Chapter 8, Attacking WPA Enterprise and RADIUS
by Vivek Ramachandran
BackTrack 5 Wireless Penetration Testing Beginner’s Guide
- BackTrack 5 Wireless Penetration Testing
- BackTrack 5 Wireless Penetration Testing
- Credits
- About the Author
- About the Reviewer
- www.PacktPub.com
- Preface
- 1. Wireless Lab Setup
- Hardware requirements
- Software requirements
- Installing BackTrack
- Time for action installing BackTrack
- Setting up the access point
- Time for action configuring the access point
- Setting up the wireless card
- Time for action configuring your wireless card
- Connecting to the access point
- Time for action configuring your wireless card
- Summary
- 2. WLAN and Its Inherent Insecurities
- Revisiting WLAN frames
- Time for action creating a monitor mode interface
- Time for action sniffing wireless packets
- Time for action viewing Management, Control, and Data frames
- Time for action sniffing data packets for our network
- Time for action packet injection
- Important note on WLAN sniffing and injection
- Time for action experimenting with your Alfa card
- Role of regulatory domains in wireless
- Time for action experimenting with your Alfa card
- Summary
- 3. Bypassing WLAN Authentication
- 4. WLAN Encryption Flaws
- WLAN encryption
- WEP encryption
- Time for action cracking WEP
- WPA/WPA2
- Time for action cracking WPA-PSK weak passphrase
- Speeding up WPA/WPA2 PSK cracking
- Time for action speeding up the cracking process
- Decrypting WEP and WPA packets
- Time for action decrypting WEP and WPA packets
- Connecting to WEP and WPA networks
- Time for action connecting to a WEP network
- Time for action connecting to a WPA network
- Summary
- 5. Attacks on the WLAN Infrastructure
- Default accounts and credentials on the access point
- Time for action cracking default accounts on the access points
- Denial of service attacks
- Time for action De-Authentication DoS attack
- Evil twin and access point MAC spoofing
- Time for action evil twin with MAC spoofing
- Rogue access point
- Time for action Rogue access point
- Summary
- 6. Attacking the Client
- Honeypot and Mis-Association attacks
- Time for action orchestrating a Mis-Association attack
- Caffe Latte attack
- Time for action conducting the Caffe Latte attack
- De-Authentication and Dis-Association attacks
- Time for action De-Authenticating the client
- Hirte attack
- Time for action cracking WEP with the Hirte attack
- AP-less WPA-Personal cracking
- Time for action AP-less WPA cracking
- Summary
- 7. Advanced WLAN Attacks
- Man-in-the-Middle attack
- Time for action Man-in-the-Middle attack
- Wireless Eavesdropping using MITM
- Time for action wireless eavesdropping
- Session Hijacking over wireless
- Time for action session hijacking over wireless
- Finding security configurations on the client
- Time for action enumerating wireless security profiles
- Summary
- 8. Attacking WPA-Enterprise and RADIUS
- 9. WLAN Penetration Testing Methodology
- A. Conclusion and Road Ahead
- B. Pop Quiz Answers
- Chapter 1, Wireless Lab Setup
- Chapter 2, WLAN and its Inherent Insecurities
- Chapter 3, Bypassing WLAN Authentication
- Chapter 4, WLAN Encryption Flaws
- Chapter 5, Attacks on the WLAN Infrastructure
- Chapter 6, Attacking the Client
- Chapter 7, Advanced WLAN Attacks
- Chapter 8, Attacking WPA Enterprise and RADIUS
- Chapter 9, Wireless Penetrating Testing Methodology
|
Question |
Answer |
|---|---|
|
1) |
b) FreeRadius-WPE is a patch written by Joshua Wright to the original FreeRadius server. |
|
2) |
b) PEAP can be attacked by having a gullible client accept the server-side fake certificate provided by the attacker. |
|
3) |
d) EAP-TLS uses both client and server-side certificates. |
|
4) |
b) EAP-TTLS uses server-side certificates. |
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.