Saturday 31 May 2014

Wireless Enterprise Authentication


Hi,

As I worked on few Wireless Penetration Testing assignments recently, I thought to post information related to Enterprise Authentication.
As we all are aware WEP is Broken Beyond Repair, and WPA/WPA2 Bruteforce handshakes!

But most of organizations implement WAP/WAP2 Enterprise Authenticataion, containing Domain Authentication, so ideally Wireless Client will authenticate to AP using Domain Credentials!

To capture Authentication Handshakes for Enterprise networks and bruteforce them we need Freeradius-WPE (Wireless Pawn-age Edition)

Basic Structure of Wireless Enterprise Network ( Using Radius Server) :

Tutorial - Geier E - 1051 - Figure 1.png



So attacker can bring Physical Access point which will be connected to Freeradius server hosted in Attacker's Virtual Machine as mentioned below :















Attacker broadcast SSID with similar name as official SSID of Access Point.
When Client connects to attackers rogue AP, It will send Authentication challenges which attacker can bruteforce offline to recover passwords.

This is just a theory on how attacker can work towards breaking Enterprise Level authentication.
In next post I will post about setup and configuration of Freeradius server, and slowly towards hacking enterprise authentications.

Regards,
eXpl0i13r

6 comments:

  1. Hey, It really is incredibly fantastic and informative website. Good to discover your site Very well article! I’m simply in love with it.
    vSan 6 Enterprise for 1 processor

    ReplyDelete
  2. Wow! This is the perfect blog I am looking this type of blog its awesome blog here , share great information about this topic. This informative blog helps many readers with their decision-making regarding the situation. Great articles and will look forward for more!
    Veeam Backup & Replication for Vmware

    ReplyDelete
  3. Perfect example of speculation, empathy and expression. Here I learned a new way to speculate through author’s writing. It allowed me to feel a new way to speculate your thoughts and express them in an easy and clear way.HPE ProLiant DL380 Gen9

    ReplyDelete
  4. Most of educational information over different kinds of blogs do not such supportive as supportive all the points of this blog. You need not to find any other platform to verify the data stated here.lenovo server ราคา

    ReplyDelete
  5. Somewhere the content of the blog surrounded by little arguments. Yes it is healthy for readers. They can include this kind of language in their writing skill as well as while group discussion in college.HPE ProLiant DL180 Gen9

    ReplyDelete
  6. HP DL380 Gen9 Rack Server in UAE, Proliant 2U Rack Server in UAE, Rack Server in UAE
    https://gccgamers.com/hp-dl380.html
    HP DL380 Gen9 Rack Server in UAE, Safe Shopping Multiple Payment Options Express Delivery GCC Gamers Moneyback Guarantee.
    1634522950625-10

    ReplyDelete