Skip to content

brad-anton/freeradius-wpe

Repository files navigation

IMPORTANT: 	This is likely not going to be maintained much longer. Instead you should 
		use hostapd-wpe:
		
		https://github.com/OpenSecurityResearch/hostapd-wpe

		It supports all the same functionality (minus EAP-MD5 over wifi) and 
		supports "Karma" style AP attacks, Heartbleed against clients and 
		much more! 

If you insist on using FreeRADIUS-WPE, see below:


FreeRADIUS-WPE (Wireless Pwnage Edition)
By Brad Antoniewicz and Josh Wright
brad.antoniewicz@foundstone.com
twitter: @brad_anton

More information here:
http://www.willhackforsushi.com/?page_id=37
-------------------------------------------

Current freeradius-wpe.patch is for: freeradius-server-2.1.12.tar.bz2

Supported and tested EAP Types/Inner Authentication Methods (others may also work):
	PEAP/PAP (OTP)
	PEAP/MSCHAPv2
	EAP-TTLS/PAP (includes OTPs)
	EAP-TTLS/MSCHAPv1
	EAP-TTLS/MSCHAPv2
	EAP-MD5

Note:
    I've started to implement more attacks (including EAP-FAST)
    within hostapd-wpe, it is still under dev, but may be of some 
    interest:
         https://github.com/OpenSecurityResearch/hostapd-wpe

Update 8/15/2012: 

	Housekeeeping:
	I decided to Remove the versioning from the patch name. This way I 
	can just update the github and maintain a constant download location.
	This README will define what version the patch is for. 

	Changes:
	+Added john NETNTLM formated output
	+Readded PAP and EAP-MD5 support
	+Fixed a problem when using MSCHAPv1 (issue 1 on github)

Install:

	From Source:
	
	wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.12.tar.bz2

	Over time, if a newer version of freeradius comes out, this link will change to:

	wget ftp://ftp.freeradius.org/pub/radius/old/freeradius-server-2.1.12.tar.bz2

	wget https://raw.github.com/brad-anton/freeradius-wpe/master/freeradius-wpe.patch

	tar -jxvf freeradius-server-2.1.12.tar.bz2
	cd freeradius-server-2.1.12
	patch -p1 < ../freeradius-wpe.patch

	./configure
	make
	sudo make install
    sudo ldconfig

	You may also have to:
	cd /usr/local/etc/raddb/certs/
	./bootstrap

	---

	Using Binary:

	If you're using the .deb, it has been tested with BackTrack 5 R2, but will likely work with other versions and Ubuntu/Debian. 

	wget https://github.com/brad-anton/freeradius-wpe/raw/master/freeradius-server-wpe_2.1.12-1_i386.deb

	sudo dpkg --install freeradius-server-wpe_2.1.12-1_i386.deb
	sudo ldconfig 

        You may also have to:
        cd /usr/local/etc/raddb/certs/
        ./bootstrap

	and just to confirm:
	radiusd -v
	
	make sure it says:
	radiusd: FreeRADIUS-WPE Version 2.1.12

Usage:
	
	Run "radiusd" and direct an access point to the server. Once a client connects 
	freeradius-wpe will store the credentials in:
	
	/usr/local/var/log/radius/freeradius-server-wpe.log
	
	by default, otherwise you can define an alternative location using "wpelogfile"
	config option.

	Depending on the EAP Type and inner auth. creds used, the info in the log file
	might be plaintext or encrypted. Most likely it'll be MSCHAPv2, if it is, 
	you'll need to crack those credentials with asleap or john, or something else. 
	

	If you don't want to use a hardware access point, you can use hostapd. Here is a
	sample hostapd.conf that will set up an AP and direct it to FreeRADIUS-WPE 
	be sure to run "radiusd" first. 

------- Start hostapd.conf -----------
interface=wlan0
driver=nl80211
ssid=opensecurityresearch
logger_stdout=-1
logger_stdout_level=0
dump_file=/tmp/hostapd.dump
ieee8021x=1
eapol_key_index_workaround=0
own_ip_addr=127.0.0.1
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=testing123
wpa=1
wpa_key_mgmt=WPA-EAP
channel=1
wpa_pairwise=TKIP CCMP

------ End hostapd.conf -----------

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published