search

aircrack-ng / aircrack-ng-archive

Pre-migration repository. New repository ➙
https://github.com/aircrack-ng/aircrack-ng
GNU General Public License v2.0
857 stars 306 forks source link

Decimal Username Error While Trying to Connect SSID. Not Capture Challenge and Response #130

Closed Mister-X- closed 7 years ago

Mister-X- commented 7 years ago

From OpenSecurityResearch/hostapd-wpe#18, reported by @ccakgunduz:

I use default Kali version of hostapt-wpe. I install it through apt repositories. When I configure and run it it works perfect. if I enter a string username such as 'test' it accepts and print out the challenge and response. If I enter a username between 000000-599999 and 900000-999999 it still accepts and print out the hashes. However when I enter username between 600000-899999 it couldn't printout hashes. For example this is one f the simple output

Configuration file: /etc/hostapd-wpe/hostapd-wpe.conf
Using interface wlan0 with hwaddr 66:55:44:33:22:11 and ssid "hostapd-wpe"
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED
wlan0: STA 11:22:33:44:55:66 IEEE 802.11: authenticated
wlan0: STA 11:22:33:44:55:66 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 11:22:33:44:55:66
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25

mschapv2: Thu Jul 13 09:47:16 2017
username: test
challenge: ec:4f:c3:6d:be:7b:79:75
response: 72:8b:e0:16:0b:25:0e:1a:7a:39:19:2f:47:2f:4a:39:a4:8d:73:94:70:db:56:18
jtr NETNTLM: test:$NETNTLM$ec4fc36dbe7b7975$728be0160b250e1a7a39192f472f4a39a48d739470db5618
wlan0: CTRL-EVENT-EAP-FAILURE 11:22:33:44:55:66
wlan0: STA 11:22:33:44:55:66 IEEE 802.1X: authentication failed - EAP type: 0 (unknown)
wlan0: STA 11:22:33:44:55:66 IEEE 802.1X: Supplicant used different EAP type: 25 (PEAP)
wlan0: STA 11:22:33:44:55:66 IEEE 802.11: disassociated
wlan0: STA 11:22:33:44:55:66 IEEE 802.11: deauthenticated due to local deauth request
wlan0: STA 11:22:33:44:55:66 IEEE 802.11: authenticated
wlan0: STA 11:22:33:44:55:66 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 11:22:33:44:55:66
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25

mschapv2: Thu Jul 13 09:47:31 2017
username: 123456
challenge: 99:4f:26:55:3d:45:ed:1a
response: 19:b3:99:49:88:13:39:c8:7b:2b:cf:82:c0:65:ce:e2:64:8d:69:27:c8:02:52:d6
jtr NETNTLM: 123456:$NETNTLM$994f26553d45ed1a$19b39949881339c87b2bcf82c065cee2648d6927c80252d6
wlan0: CTRL-EVENT-EAP-FAILURE 11:22:33:44:55:66
wlan0: STA 11:22:33:44:55:66 IEEE 802.1X: authentication failed - EAP type: 0 (unknown)
wlan0: STA 11:22:33:44:55:66 IEEE 802.1X: Supplicant used different EAP type: 25 (PEAP)

I add this line manually. I try to username as 612345 (anything is same between 600000 - 899999) and it gave the result below. I modified mac addresses purposely

wlan0: STA 11:22:33:44:55:66 IEEE 802.11: authenticated
wlan0: STA 11:22:33:44:55:66 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 11:22:33:44:55:66
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
EAP-AKA: eap_sim_db not configured
wlan0: CTRL-EVENT-EAP-FAILURE 11:22:33:44:55:66
wlan0: STA 11:22:33:44:55:66 IEEE 802.1X: authentication failed - EAP type: 0 (unknown)
wlan0: STA 11:22:33:44:55:66 IEEE 802.1X: Supplicant used different EAP type: 1 (Identity)
wlan0: STA 11:22:33:44:55:66 IEEE 802.11: authenticated
wlan0: STA 11:22:33:44:55:66 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 11:22:33:44:55:66
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
EAP-AKA: eap_sim_db not configured
wlan0: CTRL-EVENT-EAP-FAILURE 11:22:33:44:55:66
wlan0: STA 11:22:33:44:55:66 IEEE 802.1X: authentication failed - EAP type: 0 (unknown)
wlan0: STA 11:22:33:44:55:66 IEEE 802.1X: Supplicant used different EAP type: 1 (Identity)
wlan0: STA 11:22:33:44:55:66 IEEE 802.11: authenticated
wlan0: STA 11:22:33:44:55:66 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 11:22:33:44:55:66
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
EAP-AKA: eap_sim_db not configured
wlan0: CTRL-EVENT-EAP-FAILURE 11:22:33:44:55:66
wlan0: STA 11:22:33:44:55:66 IEEE 802.1X: authentication failed - EAP type: 0 (unknown)
wlan0: STA 11:22:33:44:55:66 IEEE 802.1X: Supplicant used different EAP type: 1 (Identity)
wlan0: STA 11:22:33:44:55:66 IEEE 802.11: deauthenticated due to local deauth request
^Cwlan0: interface state ENABLED->DISABLED
wlan0: AP-DISABLED
nl80211: deinit ifname=wlan0 disabled_11b_rates=0
Mister-X- commented 7 years ago

It was due to some stuff that was left in one of the configuration files. So any user starting with 5, 6, 7 or 8 would trigger the bug. It was an easy fix in the patch itself: http://trac.aircrack-ng.org/changeset/2912

If you want to fix it temporarily until it is repackaged, you can comment out "5", "6", "7" and "8" in hostapd-wpe.eap_user file and restart hostapd-wpe.

ccakgunduz commented 7 years ago

It is solved indeed. Thanks.