WiFiJuice Posted December 27, 2015 Share Posted December 27, 2015 Is it possible to build a module integrated with http://www.onlinehashcrack.com/to be able to crack the hashes without a directory? Good idea? 2 Quote Link to comment Share on other sites More sharing options...
AlfAlfa Posted December 27, 2015 Share Posted December 27, 2015 (edited) Is it possible to build a module integrated with http://www.onlinehashcrack.com/to be able to crack the hashes without a directory? Good idea? [uPDATE -> latest post, posted here] I had to get caught up in my other work, but I finally got uploadwpa2 into a state that it has been much improved and is a worthy update! The main difference is adding SSL support, but also switching from hard coded specialized functions which would have to be coded for each site and re-done if the site changed, to a json config file with the default config stored at ~/.uploadwpa2/sites.cfg It's a pretty simple format, and should be able to be configured for most sites except that require a logged in session or captcha. (maybe future features) So with the standard openwrt sdk now I'm fairly sure I got the packaging right this time, so check the package out or it can be just built from source again. additional dependencies: +libopenssl +libcrypto makefile has been updated. "I cant put enough emphasis on this, this is not an official package provided from the hak5 team, and there for is NOT supported by them. Until if and or when they add it into their official repos, and you download it from their official repos, this is all installed at YOUR OWN RISK. so using this provided ipk, do not go to the hak5 team for support for which are not officially provided by them. i also hold no responsibility for any damage or for your usage that may occur, i can provide the sources and installable ipk, and can give you my word that their is no malicious code added to this ipk, it is clean and has no infection. it is your choice and responsibility if you want to use them or not." You've been warned, now here is the goods :) --------------------------------------------------------------------------------------------------------------- IPK: http://www.filedropp...loadwpa21ar71xx http://www.speedysha...a2-1-ar71xx.ipk Source: https://github.com/Alf-Alfa/uploadwpa EDIT: I've just realized I completely overlooked the javascript and php side of things, I'll have to flesh it out with support for the newer features. Like being able to give it more than 10 hashes at a time (you just configure how many hashes it accepts per post) and it sends out as many post requests as necessary to complete the job. (example of one new feature) Yea that doesn't sound too bad it's not even using TLS/SSL! Should be a sinch :) Just GET / HTTP/1.1 Host: onlinehashcrack.com Then a POST /wifi-wpa-rsna-psk-crack.php HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.5.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://www.onlinehashcrack.com/ Connection: keep-alive Content-Type: multipart/form-data; boundary=---------------------------12414623831213293040140603178 Content-Length: 4571534 -----------------------------12414623831213293040140603178 Content-Disposition: form-data; name="emailWpa" youremail@yourdomain.com -----------------------------12414623831213293040140603178 Content-Disposition: form-data; name="wpaFile"; filename="capturefile.cap" Content-Type: application/vnd.tcpdump.pcap ----- data goes here ---- \r\n\r\n Then ungzip the response and check that it was successfully uploaded or just assume it was and see if you get an email :) Also do the hash form as well, or instead if it's easier: (where you can enter up to 10 hashes instead of a capture file, can you write a WPA handshake like that though?) POST /hash-cracking.php HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.5. ---yada yada--- textareaHashes=hash-1\r\nhash-2\r\nhash-3\r\netc-etc-etc&emailHashes=youremail@yourdomain \r\n\r\n Yeehee! Edited March 2, 2016 by AlfAlfa 1 Quote Link to comment Share on other sites More sharing options...
WiFiJuice Posted December 28, 2015 Author Share Posted December 28, 2015 Yea that doesn't sound too bad it's not even using TLS/SSL! Should be a sinch :) Just GET / HTTP/1.1 Host: onlinehashcrack.com Then a POST /wifi-wpa-rsna-psk-crack.php HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.5.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://www.onlinehashcrack.com/ Connection: keep-alive Content-Type: multipart/form-data; boundary=---------------------------12414623831213293040140603178 Content-Length: 4571534 -----------------------------12414623831213293040140603178 Content-Disposition: form-data; name="emailWpa" youremail@yourdomain.com -----------------------------12414623831213293040140603178 Content-Disposition: form-data; name="wpaFile"; filename="capturefile.cap" Content-Type: application/vnd.tcpdump.pcap ----- data goes here ---- \r\n\r\n Then ungzip the response and check that it was successfully uploaded or just assume it was and see if you get an email :)Also do the hash form as well, or instead if it's easier: (where you can enter up to 10 hashes instead of a capture file, can you write a WPA handshake like that though?) POST /hash-cracking.php HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.5. ---yada yada--- textareaHashes=hash-1\r\nhash-2\r\nhash-3\r\netc-etc-etc&emailHashes=youremail@yourdomain \r\n\r\n Yeehee! WOW! You are the best man :) Thanks a lot! Should I paste this code in the command line or can I make a module out it? I'm all new to the WiFi Pineapple world... 1 Quote Link to comment Share on other sites More sharing options...
AlfAlfa Posted December 30, 2015 Share Posted December 30, 2015 (edited) You cannot paste that into the command line. That is a raw HTTP request and response. I believe his intention was to show that it was not complicated. I am not sure why he has the initial GET request there. Maybe to get cookies? Anyway, a quick search on GitHub reveals that this has been done before. It might be worth looking over some of the code others have written. It appears that setting the referrer header is important. Yea that wouldn't be any fun though, plus I'm guessing it's probably written in python or something, I wanted to do it in C++ and see what I came up with. I suppose now that I've done it I could look and compare and see if they did it better or if I did... I cheated a little bit though, I reproduced the pages to receive posted data and got everything working testing on a local apache server, then once I got everything pretty solid, I did the real test, and it worked! (since I didn't want to be uploading tons of files and I don't have that many anyway so I kind of had to get it right the first time, which I did!) EDIT: lol it seems I guessed right, first result is python lol WOW! You are the best man :) Thanks a lot! Should I paste this code in the command line or can I make a module out it? I'm all new to the WiFi Pineapple world... Note quite, but with my tool that I built for linux that I'm going to make into a pineapple module when the API comes out and I learn how to cross compile for it, you can run this simple command: uploadwpa -e youremail@whatever.com -c /path/to/wpahandshake.cap or uploadwpa -e blah@blah.com -a hash1 hash2 hash3 etc up to 10 hashes for the other hashes the site supports Yep it sure was simple enough alright! I used unix sockets (with Beej's networking guide for reference, and borrowed urlEncoding+urlDecoding functions from stackoverflow, and whipped up a quick and simple http client) Enter the command and blink! The email appears with a link to the status of the job! Written in C++ using codeblocks, and there's only three simple files-> uploadwpa.cpp: /* uploadwpa 1.0 ~ AlfAlfa */ #include "QuickHTTPClient.hpp" std::unique_ptr<QuickHTTPClient> http; std::string email, hashes, capture_file, file_name, boundary, useThisUserAgent; void printHelp() { std::cout << "uploadwpa 1.0 ~ AlfAlfa\n"; std::cout << "This module will upload a wpa handshake from a single capture file to www.onlinehashcrack.com\n"; std::cout << "or you can give it up to 10 hashes seperated by spaces and of any hashes the site supports\nUsage:\n"; std::cout << "{Send WPA Handshake:}\nuploadwpa -e youremail@yourdomain.com -c myaccesspoint.cap\n"; std::cout << "uploadwpa -e email@yourdomain.com -c ~/captures/myaccesspoint.hccap -u \"A Custom User Agent\"\n"; std::cout << "{Send up to 10 hashes at once of hashes supported by the site:}\n"; std::cout << "uploadwpa -e youremail@yourdomain.com -a hash1 hash2 hash3 hash4 hash5 hash6 hash7 hash8 hash9 hash10\n"; std::cout << "{Send both sequentially:}\nuploadwpa -e example@example.com -a hash1 etc etc -c /path/to/capture.cap\n"; } bool postHashesTo_onlinehashcrack() { if(!http.get()) http = QuickHTTPClient::make(); if(!useThisUserAgent.empty()) http->userAgent = useThisUserAgent; if(http->Connect("www.onlinehashcrack.com",80)) { printf("Connected...\n"); http->referer = "http://www.onlinehashcrack.com/"; std::string postData = "textareaHashes="; postData += QuickHTTPClient::urlEncode(hashes) + "&emailHashes="; postData += QuickHTTPClient::urlEncode(email) + "&submit=Submit"; bool successful = http->Post("/hash-cracking.php", (char*)postData.c_str()); http->Close(); if(successful) return true; } return false; } bool postWPAHandshakeTo_onlinehashcrack() { if(!http.get()) http = QuickHTTPClient::make(); if(!useThisUserAgent.empty()) http->userAgent = useThisUserAgent; boundary = QuickHTTPClient::getRandomBoundary(); if(http->Connect("www.onlinehashcrack.com",80)) { printf("Connected...\n"); http->referer = "http://www.onlinehashcrack.com/"; std::string postData = "--" + boundary + "\r\nContent-Disposition: form-data; name=\"emailWpa\"\r\n\r\n" + email + "\r\n"; postData += "--" + boundary + "\r\nContent-Disposition: form-data; name=\"wpaFile\"; filename=\"" + file_name + "\""; postData += "\r\nContent-Type: application/vnd.tcpdump.pcap\r\n\r\n"; FILE *file = fopen(capture_file.c_str(), "rb"); if(!file) perror("ERROR Cannot open file"); fseek(file, 0, SEEK_END); long fileLen = ftell(file); rewind(file); printf("Capture file size: %lu\n", fileLen); size_t previousLen = postData.size(); postData.resize(previousLen + fileLen); fread((void*)&postData.data()[previousLen], fileLen, 1, file); fclose(file); postData += "\r\n--" + boundary + "\r\nContent-Disposition: form-data; name=\"submit\"\r\n\r\n"; postData += "Submit\r\n"; postData += boundary + "--\r\n\r\n"; bool successful = http->PostMultiPart("/wifi-wpa-rsna-psk-crack.php", postData, boundary); http->Close(); if(successful) return true; } return false; } int main(int argcount, char *args[]) { for(int i = 0; i < argcount; i++) { if(strcmp(args[i],"-e") == 0 || strcmp(args[i],"--email") == 0) { if(i < (argcount - 1)) email = args[i+1]; } if(strcmp(args[i],"-c") == 0 || strcmp(args[i],"--capture-file") == 0) { if(i < (argcount - 1)) { capture_file = args[i+1]; size_t lastSlash = capture_file.rfind('/'); if(lastSlash != std::string::npos) file_name = capture_file.substr(lastSlash+1); else file_name = capture_file; std::cout << "Capture file name: " << file_name << "\n"; } } if(strcmp(args[i],"-a") == 0 || strcmp(args[i],"--hashes") == 0) { int z = i; while(*args[++z] != '-') { hashes += args[z]; if(z == (argcount - 1) || *args[z+1] == '-') break; hashes += "\r\n"; } } if(strcmp(args[i],"-u") == 0 || strcmp(args[i],"--user-agent") == 0) { if(i < (argcount - 1)) useThisUserAgent = args[i+1]; } if(strcmp(args[i],"-h") == 0 || strcmp(args[i],"--help") == 0) { printHelp(); return 2; } } if(email.empty() || (hashes.empty() && capture_file.empty())) { printHelp(); return 2; } if(!hashes.empty()) postHashesTo_onlinehashcrack(); if(!capture_file.empty()) postWPAHandshakeTo_onlinehashcrack(); return 0; } QuickHTTPClient.hpp: #ifndef QUICKHTTPCLIENT_H #define QUICKHTTPCLIENT_H #include <iostream> #include <string.h> #include <unistd.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <netdb.h> #include <memory> class QuickHTTPClient { public: int sock, port, dataLength, bufferSize; struct hostent *server; struct sockaddr_in serverAddress; std::unique_ptr<char[]> buffer; std::string userAgent, host, referer, request; QuickHTTPClient() { port = 80; bufferSize = 0; userAgent = "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.5.0"; } ~QuickHTTPClient() { Close(); } static std::unique_ptr<QuickHTTPClient> make() { return std::unique_ptr<QuickHTTPClient>(new QuickHTTPClient()); } bool Connect(const char *hostname, int port); bool Get(char *page); bool Post(char *page, char *data); bool PostMultiPart(char *page, std::string &data, std::string &boundary); int Read(int maxBytes); int Write(char *writeBuffer, int writeSize); static std::string getRandomBoundary(); static std::string urlEncode(std::string str); static std::string urlDecode(std::string str); void Close() { close(sock); } }; #endif QuickHTTPClient.cpp: #include "QuickHTTPClient.hpp" bool QuickHTTPClient::Connect(const char *hostname, int port) { sock = socket(AF_INET, SOCK_STREAM, 0); if (sock < 0) { perror("ERROR opening socket"); return false; } server = gethostbyname(hostname); if (server == NULL) { perror("ERROR, no such host"); return false; } bzero((char *) &serverAddress, sizeof(serverAddress)); serverAddress.sin_family = AF_INET; bcopy((char *)server->h_addr, (char *)&serverAddress.sin_addr.s_addr, server->h_length); serverAddress.sin_port = htons(port); if (connect(sock,(struct sockaddr *) &serverAddress, sizeof(serverAddress)) < 0) { perror("ERROR connecting"); return false; } host = hostname; this->port = port; return true; } bool QuickHTTPClient::Get(char *page) { if(!page) return false; request = "GET "; request += page; request += " HTTP/1.1\r\n"; if(!host.empty()) request += "Host: " + host + "\r\n"; request += userAgent + "\r\n"; request += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"; request += "Accept-Language: en-US,en;q=0.5\r\n"; request += "Accept-Encoding: gzip, deflate\r\n"; if(!referer.empty()) request += "Referer: " + referer + "\r\n"; request += "Connection: keep-alive\r\n\r\n"; int wroteNum = Write((char*)request.c_str(), request.length()); std::cout << request; if(wroteNum > 0) { int readNum = Read(4096); std::cout << buffer.get() << "\n"; if(readNum > 0) return true; } return false; } bool QuickHTTPClient::Post(char *page, char *data) { if(!page && !data) return false; request = "POST "; request += page; request += " HTTP/1.1\r\n"; if(!host.empty()) request += "Host: " + host + "\r\n"; request += userAgent + "\r\n"; request += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"; request += "Accept-Language: en-US,en;q=0.5\r\n"; request += "Accept-Encoding: gzip, deflate\r\n"; if(!referer.empty()) request += "Referer: " + referer + "\r\n"; request += "Connection: keep-alive\r\n"; request += "Content-Type: application/x-www-form-urlencoded\r\n"; request += "Content-Length: "; char dataLenStr[21]{0}; sprintf(dataLenStr, "%lu", strlen(data)); request += dataLenStr; request += "\r\n\r\n"; request += data; request += "\r\n\r\n"; int wroteNum = Write((char*)request.c_str(), request.length()); std::cout << request; if(wroteNum > 0) { int readNum = Read(4096); std::cout << buffer.get() << "\n"; if(readNum > 0) return true; } return false; } bool QuickHTTPClient::PostMultiPart(char *page, std::string &data, std::string &boundary) { if(!page || data.empty()) return false; request = "POST "; request += page; request += " HTTP/1.1\r\n"; if(!host.empty()) request += "Host: " + host + "\r\n"; request += userAgent + "\r\n"; request += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"; request += "Accept-Language: en-US,en;q=0.5\r\n"; request += "Accept-Encoding: gzip, deflate\r\n"; if(!referer.empty()) request += "Referer: " + referer + "\r\n"; request += "Connection: keep-alive\r\n"; request += "Content-Type: multipart/form-data; boundary="; request += boundary + "\r\n"; request += "Content-Length: "; char dataLenStr[21]{0}; sprintf(dataLenStr, "%lu", data.size()); request += dataLenStr; request += "\r\n\r\n"; std::cout << request; request += data; request += "\r\n\r\n"; int wroteNum = Write((char*)request.c_str(), request.length()); if(wroteNum > 0) { int readNum = Read(4096); std::cout << buffer.get() << "\n"; if(readNum > 0) return true; } return false; } int QuickHTTPClient::Read(int maxBytes) { if(!buffer.get() || (bufferSize < maxBytes)) { buffer = std::unique_ptr<char[]>(new char[maxBytes]); bufferSize = maxBytes; } if(!buffer.get()) return -1; std::cout << "recieving...\n"; int num = recv(sock, buffer.get(), maxBytes, 0); if(num <= 0) { std:: cout << "ERROR reading from socket"; return 0; } dataLength = num; printf("Recieved... #bytes: %u\n",num); return num; } int QuickHTTPClient::Write(char *writeBuffer, int writeSize) { int num, total = 0, bytesLeft = writeSize; while(total < writeSize) { num = send(sock, writeBuffer+total, bytesLeft, 0); if(num <= 0) break; total += num; bytesLeft -= num; } if(total < writeSize) { std::cout << "ERROR writing to socket\n"; return 0; } printf("Sent... #bytes: %u\n",total); return total; } std::string QuickHTTPClient::getRandomBoundary() { std::string randomBoundary = "---------------------------"; { uint64_t random128bits[2]; FILE *randomness = fopen("/dev/urandom", "rb"); if(randomness) { fread(&random128bits[0], 16, 1, randomness); fclose(randomness); for(int i = 0; i < 2; i++) { char randomNum[30]; sprintf(randomNum,"%lu",random128bits[i]); randomBoundary += randomNum; } srand(time(0)); int losehowmanydigits = rand() % 3 + 11; randomBoundary.resize(randomBoundary.size()-losehowmanydigits); //resulting in a 23 - 29 digit number appended to 27 dashes (like how iceweasal does it) return randomBoundary; } } return ""; } std::string QuickHTTPClient::urlEncode(std::string str) { std::string new_str = ""; char c; int ic; const char* chars = str.c_str(); char bufHex[10]; int len = strlen(chars); for(int i=0;i<len;i++) { c = chars[i]; ic = c; // uncomment this if you want to encode spaces with + /*if (c==' ') new_str += '+'; else */ if (isalnum(c) || c == '-' || c == '_' || c == '.' || c == '~') new_str += c; else { sprintf(bufHex,"%X",c); if(ic < 16) new_str += "%0"; else new_str += "%"; new_str += bufHex; } } return new_str; } std::string QuickHTTPClient::urlDecode(std::string str) { std::string ret; char ch; int i, ii, len = str.length(); for (i=0; i < len; i++) { if(str[i] != '%') { if(str[i] == '+') ret += ' '; else ret += str[i]; } else { sscanf(str.substr(i + 1, 2).c_str(), "%x", &ii); ch = static_cast<char>(ii); ret += ch; i = i + 2; } } return ret; } Create all three files in some directory... Open up a terminal, cd to that location, then run: g++ -std=c++0x uploadwpa.cpp QuickHTTPClient.cpp -o uploadwpa Then you can run it: ./uploadwpa -h (this prints out the help screen (also with no parameters does as well)) root@UNKNOWN:/home/Alf/codeblocks/uploadwpa/bin/Release# ./uploadwpa -h uploadwpa 1.0 ~ AlfAlfa This module will upload a wpa handshake from a single capture file to www.onlinehashcrack.com or you can give it up to 10 hashes seperated by spaces and of any hashes the site supports Usage: {Send WPA Handshake:} uploadwpa -e youremail@yourdomain.com -c myaccesspoint.cap uploadwpa -e email@yourdomain.com -c ~/captures/myaccesspoint.hccap -u "A Custom User Agent" {Send up to 10 hashes at once of hashes supported by the site:} uploadwpa -e youremail@yourdomain.com -a hash1 hash2 hash3 hash4 hash5 hash6 hash7 hash8 hash9 hash10 {Send both sequentially:} uploadwpa -e example@example.com -a hash1 etc etc -c /path/to/capture.cap EDIT: Just added the ability to use a custom user agent with the -u or --user-agent switch if you don't specify one it just uses kali linux's Iceweasel user agent string. This is so we don't necessarily all have to look the same and you can appear to be a different user agent if you want! Yee hee! Edited December 30, 2015 by AlfAlfa 1 Quote Link to comment Share on other sites More sharing options...
audibleblink Posted January 14, 2016 Share Posted January 14, 2016 (edited) In an effort to encourage users to become more comfortable with the command line verion of the tools they use on the Nano, I'm thinking of making a simple module to cut my teeth on the new API. What do yinz think of a module that shows the commands that other modules run? Like, a 'learning mode' for the Nano. For example, I can start a Recon scan on the GUI and come over to the module, select Recon, and it will show the airmon command that's actually running to get the SSIDs in the area. The command would also be a hyperlink to that exact command on http://explainshell.comso one could see what all the flags mean. I'll get started once I get my actual computer back, but I made repo at https://github.com/audibleblink/learn-you-shell. Thoughts? Is it even feasible? Haven't looked at the API yet but just browsing through some already-made modules makes it seem simple enough. Edited January 14, 2016 by audibleblink 2 Quote Link to comment Share on other sites More sharing options...
HammerHead_0718 Posted January 14, 2016 Share Posted January 14, 2016 I love the idea. As a new user to the pineapple and linux CLI I have been forcing myself to learn as much as I can by using shell. So far, I have managed to place wlan0, wlan1 in monitor mode stop it and kill interfering processes. I've learned to use airodump-ng as well. Including some of the options to monitor channels essids and bssids. Not to mention actually creating a file output. And right now I'm working on aircrack-ng. I have learned the basic options for wep/wpa2 cracking. All this in the past 1-2 weeks of having the pineapple. So I'm all for a learning module but only because I need to know how it works not just that it works if that makes any sense. If I knew how to code in AngularJS, or any other relevant language, I'd be all over it. Either way, I'd love to give constructive feedback if it's the only contribution I can add. Good luck! Quote Link to comment Share on other sites More sharing options...
sud0nick Posted January 15, 2016 Share Posted January 15, 2016 It's a good idea. I did this very thing in my infusion Crafty which serves as an interface for hping3. It's definitely possible but may take some effort if you are trying to put all of the commands from different modules into one. I think it's easier for each developer to add it to their own module but you can't really make them do that. Sidebar fun fact: Microsoft started doing this on Server 2012 with their Active Directory Administrative Center. Every time you do something in the GUI (i.e. create/remove/modify a user/computer, etc.) the equivalent PowerShell command is displayed so you can script it later. It helps admins learn how to use PowerShell while performing daily tasks in the GUI. Quote Link to comment Share on other sites More sharing options...
audibleblink Posted January 15, 2016 Share Posted January 15, 2016 Sidebar fun fact: Microsoft started doing this on Server 2012 with their Active Directory Administrative Center. Every time you do something in the GUI (i.e. create/remove/modify a user/computer, etc.) the equivalent PowerShell command is displayed so you can script it later. It helps admins learn how to use PowerShell while performing daily tasks in the GUI. That's awesome. I desperately wanted something like this when I first picked up Wireshark. "This is all well and good, but tell me how to do it in tshark" Quote Link to comment Share on other sites More sharing options...
rabbidmind Posted January 24, 2016 Share Posted January 24, 2016 I think it is an excellent plan to see this complimentay commandline get implemented! If I were able to afford any time to contibute I would love to help. Quote Link to comment Share on other sites More sharing options...
Rainman_34 Posted January 27, 2016 Share Posted January 27, 2016 I think this is a great idea. I am willing to help with any html and css work you may need. I do quite a bit with bootstrap which is a good part for helping with the html and css in the new pineAP. I'm sure you wont really need help in those but if so please let me know. Quote Link to comment Share on other sites More sharing options...
Kapu Lanai Posted February 8, 2016 Share Posted February 8, 2016 Maybe I'm new to the scene and unfamiliar with other modules already done. Maybe I'm in the wrong section. But I have an interest in being able to GPS locate wireless signals. Both routers and devices. In my mind this is an essential wardriving function for anyone who owns a pineapple. So I'd like the module to draw lightweight, simple maps with tool tips that expand to provide info like coordinates, accuracy, strength, ssid, mac, security. Having a feature to preview this inside the module would be a great plus for being in the now but being able to export to third party apps would be great too. Anyone with food for thought would be greatly appreciated. 1 Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 8, 2016 Share Posted February 8, 2016 There was something similar being built for the MKV but it appears the project has been abandoned. https://forums.hak5.org/index.php?/topic/34872-infusion-wifi-locator/ Quote Link to comment Share on other sites More sharing options...
Kapu Lanai Posted February 8, 2016 Share Posted February 8, 2016 The links to source are dead :( Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 8, 2016 Share Posted February 8, 2016 (edited) They weren't when I checked last night...but there also wasn't much that was developed. Edited February 8, 2016 by sud0nick Quote Link to comment Share on other sites More sharing options...
Brian3656 Posted February 12, 2016 Share Posted February 12, 2016 Seems similar to the functionality from Kismet to me.... wonder if anyone is working on a module for that? Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 12, 2016 Share Posted February 12, 2016 It's only similar to Kismet in the sense that it looks for wireless networks around you. The difference here would be that coordinates would be associated with the AP so the data could be displayed over a map. Quote Link to comment Share on other sites More sharing options...
WiFiJuice Posted February 14, 2016 Author Share Posted February 14, 2016 Anyone up for building this module to crack passwords without any directory via onlinehashcrack.com? Would really be helpful... Searching GitHub for onlinehashcrack.com a lot comes up that can be used. Never built any module, otherwise I would try to do it myself. Yea that doesn't sound too bad it's not even using TLS/SSL! Should be a sinch :) Just GET / HTTP/1.1 Host: onlinehashcrack.com Then a POST /wifi-wpa-rsna-psk-crack.php HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.5.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://www.onlinehashcrack.com/ Connection: keep-alive Content-Type: multipart/form-data; boundary=---------------------------12414623831213293040140603178 Content-Length: 4571534 -----------------------------12414623831213293040140603178 Content-Disposition: form-data; name="emailWpa" youremail@yourdomain.com -----------------------------12414623831213293040140603178 Content-Disposition: form-data; name="wpaFile"; filename="capturefile.cap" Content-Type: application/vnd.tcpdump.pcap ----- data goes here ---- \r\n\r\n Then ungzip the response and check that it was successfully uploaded or just assume it was and see if you get an email :)Also do the hash form as well, or instead if it's easier: (where you can enter up to 10 hashes instead of a capture file, can you write a WPA handshake like that though?) POST /hash-cracking.php HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.5. ---yada yada--- textareaHashes=hash-1\r\nhash-2\r\nhash-3\r\netc-etc-etc&emailHashes=youremail@yourdomain \r\n\r\n Yeehee! Quote Link to comment Share on other sites More sharing options...
WiFiJuice Posted February 14, 2016 Author Share Posted February 14, 2016 I would really use a module that made me skip using a directory to crack the wifi hashes, such as onlinehashcrack.com. There is a lot of onlinehashcrack.com scripts on GitHub that will make it easier to develop this module. It will only need to send my e-mail and the hash or Wifi WPA(2) to that site, and it will mail me once it's ready. Can anyone that made modules before do this please? Really appreciated! 1 Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 14, 2016 Share Posted February 14, 2016 (edited) I thought I read somewhere on the forums that someone was working on this already. If I find it I'll edit my post with the link. Edit: According to this post it looks like you found it. Edited February 14, 2016 by sud0nick Quote Link to comment Share on other sites More sharing options...
WiFiJuice Posted February 14, 2016 Author Share Posted February 14, 2016 No, that's not a real module. Only some code that might work in a module. I would like to have it as a real working module to my NANO and TETRA. Anyone up for fixing this? I'm sure more than me would find it very useful. I thought I read somewhere on the forums that someone was working on this already. If I find it I'll edit my post with the link. Edit: According to this post it looks like you found it. Quote Link to comment Share on other sites More sharing options...
sud0nick Posted February 14, 2016 Share Posted February 14, 2016 No, that's not a real module. Only some code that might work in a module. I would like to have it as a real working module to my NANO and TETRA. Anyone up for fixing this? I'm sure more than me would find it very useful. You could do it yourself. Quote Link to comment Share on other sites More sharing options...
AlfAlfa Posted February 14, 2016 Share Posted February 14, 2016 (edited) No, that's not a real module. Only some code that might work in a module. I would like to have it as a real working module to my NANO and TETRA. Anyone up for fixing this? I'm sure more than me would find it very useful. Ok well I haven't gotten a pineapple yet, so I was finding it a little difficult to make it into a module since I'm coding blind basically. (At least with the GUI part which I can't test)... Also the pineapple site seems to only have mk 4 & 5 listed infusions and not the latest modules (I guess you have to have a pineapple to get at them, or even to know where they're at). I've uploaded what I have so far to github... How do I even submit my module to be accepted? I wanted to also make it support customizable data inputs of sites, so instead of me having to maintain a list of supported sites to upload the WPA handshakes to the user could set up their own. Also I was adding SSL support as well (which is pretty much done but the customizable input not). https://github.com/Alf-Alfa/uploadwpa Since you're interested in this module, and even though I don't have a pineapple, you can test it and if there's anything wrong I'll fix it and you test it again :) I think I've got the php code and javascript and html down right, but I'm not 100% sure! (The actual binary / main application does work, I just tested it again to make sure and nothing changed that would break it, so all is good with the functioning part of it, now it's just connecting the gui to it) Also I'm not entirely sure how to cross compile it, so if you can get a c++ compiler onto the pineapple itself that'll probably be the easiest way to compile it for the pineapple. Download the zip from my github, and copy the "UploadWPA" folder to /pineapple/modules Then you have to build the .cpp source files into uploadwpa cli binary... -> g++ -std=c++0x HTTPClient.cpp uploadwpa.cpp -o uploadwpa Finally I think but I'm not sure that you then copy it to /usr/bin or /usr/local/bin and that way the php script can use "exec" which calls the uploadwpa cli binary! Let me know how it goes, or if somethings wrong or if you need more help! EDIT: Just to clarify, no this isn't a hypothetical pseudo code, it is a tested and functioning application. The pseudo HTTP requests were what I typed up first to give myself a reference to work on it, then I actually created the application and made it work. The only difference is I made it a linux application, but I didn't use anything linux specific, it should compile for say a pineapple as well! So let's get it going on one! :D See it works -> (Email and Path To WPA Handshake Capture File entered as parameters of the app in the terminal, then wait for it... email pops up in the background showing they did in fact receive it and it started processing...) The gui module I just took a stab at will call the this cli application to do the thing! Edited February 14, 2016 by AlfAlfa 1 Quote Link to comment Share on other sites More sharing options...
AlfAlfa Posted February 14, 2016 Share Posted February 14, 2016 (edited) Then it will just be a short matter of time for developers to submit their modules to us and for us to make them available. Once that is done, I'm going to have time to publish documentation for other developers to start creating modules. Best Regards, Sebkinne Okay this may seem like a silly question but I can't find where to actually submit a module for the approval process?! WiFiJuice requested a certain module and I basically created it for him, but unlike I thought he should be able to he wasn't able to or even sure that he was supposed to compile it on his pineapple. So perhaps if it was made into an actual module that would make it easier since you guys would have it compiled for the right architecture and easily installable through the module manager. So I put the next step in at actually taking a crack (no pun intended lol) at the GUI part of the module (which was covered in Let's Code: Session 1) It's here on my github, hopefully I got the php and javascript right at least for getting it working on the most basic level. Which it connects to the cli binary to exec what actually makes it work. https://github.com/Alf-Alfa/uploadwpa Since it's my first module and knowing that I haven't gotten my pineapple yet, if the gui code is not quite right then helping me fix it would be appreciated. Also if I perhaps included something in my cpp source that isn't available on the pineapple let me know. Although I feel like I just used standard unix stuff so that part of it should be alright. I just tested it again as well to make sure it still works and it does. Thanks, Alf Edited February 14, 2016 by AlfAlfa 1 Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted February 14, 2016 Share Posted February 14, 2016 The submit process is not done yet fo the NANO / TETRA but Seb is working on it :) The problem I see with your module is that it depends on a binary which have to be compiled by the user before being able to use the module. Other stuff I see: 1) you're calling installDependency("uploadwpa") to install your binary. This will not work as the function uses opkg update && opkg install to install binary from the repository but uploadwpa is not a standard OpenWrt binary (as you've develop it yourself) and is not in the repository. 2) Same with exec("opkg remove uploadwpa") which will not work as this is only for binary which have been installed with opkg. 3) Same with checkDependency("uploadwpa"), which will test is the binary is in the opkg list-installed. And finally, modules cannot come with pre-compile binaries, it's against rules set for the pineapple submission process. So your binary will have to be approved and validated to be included in the repository so that you could use then the standard API methods such as checkDependency or installDependency. This means that you would have to create a standard OpenWrt makefile for it. What I suggest is that you use python, perl or shell script to replace your uploadwpa. 2 Quote Link to comment Share on other sites More sharing options...
AlfAlfa Posted February 14, 2016 Share Posted February 14, 2016 Thank you whistle master! That clarifies most of it. Except you said I can't use that installDependency / checkDependency stuff, but then you said it would work if it's an approved source code? That's what I was aiming for, to get it approved and I was under the impression that if it did it would be available through those methods. I wasn't able to find the sources of all the modules though, and I got that from one of the modules that I did happen to find on github that I was using to help me build mine (as a more full example than just the sample.tar.gz). I would python it, but I have my heart set on C/C++ code! I'll look into creating a standard OpenWrt makefile, so if I did though pineapples have built in the "build-essential" or whatever's needed for building a c++ binary right on the pineapple itself? So I could just have Wifijuice (after creating the makefile) do a make && make install? Or would you recommend cross compilation? Right now the code is short and clean and the binary isn't there only the source, so yes the user does have to build it themselves as of now. I've already got SSL working in my other branch and that opens the door for making it work with other sites too so it's not just limited to one. However instead of having to maintain the list of sites and parameters for them myself I am going to go with the customizable route, where you could run it to try to automatically scrape the parameters / post variables in order to upload the wpa handshake as long as the site uses the same method "multi-part form data" Or if that fails manually enter into your list of sites the variables that particular site wants. Thanks again, and keep me posted for when the verification process gets set up and in the meantime I'll have to help Wifijuice build it from source. Then further work on my improvements I've talked about! It's great that you only found that stuff wrong with it, so the code actually worked on a pineapple except for the dependencies that aren't existent yet right?! Awesome! 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.