W1red's Guide to Hacking WPA/WPA2 Enterprise

[w1red]

Hi guys I thought I'd just share this little guide I wrote up, I think it will give some of you an interesting read. It talks about a few vulnerabilities regarding WPA/WPA2 Enterprise networks and how to go about auditing them. Its my first guide so don't be too harsh. Please let me know

This guide will use the following scenarios:

1.Certificate authentication is not present
2. Certificate authentication is present but doesnt specify the server
3. Using Iphones to hack wpa enterprise

The success rate of this hack will come down to the strength of your dictionary, just like regular WPA. This guide however does not discuss rainbow tables for cracking the challenge response, perhaps I will write that up if anyone wants.



http://www.mediafire.com/?oyimmzmiumy

[egeier]

I talk about some of these same issues in one of my tutorials:
Tips and Tricks for Using 802.1X in Windows - www.esecurityplanet.com

You might also want to check out a free hosted RADIUS/802.1X service:
Outsourced RADIUS/802.1X Authentication for WPA/WPA2-Enterprise

[18436572]

W1red, great write-up.

Would you be able to point me to more detail on the iPhone section of the howto?

[complience]

The success rate of this hack will come down to the strength of your dictionary, just like regular WPA. This guide however does not discuss rainbow tables for cracking the challenge response, perhaps I will write that up if anyone wants.



http://www.mediafire.com/?oyimmzmiumy

Yes please because im completely lost as to how to use rainbow tables in the cracking of a WPA handshake

[longjidin]

ermm!! that good guide. i think better to understand the TX/RX, Wireless, alghorithm, aircrack-ng etc. if you understand the flow its so helpful to bring down the WPA/WPA2 Enterprise, that is my opinion......happy hunting!!!

[Stewtn]

Good write-up. I purchaed a valid cert a while back but could never get in installed correctly. Could you give me some advise on how to install my cert. (Its a godaddy cert )

Thanks!

[freeqaz]

My friend's wifi was WEP, so I told him his password and he freaked out. So he changed it to WPA2 Enterprise with keyshift or something like that. He said the interval was above 360 seconds otherwise his iPhone times out.

Is this possible to crack? I can get the number of characters in the password from him, and then bruteforce it. I've got a fairly decent rig with an ATI card.