diff --git a/Network_and_802.11/802.11/README.md b/Network_and_802.11/802.11/README.md index a02a2f6..6097627 100644 --- a/Network_and_802.11/802.11/README.md +++ b/Network_and_802.11/802.11/README.md @@ -1,6 +1,4 @@ -# BT3GL's Hacking Guide - -Disclaimer: I do not support or endorse any illegal activities! Only test these techniques in your OWN machines and networks. +# WiFi Hacking Guide (bt3) ## THEORY diff --git a/Network_and_802.11/802.11/__init__.py b/Network_and_802.11/802.11/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/Network_and_802.11/README.md b/Network_and_802.11/README.md index 99546ff..322515a 100644 --- a/Network_and_802.11/README.md +++ b/Network_and_802.11/README.md @@ -1,6 +1,8 @@ # Network and 802.11 -## Subfolders: +My resources in networking and wireless hacking. + +## Packages: ### 802.11 diff --git a/Network_and_802.11/netaddr/__init__.py b/Network_and_802.11/netaddr/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/Network_and_802.11/other_scripts/__init__.py b/Network_and_802.11/other_scripts/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/Network_and_802.11/paramiko/README.md b/Network_and_802.11/paramiko/README.md index 6d22ab5..f23b826 100644 --- a/Network_and_802.11/paramiko/README.md +++ b/Network_and_802.11/paramiko/README.md @@ -1,4 +1,4 @@ -# The Paramiko Module +# The Paramiko Module (by bt3) **Paramiko** is awesome!!! It uses my dear [PyCrypto](https://www.dlitz.net/software/pycrypto/) to give us access to the [SSH2 protocol](http://en.wikipedia.org/wiki/SSH2), and it has a flexible and easy to use API. diff --git a/Network_and_802.11/paramiko/__init__.py b/Network_and_802.11/paramiko/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/Network_and_802.11/port_knocking/__init__.py b/Network_and_802.11/port_knocking/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/Network_and_802.11/scanner/__init__.py b/Network_and_802.11/scanner/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/Network_and_802.11/scapy/__init__.py b/Network_and_802.11/scapy/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/Network_and_802.11/scapy/fuzzer.py b/Network_and_802.11/scapy/fuzzer.py new file mode 100644 index 0000000..b206e06 --- /dev/null +++ b/Network_and_802.11/scapy/fuzzer.py @@ -0,0 +1,7 @@ +#!/usr/bin/env python + +__author__ = "bt3" + +from scapy.all import * + +send(IP(dst='192.168.1.114')/UDP()/fuzz(DNS()), inter=1,loop=1) diff --git a/Network_and_802.11/scapy/sniff_simple.py b/Network_and_802.11/scapy/sniff_simple.py new file mode 100644 index 0000000..71ea113 --- /dev/null +++ b/Network_and_802.11/scapy/sniff_simple.py @@ -0,0 +1,19 @@ +#!/usr/bin/env python + +__author__ = "bt3" + +from scapy.all import * + +def save(): + a = sniff(filter='icmp', iface='wlp1s0', timeout=10, count=3, prn=lambda x:x.summary()) + wrpcap('packets.pcap', a) + +def open(): + p = rdpcap('packets.pcap', p) + p.show() + +def scan(): + res, unans = sr( IP(dst='192.168.1.114')/TCP(flags='S', dport=(1, 1024))) + print res.summary() + +scan() \ No newline at end of file diff --git a/Network_and_802.11/scapy/stealing_emails.py b/Network_and_802.11/scapy/stealing_emails.py index 358a009..db6c0eb 100755 --- a/Network_and_802.11/scapy/stealing_emails.py +++ b/Network_and_802.11/scapy/stealing_emails.py @@ -2,3 +2,29 @@ __author__ = "bt3" +''' A simple sniffer to capture SMTP, POP3, IMAP credentials''' + + +'''' +DOCUMENTATION: +# sniffer that dissects and dumps the packets out +# filter allows to specify a BPF, wireshark style to packets, +# for example, to sniff all HTTP packets you use a BPF filter of tcp +# and port 80 +# iface parameter tells the sniffer which network interface to sniff on +# prn parameter specifies a callback function to every packet that matches the filter +# and it will receive packet as its single parameter +# count specifies how many packets you want to sniff (blank: infinite) +sniff(filter'', iface='any', prn=function, count=N) +''' + + +from scapy.all import * + +# our packet callback +def packet_callback(packet): + print packet.show() + +# fire up the sniffer + + diff --git a/Network_and_802.11/scapy/tcp_handshake.py b/Network_and_802.11/scapy/tcp_handshake.py new file mode 100644 index 0000000..113d0eb --- /dev/null +++ b/Network_and_802.11/scapy/tcp_handshake.py @@ -0,0 +1,29 @@ +#!/usr/bin/env python + +__author__ = "bt3" + +from scapy.all import * + +# Set port & MAC address +FAKE_IP = "10.0.4.4" # Use something that nobody else is going to have +MAC_ADDR = "60:67:20:eb:7b:bc" # My actual MAC address + +# Broadcast our fake IP address +srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(psrc=FAKE_IP, hwsrc=MAC_ADDR)) + +source_port += 1 +ip_header = IP(dst=dest, src=FAKE_IP) # Set the source port to +ans = sr1(ip_header / TCP(dport=80, sport=source_port, flags="S", seq=random.randint(0, 1000))) # SYN +# ans is the SYN-ACK +reply = ip_header / TCP(dport=80, sport=source_port, seq=ans.ack, ack = ans.seq + 1, flags="A") # ACK +send(reply) # Send ACK +pkt = ip_header / TCP(dport=80, sport=source_port, seq=reply.seq, flags="AP") / "GET / HTTP/1.1\r\n\r\n" # Send our real packet +send(pkt) + + +ip = IP(src='192.168.1.114', dst='192.168.1.25') +SYN = TCP(sport=1024, dport=80, flags='S', seq=12345) +packet = ip/SYN + +SYNACK = sr1(packet) +ack = SYNACK.seq + 1 \ No newline at end of file diff --git a/Network_and_802.11/scapy/tools.py b/Network_and_802.11/scapy/tools.py new file mode 100644 index 0000000..e602637 --- /dev/null +++ b/Network_and_802.11/scapy/tools.py @@ -0,0 +1,19 @@ +#!/usr/bin/env python + +__author__ = "bt3" + +from scapy.all import * + +HOST ='www.google.com' + +def tr(): + print traceroute(HOST) + +def pi(): + print arping('192.168.1.114') + +#pi() + +#tr() + +print sniff(iface="wlp1s0",prn=lambda x:x.sprintf("{Dot11Beacon:%Dot11.addr3%\t%Dot11Beacon.info%\t%PrismHeader.channel%\tDot11Beacon.cap%}")) \ No newline at end of file diff --git a/Network_and_802.11/scapy/traceroute_simple.py b/Network_and_802.11/scapy/traceroute_simple.py deleted file mode 100644 index 90cf883..0000000 --- a/Network_and_802.11/scapy/traceroute_simple.py +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env python - -__author__ = "bt3" - -from scapy.all import * - -HOST = "google.com" - -def traceroute(): - for i in range(1, 28): - - pkt = IP(dst=HOST, ttl=i) / UDP(dport=33434) - # Send the packet and get a reply - reply = sr1(pkt, verbose=0) - - if reply is None: - # No reply =( - break - - elif reply.type == 3: - # We've reached our destination - print "Done!", reply.src - break - - else: - # We're in the middle somewhere - print "%d hops away: " % i , reply.src - - -if __name__ == '__main__': - traceroute() \ No newline at end of file diff --git a/Network_and_802.11/socket/README.md b/Network_and_802.11/socket/README.md index 624dd89..a25d2c2 100644 --- a/Network_and_802.11/socket/README.md +++ b/Network_and_802.11/socket/README.md @@ -1,4 +1,4 @@ -# The Socket Module +# The Socket Module (by bt3) Python's [socket](https://docs.python.org/2/library/socket.html) module contains all the tools to write [TCP](http://en.wikipedia.org/wiki/Transmission_Control_Protocol)/[UDP](http://en.wikipedia.org/wiki/User_Datagram_Protocol) clients and servers, including [raw sockets](http://en.wikipedia.org/wiki/Raw_socket). It's really nice! diff --git a/Network_and_802.11/socket/__init__.py b/Network_and_802.11/socket/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/Network_and_802.11/telnetlib/__init__.py b/Network_and_802.11/telnetlib/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/Network_and_802.11/wireshark_stuff/README.md b/Network_and_802.11/wireshark_stuff/README.md index b0b026b..260c4c7 100644 --- a/Network_and_802.11/wireshark_stuff/README.md +++ b/Network_and_802.11/wireshark_stuff/README.md @@ -1,11 +1,10 @@ -# [WIRESHARK GUIDE (by bt3)](http://bt3gl.github.io/wiresharking-for-fun-or-profit.html) +# [Wireshark Guide (by bt3)](http://bt3gl.github.io/wiresharking-for-fun-or-profit.html) [Wireshark](https://www.wireshark.org/) is an open source **network packet analyzer** that allows live traffic analysis, with support to several protocols. Wireshark also allows **network forensic**, being very useful for CTFs for example (check my writeups for the [D-CTF Quals 2014](http://bt3gl.github.io/exploring-d-ctf-quals-2014s-exploits.html) and for the CSAW Quals 2014 in [Networking](http://bt3gl.github.io/csaw-ctf-2014-networking-100-big-data.html) and [Forensics](http://bt3gl.github.io/csaw-ctf-2014-forensics-200-why-not-sftp.html)). -In this blog post I introduce Wireshark and I talk about my favorite features in the tool. ------------------------------------------------------ diff --git a/Network_and_802.11/wireshark_stuff/__init__.py b/Network_and_802.11/wireshark_stuff/__init__.py new file mode 100644 index 0000000..e69de29