IMPORTANT: This is likely not going to be maintained much longer. Instead you should use hostapd-wpe: https://github.com/OpenSecurityResearch/hostapd-wpe It supports all the same functionality (minus EAP-MD5 over wifi) and supports "Karma" style AP attacks, Heartbleed against clients and much more! If you insist on using FreeRADIUS-WPE, see below: FreeRADIUS-WPE (Wireless Pwnage Edition) By Brad Antoniewicz and Josh Wright brad.antoniewicz@foundstone.com twitter: @brad_anton More information here: http://www.willhackforsushi.com/?page_id=37 ------------------------------------------- Current freeradius-wpe.patch is for: freeradius-server-2.1.12.tar.bz2 Supported and tested EAP Types/Inner Authentication Methods (others may also work): PEAP/PAP (OTP) PEAP/MSCHAPv2 EAP-TTLS/PAP (includes OTPs) EAP-TTLS/MSCHAPv1 EAP-TTLS/MSCHAPv2 EAP-MD5 Note: I've started to implement more attacks (including EAP-FAST) within hostapd-wpe, it is still under dev, but may be of some interest: https://github.com/OpenSecurityResearch/hostapd-wpe Update 8/15/2012: Housekeeeping: I decided to Remove the versioning from the patch name. This way I can just update the github and maintain a constant download location. This README will define what version the patch is for. Changes: +Added john NETNTLM formated output +Readded PAP and EAP-MD5 support +Fixed a problem when using MSCHAPv1 (issue 1 on github) Install: From Source: wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.12.tar.bz2 Over time, if a newer version of freeradius comes out, this link will change to: wget ftp://ftp.freeradius.org/pub/radius/old/freeradius-server-2.1.12.tar.bz2 wget https://raw.github.com/brad-anton/freeradius-wpe/master/freeradius-wpe.patch tar -jxvf freeradius-server-2.1.12.tar.bz2 cd freeradius-server-2.1.12 patch -p1 < ../freeradius-wpe.patch ./configure make sudo make install sudo ldconfig You may also have to: cd /usr/local/etc/raddb/certs/ ./bootstrap --- Using Binary: If you're using the .deb, it has been tested with BackTrack 5 R2, but will likely work with other versions and Ubuntu/Debian. wget https://github.com/brad-anton/freeradius-wpe/raw/master/freeradius-server-wpe_2.1.12-1_i386.deb sudo dpkg --install freeradius-server-wpe_2.1.12-1_i386.deb sudo ldconfig You may also have to: cd /usr/local/etc/raddb/certs/ ./bootstrap and just to confirm: radiusd -v make sure it says: radiusd: FreeRADIUS-WPE Version 2.1.12 Usage: Run "radiusd" and direct an access point to the server. Once a client connects freeradius-wpe will store the credentials in: /usr/local/var/log/radius/freeradius-server-wpe.log by default, otherwise you can define an alternative location using "wpelogfile" config option. Depending on the EAP Type and inner auth. creds used, the info in the log file might be plaintext or encrypted. Most likely it'll be MSCHAPv2, if it is, you'll need to crack those credentials with asleap or john, or something else. If you don't want to use a hardware access point, you can use hostapd. Here is a sample hostapd.conf that will set up an AP and direct it to FreeRADIUS-WPE be sure to run "radiusd" first. ------- Start hostapd.conf ----------- interface=wlan0 driver=nl80211 ssid=opensecurityresearch logger_stdout=-1 logger_stdout_level=0 dump_file=/tmp/hostapd.dump ieee8021x=1 eapol_key_index_workaround=0 own_ip_addr=127.0.0.1 auth_server_addr=127.0.0.1 auth_server_port=1812 auth_server_shared_secret=testing123 wpa=1 wpa_key_mgmt=WPA-EAP channel=1 wpa_pairwise=TKIP CCMP ------ End hostapd.conf -----------