Description: Welcome to Part 33 of the WLAN Security Megaprimer! Please start this series by watching Part 1 http://www.securitytube.net/video/1756, if you have not done so already.
In this video, we will look at how to crack PEAP with OS X as the client. The whole idea is to create a honeypot which connects back to a rogue RADIUS server setup created by the attacker. We will be running FreeRadius-WPE as the attacker RADIUS server.
When a client connects to the honeypot, and the RADIUS server sends it a fake certificate, it pops up a dialog box to the user to request accept / reject the certificate. If the user accepts the certificate, it gets added to the trusted certificates list on the computer. The next time the user connects to out RADIUS server, he is never prompted for the certificate problem.
FreeRadius-WPE logs the Challenge, Response and Username in a log file. This is used with the Asleap tool created by Joshua Wright to crack the password supplied by the user.
It may be important to note that Asleap will only work if the password is present in the dictionary file it is fed, thus, this attack is as powerful as your dictionary file is elaborate.
Looking forward to your comments!