During a penetration test, you discover an 802.11 access point advertising WPA2-PSK with CCMP on channel 6, and airodump-ng reports WPS is "Locked". Several clients are currently associated. To obtain the pre-shared key quickly, which next action is most likely to succeed?
Use Reaver to brute-force the access point's eight-digit WPS PIN and obtain the passphrase.
Transmit deauthentication frames to a client, capture the ensuing four-way handshake, and run an offline dictionary or GPU-accelerated crack against it.
Inject spoofed ARP requests to harvest enough IVs for an FMS attack against the network.
Launch a fragmentation (chop-chop) attack to recover keystream bytes and reconstruct the pre-shared key.
Because the target network uses WPA2-PSK with CCMP, legacy packet-injection attacks such as fragmentation (chop-chop) or IV collection for FMS do not apply-they only work against WEP. The WPS PIN attack is also blocked because the access point has WPS locked, preventing further PIN attempts. The remaining practical approach is the standard WPA2 workflow: send deauthentication frames to a connected station, force it to re-associate, capture the resulting four-way handshake, and then perform an offline dictionary, rule-based, or GPU-accelerated crack against the captured hash. This method leverages the presence of active clients and does not depend on WPS or known plaintext weaknesses.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a four-way handshake in WPA2, and why is it important for obtaining the pre-shared key?
Open an interactive chat with Bash
Why doesn’t a WPS PIN attack work when WPS is 'Locked'?
Open an interactive chat with Bash
What are GPU-accelerated password cracking techniques, and why are they effective for WPA2?
Open an interactive chat with Bash
What is WPA2-PSK with CCMP, and why does it matter?
Open an interactive chat with Bash
Why does deauthentication help in capturing the WPA2 handshake?
Open an interactive chat with Bash
Why is the WPS PIN attack not feasible when WPS is locked?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Wireless Network Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .