EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements.
As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration.
To illustrate just how fast this tool is, our Quick Start section provides an example of how to execute a credential stealing evil twin attack against a WPA/2-EAP network in just commands.
Quick Start Guide (Kali)
Begin by cloning the eaphammer repo using the following command:
git clone https://github.com/s0lst1c3/eaphammer.git
Next run the kali-setup file as shown below to complete the eaphammer setup process. This will install dependencies and compile the project:
./kali-setup
Also Read – DECAF : Dynamic Executable Code Analysis Framework
To setup and execute a credential stealing evil twin attack against a WPA/2-EAP network:
To generate certificates
./eaphammer –cert-wizard
To launch attack
./eaphammer -i wlan0 –channel 4 –auth wpa-eap –essid CorpWifi –creds
Features
New (as of Version 1.7.0)(latest):
EAPHammer now supports WPA/2-PSK along with WPA handshake captures.
OWE (added as of Version 1.5.0):
EAPHammer now supports rogue AP attacks against OWE and OWE-Transition mode networks.
PMF (added as of Version 1.4.0)
EAPHammer now supports 802.11w (Protected Management Frames), Loud Karma attacks, and Known Beacon attacks (documentation coming soon).
GTC Downgrade Attacks
EAPHammer will now automatically attempt a GTC Downgrade attack against connected clients in an attempt to capture plaintext credentials.
Improved Certificate Handling
EAPHammer’s Cert Wizard has been expanded to provide users with the ability to create, import, and manage SSL certificates in a highly flexible manner.
Cert Wizard’s previous functionality has been preserved as Cert Wizard’s Interactive Mode, which uses the same syntax as previous versions. See XIII – Cert Wizard for additional details.
TLS / SSL Backwards Compatibility
EAPHammer now uses a local build of libssl that exists independently of the systemwide install. This local version is compiled with support for SSLv3, allowing EAPHammer to be used against legacy clients without compromising the integrity of the attacker’s operating system.
Supported EAP Methods
EAPHammer supports the following EAP methods:
802.11a and 802.11n Support
EAPHammer now supports attacks against 802.11a and 802.11n networks. This includes the ability to create access points that support the following features:
Credits:
Running programs built for Microsoft's framework on a Linux system is easier than you think. Mono is…
Computer vision technology powers many modern applications, from image editors to facial scanners. OpenCV (Open Source Computer…
A remote desktop interface makes it easy to manage a remote computer. VNC (Virtual Network Computing) is…
Hosting your own code repositories is a great way to keep your projects private. Gitea is a…
Many modern programs require Java to run. From development tools like Eclipse to search systems…
Setting a static IP address on your server is a smart move. It ensures your…