PBQ 7: Wireless Network Security Assessment - WPA2 Enterprise

WPA2-Enterprise Attack Methodology

Aufgabenstellung

A penetration tester is performing a wireless security assessment against a WPA2-Enterprise network.

INSTRUCTIONS: Select the correct aircrack-ng commands in the correct order to capture the handshake and crack the password.

Szenario

You are conducting a wireless penetration test for a corporate client. The target is their WPA2-Enterprise network using RADIUS authentication. Target Network: - SSID: CorpNet-Secure - Authentication: WPA2-Enterprise (802.1X) - Encryption: CCMP (AES) - RADIUS Server: 192.168.100.50 - AP MAC: 00:1A:2B:3C:4D:5E Your Task: 1. Capture authentication handshakes 2. Perform offline brute-force attacks on captured hashes 3. Identify EAP method vulnerabilities 4. Recommend security improvements

Anleitung

Select the correct tools and techniques for each phase of the wireless penetration test.

Phase 1: Reconnaissance

Identify all wireless networks and their security configurations

Which airodump-ng command correctly scans for all wireless networks on a monitor-mode interface?

Phase 2: Capture

Capture WPA2-Enterprise authentication handshakes (EAPOL frames)

Which airodump-ng command captures handshakes from the target AP (BSSID: 00:1A:2B:3C:4D:5E) on channel 6?

Phase 3: Deauthentication

Force client reconnection to capture fresh authentication

Which aireplay-ng command sends 5 deauthentication packets to force client reconnection?

Phase 4: Hash Extraction

Extract hashes from captured WPA2-Enterprise handshakes

Which eapmd5pass command extracts EAP-MD5 hashes from the capture file for cracking?

Phase 5: Offline Cracking

Perform dictionary attack on captured authentication hashes

Which asleap command performs a dictionary attack on captured LEAP/PEAP credentials?