joshua1909 / eapeak Goto Github PK

What steps will reproduce the problem?
1. Use an Alfa AWUS036H wireless card with rtl8187 drivers.
2. Use kismet to create a monitor mode interface, capture traffic, and lock the 
interface on a specific channel.
3. Run this command: 
# eapscan -b <BSSID> -e '<ESSID>' -i wlan0mon -c <channel #>

What is the expected output? What do you see instead?
Expected to see eapscan checking supported EAP types. Instead, I got the 
following stack trace:

[*] Checking Connection To APTraceback (most recent call last):
  File "/usr/local/bin/eapscan", line 295, in <module>
    main()
  File "/usr/local/bin/eapscan", line 277, in main
    if not check_ap_connection(options.iface, options.bssid, options.essid, False):
  File "/usr/local/bin/eapscan", line 189, in check_ap_connection
    errCode = statemachine.connect(essid)
  File "/usr/local/lib/python2.7/site-packages/eapeak/inject.py", line 303, in connect
    if self.lastpacket == None or self.lastpacket.getlayer('Dot11Auth').status != 0:
AttributeError: 'NoneType' object has no attribute 'status'


What version of the product are you using? On what operating system?
Python 2.7.1
EAPeak from source as of January 5, 2012 (eapscan v0.7)
Backtrack 4 R0

Please provide any additional information below.
Make and model, as well as the EAP configuration, of the AP that was being 
tested is unknown. 

What would this new feature accomplish?
If an access point is determined to support LEAP authentication while running 
eapscan, it would be helpful to then be able to brute-force, or reverse 
brute-force, user accounts in an attempt to gain access to the network.

What is the expected output?
Ideally, the tool would have options to support either STDIN or a list of 
usernames, passwords, and/or a space separated user_pass file (similar to 
within Metasploit).

Default output would display each login attempt with the result. The result 
would be either "Failed Login" or "Successful Login".

What version of the product are you using? On what operating system?
I typically use Backtrack 4 R2 or Backtrack 5 R1.

Please provide any additional information below.

What steps will reproduce the problem?
1. eapwn -i wlan1 -e test

2.
3.

What is the expected output? What do you see instead?
i excpected a leap network to be generated but my other network card could not 
detect it i tried both with a atheros ath9k card and with a intel iwlwifi card 

What version of the product are you using? On what operating system?

latest source release from install script for backtrack 5 R2

Please provide any additional information below.

What would this new feature accomplish?
LEAP is dying if not already dead PEAP and EAP-TTLS are some of the most common 
implementations of EAP and many do not utilize strong authentication 
(certificate validation) it is imperative for the success of eapeak and wifi 
security as a whole for PEAP support in eapwn and EAPeak as a whole alot of the 
work could be offloaded to FREE-RADIUS-WPE or it could be implemented natively 
i would work on this my self but currently i lack the programming skills also 
is there documentation  for EAPeak (programming wise) that also would be 
helpful for eapeak's growth and adoption

What is the expected output?
a more robust and useful EAPeak

What version of the product are you using? On what operating system?
latest hg release via installer script for backtrack 5 R2

Please provide any additional information below.

Scapy's community repo has changed from hg.secdev.org to bb.secdev.org, and the 
following files are now outdated:


$ egrep -nr hg.secdev.org ./*
./build/scripts-2.7/eapscan:38: # http://hg.secdev.org/scapy-com # needs 
community repository because of the extra EAP layers I added.
./build/scripts-2.7/eapwn:36:   # http://hg.secdev.org/scapy-com # needs 
community repository because of the extra EAP layers I added.
./build/scripts-2.7/eapeak:56:  # http://hg.secdev.org/scapy-com # needs 
community repository because of the extra EAP layers I added.
./eapeak:56:    # http://hg.secdev.org/scapy-com # needs community repository 
because of the extra EAP layers I added.
./eapscan:38:   # http://hg.secdev.org/scapy-com # needs community repository 
because of the extra EAP layers I added.
./eapwn:36: # http://hg.secdev.org/scapy-com # needs community repository 
because of the extra EAP layers I added.
./INSTALL:13:   hg clone http://hg.secdev.org/scapy-com
./README:52:http://hg.secdev.org/scapy-com

Hello, when I run eapeak I get message:

Error: Missing Scapy Libraries, Please Install Scapy From The Community 
Repository
Error: Version Must Be >= 1538:d80170e42ced
Error: Now Exiting...

I believe it is because old version of scapy library didn't implement EAP() and 
EAPOL() structures. These structures were implemented only in dev version. But 
nowadays, scapy is in version 2.2.0 and implements these structures out of the 
box. Could you please update this great to make it work with new versions of 
scapy included in most linux distros?

What steps will reproduce the problem?
1. I would like set channel in 5 GHZ

What is the expected output? What do you see instead?
I can set only channel between 1-14

What version of the product are you using? On what operating system?
EAPeak-v0.1.5

I would like to test on 5GHz, but it isn't possible. I get this error message:
eapscan -e <BSSID> -b <BSSID> -i mon0
[*] Checking Connection To AP...
[-] Connection Attempts Failed
[-] Now Exiting...

I use Backtrack R5 linux distribution and I installed community version of 
scapy library (2.2.0-dev). I tried this tool on different access points/RADIUS 
servers, both my home airlive AP and radiusd server and school Cisco APs. I use 
your tool this way:

# eapscan -e eduroam -b 2C:41:38:F8:C8:30 -i mon0 --types PEAP --identity 
xantal02 -c 1 [*] Checking Connection To AP OK!
[-] EAP Type: PEAP Could Not Be Determined

But always I get this result that PEAP (or other method) couldn't be 
determined. I'm sure, that PEAP is supported on that exact AP and I provide 
valid user identity. As I already mentioned I tried this tool on different APs 
(Cisco, Airlive, other) with different wireless adapters (Alfa AWU, intel 4965) 
but always with the same result.

I attach file with a EAPOL packets dump while running eapscan like this:

./eapscan -e SSID_enterprise -b 00:4F:62:26:F3:DF -i testing -i mon0 --types 
PEAP
[*] Checking Connection To AP OK!
[-] EAP Type: PEAP Could Not Be Determined

What steps will reproduce the problem?
1. Install EAPeak from download or from hg repo on "EAPbox"
2. SSH into EAPbox from another machine (using OSX in this case [tried with 
both Terminal.app and iTerm2) 
3. Run ./eapeak -l -c -i mon0

What is the expected output? What do you see instead?

Getting the error: 

 => Traceback (most recent call last):         
File "./eapeak", line 297, in <module>                                          


main()
File "./eapeak", line 178, in main 
errCode = eapeakParser.initCurses()  
"/usr/local/lib/python2.6/dist-packages/eapeak/parse.py", line 481, in 
initCurses                                                                      


                   curses.curs_set(0)   
_curses.error: curs_set() returned ERR


What version of the product are you using? On what operating system?

Backtrack 5 (Linux bt 2.6.39.4 #1 SMP Wed Aug 17 21:42:30 EDT 2011 x86_64 
GNU/Linux)
Python: 2.6.5   (2.6.5-0ubuntu1)
Scapy Community (commit: 120, update: 23)
python-m2crypto (0.20.1-1ubuntu2)

Versions:
+ EAPeak-v0.1.4_ToorCon_2011.tar.bz2 
+ hg (commit: 10)


Please provide any additional information below.

Discovered this running BT5 in a VM; didn't want to run X, so I setup 
networking and SSH'd in to run EAPeak.

+ After it craps out, it corrupts my bash terminal (see attachment for what 
appears in my SSH console) 
+ Works fine in konsole in an X session on the BT5 VM

Not really sure what the problem is (I'm a Python guy but my (n)curses fu is 
non-existent :/

Let me know if there is any additional information. 

Best