PBQ 10: Wireless Network Security Assessment - WPA2 Enterprise

WPA2-Enterprise Attack Methodology

Szenario

You are conducting a wireless penetration test for a corporate client. The target is their WPA2-Enterprise network using RADIUS authentication. Target Network: - SSID: CorpNet-Secure - Authentication: WPA2-Enterprise (802.1X) - Encryption: CCMP (AES) - RADIUS Server: 192.168.100.50 - AP MAC: 00:1A:2B:3C:4D:5E Your Task: 1. Capture authentication handshakes 2. Perform offline brute-force attacks on captured hashes 3. Identify EAP method vulnerabilities 4. Recommend security improvements

Anleitung

Select the correct tools and techniques for each phase of the wireless penetration test.

Phase 1: Reconnaissance

Identify all wireless networks and their security configurations

Tool: airodump-ng

Phase 2: Capture

Capture WPA2-Enterprise authentication handshakes (EAPOL frames)

Tool: airodump-ng

Phase 3: Deauthentication

Force client reconnection to capture fresh authentication

Tool: aireplay-ng

Phase 4: Hash Extraction

Extract hashes from captured WPA2-Enterprise handshakes

Tool: eapmd5pass

Phase 5: Offline Cracking

Perform dictionary attack on captured authentication hashes

Tool: asleap