Home » Blog » Hacking Wireless WPA Enterprise Networks
15 March, 2022
No Comments
What is WPA-Enterprise?
WPA-Enterprise (Wi-Fi Protected Access-Enterprise) is an enhanced wireless security mechanism with advanced authentication and encryption.
WPA-Enterprise uses a RADIUS server (Remote Authentication Dial-in User Service) to manage and allow communication between the authenticator [USER] and the authentication server.
A RADIUS server maintains user profiles in a central database that can control who can connect with your network.
What you’ll learn:
Create your own fake WPA-Enterprise wireless access point
Crack hashes using Hashcat tool.
Hacking Wireless WPA Enterprise WiFi Networks
The differences between WPA-Personal and WPA-Enterprise:
Let’s start with WPA/WPA2 encryption type:
WPA/WPA2 uses PSK (Pre-Shared Key) which is a password shared with all the users that want to connect to the network.
WPA/WPA2 is mostly used at home as the standard type of encryption.
One key [password] is shared between all the users
The Router manages the authentication
WPA Enterprise is another form of authentication:
Anyone who wants to connect to the network has to have a unique USERNAME & PASSWORD [Unlike WPA/WPA2 that uses a shared password between all the users]
The Traffic is encrypted with the user key, therefore it’s more secure.
WPA-Enterprise is mostly used in small and large organizations
Uses EAP protocol and is managed by a RADIUS server, which allows communication between the authenticator and the authentication server.
There are two methods to attack WPA-Enterprise:
Creating a fake AP (Evil Twin Attack) [open network]
Create your own fake Enterprise Network [Encrypted network]
By using the first method, the target might feel suspicious because upon connecting to the network, a webpage will pop up asking for a username and a password.
Unlike the second method where no web pages will pop up, which is exactly what they normally do when they connect to the real WPA-Enterprise network.
Requirements:
Kali Virtual Machine
An external Wi-Fi adapter to broadcast our fake access point
Saad Sarraj
I am a CyberSecurity and Ethical Hacking/Penetration Testing passionate. I am also a TryHackMe Top 1% CTF Player.