Test Harit, Saurabh (IE10) (Nov 28)
- Re: Wireless Pen Test m0rebel (Nov 28)
- RE: Wireless Pen Test Rui Pereira (WCG) (Nov 28)
- RE: Wireless Pen Test Cedric Blancher (Nov 28)
- Re: Wireless Pen Test Paul Melson (Nov 28)
- RE: Wireless Pen Test Rui Pereira (WCG) (Nov 28)
- Re: Wireless Pen Test Samuel Korpi (Nov 28)
- Re: Wireless Pen Test Joshua Wright (Nov 28)
- Message not available
- Re: Wireless Pen Test anshuman sharma (Nov 28)
- Re: Wireless Pen Test Kevin Horvath (Nov 28)
- Re: Wireless Pen Test Kevin Horvath (Nov 30)
- Re: Wireless Pen Test anshuman sharma (Nov 28)
- <Possible follow-ups>
- Wireless Pen Test christopher . riley (Nov 28)