Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

is this possible !!!!!!!!!!!!!!!!????? #104

Open
minanagehsalalma opened this issue Feb 15, 2019 · 14 comments
Open

is this possible !!!!!!!!!!!!!!!!????? #104

minanagehsalalma opened this issue Feb 15, 2019 · 14 comments

Comments

@minanagehsalalma
Copy link

https://www.youtube.com/watch?v=HoihKhQWZ7k&feature=youtu.be

!!!!!!!!!

@singe
Copy link
Contributor

singe commented Feb 15, 2019 via email

@CapitanShinChan
Copy link

This has been possible for many years. It depend on the underlying authentication mechanism and the validation of the certificates in the clients.

All started in Shmoocon in 2008, almost 11 years ago. Check these:
http://www.willhackforsushi.com/presentations/PEAP_Shmoocon2008_Wright_Antoniewicz.pdf
http://www.willhackforsushi.com/?page_id=37
https://github.com/OpenSecurityResearch/hostapd-wpe

@minanagehsalalma
Copy link
Author

@singe @CapitanShinChan
As I understood from the links ...
Only TTLS-PAP and GTC that gets the password in plain text ...
So how should my .conf file have if I want to make it TTLS-PAP that doesn't accept wrong passwords ! .

And does this one
https://github.com/sensepost/wpa_sycophant
Gets the wpa password in plaintext via a rouge ap ?
...
Thanks

@singe
Copy link
Contributor

singe commented Feb 17, 2019 via email

@minanagehsalalma
Copy link
Author

minanagehsalalma commented Feb 18, 2019

@singe
mana_wpe=1
I want it to use GTC only .. Which number should I type ?

@singe
Copy link
Contributor

singe commented Feb 18, 2019 via email

@minanagehsalalma
Copy link
Author

@singe
"the default config supports GTC"
but supports is different than "use GTC only" no any other types ...
can you send me more links ?
as i it seems like i know nothing ...

@minanagehsalalma
Copy link
Author

@singe @CapitanShinChan
i think this what i was looking for !!
https://twitter.com/W00Tock/status/1019251419310972930

@minanagehsalalma
Copy link
Author

minanagehsalalma commented Feb 21, 2019

@singe
@CapitanShinChan
the hostapd.conf gave me headache ...can you please take a look on these and see if i did something wrong ?!😩😩
and is it possible to get plain text password using WPA-EAP mode ?
and is it possible to Switch between the identity and password section like the password section is renamed to identity and the identity section renamed to password ..
is there a more familiar mode that shows username instead of identity ??!

thanks I appreciate every response :)

simplest hostapd.conf

driver=hostap
mana_wpe=1
mana_credout=hostapd.credout
mana_loud=0
ieee8021x=1
eapol_key_index_workaround=0
eap_server=1
eap_user_file=hostapd.eap_user
ca_cert=ca.pem
server_cert=server.pem
private_key=server.key
private_key_passwd=testtestx#7CL
dh_file=dhparam.pem
interface=wlan1
ssid=testwifi
channel=5
hw_mode=g
ap_max_inactivity=3000
eap_message=please\0enter\0your\0password
Operator-Name = "wifi"
manufacturer= ZTE
bssid=02:21:91:01:11:31

eap_user_file

`* PEAP,GTC,TTLS

`"t" GTC,TTLS-PAP "1234test" [2]

@minanagehsalalma
Copy link
Author

And what if I want to make it use
TLS only !?

Should my eap_user_file
Be like this
"* TLS "
As there no inner modes for TLS !! ?

@minanagehsalalma
Copy link
Author

@singe @CapitanShinChan
just like this
image

btw is the identity encrypted ??!
the description didn't say much

@CapitanShinChan
Copy link

No, the identity is not encrypted, since it's send before the TLS tunnel is established.

In order to be secure, you have to verify the certificate of the server.

@CapitanShinChan
Copy link

The identity is only sent for tracking of the session purposes before the TLS tunnel is established. A proper configured AAA server (RADIUS in this case) would allow you to use anonymous identities, which most of clients support.

If you want more details about how this works, take a look to the RFC: https://tools.ietf.org/html/rfc3748

@minanagehsalalma
Copy link
Author

@CapitanShinChan thanks ..
"would allow you to use anonymous identities, "
I have read the identity part from the link .... But does it allow the user to chose between anonymous identities and just identities ... Which one shows up when he tries to connect with default settings ?
And what about the other two questions !?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants