Wednesday, April 27, 2011

EAP-MD5 Offline password attacks

This post from Pauldotcom explains how to perform dictionary offline attacks against EAP-MD5 (802.1X protected networks)  authentication packets.


Once we have a packet capture with the authentication packets, the post offers two possibilities:
- Patched version of xtest to read the passwords through a pipe (John the Ripper produces the password list)
- A small Scapy script  called  eapmd5crack.py 

No comments:

Post a Comment