This section covers luring the client using honeypot (or evil twin) and recovering the correct user credentials from WiFi networks protected by enterprise WiFi networks security schemes like WPA-EAP, PEAP-MSCHAP2 and PEAP-TTLS.

What will you learn?

  • Creating honeypot and evil twin

  • The difference in TTLS and PEAP schemes

  • Using EAPhammer and Mana toolkit 


References:


  1. Cracking EAP-PEAP-MSCHAPv2 (https://www.pentesteracademy.com/video?id=508)

  2. EAP TLS vs EAP TTLS vs EAP-PEAP (https://security.stackexchange.com/questions/147344/eap-tls-vs-eap-ttls-vs-eap-peap)


Labs Covered:


In this lab, you will learn to create a honeypot network for a WPA-Enterprise (PEAP-GTC) network using Hostapd-mana and steal a user’s credentials. 


In this lab, you will learn to create a honeypot network for a WPA-Enterprise (PEAP-MSCHAPv2) network using Hostapd-mana, steal a user’s username/hash and use Asleap to crack the hash to recover the password. 


In this lab, you will learn to create a honeypot network for a WPA-Enterprise (TTLS-PAP) network using Hostapd-mana and steal a user’s credentials. 


In this lab, you will learn to create a honeypot network for a WPA-Enterprise (PEAP-CHAP) network using Hostapd-mana, steal a user’s username/hash.


In this lab, you will learn to create a honeypot network for a WPA-Enterprise (TTLS-MSCHAPv2) network using Hostapd-mana, steal a user’s username/hash and use Asleap to crack the hash to recover the password. 


In this lab, you will learn to create an evil twin network for a WPA-Personal (WPA2-PSK) network using Hostapd and force the client to connect to this network by launching a deauth attack with aireplay-ng.


In this lab, you will learn to create an evil twin network for a WPA-Enterprise (TTLS-PAP) network using Hostapd-mana, force the client to connect to this network by launching a deauth attack with aireplay-ng and steal a user’s credentials.


In this lab, you will learn to create an evil twin network for a WPA-Enterprise (TTLS-PAP) network using EAPHammer, force the client to connect to this network by launching a deauth attack with aireplay-ng and steal a user’s credentials.


In this lab, you will learn to create an evil twin network that responds to all probe requests and lures the client to connect to it for WPA-Enterprise networks using Hostapd-mana. Multiple clients will connect to the same honeypot and reveal user credentials.


  • Karma Attacks (EAPHammer)

    In this lab, you will learn to create an evil twin network that responds to all probe requests and lures the client to connect to it for WPA-Enterprise networks using EAPHammer. Multiple clients will connect to the same honeypot and reveal user credentials.


User Avatar

Evil Twin

User Avatar

Evil Twin - WPA Enterprise (Mana)

User Avatar

Evil Twin - WPA Enterprise (EAPHammer)

User Avatar

Mana: Attacking PEAP-GTC

User Avatar

Karma Attacks (Mana)

User Avatar

Mana: Attacking PEAP-MSCHAPv2

User Avatar

Karma Attacks (EAPHammer)

User Avatar

Mana: Attacking TTLS-PAP

User Avatar

Mana: Attacking TTLS-CHAP

User Avatar

Mana: Attacking TTLS-MSCHAPv2