- We will set up a WPA-PSK Honeypot with the ESSID Wireless Lab. The
-z 2option creates a WPA-PSK access point, which uses TKIP:
- Let's also start
airodump-ngto capture packets from this network:
- Now when our roaming client connects to this access point, it starts the handshake but fails to complete it after Message 2, as discussed previously; however, the data required to crack the handshake has been captured.
- We run the
airodump-ngcapture file throughaircrack-ngwith the same dictionary file as before; eventually, the passphrase is cracked as before.
We were able to crack the WPA key with just the client. This was possible because, even with just the first two packets, we have all the information required to launch a dictionary attack on the handshake.
We recommend setting different WEP keys on the client and trying this exercise a couple of times to gain confidence. You may notice many times that you have to reconnect the client to get it to work.
Q1. What encryption key can the Caffe Latte attack recover?
- None
- WEP
- WPA
- WPA2
Q2. What would a Honeypot access point typically use?
- No Encryption, Open Authentication
- No Encryption, Shared Authentication
- WEP Encryption, Open Authentication
- None of the above
Q3. Which one of the following is a DoS Attack?
- Mis-Association attacks
- Deauthentication attacks
- Disassociation attacks
- Both 2 and 3
Q4. What does the Caffe Latte attack require?
- That the wireless client be in radio range of the access point
- That the client contains a cached and stored WEP key
- WEP encryption with at least 128 bit encryption
- Both 1 and 3
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.