Open GoogleCodeExporter opened 9 years ago
Sorry, there is a typo, I use Backtrack 5 R2.
Original comment by antal.lu...@gmail.com
on 18 Apr 2012 at 4:47
Original comment by zeroStei...@gmail.com
on 22 Apr 2012 at 9:51
The pcap provided only contains EAPOL start messages from eapscan. This isn't
enough information, I'd like to see the 802.11 Authentication and Association
requests and replys if possible. I've seen this issue multiple times before
however and I'm looking through other pcaps for the data I need.
Original comment by zeroStei...@gmail.com
on 1 May 2012 at 8:24
[deleted comment]
I've committed a couple of changes to eapscan and the inject module.
Unfortunately I do not have access to an AP that seems to be affected by this
problem. Please update to revision 2b9ef5b50d4a and let me know if the problem
persists.
Original comment by zeroStei...@gmail.com
on 2 May 2012 at 1:41
Ok, I downloaded new version via:
hg clone https://code.google.com/p/eapeak/
And started eapeak like this, but the issue still remains:
# ./eapscan -e SSID_enterprise -b 00:4F:62:26:F3:DF --identity=testing -i mon0
[*] Checking Connection To AP OK!
[-] EAP Type: MD5 Could Not Be Determined
[-] EAP Type: ONE TIME PASSWORD Could Not Be Determined
[-] EAP Type: GENERIC TOKEN CARD Could Not Be Determined
[-] EAP Type: EAP-TLS Could Not Be Determined
[-] EAP Type: LEAP Could Not Be Determined
[-] EAP Type: EAP-TTLS Could Not Be Determined
[-] EAP Type: PEAP Could Not Be Determined
[-] EAP Type: EAP-FAST Could Not Be Determined
[-] EAP Type: EXPANDED EAP Could Not Be Determined
Original comment by antal.lu...@gmail.com
on 2 May 2012 at 2:01
Attachments:
Would it be possible for you to post a PCap of a successful association of a
client? In particular I'd like to see the 802.11 authentication/association
requests and responses then the initial EAPOL start message.
If I could get a PCap of that it would be very helpful.
Original comment by zeroStei...@gmail.com
on 2 May 2012 at 2:28
Also when I look through the PCap in wireshark with the display filter of
"(wlan.fc.type_subtype == 0x00) || (wlan.fc.type_subtype == 0x01)" I see that
the association requests sent by EAPScan still have the privacy bit set and I
don't see a response from the AP. The privacy bit was removed in revision
2b9ef5b50d4a Is it possible you downloaded the newest version but did not
install it, causing the old inject module to be used?
Original comment by zeroStei...@gmail.com
on 2 May 2012 at 2:35
Ok, I captured successful authentication of client 00:c0:ca:39:f8:7c to AP
00:4F:62:26:F3:DF. This dump is named successfullAuth.pcap.
As to the newest version of eapscan I did exactly this:
root@bt:~# mkdir test
root@bt:~# cd test
root@bt:~/test# hg clone https://code.google.com/p/eapeak/
destination directory: eapeak
requesting all changes
adding changesets
adding manifests
adding file changes
added 89 changesets with 265 changes to 21 files (+2 heads)
updating to branch default
21 files updated, 0 files merged, 0 files removed, 0 files unresolved
root@bt:~/test# cd eapeak/
root@bt:~/test/eapeak# ./eapscan -e SSID_enterprise -b 00:4F:62:26:F3:DF -i mon0
[*] Checking Connection To AP OK!
[-] EAP Type: MD5 Could Not Be Determined
[-] EAP Type: ONE TIME PASSWORD Could Not Be Determined
[-] EAP Type: GENERIC TOKEN CARD Could Not Be Determined
[-] EAP Type: EAP-TLS Could Not Be Determined
[-] EAP Type: LEAP Could Not Be Determined
[-] EAP Type: EAP-TTLS Could Not Be Determined
[-] EAP Type: PEAP Could Not Be Determined
[-] EAP Type: EAP-FAST Could Not Be Determined
[-] EAP Type: EXPANDED EAP Could Not Be Determined
Is this the right way to get the newest version? I also dumped this
communication to eapscan2.pcap file.
Original comment by antal.lu...@gmail.com
on 2 May 2012 at 7:58
Attachments:
Thanks for the PCaps, those were exactly what I needed.
You need to run python setup.py build and python setup.py install to ensure
that the libraries that are being used are the ones from the target revision.
The system libraries take precedence over the ones found in the local directory.
Okay, I just committed another patch (revision d5e1e09bf0f4) if you can try to
use that one there are substantial changes that should make it work I hope. If
not just like last time I need a PCap with the association requests and
responses.
Original comment by zeroStei...@gmail.com
on 3 May 2012 at 3:10
Ok, I built and installed newest version of eapeak/eapscan, but now I'm not
able even to successfully associate with AP:
# eapscan -e SSID_enterprise -b 00:4F:62:26:F3:DF -i mon0
[*] Checking Connection To AP...
[-] Connection Attempts Failed
[-] Now Exiting...
I get this error everytime I run the program.
Original comment by antal.lu...@gmail.com
on 4 May 2012 at 10:47
Attachments:
I tried fresh install of eapeak on my other notebook and I can confirm that the
newest version of eapscan is not able to corretly associate with AP, there's
successful authentication, but association will fail with:
Status code: Responding STA does not support the specified authentication
algorithm (0x000d) [copied from wireshark]
Original comment by antal.lu...@gmail.com
on 7 May 2012 at 12:49
That's very odd because I took care to not change check_ap_connection function.
The changes should not have started until connect() was called in eap_scan().
Revision b84e73e92488 includes a --verbose option which will provide some
details on why the initial AP connection is failing. Can you provide the
output using the --verbose option with a PCap?
Original comment by zeroStei...@gmail.com
on 10 May 2012 at 8:40
# eapscan -e SSID_enterprise -b 00:4f:62:26:f3:df -i mon0 --verbose
[*] Verbose output has been enabled
[*] Checking Connection To AP
[*] Verbose: using MAC address: 00:67:a2:25:e0:76 for testing connections
[-] Verbose: did not receive a reply to the association request
.
[*] Verbose: using MAC address: 00:ff:e9:5a:fc:75 for testing connections
[-] Verbose: did not receive a reply to the association request
.
[*] Verbose: using MAC address: 00:30:10:73:7c:f6 for testing connections
[-] Verbose: did not receive a reply to the association request
.
[-] Connection Attempts Failed
[-] Now Exiting...
Original comment by antal.lu...@gmail.com
on 13 May 2012 at 2:11
Attachments:
Original issue reported on code.google.com by
antal.lu...@gmail.com
on 18 Apr 2012 at 4:44Attachments: