Jump to content
WiFiJuice

Modules Requests Discussion

Recommended Posts

The submit process is not done yet fo the NANO / TETRA but Seb is working on it :)

The problem I see with your module is that it depends on a binary which have to be compiled by the user before being able to use the module.

Other stuff I see:

1) you're calling installDependency("uploadwpa") to install your binary. This will not work as the function uses opkg update && opkg install to install binary from the repository but uploadwpa is not a standard OpenWrt binary (as you've develop it yourself) and is not in the repository.

2) Same with exec("opkg remove uploadwpa") which will not work as this is only for binary which have been installed with opkg.

3) Same with checkDependency("uploadwpa"), which will test is the binary is in the opkg list-installed.

And finally, modules cannot come with pre-compile binaries, it's against rules set for the pineapple submission process. So your binary will have to be approved and validated to be included in the repository so that you could use then the standard API methods such as checkDependency or installDependency. This means that you would have to create a standard OpenWrt makefile for it.

What I suggest is that you use python, perl or shell script to replace your uploadwpa.

Whistle Master - Why don't you please go ahead and approve the module or finalize it yourself and credit AlfAlfa for it? Does it have to be sooooo hard to make things simple on the Nano/Tetra? I believe that this would be one of the very best modules since you get the WiFi password mailed to you directly once cracked online, and you don't need to use your own directories etc. PLEASE MAKE IT WORK :) Thanks!

Share this post


Link to post
Share on other sites

[...] I can't use that installDependency / checkDependency stuff, but then you said it would work if it's an approved source code? [...]

You can use those functions if the binary is in the repository. If your binary is in the repo, then yes, you will be able to use those to install, remove the binary.

[...] I'll look into creating a standard OpenWrt makefile, so if I did though pineapples have built in the "build-essential" or whatever's needed for building a c++ binary right on the pineapple itself? So I could just have Wifijuice (after creating the makefile) do a make && make install? Or would you recommend cross compilation? [...]

All the stuff to build binaries on the pineapple itself are too big regarding the storage size. So cross compilation is required.

It's great that you only found that stuff wrong with it, so the code actually worked on a pineapple except for the dependencies that aren't existent yet right?! Awesome!

I don't know if it works as I've not tested it on a pineapple. I just went to your git and had a very quick look at the code.

Share this post


Link to post
Share on other sites

Whistle Master - Why don't you please go ahead and approve the module or finalize it yourself and credit AlfAlfa for it? Does it have to be sooooo hard to make things simple on the Nano/Tetra? I believe that this would be one of the very best modules since you get the WiFi password mailed to you directly once cracked online, and you don't need to use your own directories etc. PLEASE MAKE IT WORK :) Thanks!

Well, maybe because I don't have time to develop modules for everyone :lol: Remember, I have a full-time job aside and I'm developing for my pleasure, during my free time.

But if you want... have a look below in my signature :tongue:

Edited by Whistle Master
  • Upvote 1

Share this post


Link to post
Share on other sites

Well, maybe because I don't have time to develop modules for everyone :lol: Remember, I have a full-time job aside and I'm developing for my pleasure, during my free time.

But if you want... have a look below in my signature :tongue:

Sure, you just got 50 CHF donated :) Hope you find some time for it now. Thanks!

  • Upvote 1

Share this post


Link to post
Share on other sites

You can use those functions if the binary is in the repository. If your binary is in the repo, then yes, you will be able to use those to install, remove the binary.

All the stuff to build binaries on the pineapple itself are too big regarding the storage size. So cross compilation is required.

I don't know if it works as I've not tested it on a pineapple. I just went to your git and had a very quick look at the code.

Good to know that it is possible to get into the repo, so I'll work towards that, and in the meantime let's get it going on our own! I also just committed a newer version (I forgot to remove an extra comma in an $api.request call although that was still probably okay syntax, and I was using tabs and it was spaces originally so that screwed my formatting, that's fixed now too)

Yes cross compilation is required, I've just discovered that as well when I went searching for how to create a OpenWrt standardized Makefile. Also it seems the STL will possibilty require the libstdcpp or uclibcxx according to this page I'm reading: http://gargoyle-router.com/old-openwrt-coding.html

Here's what I have in terms of my make file so far: (I need HTTPClient.cpp compiled first, then uploadwpa.cpp then I can compile both object files.o into the uploadwpa binary. from how I understand it) My application is only a tiny bit more complex then the example hello world on that web page.

I also need c++11 features since I use some of them, I was using -std=c++0x but it seems to be the same as passing -std=c++11 or -std=gnu++11

# build uploadwpa executable when user executes "make"

uploadwpa.o: uploadwpa.cpp
    $(CXX) $(CXXFLAGS) -std=c++11 -c HTTPClient.cpp uploadwpa.cpp
    $(CXX) $(LDFLAGS) -std=c++11 HTTPClient.o uploadwpa.o -o uploadwpa

# remove object files and executable when user executes "make clean"
clean:
    rm *.o uploadwpa

Lets get this working Whistle Master, I know you know how to compile this tiny c++ application. This compiles on my linux machine, but now it has to be expanded and set up to compile for the architecture of the pineapple Nano and Tetra... So the Tetra is a "A 533 MHz RISC CPU from Atheros is running the WiFi Pineapple firmware" and Nano "CPU: 400 MHz MIPS Atheros AR9331 SoC"

So each will have to have it's own cross compilation makefile and will result in two binaries one of RISC architecture and other of MIPS for the respective devices... :)

Edited by AlfAlfa
  • Upvote 1

Share this post


Link to post
Share on other sites

Good to know that it is possible to get into the repo, so I'll work towards that, and in the meantime let's get it going on our own! I also just committed a newer version (I forgot to remove an extra comma in an $api.request call although that was still probably okay syntax, and I was using tabs and it was spaces originally so that screwed my formatting, that's fixed now too)

Yes cross compilation is required, I've just discovered that as well when I went searching for how to create a OpenWrt standardized Makefile. Also it seems the STL will possibilty require the libstdcpp or uclibcxx according to this page I'm reading: http://gargoyle-router.com/old-openwrt-coding.html

Here's what I have in terms of my make file so far: (I need HTTPClient.cpp compiled first, then uploadwpa.cpp then I can compile both object files.o into the uploadwpa binary. from how I understand it) My application is only a tiny bit more complex then the example hello world on that web page.

I also need c++11 features since I use some of them, I was using -std=c++0x but it seems to be the same as passing -std=c++11 or -std=gnu++11

# build uploadwpa executable when user executes "make"

uploadwpa.o: uploadwpa.cpp
    $(CXX) $(CXXFLAGS) -std=c++11 -c HTTPClient.cpp uploadwpa.cpp
    $(CXX) $(LDFLAGS) -std=c++11 HTTPClient.o uploadwpa.o -o uploadwpa

# remove object files and executable when user executes "make clean"
clean:
    rm *.o uploadwpa

Lets get this working Whistle Master, I know you know how to compile this tiny c++ application. This compiles on my linux machine, but now it has to be expanded and set up to compile for the architecture of the pineapple Nano and Tetra... So the Tetra is a "A 533 MHz RISC CPU from Atheros is running the WiFi Pineapple firmware" and Nano "CPU: 400 MHz MIPS Atheros AR9331 SoC"

So each will have to have it's own cross compilation makefile and will result in two binaries one of RISC architecture and other of MIPS for the respective devices... :)

While using C++ is cool, I would recommend greatly using python or other interpreted language. It just makes it easier for people to review when you submit.

  • Upvote 1

Share this post


Link to post
Share on other sites

While using C++ is cool, I would recommend greatly using python or other interpreted language. It just makes it easier for people to review when you submit.

Alright that's a deal Foxtrot, after this one that is! :smile: I'll save C++ for the real l33t applications from now on and gain some more experience with python. It's easy but I'm a lot less familiar with it than C++ so that's why C++ is generally easier for me. You're right though so I'm not going to code every single thing in it from now on.

[Here though there really isn't that much code in this I'll help with the review process here]

Including the http client class and setting up some global variables and my pointer where I'll create my http object and a printHelp function which just prints the usage information:

/* uploadwpa 1.1 ~ AlfAlfa */
#include "HTTPClient.hpp"

std::unique_ptr<HTTPClient> http;
std::string email, hashes, capture_file, file_name, boundary, useThisUserAgent;
int success = 0, verbose = 0;

Then in main I'm just grabbing the passed in arguments if they have been passed in: (email, capture file path, capture file name extracted from it, hashes extracted depending on how many there are, whether you passed in a custom user agent string, verbose mode, and checking if you want to just print the help screen)

int main(int argcount, char *args[])
{
    for(int i = 0; i < argcount; i++)
    {
        if(strcmp(args[i],"-e") == 0 || strcmp(args[i],"--email") == 0)
        {
            if(i < (argcount - 1))
                email = args[i+1];
        }
        if(strcmp(args[i],"-c") == 0 || strcmp(args[i],"--capture-file") == 0)
        {
            if(i < (argcount - 1))
            {
                capture_file = args[i+1];

                size_t lastSlash = capture_file.rfind('/');
                if(lastSlash != std::string::npos)
                    file_name = capture_file.substr(lastSlash+1);
                else
                    file_name = capture_file;
            }
        }
        if(strcmp(args[i],"-a") == 0 || strcmp(args[i],"--hashes") == 0)
        {
            int z = i;
            while(*args[++z] != '-')
            {
                hashes += args[z];
                if(z == (argcount - 1) || *args[z+1] == '-') break;
                hashes += "\r\n";
            }
        }
        if(strcmp(args[i],"-u") == 0 || strcmp(args[i],"--user-agent") == 0)
        {
            if(i < (argcount - 1))
                useThisUserAgent = args[i+1];
        }
        if(strcmp(args[i],"-v") == 0 || strcmp(args[i],"--verbose") == 0)
        {
            verbose = 1;
        }
        if(strcmp(args[i],"-h") == 0 || strcmp(args[i],"--help") == 0)
        {
            printHelp();
            return 2;
        }
    }

Finally the main piece of code that does the thing! If the email argument wasn't passed in it'll also just print the help. If it has been create the http client object. If it has successfully been created (should always but you never know lol) then set the user agent that member function will only actually change it if it has been passed in, otherwise it uses iceweasel kali user agent string. verbosity, then if we have hashes passed in post the hashes as urlencoded form data with provided email and / or if we have a capture file path post multipart form data containing the passed in email and binary of that capture file. Successful will have a 0 if any of the two that were tried failed and 1 if either one succeeded and 2 if both succeeded. Return 0 for success as long as one was a success or 1 for failure.

if(!email.empty())
    {
        http = HTTPClient::make();
        if(http.get())
        {
            http->setUserAgent(useThisUserAgent);
            http->setVerbosity(verbose);

            if(!hashes.empty())
                success += postHashesTo_onlinehashcrack();
            if(!capture_file.empty())
                success += postWPAHandshakeTo_onlinehashcrack();

            if(success > 0)
            {
                std::cout << "Successful! " << success << "\n";
                return 0;
            }
        }
        return 1;
    }
    printHelp();
    return 2;

The postHashesTo function just creates a string with the post variables the site requires with the hashes and email urlencoded, then uses the http client object to connect to the site on port 80 and finally it does a http post for x-www-form-urlencoded data with the concatenated data string to the /hash-cracking.php page:

int postHashesTo_onlinehashcrack()
{
    std::string postData = "textareaHashes=";
    postData += HTTPClient::urlEncode(hashes) + "&emailHashes=";
    postData += HTTPClient::urlEncode(email) + "&submit=Submit";

    //if(!http->Connect("127.0.0.1",80)) return 0;
    if(!http->Connect("www.onlinehashcrack.com",80)) return 0;

    bool successful = http->Post("/hash-cracking.php", postData.c_str());
    http->Close();
    return successful;
}

postWPAHandshake function is a bit more complex, where you take a named 'boundary' and use that between the different pieces of data as boundaries which tell the server where things begin and where they end in this certain format of 'multipart formdata'. I emulated firefox/iceweasal's method of generating a random number appended to a number of dashes as best I could so it would be like firefox for the most part. Following the format of "--" (two dashes) then boundary start and proper amounts of \r\n / CR+LF's in between, then reading the capture file passed in and appending it where it should go. Connect and post that data along with the boundary we used to the proper php page that expects the data this way. Then close the connection and return whether it was successful or not!

bool postWPAHandshakeTo_onlinehashcrack()
{
    boundary = HTTPClient::getRandomBoundary();

    std::string postData = "--" + boundary + "\r\nContent-Disposition: form-data; name=\"emailWpa\"\r\n\r\n" + email + "\r\n";
    postData += "--" + boundary + "\r\nContent-Disposition: form-data; name=\"wpaFile\"; filename=\"" + file_name + "\"";
    postData += "\r\nContent-Type: application/vnd.tcpdump.pcap\r\n\r\n";

    FILE *file = fopen(capture_file.c_str(), "rb");
    if(!file) { http->Log("ERROR Cannot open file"); return false; }
    fseek(file, 0, SEEK_END);
    long fileLen = ftell(file);
    rewind(file);

    size_t previousLen = postData.size();
    postData.resize(previousLen + fileLen);
    fread((void*)&postData.data()[previousLen], fileLen, 1, file);
    fclose(file);

    postData += "\r\n--" + boundary + "\r\nContent-Disposition: form-data; name=\"submit\"\r\n\r\nSubmit\r\n";
    postData += boundary + "--\r\n\r\n";

    //if(!http->Connect("127.0.0.1",80)) return false;
    if(!http->Connect("www.onlinehashcrack.com",80)) return false;

    bool successful = http->PostMultiPart("/wifi-wpa-rsna-psk-crack.php", postData, boundary);
    http->Close();
    return successful;
}

[Now the HTTPClient code]

Connect function creates a unix socket tcp type and then dns queries the ip for the hostname and turns it into a server and then server address / sock address structure that we can use with the socket connect function. If all is well set the host and port of the object to match what we've established our connection with and set a default referrer which in this case happens to be the referrer that the site expects and return true.

bool HTTPClient::Connect(const char *host, int port)
{
    sock = socket(AF_INET, SOCK_STREAM, 0);
    if (sock < 0)
    {
        Log("ERROR opening socket");
        return false;
    }

    server = gethostbyname(host);
    if (server == 0)
    {
        Log("ERROR no such host");
        return false;
    }

    bzero((char*)&serverAddress, sizeof(serverAddress));
    bcopy((char*)server->h_addr, (char*)&serverAddress.sin_addr.s_addr, server->h_length);
    serverAddress.sin_family = AF_INET;
    serverAddress.sin_port = htons(port);

    if(connect(sock,(struct sockaddr*)&serverAddress, sizeof(serverAddress)) < 0)
    {
        Log("ERROR connecting");
        return false;
    }

    this->host = host;
    this->port = port;
    setReferer("http://" + this->host + "/"); //default referer
    return true;
}

HTTP Get: that I didn't end up using but still wrote anyway since It's a necessity for an http client to have.

bool HTTPClient::Get(const char *page)
{
    if(!page) return false;

    request = "GET ";
    request += page;
    request += " HTTP/1.1\r\n";
    if(!host.empty())
        request += "Host: " + host + "\r\n";
    request += userAgent + "\r\n";
    request += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
    request += "Accept-Language: en-US,en;q=0.5\r\n";
    request += "Accept-Encoding: gzip, deflate\r\n";
    if(!referer.empty())
        request += "Referer: " + referer + "\r\n";
    request += "Connection: keep-alive\r\n\r\n";
    requestHeaders = request;
    Log("\n[Request: ]");
    Log(request, true);

    return WriteRequestReadResponse();
}

HTTP Post just posts the x-www-form-urlencoded as described above as used for the space separated hashes...

bool HTTPClient::Post(const char *page, const char *data)
{
    if(!page || !data) return false;

    request = "POST ";
    request += page;
    request += " HTTP/1.1\r\n";
    if(!host.empty())
        request += "Host: " + host + "\r\n";
    request += userAgent + "\r\n";
    request += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
    request += "Accept-Language: en-US,en;q=0.5\r\n";
    request += "Accept-Encoding: identity\r\n"; //gzip, deflate
    if(!referer.empty())
        request += "Referer: " + referer + "\r\n";
    request += "Connection: keep-alive\r\n";
    request += "Content-Type: application/x-www-form-urlencoded\r\n";
    request += "Content-Length: ";
    char dataLenStr[21]{0};
    sprintf(dataLenStr, "%lu", strlen(data));
    request += dataLenStr;
    request += "\r\n\r\n";
    requestHeaders = request;
    request += data;
    request += "\r\n\r\n";
    Log("\n[Request: ]");
    Log(request, true);

    return WriteRequestReadResponse();
}

Same as above except posts multipart from data with the boundary style format...

bool HTTPClient::PostMultiPart(const char *page, std::string &data, std::string &boundary)
{
    if(!page || data.empty()) return false;

    request = "POST ";
    request += page;
    request += " HTTP/1.1\r\n";
    if(!host.empty())
        request += "Host: " + host + "\r\n";
    request += userAgent + "\r\n";
    request += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
    request += "Accept-Language: en-US,en;q=0.5\r\n";
    request += "Accept-Encoding: identity\r\n";
    if(!referer.empty())
        request += "Referer: " + referer + "\r\n";
    request += "Connection: keep-alive\r\n";
    request += "Content-Type: multipart/form-data; boundary=" + boundary + "\r\n";
    request += "Content-Length: ";
    char dataLenStr[21]{0};
    sprintf(dataLenStr, "%lu", data.size());
    request += dataLenStr;
    request += "\r\n\r\n";
    requestHeaders = request;
    Log("\n[Request: ]");
    Log(request.c_str(), true);

    request += data;
    request += "\r\n\r\n";

    return WriteRequestReadResponse();
}

WriteRequestReadResponse is just exactly as described writes all data of the request and get's back all or at least the start of the response up to a 4kb buffer.

bool HTTPClient::WriteRequestReadResponse()
{
    int wroteNum = Write((char*)request.c_str(), request.size());
    if(wroteNum > 0)
    {
        int readNum = Read(4096);
        if(readNum > 0)
        {
            interpretResponse();
            return true;
        }
    }
    return false;
}

Interpret response extracts the response headers from the response and I didn't fully implement it yet as it wasn't necessary for this application but it would be simple to finish it off and just after getting the content length keep reading from the socket until all the bytes are received and perhaps send a keep alive packet in between successive reads to ensure the connection stays alive if it's a large transfer (like downloading a large file, also I'd have to support chunked encoding as well)

size_t HTTPClient::interpretResponse()
{
    char *startOfHeader = response.get();
    char *endOfHeader = strstr(startOfHeader, "\r\n\r\n");
    if(endOfHeader == 0) return 0;

    size_t headerSize = (endOfHeader - startOfHeader) + 4;
    responseHeaders.resize(headerSize);
    bcopy(response.get(), (void*)responseHeaders.data(), headerSize);
    offset = headerSize;

    Log("\n[Response Headers: ]"); //more work needs to be done here, to make sure to get the whole response
    Log(responseHeaders.c_str());  //eg. get the content length and however many bytes received of it so far, then get the rest if necessary.

    return headerSize;
}

Read+Write pretty self explanatory, read upto a certain number of bytes from socket, write all bytes in write buffer to socket.

int HTTPClient::Read(int maxBytes)
{
    if(!response.get() || (bufferSize < maxBytes))
    {
        response = std::unique_ptr<char[]>(new char[maxBytes]);
        bufferSize = maxBytes;
    }
    if(!response.get()) return -1;
    bzero(response.get(), bufferSize);

    Log("recieving...");
    int num = recv(sock, response.get(), maxBytes, 0);
    if(num <= 0)
    {
        Log("ERROR reading from socket");
        return 0;
    }

    responseSize = num;
    return num;
}

int HTTPClient::Write(char *writeBuffer, int writeSize)
{
    int num, total = 0, bytesLeft = writeSize;

    while(total < writeSize)
    {
        num = send(sock, writeBuffer+total, bytesLeft, 0);
        if(num <= 0) break;
        total += num;
        bytesLeft -= num;
    }

    if(total < writeSize)
    {
        Log("ERROR writing to socket");
        return 0;
    }

    return total;
}

Creates the randomized boundary from /dev/urandom this could have been done better, but it's good enough and the boundary could really be anything you want since the client chooses it. I just didn't want to make it static and wanted it to at least be mostly like firefox/iceweasal.

std::string HTTPClient::getRandomBoundary()
{
    std::string randomBoundary = "---------------------------";
    {
        uint64_t random128bits[2];
        FILE *randomness = fopen("/dev/urandom", "rb");
        if(randomness)
        {
            fread(&random128bits[0], 16, 1, randomness);
            fclose(randomness);
            for(int i = 0; i < 2; i++)
            {
                char randomNum[30];
                sprintf(randomNum,"%lu",random128bits[i]);
                randomBoundary += randomNum;
            }

            srand(time(0));
            int losehowmanydigits = rand() % 3 + 11;
            randomBoundary.resize(randomBoundary.size()-losehowmanydigits);
            //resulting in a 23 - 29 digit number appended to 27 dashes (like how iceweasal does it)
            return randomBoundary;
        }
    }
    return "";
}

url encode and url decode... url encode necessary for the hashes data post but not the multi-part form data post. Should an http client have a url decode? Perhaps only and http server object should but even though I didn't have a use for it it could be used possibly.

std::string HTTPClient::urlEncode(std::string str)
{
    std::string new_str = "";
    char c;
    int ic;
    const char* chars = str.c_str();
    char bufHex[10];
    int len = strlen(chars);

    for(int i=0;i<len;i++)
    {
        c = chars[i];
        ic = c;
        // uncomment this if you want to encode spaces with +
        /*if (c==' ') new_str += '+';
        else */
        if (isalnum(c) || c == '-' || c == '_' || c == '.' || c == '~') new_str += c;
        else
        {
            sprintf(bufHex,"%X",c);
            if(ic < 16)
                new_str += "%0";
            else
                new_str += "%";
            new_str += bufHex;
        }
    }
    return new_str;
 }

std::string HTTPClient::urlDecode(std::string str)
{
    std::string ret;
    char ch;
    int i, ii, len = str.length();

    for (i=0; i < len; i++)
    {
        if(str[i] != '%')
        {
            if(str[i] == '+')
                ret += ' ';
            else
                ret += str[i];
        }
        else
        {
            sscanf(str.substr(i + 1, 2).c_str(), "%x", &ii);
            ch = static_cast<char>(ii);
            ret += ch;
            i = i + 2;
        }
    }
    return ret;
}

Finally a templated log function for the client object that just takes any object that can be put through cout and automatically concatenates a newline unless you specify not to!

template<class T> void HTTPClient::Log(T str, bool noNewline)
{
    if(verbosity > 0)
    {
        std::cout << str;
        if(!noNewline) std::cout << "\n";
    }
}

There! See nothing at all malicious or nefarious in the code it just does what it does and that's it! This should help to get it reviewed and accepted as a legitimate module although not useful to everyone for some that are willing to use online services for wpa handshakes this can be helpful indeed. Customization of sites and variables coming soon, along with SSL/TLS support so it can work with practically any site! :smile:

  • Upvote 1

Share this post


Link to post
Share on other sites

Haha, no it does not do everything automatically :grin: The purpose of this module is to submit data to www.onlinehashcrack.com only but the usage is really simple: just copy-past hashes and they will be submitted. Same for wpa handshake, just supply the path to the file.

The capture of the handshake can be done with Wifite or airodump-ng.

Share this post


Link to post
Share on other sites

Haha, no it does not do everything automatically :grin: The purpose of this module is to submit data to www.onlinehashcrack.com only but the usage is really simple: just copy-past hashes and they will be submitted. Same for wpa handshake, just supply the path to the file.

The capture of the handshake can be done with Wifite or airodump-ng.

Is it possible to make a module that captures the handshake and sends it for cracking online by automation?

Share this post


Link to post
Share on other sites

Is it possible to make a module that captures the handshake and sends it for cracking online by automation?

You could learn about the modules and the tools needed to do such thing and create a module for it

Share this post


Link to post
Share on other sites

You could learn about the modules and the tools needed to do such thing and create a module for it

What modules does such a thing and where do I learn about them?

Share this post


Link to post
Share on other sites

Sorry, I meant you could learn about making the modules and producing your own, that way you can put whatever you want into the module.

Darren and Sebkinne actually made a nice video to introduce people to the new modules,

Share this post


Link to post
Share on other sites

Is it possible to make a module that captures the handshake and sends it for cracking online by automation?

Yes, it's possible :smile: As Foxtrot said, have a look at the video and then you can develop a module which will do that.

Share this post


Link to post
Share on other sites

That's way to complicated for me at this point. What modules does capture the handshake today?

Yes, it's possible :smile: As Foxtrot said, have a look at the video and then you can develop a module which will do that.

Share this post


Link to post
Share on other sites

There is no module which does it at the moment but as I said there are tools such as Wifite or airodump-ng which you could use to capture the handshakes.

Share this post


Link to post
Share on other sites

There is no module which does it at the moment but as I said there are tools such as Wifite or airodump-ng which you could use to capture the handshakes.

Then what's the difference of using this module that to simply browsing to the site online and paste the hashes? It's the combo of (1) Deauth, (2) Getting the handshake and (3) send it for cracking online without needing a directory and process power that noob Pineapple users would want... At least I do... I can't find the module for my Pineapple to download by the way.

Share this post


Link to post
Share on other sites

Then what's the difference of using this module that to simply browsing to the site online and paste the hashes?

There is none (that I can tell), other than it's just nice to have it in the Pineapple interface and not having to deal with the actual site itself.

(1) Deauth, (2) Getting the handshake and (3) send it for cracking online without needing a directory and process power

You can do 1 with the deauth module already available, you can do 2 via ssh into the pineapple and run the tool (there's actually a nice tutorial series about this process on the forum here), you can then do 3 by copying the from the ssh session to the pineapple interface with that module.

I can't find the module for my Pineapple to download by the way.

It has to be reviewed by Hak.5 team first then they will make it available in the modules interface in due time.

It's the combo ... that noob Pineapple users would want... At least I do...

You had mentioned before that learning to make your own module was too complicated for you at this time. Take that into consideration when your asking for more complex modules, while keeping in mind that the people doing this "complicated" work are doing this for fun, themselves, or the benefit of the community.

Hak.5 is offering an amazing piece of hardware that is only really limited by what you put into it. Educating yourself about the tools and options you have at your disposal is going to get you a lot more than any module is ever going to be able to provide you in the long run. This includes but is not limited some of the topics you would cover and learn when making a module yourself.

  • Upvote 1

Share this post


Link to post
Share on other sites

Alright guys, give me some time and I come back with a module.

Here it is: I made a fully functional module, only with shell script :wink: However, it will be a paid only module... I'm kidding :tongue:

t2avd3tl8h18mbb4g.jpg

Heck yea Whistle Master! Thanks for making it into an actual pineapple module! So wait a minute though does this count as my first module? and it's a shell script now? If that's the case you just used cURL or something like it to send the http posts? Maybe it doesn't count as my first module since you had to rebuild it as a shell script, however I'd still like to see how you did that with only a shell script so PM me a way how I can download it and take a look! (without a pineapple)

Still either way I like that it's at least made it's way onto the module manager :)

@WIFIjuice:

I was feeling that you wouldn't want to just upload every single handshake you have to an online site, and people would only use it in cases where for example the company you need to get the passphrase for doesn't care how you get it, just that you get it! So you'd only upload a handshake in circumstances like that, and that's why I wanted to have it separate from capturing them. As others were saying it is relatively simple and there's plenty of software to capture a handshake.

You basically just need to be listening with an interface in monitor mode to a particular access point, and as soon as any client authenticates or re-authenticates with the access point you'll get the handshake (if you are close enough, or your antenna 'gets' you close enough) You just have to be patient and wait for it, or you can de-authenticate a client to try to get it quicker. When it tells you you have the handshake that capture file you were capturing packets to is what you can use with this module!

  • Upvote 1

Share this post


Link to post
Share on other sites

There is no module which does it at the moment but as I said there are tools such as Wifite or airodump-ng which you could use to capture the handshakes.

Trying to use Wifite. Connected my NANO to my Kali Linux instead of my Android in order to do that. Got the wp6.sh sharing Internet and it works to login to the portal.

However Wifite says:

[!] no wireless interfaces were found.

[!] you need to plug in a wifi device or install drivers.

I got my Pineapple to eth1. How do I change it to wlan1 so Wifite understands that this is in fact my wireless interface? (connected over USB ethernet). I'm using Kali Linux from VMware Fusion Pro for Mac.

Edited by WiFiJuice

Share this post


Link to post
Share on other sites

How do I change it to wlan1 so Wifite understands that this is in fact my wireless interface? (connected over USB ethernet)

You can use a program airserv-ng to share your wlans on the nano over ethernet, but i don't think that is going to work with wifite (i'm not sure about that though, you might be able to configure it to do so). You have to ssh into your nano to start that program though.

You should really read over that 3 part tutorial series I linked to in my previous post. That will explain everything you need to do to capture a wpa handshake using the nano, if you read all three parts.

Share this post


Link to post
Share on other sites

@AlfaAlfa: Sorry but I did not use any of your code, I just started from scratch to build it.

@WiFiJuice: the submission process is not ready yet, that's why there is a little delay before the module is available as bored369 said. It will be available soon.

I'm working on a module to capture handshakes but it will be a separated module.

  • Upvote 1

Share this post


Link to post
Share on other sites

@AlfaAlfa: Sorry but I did not use any of your code, I just started from scratch to build it.

@WiFiJuice: the submission process is not ready yet, that's why there is a little delay before the module is available as bored369 said. It will be available soon.

I'm working on a module to capture handshakes but it will be a separated module.

Ok this is really a SUPER LIKE if you can make a module to capture a handshake. I'm learning Wifite right now and it's really cool! Using a Alfa since my NANO doesn't work with VMware + Kali + Wifite (Interface not found error), but the Alfa USB-dongle does.

Share this post


Link to post
Share on other sites

@AlfaAlfa: Sorry but I did not use any of your code, I just started from scratch to build it.

@WiFiJuice: the submission process is not ready yet, that's why there is a little delay before the module is available as bored369 said. It will be available soon.

I'm working on a module to capture handshakes but it will be a separated module.

Well that just means I still haven't made it to pineapple module status yet ;)! I really thought you were going to help get my code compiled for the pineapple archs, but I guess you aren't proficient in native code cross compiling or just didn't want to accept a payment for just compiling someone else's module so you re-built it entirely yourself so you felt more like you earned it. That's understandable, however I'm going to do it bigger and better and enough work that you won't want to rebuild it entirely again this time! :)

I'll let you have the capturing handshakes module though how about that! I'm also working on a completely different idea for a module that I don't want to let on to yet. I'll have to figure out how to cross compile though myself it seems...

I'm just not sure if I need to link to libstdcpp or uclibcxx and which sdk to use is it Kamikaze or White Russian? Or a more pineapple specific sdk for cross compilation?

this program uses strings and iostreams which are a feature of the C++ standard template library (STL).
However, because memory is so critical in an embedded application like OpenWrt, the standard template library is not available by default. 
What needs to be done to fix the problem depends on which version of OpenWrt you are running.
If you are running Kamikaze, the problem is much easier to fix than if you are running White Russian.
If you are running Kamikaze, you only need to install the libstdcpp library.
If you are running White Russian, as I am, you must install the uclibcxx library, as well as make certain changes to the Makefiles to use this library,
which is a special implementation of the standard library for embedded devices

I'll figure it out, I'm confident of that :)

EDIT: Found this great post here by Darren https://forums.hak5.org/index.php?/topic/36422-cross-compile-c-code-to-mips/?hl=%2Bcross+%2BcompileThe thread starter was wanting to cross compile for the turtle, but this should get me set up so I can cross compile for the pineapple as well and there is a pineapple specific guide (though for the MK5) All I should need to do though is use the RISC and MIPS arch of the newer pineapples and it'll help me out to get there! Thanks Darren for that post, this should keep me busy for a while.

Turns out it's libstdcpp selected Y to that on the configuration and I'm now building the MK5 firmware and toolkit with it:

2324FfV.png

Almost there!

Edited by AlfAlfa
  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...