hostapd-wpe and with_ntdomain_hack

[myst404]

Hey,

While running hostapd-wpe I got a Windows client authenticating.

However asleap did not accept the challenge/response :

Could not recover last 2 bytes of hash from the
challenge/response. Sorry it didn't work out.

Thanks to https://www.nickmurison.me.uk/category/penetration-testing/, it looks like it comes from a FreeRADIUS option:

with_ntdomain_hack = yes

This issue was already raised on Twitter in 2015 : https://twitter.com/dot11_de/status/588994144565125120
So, is it possible to feed hostapd-wpe with this option or is it something to add?

Thanks :)

[Mister-X-]

Are you sure you are working with our patch?

Looking at the code in src/eap_server/eap_server_mschapv2.c (after patching v2.6), there is the workaround for this issue (look at line 340 then 375).

[myst404]

I installed hostapd-wpe directly from the Kali Rolling Release repo.

However Kali was not updated for a few months when I installed hostapd-wpe.

How can I check if I work with the patch?

Indeed it looks like there is a workaround in the code, unfortunately I can not test for the moment.

[Mister-X-]

Check if the installed version is 2.6.

[myst404]

Yeah, that is the one I have.

Precisely:

hostapd-wpe:amd64 (2.6+git20161107-0kali2)

[ama21n]

moved to OpenSecurityResearch/hostapd-wpe#19

[aircrack-ng]

Just tested the patch again and it works just fine with user\domain.