Possible...anything is possible. Although that doesn't mean it is likely, or easy.Originally Posted by ASTRAPI
You're probably better off going the social engineering route than the cracking route.
Crack radius option
Hi
Is it possible to crack a encryption with radius support?
ex:wpa with 802.1x (RADIUS)
Thanks
Possible...anything is possible. Although that doesn't mean it is likely, or easy.
You're probably better off going the social engineering route than the cracking route.
"\x74\x68\x65\x70\x72\x65\x7a\x39\x38";
yes.
it could be done, but if the double authentication process is on, it's hard or maybe impossible to make your attack in a hidden state.
The essence of attacking 802.1x is based on state machine logic
if only one way authentication is in process mitm is possible.
theSnail
This is one of the primary reasons I've gotten back into 'offensve security'...
I manage not only a (somewhat comprehensive) home net, but a network at work (that 'insists' on having wireless). I'm also subsequently one of those ppl to whom everyone in the book thinks they should call / confer with to network their soho nets...
Anyways, I suppose the point I'm attempting to make now is the point that I've been trying to make to myself regarding wireless security: I'm not convinced that it is possible, whatsoever.
A couple of months ago I had a convo with an IT friend of mine who flat out tried to convince me that wpa2 / eap-tls is 99.99999999999999999% secure... I called bullshit.
So now I'm in the process of building my own AP's with an authentication server to test/break the various protocols; Radius is on my plate currently so I will post my findings after all is said/done.
dd if=/dev/swc666 of=/dev/wyze
Your IT friend obviously knows much more about this than you do
You are going to waste a lot of time on this and fail
WPA with a decent passphrase will take you 10's of years or more to crack
WPA2 is going to be no different to WPA
WPA2 with a RADIUS server you are in the region of hundreds if not thousands of years
A decent passphrase is something like:
+@o|veeP63dMy_yKww=nCpg!__vO?aK!tLw_0L <NAzJ^Mw]xP9A^*^+UuX1SBM
Unless someone uses a passphrase like this: mynetwork
You are just are going to waste a whole lot of time and effort for nothing.
So are you saying that you would bet the farm that WPA2 w/radius auth is not at all crackable at all?
What is your basis of the system resources of the cracking system that give you those figures?
Are there not computer systems / network farms out there that can crack even a passphrase like the aformentioned in less time?
I'm REALLY not trying to come across as a smart a$$, but let's think real world and realistic scenarios... where there's a will, time effort and dinero, there's a way to cut that timeframe down
dd if=/dev/swc666 of=/dev/wyze
If you do your research on creating a dictionary, you will soon find that a suitable dictionary to cover this type of passphrase will run into many hundreds of thousands of TerraBytes.
Here is a quote from another thread on creating a dictionary
So from that if you take into account that the passphrase I gave would need you to create the dictionary using approx 200 possible characters for each of the 63 characters in my passphrase, how big is that dictionary going to be and how long will it take to create?What exactly did you expect? why do you think bruteforce attacks take so long? what you are trying to do is make a brute force dictionary
so lets say for argument sake you look at the 128 characters in the standard ascii table and a password is only 4 characters long
128x128x128x128= 268,435,456 bytes for a 4 character password=268mb
6 chars 4,398,046,511,104 bytes 4.5TB if i got my factors right in my head and its a sunday afternoon so i might not have
OK so 128 is extreme so try 70 characters (or so) on a standard key board with out any extra effort and not counting case sensitivity
4 chars = 24,010,000 bytes
6 chars = 117,649,000,000 bytes
Supposing that you had created that dictionary, if you just limited it to only the lines that had 63 characters it would have 9.223372036854775808e+144 words a decent computer set to crack a wpa key when it has all of the parts needed can manage about 50 per second which is about 1.8446744073709551616e+143 seconds to guarantee to find the right one. which is 5.8494241735507203247082699137494e+135 years
Now consider that I limited this to 200 character when it could have been more like 350 or so.
All of this is based on you knowing that I am using 63 characters, what if you don't know if it is 21 43 50 8 62 or whatever.
All of this is based on just WPA, if you were to throw a RADIUS server into the mix then.... well you get the idea.
So yes at this moment in time I would bet the farm
My theory is a combinatioin of an availability attack to use bad length fields to try to crash radius server, followed by an integrity attack for replay would be enough to crash a RADIUS server, and then performing a DoS...etc etc...
I'm convicnced (until I prove myself otherwise) that a network of this topology can be cracked... without an NSA basement cray
dd if=/dev/swc666 of=/dev/wyze
But you're not going to be able to have that kind of access to the RADIUS server via Wireless until you've cracked the WPA encryption. So unless you've got the money for a pocket Cray, I doubt even the method above is going to work.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
All my previous calculations were done without taking into account the radius server so if you do bring it down you would still have to crack the WPA
If by bringing down the server you intend to actually use that to give you the key.. then.... I would still say that that kind of attack is a long way off and fraught with problems and dangers.
Even if you did pull it off it would be that noticeable that the passphrase would be changed when they bring the server back up anyway, so you would still not have the key.
Posting Permissions
