And the winner is…
Andrew vonNagy!
If you haven’t been following along, I ran a contest over the past week for the best wireless pen testing tip or trick.
As promised, I will be pre-ordering a copy of “Wireless Hacking Exposed” for Andrew.
Here was Andrews submission for the contest:
To PenTest WPA2 secured wireless networks, setup a honeypot AP and a Free-RADIUS WPE (wifi pwnage edition by Josh Wright) to harvest EAP/MS-CHAP credential hashes from improperly secured client devices which are not validating the RADIUS server. Then use John the Ripper or similar password cracking tool to crack the user password using a dictionary attack.
If you want more of Andrew’s wisdom, you can also check out his blog, “Revolution Wi-Fi” – It has some quality content.
Related Posts:
![[LinkedIn]](https://i0.wp.com/farm4.static.flickr.com/3477/3463037125_247575d1f3_m.jpg)
![[LinkedIn]](https://i0.wp.com/farm4.static.flickr.com/3598/3463037145_924738ec38_m.jpg)
![[Slashdot]](https://i0.wp.com/slashdot.org/favicon.ico){kind=small}
![[Digg]](https://i0.wp.com/digg.com/favicon.ico){kind=small}
![[Reddit]](https://i0.wp.com/reddit.com/favicon.ico){kind=small}
![[del.icio.us]](https://i0.wp.com/images.del.icio.us/static/img/delicious.small.gif){kind=small}
![[Facebook]](https://i0.wp.com/www.facebook.com/favicon.ico){kind=small}
![[Technorati]](https://i0.wp.com/technorati.com/favicon.ico){kind=small}
![[Google]](https://i0.wp.com/www.google.com/favicon.ico){kind=small}
![[StumbleUpon]](https://i0.wp.com/www.stumbleupon.com/favicon.ico){kind=small}
WiFi Jedi.com 
Wait? Why would you go through the hassle of “free-radius” and “john the ripper?” Free-radius is ridiculously not-easy to setup and john the ripper is slow.
If you were to go that way, I would recommend using PyCUDA python libraries that interface with the GPU for text/hash creation/comparison and cowpatty. As for the free-radius thing, use Airbase-NG and mimic the login authentication page with your own PHP/html script (similar to a “phisher”) that simply dumps the username/password to a text file and bridges connections to other wireless devices maybe via 3g?
This would simulate a real authentication and login to a unsuspecting victim. (unless they try to access resources from the LAN) if you are worried about that, make a script that check the txt dump file from the php script. If it finds credentials it pulls down airbase-ng.
To forward traffic ALL to your localhosted (apache2|lighttpd)/php you can easily use Ettercap or dsniff 🙂
I like your website BTW and your Twitter feed is very informative, thanks!
~Douglas.
I actually showed this a few weeks back on my weblog, check out the first video, there’s even a screencast showing it off halfway through the episode. Maybe this weekend I will make a “fake” authentication page cloner video.
whoops, http://weaknetlabs.com/main/?p=534