Tip
"The Bigger they are, the Harder they Fall."
Popular Saying
WPA-Enterprise has always had an aura of unbreakable around it. Most network administrators think of it as a panacea for all their wireless security problems. In this chapter, we will see that nothing could be further from the truth.
Here we will learn how to attack the WPA-Enterprise using different tools and techniques available on BackTrack.
We will cover the following in the course of this chapter:
- Setting up FreeRadius-WPE
- Attacking PEAP on Windows clients
- Attacking EAP-TTLS
- Security best practice for Enterprises
We will need a Radius server for orchestrating WPA-Enterprise attacks. The most widely used open source Radius server is FreeRadius. However, setting it up is difficult and configuring it for each attack can be tedious.
Joshua Wright, a well-known security researcher created a patch for FreeRadius that makes it easier to set up and conduct attacks. This patch was released as the FreeRadius-WPE (Wireless Pwnage Edition). The good news is that this comes pre-installed with BackTrack and hence, we need not do any installations.