freeradius-wpe Package Description

A patch for the popular open-source FreeRADIUS implementation to demonstrate RADIUS impersonation vulnerabilities by Joshua Wright and Brad Antoniewicz. This patch adds the following functionality:

  • Simplifies the setup of FreeRADIUS by adding all RFC1918 addresses as acceptable NAS devices;
  • Simplifies the setup of EAP authentication by including support for all FreeRADIUS supported EAP types;
  • Adds WPE logging in $prefix/var/log/radius/freeradius-server-wpe.log, can be controlled in radius.conf by changing the “wpelogfile” directive;
  • Simplified the setup of user authentication with a default “users” file that accepts authentication for any username;
  • Adds credential logging for multiple EAP types including PEAP, TTLS, LEAP, EAP-MD5, EAP-MSCHAPv2, PAP, CHAP and others

Source: http://www.willhackforsushi.com/?page_id=37
FreeRADIUS-WPE Homepage | Kali freeradius-wpe Repo

  • Author: Joshua Wright and Brad Antoniewicz
  • License: GPLv2

Tools included in the freeradius-wpe package

freeradius-wpe – FreeRadius Wireless Pawn Edition
root@kali:~# freeradius-wpe -h
Usage: freeradius [options]
Options:
  -C            Check configuration and exit.
  -d <raddb>    Set configuration directory (defaults to /etc/freeradius-wpe/3.0).
  -D <dictdir>  Set main dictionary directory (defaults to /usr/share/freeradius-wpe/dictionary).
  -f            Run as a foreground process, not a daemon.
  -h            Print this help message.
  -i <ipaddr>   Listen on ipaddr ONLY.
  -l <log_file> Logging output will be written to this file.
  -m            On SIGINT or SIGQUIT clean up all used memory instead of just exiting.
  -n <name>     Read raddb/name.conf instead of raddb/radiusd.conf.
  -p <port>     Listen on port ONLY.
  -P            Always write out PID, even with -f.
  -s            Do not spawn child processes to handle requests (same as -ft).
  -t            Disable threads.
  -v            Print server version information.
  -X            Turn on full debugging (similar to -tfxxl stdout).
  -x            Turn on additional debugging (-xx gives more debugging).
Menu