-
Notifications
You must be signed in to change notification settings - Fork 128
EAP Relay with Sycophant
Michael Kruger edited this page Aug 3, 2020
·
4 revisions
Table of Contents
@_cablethief figured out it’s possible to relay inner MSCHAPv2 to get connected to PEAP networks without having to crack the credentials. This attack requires an appropriately configured hostapd-mana and the wpa_sycophant tool.
To enable this attack, you need the following config options in your hostapd-mana config:
enable_sycophant=1
sycophant_dir=/tmp/
This will enable sycophant attacks, and store state files used for transferring data between the modified supplicant and hostapd-mana.
Warning
|
Keep the directory set to /tmp/ for now. The corresponding option is not on the supplicant yet. |
Check the wpa_sycophant README for information on running wpa_sycophant.