Jump to content
Hak5 Forums
WiFiJuice

Modules Requests Discussion

Recommended Posts

Is it possible to build a module integrated with http://www.onlinehashcrack.com/to be able to crack the hashes without a directory? Good idea?

[uPDATE -> latest post, posted here] I had to get caught up in my other work, but I finally got uploadwpa2 into a state that it has been much improved and is a worthy update!

The main difference is adding SSL support, but also switching from hard coded specialized functions which would have to be coded for each site and re-done if the site changed, to a json config file with the default config stored at ~/.uploadwpa2/sites.cfg

It's a pretty simple format, and should be able to be configured for most sites except that require a logged in session or captcha. (maybe future features)

So with the standard openwrt sdk now I'm fairly sure I got the packaging right this time, so check the package out or it can be just built from source again.

additional dependencies: +libopenssl +libcrypto makefile has been updated.

"I cant put enough emphasis on this, this is not an official package provided from the hak5 team, and there for is NOT supported by them. Until if and or when they add it into their official repos, and you download it from their official repos, this is all installed at YOUR OWN RISK. so using this provided ipk, do not go to the hak5 team for support for which are not officially provided by them.

i also hold no responsibility for any damage or for your usage that may occur, i can provide the sources and installable ipk, and can give you my word that their is no malicious code added to this ipk, it is clean and has no infection.

it is your choice and responsibility if you want to use them or not."

You've been warned, now here is the goods :)

---------------------------------------------------------------------------------------------------------------

IPK:

http://www.filedropp...loadwpa21ar71xx

http://www.speedysha...a2-1-ar71xx.ipk

Source:

https://github.com/Alf-Alfa/uploadwpa

EDIT: I've just realized I completely overlooked the javascript and php side of things, I'll have to flesh it out with support for the newer features. Like being able to give it more than 10 hashes at a time (you just configure how many hashes it accepts per post) and it sends out as many post requests as necessary to complete the job. (example of one new feature)

Yea that doesn't sound too bad it's not even using TLS/SSL! Should be a sinch :)

Just

GET / HTTP/1.1
Host: onlinehashcrack.com

Then a

POST /wifi-wpa-rsna-psk-crack.php HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.5.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.onlinehashcrack.com/
Connection: keep-alive
Content-Type: multipart/form-data; boundary=---------------------------12414623831213293040140603178
Content-Length: 4571534

-----------------------------12414623831213293040140603178
Content-Disposition: form-data; name="emailWpa"

youremail@yourdomain.com
-----------------------------12414623831213293040140603178
Content-Disposition: form-data; name="wpaFile"; filename="capturefile.cap"
Content-Type: application/vnd.tcpdump.pcap
----- data goes here ----
\r\n\r\n

Then ungzip the response and check that it was successfully uploaded or just assume it was and see if you get an email :)

Also do the hash form as well, or instead if it's easier: (where you can enter up to 10 hashes instead of a capture file, can you write a WPA handshake like that though?)

POST /hash-cracking.php HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.5.
---yada yada---
textareaHashes=hash-1\r\nhash-2\r\nhash-3\r\netc-etc-etc&emailHashes=youremail@yourdomain
\r\n\r\n

Yeehee! :smile:

Edited by AlfAlfa
  • Upvote 1

Share this post


Link to post
Share on other sites

Yea that doesn't sound too bad it's not even using TLS/SSL! Should be a sinch :)

Just

GET / HTTP/1.1
Host: onlinehashcrack.com
Then a

POST /wifi-wpa-rsna-psk-crack.php HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.5.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.onlinehashcrack.com/
Connection: keep-alive
Content-Type: multipart/form-data; boundary=---------------------------12414623831213293040140603178
Content-Length: 4571534

-----------------------------12414623831213293040140603178
Content-Disposition: form-data; name="emailWpa"

youremail@yourdomain.com
-----------------------------12414623831213293040140603178
Content-Disposition: form-data; name="wpaFile"; filename="capturefile.cap"
Content-Type: application/vnd.tcpdump.pcap
----- data goes here ----
\r\n\r\n
 
Then ungzip the response and check that it was successfully uploaded or just assume it was and see if you get an email :)

Also do the hash form as well, or instead if it's easier: (where you can enter up to 10 hashes instead of a capture file, can you write a WPA handshake like that though?)

POST /hash-cracking.php HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.5.
---yada yada---
textareaHashes=hash-1\r\nhash-2\r\nhash-3\r\netc-etc-etc&emailHashes=youremail@yourdomain
\r\n\r\n
Yeehee! :smile:

WOW! You are the best man :) Thanks a lot!

Should I paste this code in the command line or can I make a module out it? I'm all new to the WiFi Pineapple world...

  • Upvote 1

Share this post


Link to post
Share on other sites

You cannot paste that into the command line. That is a raw HTTP request and response. I believe his intention was to show that it was not complicated. I am not sure why he has the initial GET request there. Maybe to get cookies? Anyway, a quick search on GitHub reveals that this has been done before. It might be worth looking over some of the code others have written. It appears that setting the referrer header is important.

Yea that wouldn't be any fun though, plus I'm guessing it's probably written in python or something, I wanted to do it in C++ and see what I came up with. I suppose now that I've done it I could look and compare and see if they did it better or if I did... :happy: I cheated a little bit though, I reproduced the pages to receive posted data and got everything working testing on a local apache server, then once I got everything pretty solid, I did the real test, and it worked! (since I didn't want to be uploading tons of files and I don't have that many anyway so I kind of had to get it right the first time, which I did!) EDIT: lol it seems I guessed right, first result is python lol

WOW! You are the best man :) Thanks a lot!

Should I paste this code in the command line or can I make a module out it? I'm all new to the WiFi Pineapple world...

Note quite, but with my tool that I built for linux that I'm going to make into a pineapple module when the API comes out and I learn how to cross compile for it, you can run this simple command:

uploadwpa -e youremail@whatever.com -c /path/to/wpahandshake.cap

or

uploadwpa -e blah@blah.com -a hash1 hash2 hash3 etc

up to 10 hashes for the other hashes the site supports

:grin:

Yep it sure was simple enough alright! I used unix sockets (with Beej's networking guide for reference, and borrowed urlEncoding+urlDecoding functions from stackoverflow, and whipped up a quick and simple http client)

Enter the command and blink! The email appears with a link to the status of the job!

GcLTiFk.gif

Written in C++ using codeblocks, and there's only three simple files->

uploadwpa.cpp:

/* uploadwpa 1.0 ~ AlfAlfa */
#include "QuickHTTPClient.hpp"

std::unique_ptr<QuickHTTPClient> http;
std::string email, hashes, capture_file, file_name, boundary, useThisUserAgent;

void printHelp()
{
    std::cout << "uploadwpa 1.0 ~ AlfAlfa\n";
    std::cout << "This module will upload a wpa handshake from a single capture file to www.onlinehashcrack.com\n";
    std::cout << "or you can give it up to 10 hashes seperated by spaces and of any hashes the site supports\nUsage:\n";
    std::cout << "{Send WPA Handshake:}\nuploadwpa -e youremail@yourdomain.com -c myaccesspoint.cap\n";
    std::cout << "uploadwpa -e email@yourdomain.com -c ~/captures/myaccesspoint.hccap -u \"A Custom User Agent\"\n";
    std::cout << "{Send up to 10 hashes at once of hashes supported by the site:}\n";
    std::cout << "uploadwpa -e youremail@yourdomain.com -a hash1 hash2 hash3 hash4 hash5 hash6 hash7 hash8 hash9 hash10\n";
    std::cout << "{Send both sequentially:}\nuploadwpa -e example@example.com -a hash1 etc etc -c /path/to/capture.cap\n";
}

bool postHashesTo_onlinehashcrack()
{
    if(!http.get()) http = QuickHTTPClient::make();
    if(!useThisUserAgent.empty()) http->userAgent = useThisUserAgent;

    if(http->Connect("www.onlinehashcrack.com",80))
    {
        printf("Connected...\n");

        http->referer = "http://www.onlinehashcrack.com/";

        std::string postData = "textareaHashes=";
        postData += QuickHTTPClient::urlEncode(hashes) + "&emailHashes=";
        postData += QuickHTTPClient::urlEncode(email) + "&submit=Submit";

        bool successful = http->Post("/hash-cracking.php", (char*)postData.c_str());
        http->Close();

        if(successful) return true;
    }
    return false;
}

bool postWPAHandshakeTo_onlinehashcrack()
{
    if(!http.get()) http = QuickHTTPClient::make();
    if(!useThisUserAgent.empty()) http->userAgent = useThisUserAgent;

    boundary = QuickHTTPClient::getRandomBoundary();

    if(http->Connect("www.onlinehashcrack.com",80))
    {
        printf("Connected...\n");

        http->referer = "http://www.onlinehashcrack.com/";

        std::string postData = "--" + boundary + "\r\nContent-Disposition: form-data; name=\"emailWpa\"\r\n\r\n" + email + "\r\n";
        postData += "--" + boundary + "\r\nContent-Disposition: form-data; name=\"wpaFile\"; filename=\"" + file_name + "\"";
        postData += "\r\nContent-Type: application/vnd.tcpdump.pcap\r\n\r\n";

        FILE *file = fopen(capture_file.c_str(), "rb");
        if(!file) perror("ERROR Cannot open file");

        fseek(file, 0, SEEK_END);
        long fileLen = ftell(file);
        rewind(file);

        printf("Capture file size: %lu\n", fileLen);

        size_t previousLen = postData.size();
        postData.resize(previousLen + fileLen);
        fread((void*)&postData.data()[previousLen], fileLen, 1, file);
        fclose(file);

        postData += "\r\n--" + boundary + "\r\nContent-Disposition: form-data; name=\"submit\"\r\n\r\n";
        postData += "Submit\r\n";
        postData += boundary + "--\r\n\r\n";

        bool successful = http->PostMultiPart("/wifi-wpa-rsna-psk-crack.php", postData, boundary);
        http->Close();

        if(successful) return true;
    }
    return false;
}

int main(int argcount, char *args[])
{
    for(int i = 0; i < argcount; i++)
    {
        if(strcmp(args[i],"-e") == 0 || strcmp(args[i],"--email") == 0)
        {
            if(i < (argcount - 1))
                email = args[i+1];
        }
        if(strcmp(args[i],"-c") == 0 || strcmp(args[i],"--capture-file") == 0)
        {
            if(i < (argcount - 1))
            {
                capture_file = args[i+1];

                size_t lastSlash = capture_file.rfind('/');
                if(lastSlash != std::string::npos)
                    file_name = capture_file.substr(lastSlash+1);
                else
                    file_name = capture_file;
                std::cout << "Capture file name: " << file_name << "\n";
            }
        }
        if(strcmp(args[i],"-a") == 0 || strcmp(args[i],"--hashes") == 0)
        {
            int z = i;
            while(*args[++z] != '-')
            {
                hashes += args[z];
                if(z == (argcount - 1) || *args[z+1] == '-') break;
                hashes += "\r\n";
            }
        }
        if(strcmp(args[i],"-u") == 0 || strcmp(args[i],"--user-agent") == 0)
        {
            if(i < (argcount - 1))
                useThisUserAgent = args[i+1];
        }
        if(strcmp(args[i],"-h") == 0 || strcmp(args[i],"--help") == 0)
        {
            printHelp();
            return 2;
        }
    }

    if(email.empty() || (hashes.empty() && capture_file.empty()))
    {
        printHelp();
        return 2;
    }

    if(!hashes.empty())
        postHashesTo_onlinehashcrack();

    if(!capture_file.empty())
        postWPAHandshakeTo_onlinehashcrack();

    return 0;
}



QuickHTTPClient.hpp:

#ifndef QUICKHTTPCLIENT_H
#define QUICKHTTPCLIENT_H

#include <iostream>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <memory>

class QuickHTTPClient
{
public:
    int sock, port, dataLength, bufferSize;
    struct hostent *server;
    struct sockaddr_in serverAddress;
    std::unique_ptr<char[]> buffer;
    std::string userAgent, host, referer, request;

    QuickHTTPClient() { port = 80; bufferSize = 0; userAgent = "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.5.0"; }
    ~QuickHTTPClient() { Close(); }
    static std::unique_ptr<QuickHTTPClient> make()
    {
        return std::unique_ptr<QuickHTTPClient>(new QuickHTTPClient());
    }

    bool Connect(const char *hostname, int port);
    bool Get(char *page);
    bool Post(char *page, char *data);
    bool PostMultiPart(char *page, std::string &data, std::string &boundary);
    int Read(int maxBytes);
    int Write(char *writeBuffer, int writeSize);
    static std::string getRandomBoundary();
    static std::string urlEncode(std::string str);
    static std::string urlDecode(std::string str);
    void Close() { close(sock); }
};

#endif


QuickHTTPClient.cpp:

#include "QuickHTTPClient.hpp"

bool QuickHTTPClient::Connect(const char *hostname, int port)
{
    sock = socket(AF_INET, SOCK_STREAM, 0);
    if (sock < 0)
    {
        perror("ERROR opening socket");
        return false;
    }

    server = gethostbyname(hostname);
    if (server == NULL)
    {
        perror("ERROR, no such host");
        return false;
    }

    bzero((char *) &serverAddress, sizeof(serverAddress));
    serverAddress.sin_family = AF_INET;
    bcopy((char *)server->h_addr, (char *)&serverAddress.sin_addr.s_addr, server->h_length);

    serverAddress.sin_port = htons(port);
    if (connect(sock,(struct sockaddr *) &serverAddress, sizeof(serverAddress)) < 0)
    {
        perror("ERROR connecting");
        return false;
    }

    host = hostname;
    this->port = port;
    return true;
}

bool QuickHTTPClient::Get(char *page)
{
    if(!page) return false;

    request = "GET ";
    request += page;
    request += " HTTP/1.1\r\n";
    if(!host.empty())
        request += "Host: " + host + "\r\n";
    request += userAgent + "\r\n";
    request += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
    request += "Accept-Language: en-US,en;q=0.5\r\n";
    request += "Accept-Encoding: gzip, deflate\r\n";
    if(!referer.empty())
        request += "Referer: " + referer + "\r\n";
    request += "Connection: keep-alive\r\n\r\n";

    int wroteNum = Write((char*)request.c_str(), request.length());
    std::cout << request;
    if(wroteNum > 0)
    {
        int readNum = Read(4096);
        std::cout << buffer.get() << "\n";
        if(readNum > 0) return true;
    }
    return false;
}

bool QuickHTTPClient::Post(char *page, char *data)
{
    if(!page && !data) return false;

    request = "POST ";
    request += page;
    request += " HTTP/1.1\r\n";
    if(!host.empty())
        request += "Host: " + host + "\r\n";
    request += userAgent + "\r\n";
    request += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
    request += "Accept-Language: en-US,en;q=0.5\r\n";
    request += "Accept-Encoding: gzip, deflate\r\n";
    if(!referer.empty())
        request += "Referer: " + referer + "\r\n";
    request += "Connection: keep-alive\r\n";
    request += "Content-Type: application/x-www-form-urlencoded\r\n";
    request += "Content-Length: ";
    char dataLenStr[21]{0};
    sprintf(dataLenStr, "%lu", strlen(data));
    request += dataLenStr;
    request += "\r\n\r\n";
    request += data;
    request += "\r\n\r\n";

    int wroteNum = Write((char*)request.c_str(), request.length());

    std::cout << request;
    if(wroteNum > 0)
    {
        int readNum = Read(4096);
        std::cout << buffer.get() << "\n";
        if(readNum > 0) return true;
    }

    return false;
}

bool QuickHTTPClient::PostMultiPart(char *page, std::string &data, std::string &boundary)
{
    if(!page || data.empty()) return false;

    request = "POST ";
    request += page;
    request += " HTTP/1.1\r\n";
    if(!host.empty())
        request += "Host: " + host + "\r\n";
    request += userAgent + "\r\n";
    request += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
    request += "Accept-Language: en-US,en;q=0.5\r\n";
    request += "Accept-Encoding: gzip, deflate\r\n";
    if(!referer.empty())
        request += "Referer: " + referer + "\r\n";
    request += "Connection: keep-alive\r\n";
    request += "Content-Type: multipart/form-data; boundary=";
    request += boundary + "\r\n";
    request += "Content-Length: ";
    char dataLenStr[21]{0};
    sprintf(dataLenStr, "%lu", data.size());
    request += dataLenStr;
    request += "\r\n\r\n";
    std::cout << request;

    request += data;
    request += "\r\n\r\n";

    int wroteNum = Write((char*)request.c_str(), request.length());
    if(wroteNum > 0)
    {
        int readNum = Read(4096);
        std::cout << buffer.get() << "\n";
        if(readNum > 0) return true;
    }
    return false;
}

int QuickHTTPClient::Read(int maxBytes)
{
    if(!buffer.get() || (bufferSize < maxBytes))
    {
        buffer = std::unique_ptr<char[]>(new char[maxBytes]);
        bufferSize = maxBytes;
    }
    if(!buffer.get()) return -1;

    std::cout << "recieving...\n";

    int num = recv(sock, buffer.get(), maxBytes, 0);
    if(num <= 0)
    {
        std:: cout << "ERROR reading from socket";
        return 0;
    }

    dataLength = num;
    printf("Recieved... #bytes: %u\n",num);
    return num;
}

int QuickHTTPClient::Write(char *writeBuffer, int writeSize)
{
    int num, total = 0, bytesLeft = writeSize;

    while(total < writeSize)
    {
        num = send(sock, writeBuffer+total, bytesLeft, 0);
        if(num <= 0) break;
        total += num;
        bytesLeft -= num;
    }

    if(total < writeSize)
    {
        std::cout << "ERROR writing to socket\n";
        return 0;
    }

    printf("Sent... #bytes: %u\n",total);
    return total;
}

std::string QuickHTTPClient::getRandomBoundary()
{
    std::string randomBoundary = "---------------------------";
    {
        uint64_t random128bits[2];
        FILE *randomness = fopen("/dev/urandom", "rb");
        if(randomness)
        {
            fread(&random128bits[0], 16, 1, randomness);
            fclose(randomness);
            for(int i = 0; i < 2; i++)
            {
                char randomNum[30];
                sprintf(randomNum,"%lu",random128bits[i]);
                randomBoundary += randomNum;
            }

            srand(time(0));
            int losehowmanydigits = rand() % 3 + 11;
            randomBoundary.resize(randomBoundary.size()-losehowmanydigits);
            //resulting in a 23 - 29 digit number appended to 27 dashes (like how iceweasal does it)
            return randomBoundary;
        }
    }
    return "";
}

std::string QuickHTTPClient::urlEncode(std::string str)
{
    std::string new_str = "";
    char c;
    int ic;
    const char* chars = str.c_str();
    char bufHex[10];
    int len = strlen(chars);

    for(int i=0;i<len;i++)
    {
        c = chars[i];
        ic = c;
        // uncomment this if you want to encode spaces with +
        /*if (c==' ') new_str += '+';
        else */
        if (isalnum(c) || c == '-' || c == '_' || c == '.' || c == '~') new_str += c;
        else
        {
            sprintf(bufHex,"%X",c);
            if(ic < 16)
                new_str += "%0";
            else
                new_str += "%";
            new_str += bufHex;
        }
    }
    return new_str;
 }

std::string QuickHTTPClient::urlDecode(std::string str)
{
    std::string ret;
    char ch;
    int i, ii, len = str.length();

    for (i=0; i < len; i++)
    {
        if(str[i] != '%')
        {
            if(str[i] == '+')
                ret += ' ';
            else
                ret += str[i];
        }
        else
        {
            sscanf(str.substr(i + 1, 2).c_str(), "%x", &ii);
            ch = static_cast<char>(ii);
            ret += ch;
            i = i + 2;
        }
    }
    return ret;
}

Create all three files in some directory... Open up a terminal, cd to that location, then run:

g++ -std=c++0x uploadwpa.cpp QuickHTTPClient.cpp -o uploadwpa

Then you can run it: ./uploadwpa -h (this prints out the help screen (also with no parameters does as well))

root@UNKNOWN:/home/Alf/codeblocks/uploadwpa/bin/Release# ./uploadwpa  -h
uploadwpa 1.0 ~ AlfAlfa
This module will upload a wpa handshake from a single capture file to www.onlinehashcrack.com
or you can give it up to 10 hashes seperated by spaces and of any hashes the site supports
Usage:
{Send WPA Handshake:}
uploadwpa -e youremail@yourdomain.com -c myaccesspoint.cap
uploadwpa -e email@yourdomain.com -c ~/captures/myaccesspoint.hccap -u "A Custom User Agent"
{Send up to 10 hashes at once of hashes supported by the site:}
uploadwpa -e youremail@yourdomain.com -a hash1 hash2 hash3 hash4 hash5 hash6 hash7 hash8 hash9 hash10
{Send both sequentially:}
uploadwpa -e example@example.com -a hash1 etc etc -c /path/to/capture.cap

EDIT: Just added the ability to use a custom user agent with the -u or --user-agent switch if you don't specify one it just uses kali linux's Iceweasel user agent string. This is so we don't necessarily all have to look the same and you can appear to be a different user agent if you want!

Yee hee! :smile:

Edited by AlfAlfa
  • Upvote 1

Share this post


Link to post
Share on other sites

In an effort to encourage users to become more comfortable with the command line verion of the tools they use on the Nano, I'm thinking of making a simple module to cut my teeth on the new API. What do yinz think of a module that shows the commands that other modules run? Like, a 'learning mode' for the Nano.

For example, I can start a Recon scan on the GUI and come over to the module, select Recon, and it will show the airmon command that's actually running to get the SSIDs in the area. The command would also be a hyperlink to that exact command on http://explainshell.comso one could see what all the flags mean.

I'll get started once I get my actual computer back, but I made repo at https://github.com/audibleblink/learn-you-shell.

Thoughts? Is it even feasible? Haven't looked at the API yet but just browsing through some already-made modules makes it seem simple enough.

Edited by audibleblink
  • Upvote 2

Share this post


Link to post
Share on other sites

I love the idea.

As a new user to the pineapple and linux CLI I have been forcing myself to learn as much as I can by using shell.

So far, I have managed to place wlan0, wlan1 in monitor mode stop it and kill interfering processes.

I've learned to use airodump-ng as well. Including some of the options to monitor channels essids and bssids. Not to mention actually creating a file output.

And right now I'm working on aircrack-ng. I have learned the basic options for wep/wpa2 cracking.

All this in the past 1-2 weeks of having the pineapple.

So I'm all for a learning module but only because I need to know how it works not just that it works if that makes any sense.

If I knew how to code in AngularJS, or any other relevant language, I'd be all over it. Either way, I'd love to give constructive feedback if it's the only contribution I can add.

Good luck!

Share this post


Link to post
Share on other sites

It's a good idea. I did this very thing in my infusion Crafty which serves as an interface for hping3. It's definitely possible but may take some effort if you are trying to put all of the commands from different modules into one. I think it's easier for each developer to add it to their own module but you can't really make them do that.

Sidebar fun fact: Microsoft started doing this on Server 2012 with their Active Directory Administrative Center. Every time you do something in the GUI (i.e. create/remove/modify a user/computer, etc.) the equivalent PowerShell command is displayed so you can script it later. It helps admins learn how to use PowerShell while performing daily tasks in the GUI.

Share this post


Link to post
Share on other sites

Sidebar fun fact: Microsoft started doing this on Server 2012 with their Active Directory Administrative Center. Every time you do something in the GUI (i.e. create/remove/modify a user/computer, etc.) the equivalent PowerShell command is displayed so you can script it later. It helps admins learn how to use PowerShell while performing daily tasks in the GUI.

That's awesome. I desperately wanted something like this when I first picked up Wireshark. "This is all well and good, but tell me how to do it in tshark"

Share this post


Link to post
Share on other sites

I think it is an excellent plan to see this complimentay commandline get implemented! If I were able to afford any time to contibute I would love to help.

Share this post


Link to post
Share on other sites

I think this is a great idea. I am willing to help with any html and css work you may need. I do quite a bit with bootstrap which is a good part for helping with the html and css in the new pineAP. I'm sure you wont really need help in those but if so please let me know.

Share this post


Link to post
Share on other sites

Maybe I'm new to the scene and unfamiliar with other modules already done. Maybe I'm in the wrong section. But I have an interest in being able to GPS locate wireless signals. Both routers and devices. In my mind this is an essential wardriving function for anyone who owns a pineapple. So I'd like the module to draw lightweight, simple maps with tool tips that expand to provide info like coordinates, accuracy, strength, ssid, mac, security. Having a feature to preview this inside the module would be a great plus for being in the now but being able to export to third party apps would be great too. Anyone with food for thought would be greatly appreciated.

  • Upvote 1

Share this post


Link to post
Share on other sites

They weren't when I checked last night...but there also wasn't much that was developed.

Edited by sud0nick

Share this post


Link to post
Share on other sites

It's only similar to Kismet in the sense that it looks for wireless networks around you. The difference here would be that coordinates would be associated with the AP so the data could be displayed over a map.

Share this post


Link to post
Share on other sites

Anyone up for building this module to crack passwords without any directory via onlinehashcrack.com? Would really be helpful... Searching GitHub for onlinehashcrack.com a lot comes up that can be used. Never built any module, otherwise I would try to do it myself.

Yea that doesn't sound too bad it's not even using TLS/SSL! Should be a sinch :)

Just

GET / HTTP/1.1
Host: onlinehashcrack.com
Then a
POST /wifi-wpa-rsna-psk-crack.php HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.5.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.onlinehashcrack.com/
Connection: keep-alive
Content-Type: multipart/form-data; boundary=---------------------------12414623831213293040140603178
Content-Length: 4571534

-----------------------------12414623831213293040140603178
Content-Disposition: form-data; name="emailWpa"

youremail@yourdomain.com
-----------------------------12414623831213293040140603178
Content-Disposition: form-data; name="wpaFile"; filename="capturefile.cap"
Content-Type: application/vnd.tcpdump.pcap
----- data goes here ----
\r\n\r\n
 
Then ungzip the response and check that it was successfully uploaded or just assume it was and see if you get an email :)

Also do the hash form as well, or instead if it's easier: (where you can enter up to 10 hashes instead of a capture file, can you write a WPA handshake like that though?)

POST /hash-cracking.php HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.5.
---yada yada---
textareaHashes=hash-1\r\nhash-2\r\nhash-3\r\netc-etc-etc&emailHashes=youremail@yourdomain
\r\n\r\n
Yeehee! :smile:

Share this post


Link to post
Share on other sites

I would really use a module that made me skip using a directory to crack the wifi hashes, such as onlinehashcrack.com.

There is a lot of onlinehashcrack.com scripts on GitHub that will make it easier to develop this module. It will only need to send my e-mail and the hash or

Wifi WPA(2) to that site, and it will mail me once it's ready.

Can anyone that made modules before do this please? Really appreciated!

  • Upvote 1

Share this post


Link to post
Share on other sites

I thought I read somewhere on the forums that someone was working on this already. If I find it I'll edit my post with the link.

Edit:

According to this post it looks like you found it.

Edited by sud0nick

Share this post


Link to post
Share on other sites

No, that's not a real module. Only some code that might work in a module. I would like to have it as a real working module to my NANO and TETRA. Anyone up for fixing this? I'm sure more than me would find it very useful.

I thought I read somewhere on the forums that someone was working on this already. If I find it I'll edit my post with the link.

Edit:

According to this post it looks like you found it.

Share this post


Link to post
Share on other sites

No, that's not a real module. Only some code that might work in a module. I would like to have it as a real working module to my NANO and TETRA. Anyone up for fixing this? I'm sure more than me would find it very useful.

You could do it yourself.

Share this post


Link to post
Share on other sites

No, that's not a real module. Only some code that might work in a module. I would like to have it as a real working module to my NANO and TETRA. Anyone up for fixing this? I'm sure more than me would find it very useful.

Ok well I haven't gotten a pineapple yet, so I was finding it a little difficult to make it into a module since I'm coding blind basically. (At least with the GUI part which I can't test)... Also the pineapple site seems to only have mk 4 & 5 listed infusions and not the latest modules (I guess you have to have a pineapple to get at them, or even to know where they're at).

I've uploaded what I have so far to github... How do I even submit my module to be accepted? I wanted to also make it support customizable data inputs of sites, so instead of me having to maintain a list of supported sites to upload the WPA handshakes to the user could set up their own. Also I was adding SSL support as well (which is pretty much done but the customizable input not).

https://github.com/Alf-Alfa/uploadwpa

Since you're interested in this module, and even though I don't have a pineapple, you can test it and if there's anything wrong I'll fix it and you test it again :) I think I've got the php code and javascript and html down right, but I'm not 100% sure! (The actual binary / main application does work, I just tested it again to make sure and nothing changed that would break it, so all is good with the functioning part of it, now it's just connecting the gui to it)

Also I'm not entirely sure how to cross compile it, so if you can get a c++ compiler onto the pineapple itself that'll probably be the easiest way to compile it for the pineapple.

Download the zip from my github, and copy the "UploadWPA" folder to /pineapple/modules

Then you have to build the .cpp source files into uploadwpa cli binary... ->

g++ -std=c++0x HTTPClient.cpp uploadwpa.cpp -o uploadwpa

Finally I think but I'm not sure that you then copy it to /usr/bin or /usr/local/bin and that way the php script can use "exec" which calls the uploadwpa cli binary! Let me know how it goes, or if somethings wrong or if you need more help!

EDIT: Just to clarify, no this isn't a hypothetical pseudo code, it is a tested and functioning application. The pseudo HTTP requests were what I typed up first to give myself a reference to work on it, then I actually created the application and made it work. The only difference is I made it a linux application, but I didn't use anything linux specific, it should compile for say a pineapple as well! So let's get it going on one! :D

See it works -> (Email and Path To WPA Handshake Capture File entered as parameters of the app in the terminal, then wait for it... email pops up in the background showing they did in fact receive it and it started processing...)

The gui module I just took a stab at will call the this cli application to do the thing!GcLTiFk.gif

Edited by AlfAlfa
  • Upvote 1

Share this post


Link to post
Share on other sites

Then it will just be a short matter of time for developers to submit their modules to us and for us to make them available.

Once that is done, I'm going to have time to publish documentation for other developers to start creating modules.

Best Regards,

Sebkinne

Okay this may seem like a silly question but I can't find where to actually submit a module for the approval process?!

WiFiJuice

requested a certain module and I basically created it for him, but unlike I thought he should be able to he wasn't able to or even sure that he was supposed to compile it on his pineapple. So perhaps if it was made into an actual module that would make it easier since you guys would have it compiled for the right architecture and easily installable through the module manager.

So I put the next step in at actually taking a crack (no pun intended lol) at the GUI part of the module (which was covered in Let's Code: Session 1)

It's here on my github, hopefully I got the php and javascript right at least for getting it working on the most basic level. Which it connects to the cli binary to exec what actually makes it work.

https://github.com/Alf-Alfa/uploadwpa

Since it's my first module and knowing that I haven't gotten my pineapple yet, if the gui code is not quite right then helping me fix it would be appreciated. Also if I perhaps included something in my cpp source that isn't available on the pineapple let me know. Although I feel like I just used standard unix stuff so that part of it should be alright. I just tested it again as well to make sure it still works and it does.

Thanks,

Alf

Edited by AlfAlfa
  • Upvote 1

Share this post


Link to post
Share on other sites

The submit process is not done yet fo the NANO / TETRA but Seb is working on it :)

The problem I see with your module is that it depends on a binary which have to be compiled by the user before being able to use the module.

Other stuff I see:

1) you're calling installDependency("uploadwpa") to install your binary. This will not work as the function uses opkg update && opkg install to install binary from the repository but uploadwpa is not a standard OpenWrt binary (as you've develop it yourself) and is not in the repository.

2) Same with exec("opkg remove uploadwpa") which will not work as this is only for binary which have been installed with opkg.

3) Same with checkDependency("uploadwpa"), which will test is the binary is in the opkg list-installed.

And finally, modules cannot come with pre-compile binaries, it's against rules set for the pineapple submission process. So your binary will have to be approved and validated to be included in the repository so that you could use then the standard API methods such as checkDependency or installDependency. This means that you would have to create a standard OpenWrt makefile for it.

What I suggest is that you use python, perl or shell script to replace your uploadwpa.

  • Upvote 2

Share this post


Link to post
Share on other sites

Thank you whistle master! That clarifies most of it. Except you said I can't use that installDependency / checkDependency stuff, but then you said it would work if it's an approved source code? That's what I was aiming for, to get it approved and I was under the impression that if it did it would be available through those methods. I wasn't able to find the sources of all the modules though, and I got that from one of the modules that I did happen to find on github that I was using to help me build mine (as a more full example than just the sample.tar.gz).

I would python it, but I have my heart set on C/C++ code! :smile:

I'll look into creating a standard OpenWrt makefile, so if I did though pineapples have built in the "build-essential" or whatever's needed for building a c++ binary right on the pineapple itself? So I could just have Wifijuice (after creating the makefile) do a make && make install? Or would you recommend cross compilation?

Right now the code is short and clean and the binary isn't there only the source, so yes the user does have to build it themselves as of now. I've already got SSL working in my other branch and that opens the door for making it work with other sites too so it's not just limited to one. However instead of having to maintain the list of sites and parameters for them myself I am going to go with the customizable route, where you could run it to try to automatically scrape the parameters / post variables in order to upload the wpa handshake as long as the site uses the same method "multi-part form data" Or if that fails manually enter into your list of sites the variables that particular site wants.

Thanks again, and keep me posted for when the verification process gets set up and in the meantime I'll have to help Wifijuice build it from source. Then further work on my improvements I've talked about!

It's great that you only found that stuff wrong with it, so the code actually worked on a pineapple except for the dependencies that aren't existent yet right?! Awesome!

  • Upvote 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×