Wireless security protocols used to encrypt wireless packets suffer from different types of attacks. WEP, Wired Equivalent Privacy, is severely broken; it is not at all recommended to use on wireless networks. It is uncommon to ever encounter WEP in current wireless pentests. WPA, Wi-Fi Protected Access, was introduced as a replacement and both WPA variants, Personal and Enterprise, are the most common encryption and authentication techniques you will encounter in assessments. For WPA and WPA2 PSK, it has been demonstrated how a dictionary attack is possible using tools like aircrack-ng, available on Kali Linux. WPA and WPA2 Enterprise can potentially be circumvented by creating a parallel network and having a legitimate client attempt to authenticate through your setup rather than the production one.

The dictionary attack used against PSKs can be very time consuming and the generation and use of rainbow tables can accelerate the recovery of the encryption keys. Attacks against WPS, Wi-Fi Protected Setup, can also be used in situations where consumer access points and routers may be included in the scope of your assessment.

In the next chapter, we will look at attacks that can be conducted once the wireless encryption has been penetrated and we are able to join the target network. Man in the Middle attacks can be used against other clients and servers that reside on the network and reveal a wealth of information that can help you achieve the overall goals of your assessment.