3

As I am a network&IT enthusiast, I was asked by a friend to pentest his WPA network.

I'm wondering if there is anything else I can do beside a bruteforce attack, trying the KARMA attack on workstations and hoping for TKIP with QoS for exploiting it's DoS vulnerability?

1 Answers1

4

A good piece of pen testing on wireless networks is around configurations. Is his network set up for mutual authentication? If not, could someone connecting be spoofed into connecting to a rogue access point?

Also have a read of this question re WPA and WPA2

In addition, carry out a site survey, just to see how far the signal goes - it might sound basic, but if it is easy for an attacker to connect from somewhere safe and unobtrusive, they will have more time to attempt an attack.

Rory Alsop
  • 61,474
  • 12
  • 117
  • 321
  • Well with a WPA the spoofing will not give the password away, if I'm not incorrect. Other thant that modifying the setup SSID and password might add to the difficulty to brute force the password. – Anarko_Bizounours Apr 23 '15 at 13:43
  • SSID has no bearing on difficulty of attack. The question is not about passwords. It is about pen testing WPA. – Rory Alsop Apr 23 '15 at 13:48
  • Well having a SSID provided by the ISP can lead to bruteforce using dictionnary password for the ISP. – Anarko_Bizounours Apr 24 '15 at 12:00
  • SSID is not a secret. – Rory Alsop Apr 24 '15 at 12:46
  • I know, I'm saying that using the provided SSID can be more disastrous than using your own SSID. By editing the SSID by your own, the attacker won't be able to bruteforce the WPA key by dictionnary. It's not giving away your WPA key away easily. Those kind of dictionnary are easy to find. – Anarko_Bizounours May 07 '15 at 09:20