Wireless Hack Packages Update

Jordan Drysdale//

With Wild West Hackin’ Fest 2018 coming up (!!!), here’s a preview of some things you might see in the wireless labs.

First, s0lst1c3’s eaphammer. @relkci and I met this dude at HackWest 2018 doing his thing. Full workshop, his time and effort free for the public. Brilliant kid, couldn’t have been nicer, more willing to share, or fully engaged with the community. His package has been the first executed out of my backpack during onsite engagements for a while now.

Link: https://github.com/s0lst1c3/eaphammer

Usage (5 minutes to online):

  1. Git clone
  2. Generate cert
  3. Attack

This is a solid tool that torques hostapd-wpe configs on the fly and steals creds. This has an autocrack option, so it can be very effective where situational user population password policies are not. There are a lot more options and things to do with this tool than just steal RADIUS creds.

./eaphammer --auth wpa --essid dot1x -i wlan0 --creds

 

And, as usual, assuming the certificate is believable enough, we have creds of sorts.

 

The InfamousSYN’s Rogue.py, link here: https://github.com/InfamousSYN/rogue.

Usage (5 minutes to online):

  1. Git clone
  2. Generate cert
  3. Attack

I have been using this for the *infamous* –gag– KARMA attack.

Python rogue.py -I wlan0 -H g -C 6 --auth open --internet --karma -w demo.pcap

 

And, voila…station connected.

 


Then, my device requests the “subnet gateway” MAC address forward along a DNS request for twitter.

 


This could clearly be much more painful. This utility has a mountain of configurable options ripe for further investigations.

Last up for today, the wifiphisher kit. Can be pulled from Github here: https://github.com/wifiphisher/wifiphisher

Usage (5 minutes to online):

  1. Git clone
  2. Python setup.py install
  3. Generate cert
  4. Attack

This one is a step up, for sure. The command line options are not for the faint of heart and some of the “PHISHINGSCENARIOS” don’t quite align with each other’s naming conventions. I personally love the pop-up web server wireless key request.

Run it like so.

Wifiphisher -e DemoWPA2 -p wifi_connect -nE

 

Open web browser and see this (source is wifiphisher Github).


Entered data is POSTed to tool. Game on.

 


Wireless hacking tools update complete. Always be civil. Cheers!



Want to learn more mad skills from the person who wrote this blog?

Check out this class from Kent and Jordan:

Defending the Enterprise

Available live/virtual and on-demand!