As I explored the depths of computer security, I came across a fascinating topic: EAP. EAP, or Enterprise Authentication Protocol, is a type of security used for organizations and corporations to secure their wifi networks. It’s a far cry from the basic WPA used in personal home networks that only require a password.
At my university, each member is assigned a unique ID which is used for everything from server emails to student databases, and of course, wifi access. While connecting to the wifi network for the first time, a thought hit me – what if I could steal wifi passwords via EAP?
I would essentially be hijacking accounts and accessing servers and portals as a real user. The excitement was palpable. I began researching and found that it was possible, with the help of Evil Twin, RADIUS, and Captive portals.
Evil Twin seemed too challenging, with the presence of many students and their continuous movement, so I decided to go with RADIUS. I planned to kick off a user from the real network, create a clone RADIUS server, and wait for the hashes. Then I would crack the passwords.
To my delight, I was successful in cracking a few passwords – weak ones like Aa123456. My excitement was through the roof and I was eager to report my findings. But as I thought about it, I realized I had no legal permission to perform this attack. The lawless jungle of cyber security is a dangerous place, and one never knows when they may find themselves on the wrong side of the law.
So, I made the decision to stay silent and keep my findings to myself. Sometimes, one knows enough to stay quiet. The thrill of the chase, the excitement of the discovery, and the rush of adrenaline were all I needed to satisfy my thirst for knowledge and understanding of the world of computer security.
Digiala Writes 