Joshua1909 / eapeak

Automatically exported from code.google.com/p/eapeak
0 stars 0 forks source link

eapscan tool always returns "Type Could Not Be Determined" #4

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
I use Backtrack R5 linux distribution and I installed community version of 
scapy library (2.2.0-dev). I tried this tool on different access points/RADIUS 
servers, both my home airlive AP and radiusd server and school Cisco APs. I use 
your tool this way:

# eapscan -e eduroam -b 2C:41:38:F8:C8:30 -i mon0 --types PEAP --identity 
xantal02 -c 1 [*] Checking Connection To AP OK!
[-] EAP Type: PEAP Could Not Be Determined

But always I get this result that PEAP (or other method) couldn't be 
determined. I'm sure, that PEAP is supported on that exact AP and I provide 
valid user identity. As I already mentioned I tried this tool on different APs 
(Cisco, Airlive, other) with different wireless adapters (Alfa AWU, intel 4965) 
but always with the same result.

I attach file with a EAPOL packets dump while running eapscan like this:

./eapscan -e SSID_enterprise -b 00:4F:62:26:F3:DF -i testing -i mon0 --types 
PEAP
[*] Checking Connection To AP OK!
[-] EAP Type: PEAP Could Not Be Determined

Original issue reported on code.google.com by antal.lu...@gmail.com on 18 Apr 2012 at 4:44

Attachments:

GoogleCodeExporter commented 9 years ago
Sorry, there is a typo, I use Backtrack 5 R2.

Original comment by antal.lu...@gmail.com on 18 Apr 2012 at 4:47

GoogleCodeExporter commented 9 years ago

Original comment by zeroStei...@gmail.com on 22 Apr 2012 at 9:51

GoogleCodeExporter commented 9 years ago
The pcap provided only contains EAPOL start messages from eapscan.  This isn't 
enough information, I'd like to see the 802.11 Authentication and Association 
requests and replys if possible.  I've seen this issue multiple times before 
however and I'm looking through other pcaps for the data I need.

Original comment by zeroStei...@gmail.com on 1 May 2012 at 8:24

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
I've committed a couple of changes to eapscan and the inject module.  
Unfortunately I do not have access to an AP that seems to be affected by this 
problem.  Please update to revision 2b9ef5b50d4a and let me know if the problem 
persists.

Original comment by zeroStei...@gmail.com on 2 May 2012 at 1:41

GoogleCodeExporter commented 9 years ago
Ok, I downloaded new version via:

hg clone https://code.google.com/p/eapeak/

And started eapeak like this, but the issue still remains:

# ./eapscan -e SSID_enterprise -b 00:4F:62:26:F3:DF --identity=testing -i mon0
[*] Checking Connection To AP OK!
[-] EAP Type: MD5 Could Not Be Determined
[-] EAP Type: ONE TIME PASSWORD Could Not Be Determined
[-] EAP Type: GENERIC TOKEN CARD Could Not Be Determined            
[-] EAP Type: EAP-TLS Could Not Be Determined                        
[-] EAP Type: LEAP Could Not Be Determined                
[-] EAP Type: EAP-TTLS Could Not Be Determined         
[-] EAP Type: PEAP Could Not Be Determined                 
[-] EAP Type: EAP-FAST Could Not Be Determined         
[-] EAP Type: EXPANDED EAP Could Not Be Determined         

Original comment by antal.lu...@gmail.com on 2 May 2012 at 2:01

Attachments:

GoogleCodeExporter commented 9 years ago
Would it be possible for you to post a PCap of a successful association of a 
client?  In particular I'd like to see the 802.11 authentication/association 
requests and responses then the initial EAPOL start message.

If I could get a PCap of that it would be very helpful.

Original comment by zeroStei...@gmail.com on 2 May 2012 at 2:28

GoogleCodeExporter commented 9 years ago
Also when I look through the PCap in wireshark with the display filter of 
"(wlan.fc.type_subtype == 0x00) || (wlan.fc.type_subtype == 0x01)" I see that 
the association requests sent by EAPScan still have the privacy bit set and I 
don't see a response from the AP.  The privacy bit was removed in revision 
2b9ef5b50d4a Is it possible you downloaded the newest version but did not 
install it, causing the old inject module to be used?

Original comment by zeroStei...@gmail.com on 2 May 2012 at 2:35

GoogleCodeExporter commented 9 years ago
Ok, I captured successful authentication of client 00:c0:ca:39:f8:7c to AP 
00:4F:62:26:F3:DF. This dump is named successfullAuth.pcap.

As to the newest version of eapscan I did exactly this:

root@bt:~# mkdir test
root@bt:~# cd test
root@bt:~/test# hg clone https://code.google.com/p/eapeak/
destination directory: eapeak
requesting all changes
adding changesets
adding manifests
adding file changes
added 89 changesets with 265 changes to 21 files (+2 heads)
updating to branch default
21 files updated, 0 files merged, 0 files removed, 0 files unresolved
root@bt:~/test# cd eapeak/
root@bt:~/test/eapeak# ./eapscan -e SSID_enterprise -b 00:4F:62:26:F3:DF -i mon0
[*] Checking Connection To AP OK!
[-] EAP Type: MD5 Could Not Be Determined
[-] EAP Type: ONE TIME PASSWORD Could Not Be Determined
[-] EAP Type: GENERIC TOKEN CARD Could Not Be Determined            
[-] EAP Type: EAP-TLS Could Not Be Determined                        
[-] EAP Type: LEAP Could Not Be Determined                
[-] EAP Type: EAP-TTLS Could Not Be Determined         
[-] EAP Type: PEAP Could Not Be Determined                 
[-] EAP Type: EAP-FAST Could Not Be Determined         
[-] EAP Type: EXPANDED EAP Could Not Be Determined

Is this the right way to get the newest version? I also dumped this 
communication to eapscan2.pcap file.     

Original comment by antal.lu...@gmail.com on 2 May 2012 at 7:58

Attachments:

GoogleCodeExporter commented 9 years ago
Thanks for the PCaps, those were exactly what I needed.

You need to run python setup.py build and python setup.py install to ensure 
that the libraries that are being used are the ones from the target revision.  
The system libraries take precedence over the ones found in the local directory.

Okay, I just committed another patch (revision d5e1e09bf0f4) if you can try to 
use that one there are substantial changes that should make it work I hope.  If 
not just like last time I need a PCap with the association requests and 
responses.

Original comment by zeroStei...@gmail.com on 3 May 2012 at 3:10

GoogleCodeExporter commented 9 years ago
Ok, I built and installed newest version of eapeak/eapscan, but now I'm not 
able even to successfully associate with AP:

# eapscan -e SSID_enterprise -b 00:4F:62:26:F3:DF -i mon0
[*] Checking Connection To AP...
[-] Connection Attempts Failed
[-] Now Exiting...

I get this error everytime I run the program.

Original comment by antal.lu...@gmail.com on 4 May 2012 at 10:47

Attachments:

GoogleCodeExporter commented 9 years ago
I tried fresh install of eapeak on my other notebook and I can confirm that the 
newest version of eapscan is not able to corretly associate with AP, there's 
successful authentication, but association will fail with:

Status code: Responding STA does not support the specified authentication 
algorithm (0x000d) [copied from wireshark]

Original comment by antal.lu...@gmail.com on 7 May 2012 at 12:49

GoogleCodeExporter commented 9 years ago
That's very odd because I took care to not change check_ap_connection function. 
 The changes should not have started until connect() was called in eap_scan().  
Revision b84e73e92488 includes a --verbose option which will provide some 
details on why the initial AP connection is failing.  Can you provide the 
output using the --verbose option with a PCap?

Original comment by zeroStei...@gmail.com on 10 May 2012 at 8:40

GoogleCodeExporter commented 9 years ago
# eapscan -e SSID_enterprise -b 00:4f:62:26:f3:df -i mon0 --verbose
[*] Verbose output has been enabled
[*] Checking Connection To AP
[*] Verbose: using MAC address: 00:67:a2:25:e0:76 for testing connections

[-] Verbose: did not receive a reply to the association request
.
[*] Verbose: using MAC address: 00:ff:e9:5a:fc:75 for testing connections

[-] Verbose: did not receive a reply to the association request
.
[*] Verbose: using MAC address: 00:30:10:73:7c:f6 for testing connections

[-] Verbose: did not receive a reply to the association request
.
[-] Connection Attempts Failed
[-] Now Exiting...

Original comment by antal.lu...@gmail.com on 13 May 2012 at 2:11

Attachments: