Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wireless Pen Test

From: "Paul Melson" <pmelson () gmail com>
Date: Fri, 28 Nov 2008 10:51:38 -0500
On Thu, Nov 27, 2008 at 1:00 AM, m0rebel <m0rebel () banditdefense com> wrote:

WPA and WPA2 both can be cracked with aircrack-ng. They both have the
same weakness, and in terms of using aircrack, they're exactly the
same thing. You need to sniff traffic on the WPA or WPA2 network until
you capture the 4-way handshake when someone is connecting. If someone
is already connected, you can speed this up by kicking them off the
network with a deauth attack and wait for them to reconnect, if you
don't mind an active attack. Once you have the handshake, you can
crack it by doing a dictionary attack (aircrack-ng -w dictionary.txt
dump.cap).



To be clear, this only applies to WPA access points that use a
pre-shared key for authentication.  If EAP/PEAP are being used, then
dictionary or brute-force attacks aren't going to work.

PaulM

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: