O'Reilly logo

BackTrack 5 Wireless Penetration Testing Beginner’s Guide by Vivek Ramachandran

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Attacking PEAP

Protected Extensible Authentication Protocol (PEAP) is the most popular version of EAP in use. This is the EAP mechanism shipped natively with Windows.

PEAP has two versions:

  1. PEAPv0 with EAP-MSCHAPv2 (most popular as this has native support on Windows)
  2. PEAPv1 with EAP-GTC

PEAP uses server-side certificates for validation of the Radius server. Almost all attacks on PEAP leverage mis-configurations in certificate validation.

In the next lab, we will look at how to crack PEAP, when certificate validation is turned off on the client.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required