Description: Welcome to Part 33 of the WLAN Security Megaprimer! Please start this series by watching Part 1 http://www.securitytube.net/video/1756, if you have not done so already.
In this video, we will look at how to crack PEAP with OS X as the client. The whole idea is to create a honeypot which connects back to a rogue RADIUS server setup created by the attacker. We will be running FreeRadius-WPE as the attacker RADIUS server.
When a client connects to the honeypot, and the RADIUS server sends it a fake certificate, it pops up a dialog box to the user to request accept / reject the certificate. If the user accepts the certificate, it gets added to the trusted certificates list on the computer. The next time the user connects to out RADIUS server, he is never prompted for the certificate problem.
FreeRadius-WPE logs the Challenge, Response and Username in a log file. This is used with the Asleap tool created by Joshua Wright to crack the password supplied by the user.
It may be important to note that Asleap will only work if the password is present in the dictionary file it is fed, thus, this attack is as powerful as your dictionary file is elaborate.
Looking forward to your comments!
Tags: peap , cracking , asleap , megaprimer , wifi , security , hacking ,
First to comment as usual :)
I would really recommend you create a certification course based on this Megaprimer. I see a lot of value.
What do rest of the SecurityTube folks think?
As with SSL (e.g. sslstrip) is there a method of effectively removing the fake certificate warnings, so that the user is unaware that they are connecting to a Honeypot AP?
I get shocked when you post more about Wifi Security, 33 video + challenges.
btw Vivek, when are willing to start a new megaprimer ? and what are the topics you're thinking about.
Thanks again and as always for such awesome videos.
@John-Nash Thanks! ;)
@dduggan No this is not possible in the case of PEAP. With SSLStrip the tool replaces https with http, thus the browser never complains. In this case, the certifcate is mandatory, else the TLS tunnel required for PEAP will not even be created and nothing will work.
@m0ei The next Megaprimer will be Scenario Based Hacking and MEtasploit both being continued from where I left them :)
Next video posted:
EAP-TTLS Cracking: http://www.securitytube.net/video/2044
Hi Vivek, first time commenter. I love this video, and intend to look in to your others as well. I understand almost all aspects of the process except the initial:
1. What process to I use to set up the access point? Is that a standalone router or can I use the mac's built in broadcasting?
2. You connected your Mac to the Ethernet of the legitimate network because BT VM can't detect your wireless internal card. But why do we need to be connected to Ethernet anyway? If we're simply spoofing the information of the network, then it will be stand alone right?
Thanks for the help.
Vivek what do you think about this idea? Trevor from Weaknet was trying to make a script for a WPA-Enterprise fishing attack. Not sure if you read about it before but he has some pretty crazy ideas over there. What do you think about it?
http://weaknetlabs.com/weaknet/download/WPA.html
day 3. video 33. thanks vivek
i might have missed a think ..sry...but how to configure the radius server honeypot using airbase-ng