Best way to capture RADIUS passwords

Sallee, Stephen (Jake) Jake.Sallee at umhb.edu
Fri Nov 9 20:58:56 CET 2012


> Am I going about this the wrong way?

Yes, yes you are.

#1) You will REALLY want to check your local laws, you may have just committed from a class B misdemeanor to a class C felony. Here is a link for states in the US:
http://www.irongeek.com/i.php?page=computerlaws/state-hacking-laws

#2) It is almost always simpler to get the user to reset their password

#3) A tcp dump will not give you all the info you need to crack a PW depending on the encryption method in use.

To summarize:

Don't crack user's passwords without the backing of a bunch of high paid lawyers and metric ton of signed notarized paperwork saying that the parties involved have given you specific permission to do so.

Jake Sallee
Godfather of Bandwidth
System Engineer
University of Mary Hardin-Baylor
900 College St.
Belton TX. 76513
Fone: 254-295-4658
Phax: 254-295-4221
HTTP://WWW.UMHB.EDU

From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org] On Behalf Of Chris Taylor
Sent: Friday, November 9, 2012 1:37 PM
To: freeradius-users at lists.freeradius.org
Subject: Best way to capture RADIUS passwords

I am migrating from one RADIUS setup that checks against a flat file with usernames and passwords inside it . Over to a RADIUS server with and LDAP backend. I have used JTR to crack most of the passwords but I still have some left over that JTR cant crack.

I was thinking of trying to run a packet capture to get the remaining usernames and passwords. What would be the best way to do this? Run RADIUS in debug mode Radius -X? Or try to use tcpdump and pick it up that way or is it even possible to do? I have been trolling the internet for a few days and have not come up with a good way to do it.

I setup tcpdump to dump to a file (tcpdump -i eth0 -n -s0 port radius -w rad-capture.lpc) , but when I check it out with wireshark I am unable to see the password (just the username). Am I going about this the wrong way?

Thanks,

Chris


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121109/bce5d54e/attachment.html>


More information about the Freeradius-Users mailing list