Jump to content

Wifi-Connect payload not working


vepr

Recommended Posts

Posted

I can't get this payload working.  When I plug in the Owl, it goes through all the usual LED blinking cycles.  Towards the end it goes through the usual 5 second solid red, blinks fast, slows down, then the LED just cuts off.  Has anyone else got this payload running?  Should I be able to just plug the Owl in and it will automatically start the payload?  I have the payload directly on the device with no USB plugged in.  Here are my files.

 

/root/payload/payload.txt:

# WiFi Client Setup

WIFI_SSID="MYNAME"
WIFI_PASS="MYPASS"

LED R SUCCESS
WIFI_CONNECT

# Optionally enable SSH
/etc/init.d/sshd start

LED R SINGLE

 

/root/payload/extensions/wifi_connect.sh:

#!/bin/bash
#
# Title: WIFI_CONNECT
# Description: Simplifies WiFi client mode connection. Expects $WIFI_SSID and $WIFI_PASS
# Author: Hak5Darren

function WIFI_CONNECT() {
    ifconfig wlan0 up; sleep 2
    echo -e "network={\nssid=\"$WIFI_SSID\"\npsk=\"$WIFI_PASS\"\npriority=1\n}">/tmp/wpa.conf
    wpa_supplicant -B -Dnl80211 -i wlan0 -c /tmp/wpa.conf
    while(iwconfig wlan0 | grep Not-Associated); do sleep 1; done
    udhcpc -i wlan0
}
export -f WIFI_CONNECT

 

Posted

I haven't tried this payload, but my home-grown payload has the same problem -- never runs (none of my output gets written), and the LED just goes blank. I tried putting it straight into /root/payload/payload.txt, and I also tried deleting it from there and letting the owl copy it from an ext4 USB (it did). No difference.

Works fine when run from arming mode with "source payload.txt".

I'd like to know if there are any debug logs we can enable to show what's happening/not happening in attack mode, so I can attempt to troubleshoot it.

Posted

vepr --

Try booting to arming mode, ssh in, and chmod +x /root/payload/payload.txt.

I read through the doc again noticed it says they source extensions, and execute the payload. I made my payload executable and it worked. Seems obvious in retrospect but the ".txt" extension had my brain thinking it did something other than directly run it.

Posted

I'm having the same trouble getting the WIFI_CONNECT to work. I created a new file under /root/payload called payload.txt with the above code in it like 'VEPR' and then ran chmod +x on it. When I attempt to run it with ./payload.txt I get: './payload.txt: line 7: WIFI_CONNECT not found. Any thoughts on this?

Posted

Good thinking.  I forgot to do that. 

It looks like it's working now.  Rylore, try chmod +x on the /root/payload/extensions/wifi_connect.sh as well if you haven't already.

Posted
7 hours ago, rylore said:

I'm having the same trouble getting the WIFI_CONNECT to work. I created a new file under /root/payload called payload.txt with the above code in it like 'VEPR' and then ran chmod +x on it. When I attempt to run it with ./payload.txt I get: './payload.txt: line 7: WIFI_CONNECT not found. Any thoughts on this?

You can't run the payload directly if it uses extensions. The Owl will source the extensions first and then execute the payload. What you're seeing is the because the WIFI_CONNECT function from the extensions directory isn't present, because it hasn't been sourced. 

If you want to run it manually you could try running "source" on the extensions then executing the payload (not sure any of this will actually work interactively since I assume you're using the same wifi).

Posted

Thanks @vepr I’ll try chmod on the extension as well. @blf your explanation makes complete sense. I was about to start digging into the code and figure out when each folder is actually called on initialization. I’ll also try a different WiFi. 

Posted

I sourced the extensions, but I still get this error:

root@Owl:~/payload# ./payload.sh
Successfully initialized wpa_supplicant
nl80211: Could not configure driver mode
nl80211: deinit ifname=wlan0 disabled_11b_rates=0
wlan0: Failed to initialize driver interface
udhcpc: started, v1.30.1
udhcpc: sending discover
udhcpc: sending discover
udhcpc: sending discover

^C

Anyone have any ideas?

Posted
6 minutes ago, SteveMatrix said:

I sourced the extensions, but I still get this error:

root@Owl:~/payload# ./payload.sh
Successfully initialized wpa_supplicant
nl80211: Could not configure driver mode
nl80211: deinit ifname=wlan0 disabled_11b_rates=0
wlan0: Failed to initialize driver interface
udhcpc: started, v1.30.1
udhcpc: sending discover
udhcpc: sending discover
udhcpc: sending discover

^C

Anyone have any ideas?

Do you have a WiFi dongle installed in the USB port opposite the pigtail? 

I’m thinking this won’t work while you’re also logged in via SSH over the built in WiFi adapter.

Posted
5 hours ago, vepr said:

Good thinking.  I forgot to do that. 

It looks like it's working now.  Rylore, try chmod +x on the /root/payload/extensions/wifi_connect.sh as well if you haven't already.

How do you know if it actually worked? Let's say I add my work Guest wifi network for the connection to the payload so it connects out to it. Would I just scan the wifi and see what IP has port 22 open on it and then connect via ssh?

Posted
2 hours ago, blf said:

Do you have a WiFi dongle installed in the USB port opposite the pigtail? 

I’m thinking this won’t work while you’re also logged in via SSH over the built in WiFi adapter.

Hi blf,

The wifi dongle is on the farther usb (I had it in the other one. Whoops). Do I need to change wifi connect function to wlan1. When I run the wifi connect with wlan0 in the extension, I get this output:

 

root@Owl:~/payload# ./payload.sh
Successfully initialized wpa_supplicant
          Mode:Managed  Access Point: Not-Associated   Tx-Power=30 dBm
          Mode:Managed  Access Point: Not-Associated   Tx-Power=30 dBm
          Mode:Managed  Access Point: Not-Associated   Tx-Power=30 dBm
          Mode:Managed  Access Point: Not-Associated   Tx-Power=30 dBm
          Mode:Managed  Access Point: Not-Associated   Tx-Power=30 dBm
          Mode:Managed  Access Point: Not-Associated   Tx-Power=30 dBm
          Mode:Managed  Access Point: Not-Associated   Tx-Power=30 dBm
          Mode:Managed  Access Point: Not-Associated   Tx-Power=30 dBm
          Mode:Managed  Access Point: Not-Associated   Tx-Power=30 dBm
          Mode:Managed  Access Point: Not-Associated   Tx-Power=30 dBm
          Mode:Managed  Access Point: Not-Associated   Tx-Power=30 dBm
          Mode:Managed  Access Point: Not-Associated   Tx-Power=30 dBm
          Mode:Managed  Access Point: Not-Associated   Tx-Power=30 dBm
          Mode:Managed  Access Point: Not-Associated   Tx-Power=30 dBm

 

If anyone can help me with this, it would be much appreciated. Thanks

 

 

Posted

Also, adding to the previous post, I made another function and changed all of the wlan0 to wlan1. But, I still get the same output: 

 

root@Owl:~/payload# ./payload.sh
Successfully initialized wpa_supplicant
nl80211: Could not configure driver mode
nl80211: deinit ifname=wlan0 disabled_11b_rates=0
wlan0: Failed to initialize driver interface
udhcpc: started, v1.30.1
udhcpc: sending discover
udhcpc: sending discover
udhcpc: sending discover

 

If somebody could please help, that would be great. Thanks

Posted
3 hours ago, rylore said:

How do you know if it actually worked? Let's say I add my work Guest wifi network for the connection to the payload so it connects out to it. Would I just scan the wifi and see what IP has port 22 open on it and then connect via ssh?

I haven't had a chance to check it but the Owl does continue blinking in a pattern I set after turning it on.  You can get the Mac address of your Owl with the command "ip a".  Then when you boot your payload, you can check your router for connected devices.  You can also use the app called Fing to search for your device Mac address. It also allows you to Port scan.

Posted

I can edit the LED settings in my payload and the LEDs run just fine.  But when I check my network, the Owl is not connecting in Attack mode. 

I decided to edit this line in extensions/wifi_connect.sh so that it gives me a log:

    wpa_supplicant -B -Dnl80211 -i wlan0 -c /tmp/wpa.conf > /root/payload/log.txt

The log is telling me that wlan0 is not recognized when booting into Attack mode.  I'm using the default settings.  Do I need to change it to br-lan in my wifi_connect.sh?

my log.txt:

 

Successfully initialized wpa_supplicant
Could not read interface wlan0 flags: No such device
nl80211: Driver does not support authentication/association or connect commands
nl80211: deinit ifname=wlan0 disabled_11b_rates=0
Could not read interface wlan0 flags: No such device
wlan0: Failed to initialize driver interface

 

Do I need to use an additional wifi adapter on the USB Host Port?  I can plug in one of my adapters with (for example) a Ralink 2870 chipset and my log no longer gives me errors.  But it still does not connect to my network via wifi.  I have also run the payload using a usb drive and it makes no difference.

Posted

Sect10_9 helped me figure it out.  My wifi_connect.sh was not in all caps.  It should be WIFI_CONNECT.s

Posted
20 hours ago, vepr said:

Sect10_9 helped me figure it out.  My wifi_connect.sh was not in all caps.  It should be WIFI_CONNECT.s

Hi vepr,

 

Can you share the payload and wifi connect extension. I am still having issues getting the owl to connect to the Wifi. For some reason, whenever I let it go to attack mode, the Owl will just single blink and never connect to the network. If you could share, that would be great. Thanks

Posted
9 minutes ago, SteveMatrix said:

Hi vepr,

 

Can you share the payload and wifi connect extension. I am still having issues getting the owl to connect to the Wifi. For some reason, whenever I let it go to attack mode, the Owl will just single blink and never connect to the network. If you could share, that would be great. Thanks

Hey SteveMatrix check out

Just note a couple of details.

  1. CASE matters in Linux. If your command for WIFI_CONNECT is in all caps in the pay load the name for the extension needs to match. WIFI_CONNECT.sh
  2. Remember to include #!/bin/bash at the beginning of the payload and extensions. https://docs.hak5.org/hc/en-us/articles/360033504014-Payload-Development-Basics
  3. if it doesn't boot try it a few times as there is a 25% to 30% failure rate on boot.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...