2

So it is fairly trivial to decrypt 802.11 for WPA-PSK as explained in this link https://wiki.wireshark.org/HowToDecrypt802.11. Is it then possible to decrypt the same way for WPA enterprise?(Assuming that you do know the full credentials of the client whose traffic you are trying to sniff and that you managed to capture the full 4WHS)

Lew Wei Hao
  • 429
  • 5
  • 13
  • Short answer is **YES**. But remember tha WPA Enterprise has many many solutions, are you looking for a specific type of EAP? Because depending on the configurations depends on the steps, like EAP-MD5 is really easy, since you only need to capture challenge-response and crack it, since MD5 is long time broken. But everything changes in EAP-PEAP or EAP-TTLS, etc. – Azteca May 05 '17 at 17:34

2 Answers2

3

The methodology I've always seen for this involves using Hostapd in a man in the middle style attack. Essentially setting up an Evil Twin style attack on the enterprise network, failing but still gathering enough of the keying material to recreate the credentials.

It only works on certain EAP/PEAP modes (essentially things that aren't *TLS) http://blog.gojhonny.com/2015/08/pwning-wpa-enterprise-with-hostapd-on.html is a good example of this setup. Famously used by Moxie (along with shitty crypto) to break MSCHAPv2 (http://blog.erratasec.com/2012/07/the-tldr-version-of-moxies-mschapv2.html)

Ori
  • 2,757
  • 1
  • 15
  • 29
0

So after doing some searching on the web, I found this wonderful link that explains one possible way of doing so https://wirewatcher.wordpress.com/2011/01/23/tweaking-eaps-weak-link-sucking-wifi-pmks-out-of-radius-with-pmkxtract/

Apparently, the secrecy of PMK for WPA enterprise does not lie in the knowledge of the credentials,and that a Premaster Secret is generated by the client which is eventually used to compute the PMK.

Hence, the only feasible way is to take advantage of the step where the RADIUS server sends the PMK to the authenticator which is encrypted with a shared secret. If one is able to sniff the traffic between the RADIUS server and the authenticator and possess the correct shared secret, he is then able to recover the PMK and continue decryption as per normal.

So I guess the main difficulty lies in either obtaining the shared secret or sniffing the traffic between the RADIUS and Authenticator. The former is said to be brute-forceable according to the link. I'm not too sure how feasible it is to perform the latter though.

Lew Wei Hao
  • 429
  • 5
  • 13