Attacking PEAP
by Vivek Ramachandran, Cameron Buchanan
Kali Linux Wireless Penetration Testing Beginner's Guide - Third Edition
- Kali Linux Wireless Penetration Testing Beginner's Guide Third Edition
- Table of Contents
- Kali Linux Wireless Penetration Testing Beginner's Guide Third Edition
- Credits
- Disclaimer
- About the Authors
- About the Reviewer
- www.PacktPub.com
- Customer Feedback
- Preface
- 1. Wireless Lab Setup
- Hardware requirements
- Software requirements
- Installing Kali
- Time for action – installing Kali
- Setting up the access point
- Time for action – configuring the access point
- Setting up the wireless card
- Time for action – configuring your wireless card
- Connecting to the access point
- Time for action – configuring your wireless card
- Summary
- 2. WLAN and Its Inherent Insecurities
- Revisiting WLAN frames
- Time for action – creating a monitor mode interface
- Time for action – sniffing wireless packets
- Time for action – viewing management, control, and data frames
- Time for action – sniffing data packets for our network
- Time for action – packet injection
- Important note on WLAN sniffing and injection
- Time for action – experimenting with your adapter
- Summary
- 3. Bypassing WLAN Authentication
- 4. WLAN Encryption Flaws
- WLAN encryption
- WEP encryption
- Time for action – cracking WEP
- WPA/WPA2
- Time for action – cracking WPA-PSK weak passphrase
- Speeding up WPA/WPA2 PSK cracking
- Time for action – speeding up the cracking process
- Decrypting WEP and WPA packets
- Time for action – decrypting WEP and WPA packets
- Connecting to WEP and WPA networks
- Time for action – connecting to a WEP network
- Time for action – connecting to a WPA network
- Summary
- 5. Attacks on the WLAN Infrastructure
- Default accounts and credentials on the access point
- Time for action – cracking default accounts on the access points
- Denial of service attacks
- Time for action – deauthentication DoS attack
- Evil twin and access point MAC spoofing
- Time for action – evil twin with MAC spoofing
- A rogue access point
- Time for action – Setting up a rogue access point
- Summary
- 6. Attacking the Client
- Honeypot and Misassociation attacks
- Time for action – orchestrating a Misassociation attack
- The Caffe Latte attack
- Time for action – conducting the Caffe Latte attack
- Deauthentication and disassociation attacks
- Time for action – deauthenticating the client
- The Hirte attack
- Time for action – cracking WEP with the Hirte attack
- AP-less WPA-Personal cracking
- Time for action – AP-less WPA cracking
- Summary
- 7. Advanced WLAN Attacks
- A Man-in-the-Middle attack
- Time for action – Man-in-the-Middle attack
- Wireless eavesdropping using MITM
- Time for action – wireless eavesdropping
- Session hijacking over wireless
- Time for action – session hijacking over wireless
- Finding security configurations on the client
- Time for action – deauthentication attack on the client
- Summary
- 8. KRACK Attacks
- 9. Attacking WPA-Enterprise and RADIUS
- 10. WLAN Penetration Testing Methodology
- 11. WPS and Probes
- A. Pop Quiz Answers
- Chapter 1, Wireless Lab Setup
- Chapter 2, WLAN and Its Inherent Insecurities
- Chapter 3, Bypassing WLAN Authentication
- Chapter 4, WLAN Encryption Flaws
- Chapter 5, Attacks on the WLAN Infrastructure
- Chapter 6, Attacking the Client
- Chapter 7, Advanced WLAN Attacks
- Chapter 9, Attacking WPA-Enterprise and RADIUS
- Index
Protected Extensible Authentication Protocol (PEAP) is the most popular version of EAP in use. This is the EAP mechanism shipped natively with Windows.
PEAP has two versions:
- PEAPv0 with EAP-MSCHAPv2 (the most popular as this has native support on Windows)
- PEAPv1 with EAP-GTC
PEAP uses server-side certificates for validation of the RADIUS server. Almost all attacks on PEAP leverage misconfigurations in certificate validation.
In the next lab, we will take a look at how to crack PEAP when certificate validation is turned off on the client.
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.