eapmd5pass Package Description

EAP-MD5 is a legacy authentication mechanism that does not provide sufficient protection for user authentication credentials. Users who authenticate using EAP-MD5 subject themselves to an offline dictionary attack vulnerability. This tool reads from a live network interface in monitor-mode, or from a stored libpcap capture file, and extracts the portions of the EAP-MD5 authentication exchange. Once the challenge and response portions have been collected from this exchange, eapmd5pass will mount an offline dictionary attack against the user’s password.

Source: http://www.willhackforsushi.com/code/eapmd5pass/1.4/README
eapmd5pass Homepage | Kali eapmd5pass Repo

  • Author: Joshua Wright
  • License: GPLv2

Tools included in the eapmd5pass package

eapmd5pass – Dictionary attack against EAP-MD5
root@kali:~# eapmd5pass -h
eapmd5pass - Dictionary attack against EAP-MD5

Usage: eapmd5pass [ -i <int> | -r <pcapfile> ] [ -w wordfile ] [options]

  -i <iface>    interface name
  -r <pcapfile> read from a named libpcap file
  -w <wordfile> use wordfile for possible passwords.
  -b <bssid>    BSSID of target network (default: all)
  -U <username> Username of EAP-MD5 user.
  -C <chal> EAP-MD5 challenge value.
  -R <response> EAP-MD5 response value.
  -E <eapid>    EAP-MD5 response EAP ID value.
  -v        increase verbosity level (max 3)
  -V        version information
  -h        usage information

The "-r" and "[-U|-C|-R|-E]" options are not meant to be used together.  Use -r
when a packet capture is available.  Specify the username, challenge and
response when available through other means.

eapmd5pass Usage Example

root@kali:~# coming soon