s0lst1c3 / eaphammer Goto Github PK
View Code? Open in Web Editor NEWTargeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
License: GNU General Public License v3.0
Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
License: GNU General Public License v3.0
Seems to be an issue inherited from upstream. See: joswr1ght/asleap#2
Fresh Kali 2019.1 installed Version 0.5.1 via git and then ./kali-setup
Upon running, receive error-
File "./eaphammer", line 4, in
import core.cli
File "/root/eaphammer/core/init.py", line 2, in
from . import conf_manager
File "/root/eaphammer/core/conf_manager.py", line 3, in
import core.utils
File "/root/eaphammer/core/utils.py", line 5, in
from tqdm import tqdm
ModuleNotFoundError: No module named 'tqdm'
sudo apt install python-tqdm
python-tqdm is already the newest version (4.28.1-1).
python-tqdm set to manually installed.
Error on X64 and Arm
Error not on 0.4.0
I tried several things to crack the hashcat format which is presented by the tool.
I tried the following command:
hashcat -a3 -m5600 aa::::c0b646c32fec94b73aece504aa2ce1c90265c7706acca598:e4f86460a2d31df7 ?l?l --force --username
The password is normally "aa", but I was trying to see if I could retrieve this test password with hashcat.
Any ideas?
Great tool by the way!
The project is getting large enough that we really should implement a full test cycle that is performed before new versions are released. As of April 15th 2019, the project has relied on manual developer testing (unit-based) and systems testing that does not follow a set of documented procedures. We need to incorporate a set of automated unit and integration tests into the project, as well as documented systems testing procedures. Acceptance testing isn't really a concern yet, but probably will be at some point.
This is the most blocking issue I've got so far, cause I still can't see creds flowing in the shell ;) :(
I'm using an Atheros AR9271 USB WiFi dongle with Kali Linux.
The initialization process and the AP creation complete correctly.
When a client tries to automatically connect everything goes well until it reaches and hostapd
-side generated error (I guess). For sake of readability I'll report the whole program output at the bottom of the issue.
In my several runs, I saw all my clients - iOS 10.3 and Windows 10 - correctly trying to connect to the AP, but they all stop with the error reported in the bottom.
Googling around I found this post, where it seems the problem might be the client which drops the connection because it doesn't recognize the AP certificate.
Am I correct? Do you have any clue on why this is happening, or how may I debug it?
Thanks for your help,
M.
===========================
$ sudo ./eaphammer --bssid 00:11:22:33:44:55:66 --essid "XXXXXX" --interface wlan0 --auth peap --creds
.__
____ _____ ______ | |__ _____ _____ _____ ___________
_/ __ \\__ \ \____ \| | \\__ \ / \ / \_/ __ \_ __ \
\ ___/ / __ \| |_> > Y \/ __ \| Y Y \ Y Y \ ___/| | \/
\___ >____ / __/|___| (____ /__|_| /__|_| /\___ >__|
\/ \/|__| \/ \/ \/ \/ \/
[*] stopping network-manager service.
100%|█████████████████████████████████████████████████████████████████████| 4/4 [00:04<00:00, 1.00s/it]
Error: NetworkManager is not running.
[*] Reticulating radio frequency splines...
100%|█████████████████████████████████████████████████████████████████████| 1/1 [00:01<00:00, 1.00s/it]
Configuration file: ./conf/hostapd-wpe.conf
Using interface wlan0 with hwaddr 00:11:22:33:44:55 and ssid "XXXXXX"
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED
press enter to quit...wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.11: authenticated
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 58:7f:57:3e:d8:b9
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
SSL: SSL3 alert: read (remote end reported an error):warning:close notify
OpenSSL: openssl_handshake - SSL_connect error:00000000:lib(0):func(0):reason(0)
wlan0: CTRL-EVENT-EAP-FAILURE 58:7f:57:3e:d8:b9
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.1X: authentication failed - EAP type: 0 ((null))
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.1X: Supplicant used different EAP type: 25 (PEAP)
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.11: disassociated
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.11: deauthenticated due to local deauth request
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.11: authenticated
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 58:7f:57:3e:d8:b9
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
SSL: SSL3 alert: read (remote end reported an error):warning:close notify
OpenSSL: openssl_handshake - SSL_connect error:00000000:lib(0):func(0):reason(0)
wlan0: CTRL-EVENT-EAP-FAILURE 58:7f:57:3e:d8:b9
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.1X: authentication failed - EAP type: 0 ((null))
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.1X: Supplicant used different EAP type: 25 (PEAP)
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.11: disassociated
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.11: authenticated
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 58:7f:57:3e:d8:b9
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
SSL: SSL3 alert: read (remote end reported an error):warning:close notify
OpenSSL: openssl_handshake - SSL_connect error:00000000:lib(0):func(0):reason(0)
wlan0: CTRL-EVENT-EAP-FAILURE 58:7f:57:3e:d8:b9
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.1X: authentication failed - EAP type: 0 ((null))
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.1X: Supplicant used different EAP type: 25 (PEAP)
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.11: authenticated
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 58:7f:57:3e:d8:b9
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
SSL: SSL3 alert: read (remote end reported an error):warning:close notify
OpenSSL: openssl_handshake - SSL_connect error:00000000:lib(0):func(0):reason(0)
wlan0: CTRL-EVENT-EAP-FAILURE 58:7f:57:3e:d8:b9
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.1X: authentication failed - EAP type: 0 ((null))
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.1X: Supplicant used different EAP type: 25 (PEAP)
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.11: disassociated
wlan0: STA 58:7f:57:3e:d8:b9 IEEE 802.11: deauthenticated due to local deauth request
[*] Killing all processes for: hostapd-wpe
100%|█████████████████████████████████████████████████████████████████████| 4/4 [00:04<00:00, 1.00s/it]
Hello,
i want to ask why you not use the existing hostapd-wpe implementation that is already packed in the kali repos?
Checkout: http://tools.kali.org/wireless-attacks/hostapd-wpe
Best regards,
Cheers!
Hi s0lst1ce i'm testing your tool and i've found it very interesting! as said before, running eaphammer kills other process who include the NIC so i can't figure out how to perform deauth attack to let the victim connect to my evil twin.
keep it on i'm very curious about future features!!!
i wonder... what about this: while i set the evil twin whit the wpa authentication, eaphammer should try to auto authenticate to the real ssid? maybe reading from a .py tcp client/server for the network rules...
great job!!
EAPHammer should write creds/hashes to a centralized database like the ones used by Empire, crackmapexec, and metasploit. EAPHammer should also pull creds from this centralized database in place of the eap_user file. The best way to accomplish this is to modify hostapd directly rather than working through a Python wrapper.
HI , I'm getting IOerror when generating SSL:
[*] Please enter two letter country code for certs (i.e. US, FR)
: ie
[*] Please enter state or province for certs (i.e. Ontario, New Jersey)
: dub
[*] Please enter locale for certs (i.e. London, Hong Kong)
: dub
[*] Please enter organization for certs (i.e. Evil Corp)
: werldlander
[*] Please enter email for certs (i.e. [email protected])
: [email protected]
[*] Please enter common name (CN) for certs.
: worldlander.lulz
Traceback (most recent call last):
File "./eaphammer", line 319, in <module>
cert_wizard()
File "./eaphammer", line 38, in cert_wizard
cert_manager.ca_cnf.configure(country, state, locale, org, email, cn)
File "/root/Desktop/eaphammer-fixingDepIssues/core/cert_manager.py", line 16, in configure
with open(cls.path, 'w') as fd:
IOError: [Errno 2] No such file or directory: './certs/ca.cnf'
I'm doing something wrong ?
I am receiving the following here if I run eaphammer with the following command:
eaphammer --interface wlan1 --essid Fuck --auth wpa --hostile-portal --karma
this works on a windows 10, it passes the NetNTLM hash but it doesn't work from my phone or windows 7 desktop
The error is:
OpenSSL: openssl_handshake - SSL_connect error:14209102:SSL routines:tls_early_post_process_client_hello:supported protocol.
I'm thinking this may be something to do with lack of TLS?
The windows 10 is connected to a domain FYI
Hello,
First of all thanks for your effort in this project!
Installing the required dependencies on Kali Linux rolling release - just installed and upgraded - I found the libssl-dev
and libssl1.0-dev
conflict.
Which one is the correct one?
Cheers
PS: I tried to install both of them, but I still have troubles on the hostapd
part. For that i'll open another issue.
The code base has gotten a bit sloppy during the mad rush to finish things up before BSides LV, Blackhat and DEF CON. EAPHammer needs a code cleanup.
On Kali Linux, after installing the dependencies listed here, and after executing python setup.py
, if I try to execute the program I get dependency missing error.
I solved the issue installing tqdm
library with sudo apt install python-tqdm
.
Cheers
I love eaphammer its a fantastic tool. However I can not seem to get pmkid attack to work. I have a fully update kali linux as well as a directly download version of eaphammer. I get the following response.
Any ideas would be appreciated!
[] Bringing wlan0 down...
[] Complete!
[*] Reticulating radio frequency splines...
[*] Using nmcli to tell NetworkManager not to manage wlan0...
100%|█████████████████████████████████████████████| 1/1 [00:01<00:00, 1.00s/it]
[] Success: wlan0 no longer controlled by NetworkManager.
[] Placing wlan0 into managed mode...
[] Complete!
[] Bringing wlan0 up...
[] Complete!
[] Scanning for nearby access points...
Traceback (most recent call last):
File "./eaphammer", line 608, in
pmkid_attack()
File "./eaphammer", line 336, in pmkid_attack
networks = iw_parse.iw_parse.get_interfaces(interface=str(interface))
File "/root/eaphammer/core/iw_parse/iw_parse.py", line 284, in get_interfaces
return get_parsed_cells(call_iwlist(interface).split('\n'))
TypeError: a bytes-like object is required, not 'str'
Many of the currently open issues and upcoming features would be easier to tackle if EAPHammer could leverage modules and external codebases that use Python 3. Unfortunately, EAPHammer is currently written in Python 2.
Hi , so i just downloaded eaphammer and tried the captive portal attack with this method:
./eaphammer --bssid 1C:7E:E5:97:79:B1 --essid HappyMealz --channel 149 --interface wlan0 --captive-portal
AP starts, client gets connected but it does not redirect to the captive portal. Localhost can view the portal and apache is started.
Client should see signin redirection to portal once connected to wireless AP.
Need some help. Thanks.
Hello, i get an error when i launch --hostile portal option.
Do you have an idea where it comes from?
[*] Starting process: dnsspoof
100%|█████████████████████████████████████████████| 2/2 [00:02<00:00, 1.00s/it]
Traceback (most recent call last):
File "eaphammer.py", line 325, in
hostile_portal()
File "eaphammer.py", line 79, in hostile_portal
responder.configure()
File "/root/eaphammer/core/responder/responder.py", line 267, in configure
settings.Config.populate(options)
File "/root/eaphammer/core/responder/settings.py", line 77, in populate
self.HTTP_On_Off = self.toBool(config.get('Responder Core', 'HTTP'))
File "/usr/lib/python2.7/ConfigParser.py", line 607, in get
raise NoSectionError(section)
ConfigParser.NoSectionError: No section: 'Responder Core'
Probably innocuous, but all flags seem to trigger the condition to save the current iptables
config, or at least print the [*] Saving current iptables configuration...
. It even prepends the usage screen triggered by the -h
/--help
flags.
Doesn't really bother me, but I thought I ought to say something. I haven't had time to check it out.
Directly related to #78
Version string is currently in settings/init.py, which makes finding it kind of annoying.
EAPHammer currently outputs captured MS-CHAPv2 challenge / response pairs in raw format as well as JTR compatible NTLMv1. Captured challenge / pairs should also be output in Hashcat format to support users with GPU based cracking rigs.
The project is now large enough that we should consider moving its documentation into a more mature format, such as a Wiki. The README file is getting too long.
Had some issues running:
--creds
&
--hostile-portal -auth wpa
These resulted in an error and failure to enable AP.
Error:
TLS: Failed to set DH params from '/root/eaphammer/certs/dh': error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small
This is due to the length of the dh key eaphammer is packaged with --it's 1024 bit.
To fix this issue (Kali):
cd eaphammer/certs/
rm dh
sudo openssl dhparam -out dh 2048
EAPHammer currently does not support ESSID cloaking.
EAPHammer currently flushes the state of iptables without saving it first. It would be better is save the state first before doing this.
I'm not sure if I need to explain, but there is a universal way to handle the installation and uninstallation of a python package using setup.py. It can co-exist with the current kali-setup. In fact kali-setup could call setup.py at some point (after all deps are installed, etc)
This mechanism (using setup.py) is used by all linux distributions so it would allow to push latest releases of teh tool almost instantly.
Here is nice example of how it can be done:
derv82/wifite2#102
Thanks in advance
Wordlist directory should contain more wordlists other than rockyou.txt. Consider incorporating https://github.com/danielmiessler/SecLists as a submodule.
Hi there,
Using Kali Latest Version
Server version: Apache/2.4.25 (Debian)
Server built: 2017-01-25T22:59:26
From what I did understood, this option should start AP,
and should redirect all traffic in to the local http server if its Apace 2, it should work smoothly
Now
1.I did run eaphammer
2. I did run Appache 2
I'm able to see AP, I'm able to authenticate,
BUT, there is no promised redirection of all HTTP/S traffic
Is there any extra settings or configurations must be done ?
Please clarify
Regards
Hi
Would it be possible to set a fixed challenge for eap to 11:22:33:44:55:66:77:88 ?
I believe it would help to crack the netntlmv1 .
Thanks
For some reason, payloads must have arguments in order for payload_generator to work. This is a bug.
According to the docs:
There is no need to specify an EAP type, as eaphammer will negotiate the EAP type on a victim-by-victim basis as they connect to the rogue AP. EAPHammer will automatically use the least secure EAP type supported by the client in order to make cracking attempts easier.
In what source file does this happen? What EAP types will be tried?
Thanks!
If I use a large password, I got the following error:
Process Process-1:
Traceback (most recent call last):
File "/usr/lib/python3.7/multiprocessing/process.py", line 297, in _bootstrap
self.run()
File "/usr/lib/python3.7/multiprocessing/process.py", line 99, in run
self._target(*self._args, **self._kwargs)
File "/usr/local/src/eaphammer/core/autocrack.py", line 106, in _start
run_autocrack(args['wordlist'])
File "/usr/local/src/eaphammer/core/autocrack.py", line 79, in run_autocrack
wordlist)
File "/usr/local/src/eaphammer/core/autocrack.py", line 29, in crack_locally
password = output.split('password:')[1].strip()
IndexError: list index out of range
Just tested with the latest version of eaphammer from git clone and kali linux updated.
Would it be possible to add functionality to eaphammer to enumerate Certificate information from the network we wish to impersonate and automatically feed that into the cert-wizard? It would speed up the process of deploying eaphammer.
Adding/removing credentials to hostadp's eap_user file is currently a manual process. There should be an easier way to do this, although eventually we should do away with the eap_user file entirely in favor of a centralized database (see #17 Database Integration).
First off, thanks for putting the time in to make this tool. It looks terrific and I'm really excited to get into it.
I've been running into issues getting creds. Using the ./eaphammer -i wlan0 -e "mmm_waffles" -b "55:44:33:22:11:00" -c 9 --auth wpa --creds
attack, I see my victim connect, associate, authenticate and... nothing. There are likely a bajillion ways this could be going wrong, so here's my log:
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 00:11:22:33:44:55
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: associated (aid 1)
nl80211: NL80211_ATTR_STA_VLAN (addr=00:11:22:33:44:55 ifname=wlan0 vlan_id=0) failed: -2 (No such file or directory)
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
handle_assoc_cb: STA 00:11:22:33:44:55 not found
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 00:11:22:33:44:55
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 00:11:22:33:44:55
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
handle_auth_cb: STA 00:11:22:33:44:55 not found
handle_assoc_cb: STA 00:11:22:33:44:55 not found
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 00:11:22:33:44:55
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: did not acknowledge authentication response
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
I was able to validate my equipment using an almost completely unmodified configuration with hostapd-wpe (channel and SSID were there only things changed, IIRC). Here's the logs for that in case that's helpful:
Using interface wlan0 with hwaddr 00:00:22:33:44:55 and ssid "mmm_waffles"
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED
wlan0: STA 00:11:22:33:44:55:66 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55:66 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 00:11:22:33:44:55:66
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-STARTED 00:11:22:33:44:55:66
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlan0: STA 00:11:22:33:44:55:66 IEEE 802.1X: Identity received from STA: 'fs'
wlan0: STA 00:11:22:33:44:55:66 IEEE 802.1X: Identity received from STA: 'fs'
wlan0: STA 00:11:22:33:44:55:66 IEEE 802.1X: Identity received from STA: 'fs'
wlan0: STA 00:11:22:33:44:55:66 IEEE 802.1X: Identity received from STA: 'fs'
wlan0: STA 00:11:22:33:44:55:66 IEEE 802.1X: Identity received from STA: 'fs'
wlan0: STA 00:11:22:33:44:55:66 IEEE 802.1X: Identity received from STA: 'fs'
wlan0: STA 00:11:22:33:44:55:66 IEEE 802.1X: Identity received from STA: 'fs'
mschapv2: Mon Nov 19 15:43:46 2018
username: fs
...creds ensue!!
I'm using Kali and am on the latest version of master.
Thanks in advance!
I'm trying to import my own certs into eaphammer
.
What's the best way to do this?
I tried replacing the .pem
files in the eaphammer/certs/
directory but to no avail.
The --cert-wizard
is good for a quick demo, but easily thwarted by a decent EAP supplicant.
tqdm installed for pip2 not pip3
Line 39 in a44e030
Hello,
I was trying to use the password spray technique recently and I couldn't get it to move on past the first combination of test credentials. I have tried with an Alfa awus036h and an alfa awus036ach wireless card on the latest Kali 64-bit VM build. Below is sample output:
root@kali:/opt/eaphammer# ./eaphammer --eap-spray --interface-pool wlan0 --essid --password testing --user-list users.txt
.__
____ _____ ______ | |__ _____ _____ _____ ___________
/ __ \_ \ ____ | | \__ \ / \ / _/ __ _ __
\ / / __ | |> > Y / __ | Y Y \ Y Y \ /| | /
_ >_ / /|| (___ /|_| /|_| /___ >|
/ /|| / / / / /
"Unrelenting Force"
v0.5.0
[wlan0] Trying credentials: test:testing@
Successfully initialized wpa_supplicant
[wlan0] CTRL-EVENT-SCAN-FAILED ret=-16 retry=1
[wlan0] CTRL-EVENT-SCAN-FAILED ret=-16 retry=1
[wlan0] CTRL-EVENT-SCAN-FAILED ret=-16 retry=1
[wlan0] SME: Trying to authenticate with 20:37:06:a5:b4:40 (SSID='' freq=2412 MHz)
[wlan0] Trying to associate with 20:37:06:a5:b4:40 (SSID='' freq=2412 MHz)
[wlan0] Associated with 20:37:06:a5:b4:40
[wlan0] CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
[wlan0] CTRL-EVENT-DISCONNECTED bssid=20:37:06:a5:b4:40 reason=3 locally_generated=1
[wlan0] CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
[wlan0] SME: Trying to authenticate with 20:37:06:aa:67:00 (SSID='' freq=2462 MHz)
[wlan0] Trying to associate with 20:37:06:aa:67:00 (SSID='' freq=2462 MHz)
[wlan0] Associated with 20:37:06:aa:67:00
[wlan0] CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
[wlan0] CTRL-EVENT-DISCONNECTED bssid=20:37:06:aa:67:00 reason=3 locally_generated=1
[wlan0] CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
[wlan0] SME: Trying to authenticate with 20:37:06:a5:da:70 (SSID='' freq=2437 MHz)
[wlan0] Trying to associate with 20:37:06:a5:da:70 (SSID='' freq=2437 MHz)
[wlan0] SME: Trying to authenticate with 20:37:06:a5:e9:10 (SSID='' freq=2437 MHz)
[wlan0] Trying to associate with 20:37:06:a5:e9:10 (SSID='' freq=2437 MHz)
[wlan0] Associated with 20:37:06:a5:e9:10
[wlan0] CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
[wlan0] CTRL-EVENT-DISCONNECTED bssid=20:37:06:a5:e9:10 reason=3 locally_generated=1
[wlan0] CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
[wlan0] SME: Trying to authenticate with 20:37:06:7c:83:f0 (SSID='' freq=2437 MHz)
[wlan0] Trying to associate with 20:37:06:7c:83:f0 (SSID='' freq=2437 MHz)
[wlan0] SME: Trying to authenticate with 40:f4:ec:a3:ba:d0 (SSID='' freq=2412 MHz)
[wlan0] Trying to associate with 40:f4:ec:a3:ba:d0 (SSID='' freq=2412 MHz)
[wlan0] SME: Trying to authenticate with 20:37:06:a5:ce:50 (SSID='' freq=2462 MHz)
[wlan0] Trying to associate with 20:37:06:a5:ce:50 (SSID='' freq=2462 MHz)
[wlan0] CTRL-EVENT-ASSOC-REJECT bssid=20:37:06:a5:ce:50 status_code=17
[wlan0] SME: Deauth request to the driver failed
[wlan0] SME: Trying to authenticate with 40:f4:ec:61:e8:c0 (SSID='' freq=2437 MHz)
[wlan0] Trying to associate with 40:f4:ec:61:e8:c0 (SSID='' freq=2437 MHz)
[wlan0] SME: Trying to authenticate with 20:37:06:a5:b4:40 (SSID='' freq=2412 MHz)
[wlan0] Trying to associate with 20:37:06:a5:b4:40 (SSID='' freq=2412 MHz)
[wlan0] Associated with 20:37:06:a5:b4:40
[wlan0] CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
[wlan0] CTRL-EVENT-DISCONNECTED bssid=20:37:06:a5:b4:40 reason=3 locally_generated=1
[wlan0] CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
[wlan0] SME: Trying to authenticate with 20:37:06:aa:67:00 (SSID='' freq=2462 MHz)
[wlan0] Trying to associate with 20:37:06:aa:67:00 (SSID='' freq=2462 MHz)
[wlan0] SME: Trying to authenticate with 20:37:06:a5:da:70 (SSID='' freq=2437 MHz)
[wlan0] Trying to associate with 20:37:06:a5:da:70 (SSID='' freq=2437 MHz)
[wlan0] Associated with 20:37:06:a5:da:70
[wlan0] CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
[wlan0] CTRL-EVENT-DISCONNECTED bssid=20:37:06:a5:da:70 reason=3 locally_generated=1
[wlan0] CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
[wlan0] SME: Trying to authenticate with 20:37:06:a5:ce:50 (SSID='' freq=2462 MHz)
[wlan0] Trying to associate with 20:37:06:a5:ce:50 (SSID='' freq=2462 MHz)
[wlan0] CTRL-EVENT-ASSOC-REJECT bssid=20:37:06:a5:ce:50 status_code=17
[wlan0] SME: Deauth request to the driver failed
[wlan0] SME: Trying to authenticate with 20:37:06:a5:e9:10 (SSID='' freq=2437 MHz)
[wlan0] Trying to associate with 20:37:06:a5:e9:10 (SSID='' freq=2437 MHz)
[wlan0] Associated with 20:37:06:a5:e9:10
[wlan0] CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
[wlan0] CTRL-EVENT-DISCONNECTED bssid=20:37:06:a5:e9:10 reason=3 locally_generated=1
[wlan0] CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
[wlan0] CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=US
[wlan0] SME: Trying to authenticate with 20:37:06:a5:b4:40 (SSID='' freq=2412 MHz)
[wlan0] Trying to associate with 20:37:06:a5:b4:40 (SSID='' freq=2412 MHz)
[wlan0] CTRL-EVENT-ASSOC-REJECT bssid=20:37:06:a5:b4:40 status_code=17
[wlan0] SME: Deauth request to the driver failed
[wlan0] CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="" auth_failures=1 duration=10 reason=CONN_FAILED
[wlan0] CTRL-EVENT-SSID-REENABLED id=0 ssid=""
[wlan0] SME: Trying to authenticate with 20:37:06:aa:5c:50 (SSID='' freq=2412 MHz)
[wlan0] Trying to associate with 20:37:06:aa:5c:50 (SSID='' freq=2412 MHz)
[wlan0] CTRL-EVENT-ASSOC-REJECT bssid=20:37:06:aa:5c:50 status_code=17
[wlan0] SME: Deauth request to the driver failed
[wlan0] CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="" auth_failures=2 duration=23 reason=CONN_FAILED
[wlan0] CTRL-EVENT-SSID-REENABLED id=0 ssid=""
[wlan0] SME: Trying to authenticate with 20:37:06:aa:67:00 (SSID='' freq=2462 MHz)
[wlan0] Trying to associate with 20:37:06:aa:67:00 (SSID='' freq=2462 MHz)
[wlan0] Associated with 20:37:06:aa:67:00
[wlan0] CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
[wlan0] CTRL-EVENT-DISCONNECTED bssid=20:37:06:aa:67:00 reason=3 locally_generated=1
[wlan0] CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="" auth_failures=3 duration=46 reason=CONN_FAILED
[wlan0] CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
[wlan0] CTRL-EVENT-SSID-REENABLED id=0 ssid=""
[wlan0] SME: Trying to authenticate with 20:37:06:a5:b4:40 (SSID='' freq=2412 MHz)
[wlan0] Trying to associate with 20:37:06:a5:b4:40 (SSID='' freq=2412 MHz)
[wlan0] Associated with 20:37:06:a5:b4:40
[wlan0] CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
[wlan0] CTRL-EVENT-DISCONNECTED bssid=20:37:06:a5:b4:40 reason=3 locally_generated=1
[wlan0] CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="" auth_failures=4 duration=77 reason=CONN_FAILED
[wlan0] CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
^C^CTerminated
Am I derping something up here? Thank you for your help.
Hey, tried to install this under kali (armhf).
Installed all necessary packages from the install description, created a certificate,
Compiled hostapd and started eaphammer.
I expected the usual functionality and got a error message:
OSError: /home/xx/eaphammer/local/hostapd-eaphammer/hostapd/libhostapd-eaphammer.so cannot open shared object file: No such file or directory.
I will look into the recent changes and try to get it running with an older commit.
EAPHammer needs the ability to perform detailed logging of all commands run and all interactions with client devices. This is critical for engagements that require detailed documentation and evidence for deconfliction. Physical location tracking would be helpful as well as an optional feature.
Hi all, I am testing a network that is strictly running on 802.11ac (5 GHz band), just want to check in to see if EAPHammer currently can support 802.11ac to intercept creds for WPA2-Enterprise over EAP-TTLS?
I issued the following flags and got the error below:
./eaphammer -i wlan0 --wpa 2 --essid "<essid>" --creds
./eaphammer -i wlan0 --auth wpa --essid "<essid>" --creds
authentication failed - EAP type: 0 (unknown)
Supplicant used different EAP type: 3 (unknown)
^ Not sure because there are EAP types going on like EAP-SIM/EAP-AKA/EAP-AKA' ?
Then, when I specify a channel in the 100's range, for example as follows, it gives the error below:
./eaphammer -i wlan0 --wpa-version 2 -c 111 -auth wpa -e "<essid>" --creds
[!] The hw_mode specified in hostapd.ini is invalid for the selected channel (g, 111)
[!] Falling back to hw_mode: a
Thanks in advance!
Directly related to #78
I'm trying to enable 802.11n but overtime I enable 802.11n, save the config and restart, it changes it back.
After running the script getting something like:
[*] Reticulating radio frequency splines...
100%|██████████████████████████████████████████████████████████████████████████████████████████████████████████████| 1/1 [00:01<00:00, 1.00s/it]
Configuration file: ./conf/hostapd-wpe.conf
Using interface wlan0 with hwaddr 00:11:22:33:44:00 and ssid "Horizon Wi-Free"
OpenSSL: tls_global_client_cert - Failed to load client certificate error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
OpenSSL: pending error: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
TLS: Failed to set global parameters
Failed to set TLS parameters
Interface initialization failed
wlan0: interface state UNINITIALIZED->DISABLED
wlan0: AP-DISABLED
wlan0: Unable to setup interface.
wlan0: interface state DISABLED->DISABLED
wlan0: AP-DISABLED
hostapd_free_hapd_data: Interface wlan0 wasn't started
nl80211: deinit ifname=wlan0 disabled_11b_rates=0
What does this error means ?
Regards
Had the same issue running --hostile-portal on both Ubuntu16.04 and Kali 4.19.x
EDIT: eaphammer version: v0.7.0
Linux srb 4.15.0-48-generic #51~16.04.1-Ubuntu SMP Fri Apr 5 12:01:12 UTC 2019 x86_64 GNU/Linux
/home/oem/.local/lib/python3.5/site-packages/pip/_vendor/requests/init.py:83: RequestsDependencyWarning: Old version of cryptography ([1, 2, 3]) may cause slowdown.
warnings.warn(warning, RequestsDependencyWarning)
pip 19.1.1 from /home/oem/.local/lib/python3.5/site-packages/pip (python 3.5)
Python 2.7.12
Python 3.5.2
gcc (Ubuntu 5.4.0-6ubuntu1~16.04.11) 5.4.0 20160609
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
$ ./eaphammer --interface wlx00c0caa84aa3 --essid TotallyLegit --hw-mode n --channel 36 --auth open --hostile-portal
I get this EAPOL TX Message error and was wondering if you could explain it a bit better also is there someplace for credentials to be stored.
This is the command I'm using ./eaphammer -i wlan2 -c 4 --auth ttls --wpa 2 --essid CorpWifi --creds
Does the script show the entered creds of what has been entered in the username and password box or is that not possible it would be good if it was as most other wifi phishing tools use phishing pages and open access points cheers.
nl80211: EAPOL TX: Message too long
nl80211: EAPOL TX: Message too long
wlan2: CTRL-EVENT-EAP-STARTED 76:bd:a9:82:15:3c
wlan2: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan2: STA 76:bd:a9:82:15:3c IEEE 802.11: authenticated
wlan2: STA 76:bd:a9:82:15:3c IEEE 802.11: associated (aid 1)
wlan2: CTRL-EVENT-EAP-STARTED 76:bd:a9:82:15:3c
wlan2: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan2: CTRL-EVENT-EAP-STARTED 76:bd:a9:82:15:3c
wlan2: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan2: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
nl80211: EAPOL TX: Message too long
nl80211: EAPOL TX: Message too long
wlan2: CTRL-EVENT-EAP-STARTED 76:bd:a9:82:15:3c
I'm trying to use EAPHammer its working fine although I cant get a bridge between my Internet source and the Evil AP I'm using an Internal Wifi card connected to a mobile hotspot to access the net.
wlan2 is my evil AP card that supports master mode.
When I run EAPHammer I get disconnected from my main access point and NetworkManager shuts down and the EvilAP is started. I'm using Kali Linux 2017
I'm trying to use the Captive Portal Attack and inject a fake HTML page via DNS without internet access the DNS does not seem to spoof when connecting to the Mobile Hotspot my local IP becomes 192.168.42.49 and I wondered if EAPHammer was looking for a different IP range.
When I close EAPHammer I use commands service NetworkManager restart and my Internal Wifi connection is restored.
Ideally I'd like to bridge or route wlan0 (Internet connected device running in NetworkManager)
and route it to the evil AP that is listed under wlan2 of my system. or to be able to set a bridge from wlan0 (Internet source) to eth0 then to the Evil AP.
Has anyone has any experience with this problem and be kind enough to point out where I'm going wrong.
Hi Getting this error when running it.
Certificate was generated ok but ... :
OpenSSL: tls_global_client_cert - Failed to load client certificate error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
OpenSSL: pending error: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
TLS: Failed to set global parameters
Failed to set TLS parameters
Interface initialization failed
wlan0: interface state UNINITIALIZED->DISABLED
wlan0: AP-DISABLED
wlan0: Unable to setup interface.
wlan0: interface state DISABLED->DISABLED
wlan0: AP-DISABLED
hostapd_free_hapd_data: Interface wlan0 wasn't started
nl80211: deinit ifname=wlan0 disabled_11b_rates=0
press enter to quit...
Is this possible ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.