During a wireless engagement, you capture a complete EAPOL 4-way handshake from an 802.1X-protected WPA2-Enterprise network that authenticates with PEAP-MS-CHAPv2. Because the keys are generated per session, you cannot brute-force a shared secret as with WPA-PSK. Following the wireless hacking methodology, what should you do next to obtain usable credentials?
Conduct an ARP replay attack with aireplay-ng to collect IVs and perform an FMS-style key-recovery attack.
Run aircrack-ng with a large wordlist directly against the captured EAPOL handshake to recover the pre-shared key.
Perform a TKIP chop-chop injection to reveal the temporal key and decrypt subsequent traffic.
Set up a rogue access point with hostapd-wpe or EAPHammer to entice clients, capture their PEAP-MS-CHAPv2 challenge-response, and crack it offline.
WPA2-Enterprise relies on 802.1X to generate unique encryption keys after the user successfully authenticates with the RADIUS server. The 4-way handshake you captured does not contain any static pre-shared key, so a direct aircrack-ng dictionary attack will fail. The accepted workflow is to stand up a malicious twin AP (often with hostapd-wpe or EAPHammer) that proxies RADIUS but records the PEAP-MS-CHAPv2 challenge-response pairs when victims attempt to connect. Those hashes can then be cracked offline with hashcat or asleap to reveal the user's NT hash or password. ARP replay/FMS and chop-chop are legacy WEP/TKIP attacks and do not apply to WPA2-Enterprise.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is PEAP-MS-CHAPv2?
Open an interactive chat with Bash
Why is a rogue access point needed in WPA2-Enterprise attacks?
Open an interactive chat with Bash
How can PEAP-MS-CHAPv2 hashes be cracked offline?
Open an interactive chat with Bash
What is PEAP-MS-CHAPv2?
Open an interactive chat with Bash
What is hostapd-wpe and how does it work?
Open an interactive chat with Bash
What tools are used to crack PEAP-MS-CHAPv2 challenge-response pairs offline?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Wireless Network Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .