Hacking WPA Enterprise with Kali Linux

Penetration Testing

Admittedly, that’s somewhat of a click-bait blog post title but bear with us, it’s for a good reason. Lots of work goes on behind the scenes of Kali Linux: tools get updated every day and interesting new features are added constantly. Most of these tool updates and feature additions go unannounced, receive little fanfare, and are eventually discovered by inquisitive users – however, this time we felt that we needed to make an exception.

A few weeks ago, the author of the Aircrack-ng suite, Thomas d’Otroppe, took upon himself to maintain a set of patches for hostapd and freeradius, which allows an attacker to facilitate WPA Enterprise AP impersonation attacks. This is exciting news as traditionally, these patches were created and updated on an ad-hoc basis, quickly leaving these specific toolsets outdated, lacking features, and worse, vulnerable to attack. Thomas has updated the hostapd-wpe and freeradius-wpe patches to the latest version of their respective software and these patches have already been incorporated into Kali Linux. We think this is great news so we’re taking this opportunity to show you how to use these toolsets to attack WPA Enterprise authentication schemes.

hostapd-wpe

Using the hostapd-wpe toolset is the easiest way to run an attack against WPA Enterprise implementations as everything is already built-in. The attack requires a compatible wireless card. The hostapd-wpe version has been updated from 2.1/2.2 to 2.6, which now allows for 802.11n/ac traffic as long as it’s supported by your card. For more details on HostAPd updates, please refer to its changelog.

hostapd-wpe Patch Changes

  • The certificate directory that had to be downloaded is now part of the patch, which makes it easier to distribute.
  • HostAPd WPE configuration file has been updated to HostAPd v2.6 configuration.
  • The configuration files now go into /etc/hostapd-wpe and installation is part of the Makefile.
  • Certificate creation tools will be in /etc/hostapd-wpe/certs and a Makefile allows users to easily deploy created certificates.
  • Both WPE and non-WPE hostAPd can cohabitate on the same system.

Freeradius-wpe

The freeradius-wpe toolset requires an Access Point to work and the set-up is somewhat more complex than HostAPd. The reason why you might prefer this toolset over HostAPd is its reliability and scalability – allowing the different components to do one job, and do it well. Freeradius is very good at being a Radius server and a dedicated AP is very good at being an access point – and neither are dependent on the distributions wireless drivers. Freeradius in the wpe toolset has been updated from 2.1.x (which is EOL) to 3.0.x, its changelog can be found here.

Attacking WPE Enterprise with hostapd-wpe in Kali

We promised, so we’ll deliver, whether it’s clickbait or not. Here’s a short video showing you how to install and use hostapd-wpe in Kali Linux. We also encourage you to check out the Kali Tools hostapd-wpe page for additional information.

Menu
X Close

 

Certified Pentesting
Professional

OSCP
course starting at
$800 USD

Take Penetration Testing with Kali Linux to gain invaluable penetration testing skills and earn your OSCP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCP

Certified Pentesting
Expert

OSCE
course starting at
$1200 USD

Take Cracking the Perimeter to take your penetration testing skills to expert levels and earn your OSCE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCE

 

Certified Pentesting
Web Expert

OSWE
course starting at
$1400 USD

Take Advanced Web Attacks and Exploitation, to deep dive into web apps to earn your OSWE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWE

Certified Pentesting
Wireless Professional

OSWP
course starting at
$450 USD

Take Offensive Security Wireless Attacks to acquire knowledge about Wi-Fi attacks and earn your OSWP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWP

Certified Exploitation
Expert

OSEE
course starting at
See
Live Schedule

Take Advanced Windows Exploitation to develop exploits for Windows systems and earn your OSEE.

  • Live training course
  • Includes certification exam fee
  • Maximum instructor interaction
  • Highly challenging
  • Become an OSEE