Authenticated, no creds

[leesoh]

First off, thanks for putting the time in to make this tool. It looks terrific and I'm really excited to get into it.

I've been running into issues getting creds. Using the ./eaphammer -i wlan0 -e "mmm_waffles" -b "55:44:33:22:11:00" -c 9 --auth wpa --creds attack, I see my victim connect, associate, authenticate and... nothing. There are likely a bajillion ways this could be going wrong, so here's my log:

wlan0: STA 00:11:22:33:44:55 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 00:11:22:33:44:55
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: associated (aid 1)
nl80211: NL80211_ATTR_STA_VLAN (addr=00:11:22:33:44:55 ifname=wlan0 vlan_id=0) failed: -2 (No such file or directory)
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
handle_assoc_cb: STA 00:11:22:33:44:55 not found
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 00:11:22:33:44:55
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 00:11:22:33:44:55
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
handle_auth_cb: STA 00:11:22:33:44:55 not found
handle_assoc_cb: STA 00:11:22:33:44:55 not found
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 00:11:22:33:44:55
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: did not acknowledge authentication response
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55 IEEE 802.11: authenticated

I was able to validate my equipment using an almost completely unmodified configuration with hostapd-wpe (channel and SSID were there only things changed, IIRC). Here's the logs for that in case that's helpful:

Using interface wlan0 with hwaddr 00:00:22:33:44:55 and ssid "mmm_waffles"
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED 
wlan0: STA 00:11:22:33:44:55:66 IEEE 802.11: authenticated
wlan0: STA 00:11:22:33:44:55:66 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED 00:11:22:33:44:55:66
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-STARTED 00:11:22:33:44:55:66
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlan0: STA 00:11:22:33:44:55:66 IEEE 802.1X: Identity received from STA: 'fs'
wlan0: STA 00:11:22:33:44:55:66 IEEE 802.1X: Identity received from STA: 'fs'
wlan0: STA 00:11:22:33:44:55:66 IEEE 802.1X: Identity received from STA: 'fs'
wlan0: STA 00:11:22:33:44:55:66 IEEE 802.1X: Identity received from STA: 'fs'
wlan0: STA 00:11:22:33:44:55:66 IEEE 802.1X: Identity received from STA: 'fs'
wlan0: STA 00:11:22:33:44:55:66 IEEE 802.1X: Identity received from STA: 'fs'
wlan0: STA 00:11:22:33:44:55:66 IEEE 802.1X: Identity received from STA: 'fs'

mschapv2: Mon Nov 19 15:43:46 2018
     username:  fs
...creds ensue!!

I'm using Kali and am on the latest version of master.

Thanks in advance!

[s0lst1c3]

Hi @leesoh,

Thanks for pointing this out! Can you please send me the following information so that I can start narrowing in on the cause of this error?

1. The version of hostapd-wpe you're using
2. The make, model, and version of the wireless card you're using

[leesoh]

Sure thing. hostapd-wpe is 2.6 and I'm using an Alfa AWUS036AC. I'm pretty sure I was getting the same result using an Alfa AWUS036NHA as well.

[s0lst1c3]

Awesome thanks, I'll use those when trying to replicate this issue. Are you able to share how the client device your attacking is configured? I.e. device type, OS version, etc. The more info you can give me, the better chance I have at being able to replicate this issue successfully.

Also, I'm guessing the MAC addresses shown in the second snippet of log output are 7-bytes in length because the real ones have been redacted, and not because of some kind of bug in WPE? ;)

[leesoh]

The device I was testing with was an iPad running IOS 9 I believe. And you're correct about the MAC address :D

On Wed, 28 Nov 2018 at 01:21, Gabriel Ryan notifications@github.com wrote:

Awesome thanks, I'll use those when trying to replicate this issue. Are you able to share how the client device your attacking is configured? I.e. device type, OS version, etc. The more info you can give me, the better chance I have at being able to replicate this issue successfully.

Also, I'm guessing the MAC addresses shown in the second snippet of log output are 7-bytes in length because the real ones have been redacted, and not because of some kind of bug in WPE? ;)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/s0lst1c3/eaphammer/issues/50#issuecomment-442359489, or mute the thread https://github.com/notifications/unsubscribe-auth/ABN67twD47ZYxFIzajx9fdaccFWhpItmks5uzkd-gaJpZM4YqDqW .

[s0lst1c3]

Ok awesome, I should be able to get ahold of one of those. I'll get back to you.

[UY-Scuti-Ari]

I experienced the same issue today. Has anyone had any luck figuring out a reason and solution?