Re: Wireless Pen Test
- From: "anshuman sharma" <anshuman251@xxxxxxxxx>
- Date: Fri, 28 Nov 2008 20:14:47 +0530
Thanks a lot to all of you for all your answers.
To give you all move details. The authentication for getting the
access to the Wireless Network is through RADIUS, thus you require
domain logins for authentication. Then on AP WPA2 AES is used.
So, is there any tool available to sniff the wireless traffic. I am
taking an example that an employee near by to the office wants to log
in to the network through wireless and near by another user using a
tool (possible Wireshark) to sniff the traffic. Now when the user
tries to login, he will send the credential for authentication and the
AP will forward the request to RADIUS for authentication. Can this
packet be sniffed and can the credential be recovered. Authentication
type is EAP-MSCHAP.
Thanks and Regards
Anshuman
On Thu, Nov 27, 2008 at 8:38 AM, Kevin Horvath <kevin.horvath@xxxxxxxxx> wrote:
Assuming you are referring to WPA2-psk you can use aircrack-ng to brute
force the WPA(2) passphrase by providing it a dictionary and the SSID which
is used as the salt. Its not cracking the encryption (AES) is just brute
forcing the hashed output to recover the key. If you have the passphrase in
your dictionary and the 4 way handshake then you can recover it. WEP is
broken and cracked but WPA (TKIP encryption) is not fully broken yet but the
guys from the aircrack team (Hirte especially) already discovered the first
kink in its armor. Although while its not fully broken you can perform the
same bruteforce attack as mentioned above against it also.
Also if your telling a client that using WPA(2) psk is secure then you are
doing an injustice to your client....Yes even if the key is very long and
complex and not in any dictionary. The whole point of having a shared key
is insecure since all it takes is for one laptop to get hacked or stolen and
then your compromised. If you want to tell a client they are secure then
you need to be recommending wpa(2) enterprise using EAP-TLS or EAP-TTLS.
Please dont tell a client WPA2/CCMP/AES - PSK is secure (for businesses that
is) as you are only as secure as your weakest client.
On Wed, Nov 26, 2008 at 10:37 AM, anshuman sharma <anshuman251@xxxxxxxxx>
wrote:
Hi All,
Is there any tool available to break WAP2 encryption (I searched a lot
but was not able to find any). I know using Aircrack (Airodump and
Aireplay), WEP and WPA key can be breaked. But if the encyption is
WPA2 can we give a reasonable assurance to the client that the Wifi
network is secure from outside.
Thanks and Regards
Anshuman
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
- Follow-Ups:
- Re: Wireless Pen Test
- From: Kevin Horvath
- Re: Wireless Pen Test
- References:
- Wireless Pen Test
- From: anshuman sharma
- Wireless Pen Test
- Prev by Date: Re: Wireless Pen Test
- Next by Date: Re: Wireless Pen Test
- Previous by thread: Re: Wireless Pen Test
- Next by thread: Re: Wireless Pen Test
- Index(es):
Relevant Pages
|
