FreeRADIUS-WPE and Quirky WPA Supplicants
I was recently on a wireless testing gig where I was faced with a relatively typical scenario: a corporate wireless network leveraging PEAP with MSCHAPv2 for authentication, and wireless clients that were configured to not check for a valid certificate when communicating with the RADIUS server. My standard approach to this on Backtrack follows the one Robert Portvliet describes in his post Capturing and cracking a PEAP challenge/response with FreeRADIUS-WPE (go read it): »