From 44f8a1e34b50dc07df3c9a6521584f5dda896a09 Mon Sep 17 00:00:00 2001 From: DroidKali <1626057480@qq.com> Date: Sun, 20 Dec 2020 01:27:37 +0800 Subject: [PATCH 1/6] eaphammer: Fix Python3 env issue in Kali Linux 2020.4 amd64 Signed-off-by: DroidKali <1626057480@qq.com> --- eaphammer | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eaphammer b/eaphammer index 944634b..473088e 100755 --- a/eaphammer +++ b/eaphammer @@ -1,4 +1,4 @@ -#!/usr/bin/env python3.8 +#!/usr/bin/env python3 import argparse import cert_wizard From 4483b5796544f10895a5dc56819ef93899e4c867 Mon Sep 17 00:00:00 2001 From: Jamie Slome Date: Wed, 21 Jul 2021 06:46:03 +0100 Subject: [PATCH 2/6] Create SECURITY.md --- SECURITY.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..656af1e --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,5 @@ +# Security Policy + +## Reporting a Vulnerability + +If you find any security issues, please report to gabriel@solstice.sh From 33bea722ccd0cb7b4c6a11b0391f0733e9dab647 Mon Sep 17 00:00:00 2001 From: s0lst1c3 Date: Wed, 21 Jul 2021 02:53:55 -0600 Subject: [PATCH 3/6] Update SECURITY.md --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 656af1e..fee03fc 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,4 +2,4 @@ ## Reporting a Vulnerability -If you find any security issues, please report to gabriel@solstice.sh +If you find any security issues, please open an issue on GitHub. From 4f34853c0aae90ad755b69a74bd2fe9d976daaa2 Mon Sep 17 00:00:00 2001 From: Gabriel Ryan Date: Wed, 4 Aug 2021 04:22:55 -0700 Subject: [PATCH 4/6] added unattended setup script for ubuntu --- ubuntu-unattended-setup | 104 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100755 ubuntu-unattended-setup diff --git a/ubuntu-unattended-setup b/ubuntu-unattended-setup new file mode 100755 index 0000000..5f82b95 --- /dev/null +++ b/ubuntu-unattended-setup @@ -0,0 +1,104 @@ +#!/usr/bin/env python3 +import os +import sys + +from settings import settings + +def exit_if_not_root(): + + if os.getuid() != 0: + sys.exit("[!} Error: this script must be run as root.") + +def read_deps_file(deps_file): + with open(deps_file) as fd: + return ' '.join([ line.strip() for line in fd ]) + +if __name__ == '__main__': + + exit_if_not_root() + + + default_wordlist = os.path.join(settings.dict['paths']['directories']['wordlists'], settings.dict['core']['eaphammer']['general']['default_wordlist']) + + wordlist_source = settings.dict['core']['eaphammer']['general']['wordlist_source'] + + root_dir = settings.dict['paths']['directories']['root'] + local_dir = settings.dict['paths']['directories']['local'] + + openssl_source = settings.dict['core']['eaphammer']['general']['openssl_source'] + openssl_version = settings.dict['core']['eaphammer']['general']['openssl_version'] + openssl_build_options = settings.dict['core']['eaphammer']['general']['openssl_build_options'] + openssl_build_prefix = os.path.join(local_dir, 'openssl/local') + + openssl_bin = settings.dict['paths']['openssl']['bin'] + dh_file = settings.dict['paths']['certs']['dh'] + + if input('Important: it is highly recommended that you run "apt -y update" and "apt -y upgrade" prior to running this setup script. Do you wish to proceed? Enter [y/N]: ').lower() != 'y': + sys.exit('Aborting.') + print() + + + print('\n[*] Removing stub files...\n') + os.system('find {} -type f -name \'stub\' -exec rm -f {{}} +'.format(root_dir)) + print('\ncomplete!\n') + + + print('\n[*] Installing Kali dependencies...\n') + os.system('export DEBIAN_FRONTEND=noninteractive && apt -yq install %s' % read_deps_file('kali-dependencies.txt')) + print('\n[*] complete!\n') + + print('\n[*] Installing Python dependencies...\n') + os.system('python3 -m pip install -r pip.req') + print('\n[*] complete!\n') + + + print('\n[*] Downloading OpenSSL_{}...\n'.format(openssl_version.replace('.', '_'))) + os.system('wget {} -O {}/openssl.tar.gz'.format(openssl_source, local_dir)) + print('\n[*] complete!\n') + + print('\n[*] Extracting OpenSSL_{}...\n'.format(openssl_version.replace('.', '_'))) + os.system('cd {} && tar xzf openssl.tar.gz'.format(local_dir)) + os.system('mv {}/openssl-OpenSSL_{} {}/openssl'.format(local_dir, openssl_version.replace('.', '_'), local_dir)) + os.system('cd {} && rm -f openssl.tar.gz'.format(local_dir)) + print('\n[*] complete!\n') + + print('\n[*] Compiling OpenSSL locally to avoid interfering with system install...\n') + os.system('cd {}/openssl && ./config --prefix={} enable-ssl2 enable-ssl3 enable-ssl3-method enable-des enable-rc4 enable-weak-ssl-ciphers no-shared'.format(local_dir, openssl_build_prefix)) + os.system('cd {}/openssl && make'.format(local_dir)) + os.system('cd {}/openssl && make install_sw'.format(local_dir)) + print('\n[*] complete!\n') + + print('\n[*] Create DH parameters file with default length of 2048...\n') + os.system('{} dhparam -out {} 2048'.format(openssl_bin, dh_file)) + print('\ncomplete!\n') + + print('\n[*] Compiling hostapd...\n') + os.system("cd %s && cp defconfig .config" % settings.dict['paths']['directories']['hostapd']) + os.system("cd %s && make hostapd-eaphammer_lib" % settings.dict['paths']['directories']['hostapd']) + print('\n[*] complete!\n') + + print('\n[*] Compiling hcxtools...\n') + os.system("cd %s && make" % settings.dict['paths']['directories']['hcxtools']) + print('\n[*] complete!\n') + + print('\n[*] Compiling hcxdumptool...\n') + os.system("cd %s && make" % settings.dict['paths']['directories']['hcxdumptool']) + print('\n[*] complete!\n') + + print('\n[*] Downloading default wordlist...\n') + os.system("wget %s -O %s.tar.gz" % (wordlist_source, default_wordlist)) + print('\n[*] complete!\n') + + print('\n[*] Extracting default wordlist...\n') + os.system("cd %s && tar xzf %s.tar.gz" % (settings.dict['paths']['directories']['wordlists'], default_wordlist)) + print('\n[*] complete!\n') + + print('\n[*] Retrieving Responder from teh interwebz...\n') + os.system("cd %s && git clone https://github.com/lgandx/Responder.git" % (settings.dict['paths']['directories']['local'])) + print('\n[*] complete!\n') + + print('\n[*] Creating symlink to captive portal template directory...\n') + os.symlink(settings.dict['paths']['wskeyloggerd']['usr_templates'], + settings.dict['paths']['wskeyloggerd']['usr_templates_sl']) + print('\n[*] complete!\n') + From 5ffbc74a8da1b24003c8e7c25b86d460d34c045a Mon Sep 17 00:00:00 2001 From: Gabriel Ryan Date: Wed, 4 Aug 2021 04:24:11 -0700 Subject: [PATCH 5/6] added unattended setup script for ubuntu --- ubuntu-unattended-setup | 3 --- 1 file changed, 3 deletions(-) diff --git a/ubuntu-unattended-setup b/ubuntu-unattended-setup index 5f82b95..cf572ea 100755 --- a/ubuntu-unattended-setup +++ b/ubuntu-unattended-setup @@ -33,9 +33,6 @@ if __name__ == '__main__': openssl_bin = settings.dict['paths']['openssl']['bin'] dh_file = settings.dict['paths']['certs']['dh'] - if input('Important: it is highly recommended that you run "apt -y update" and "apt -y upgrade" prior to running this setup script. Do you wish to proceed? Enter [y/N]: ').lower() != 'y': - sys.exit('Aborting.') - print() print('\n[*] Removing stub files...\n') From 31820c667561f8492817e81d09574c852fb48172 Mon Sep 17 00:00:00 2001 From: jerrydark Date: Thu, 16 Sep 2021 16:40:10 -0400 Subject: [PATCH 6/6] autocrack fix --- core/autocrack.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/core/autocrack.py b/core/autocrack.py index 2f59fa7..8935e83 100644 --- a/core/autocrack.py +++ b/core/autocrack.py @@ -13,6 +13,7 @@ import select import json import core.utils +import re from multiprocessing import Process from settings import settings @@ -22,6 +23,10 @@ ASLEAP_CMD = 'asleap -C %s -R %s -W %s | grep -v asleap | grep password' EAP_USERS_ENTRY = '"%s"\tTTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,MSCHAPV2,MD5,GTC,TTLS,TTLS-MSCHAPV2\t"%s"\t[2]' +challenge_pattern = re.compile("^([0-9A-Fa-f]{2}[:]){7}([0-9A-Fa-f]{2})$") +response_pattern = re.compile("^([0-9A-Fa-f]{2}[:]){23}([0-9A-Fa-f]{2})$") + + def crack_locally(username, challenge, response, wordlist): cmd = ASLEAP_CMD % (challenge, response, wordlist) @@ -74,13 +79,13 @@ def run_autocrack(wordlist): if remote_rig: pass - else: - + elif re.match(challenge_pattern, challenge) and re.match(response_pattern, response): crack_locally(username, challenge, response, wordlist) - + else: + print('[autocrack] invalid input: {}'.format(data)) class Autocrack(object):