From d29d4e115d2b59603fa069e3c49bf757e88b342f Mon Sep 17 00:00:00 2001
From: Mari Wahl <mari.wahl9@gmail.com>
Date: Wed, 24 Dec 2014 09:53:20 -0500
Subject: [PATCH] fix some readmes, added some inits, partially done writing
 the scapy scripts

---
 Network_and_802.11/802.11/README.md           |  4 +--
 Network_and_802.11/802.11/__init__.py         |  0
 Network_and_802.11/README.md                  |  4 ++-
 Network_and_802.11/netaddr/__init__.py        |  0
 Network_and_802.11/other_scripts/__init__.py  |  0
 Network_and_802.11/paramiko/README.md         |  2 +-
 Network_and_802.11/paramiko/__init__.py       |  0
 Network_and_802.11/port_knocking/__init__.py  |  0
 Network_and_802.11/scanner/__init__.py        |  0
 Network_and_802.11/scapy/__init__.py          |  0
 Network_and_802.11/scapy/fuzzer.py            |  7 +++++
 Network_and_802.11/scapy/sniff_simple.py      | 19 ++++++++++++
 Network_and_802.11/scapy/stealing_emails.py   | 26 ++++++++++++++++
 Network_and_802.11/scapy/tcp_handshake.py     | 29 +++++++++++++++++
 Network_and_802.11/scapy/tools.py             | 19 ++++++++++++
 Network_and_802.11/scapy/traceroute_simple.py | 31 -------------------
 Network_and_802.11/socket/README.md           |  2 +-
 Network_and_802.11/socket/__init__.py         |  0
 Network_and_802.11/telnetlib/__init__.py      |  0
 Network_and_802.11/wireshark_stuff/README.md  |  3 +-
 .../wireshark_stuff/__init__.py               |  0
 21 files changed, 107 insertions(+), 39 deletions(-)
 create mode 100644 Network_and_802.11/802.11/__init__.py
 create mode 100644 Network_and_802.11/netaddr/__init__.py
 create mode 100644 Network_and_802.11/other_scripts/__init__.py
 create mode 100644 Network_and_802.11/paramiko/__init__.py
 create mode 100644 Network_and_802.11/port_knocking/__init__.py
 create mode 100644 Network_and_802.11/scanner/__init__.py
 create mode 100644 Network_and_802.11/scapy/__init__.py
 create mode 100644 Network_and_802.11/scapy/fuzzer.py
 create mode 100644 Network_and_802.11/scapy/sniff_simple.py
 create mode 100644 Network_and_802.11/scapy/tcp_handshake.py
 create mode 100644 Network_and_802.11/scapy/tools.py
 delete mode 100644 Network_and_802.11/scapy/traceroute_simple.py
 create mode 100644 Network_and_802.11/socket/__init__.py
 create mode 100644 Network_and_802.11/telnetlib/__init__.py
 create mode 100644 Network_and_802.11/wireshark_stuff/__init__.py

diff --git a/Network_and_802.11/802.11/README.md b/Network_and_802.11/802.11/README.md
index a02a2f6..6097627 100644
--- a/Network_and_802.11/802.11/README.md
+++ b/Network_and_802.11/802.11/README.md
@@ -1,6 +1,4 @@
-# BT3GL's Hacking Guide
-
-Disclaimer: I do not support or endorse any illegal activities! Only test these techniques in your OWN machines and networks.
+# WiFi Hacking Guide (bt3)
 
 
 ## THEORY
diff --git a/Network_and_802.11/802.11/__init__.py b/Network_and_802.11/802.11/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/Network_and_802.11/README.md b/Network_and_802.11/README.md
index 99546ff..322515a 100644
--- a/Network_and_802.11/README.md
+++ b/Network_and_802.11/README.md
@@ -1,6 +1,8 @@
 # Network and 802.11
 
-## Subfolders:
+My resources in networking and wireless hacking.
+
+## Packages:
 
 ### 802.11
 
diff --git a/Network_and_802.11/netaddr/__init__.py b/Network_and_802.11/netaddr/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/Network_and_802.11/other_scripts/__init__.py b/Network_and_802.11/other_scripts/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/Network_and_802.11/paramiko/README.md b/Network_and_802.11/paramiko/README.md
index 6d22ab5..f23b826 100644
--- a/Network_and_802.11/paramiko/README.md
+++ b/Network_and_802.11/paramiko/README.md
@@ -1,4 +1,4 @@
-# The Paramiko Module
+# The Paramiko Module (by bt3)
 
 **Paramiko** is awesome!!! It uses my dear [PyCrypto](https://www.dlitz.net/software/pycrypto/) to give us access to the [SSH2 protocol](http://en.wikipedia.org/wiki/SSH2), and it has a flexible and easy to use API.
 
diff --git a/Network_and_802.11/paramiko/__init__.py b/Network_and_802.11/paramiko/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/Network_and_802.11/port_knocking/__init__.py b/Network_and_802.11/port_knocking/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/Network_and_802.11/scanner/__init__.py b/Network_and_802.11/scanner/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/Network_and_802.11/scapy/__init__.py b/Network_and_802.11/scapy/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/Network_and_802.11/scapy/fuzzer.py b/Network_and_802.11/scapy/fuzzer.py
new file mode 100644
index 0000000..b206e06
--- /dev/null
+++ b/Network_and_802.11/scapy/fuzzer.py
@@ -0,0 +1,7 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+from scapy.all import *
+
+send(IP(dst='192.168.1.114')/UDP()/fuzz(DNS()), inter=1,loop=1)
diff --git a/Network_and_802.11/scapy/sniff_simple.py b/Network_and_802.11/scapy/sniff_simple.py
new file mode 100644
index 0000000..71ea113
--- /dev/null
+++ b/Network_and_802.11/scapy/sniff_simple.py
@@ -0,0 +1,19 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+from scapy.all import *
+
+def save():
+    a = sniff(filter='icmp', iface='wlp1s0', timeout=10, count=3,  prn=lambda x:x.summary())
+    wrpcap('packets.pcap', a)
+
+def open():
+    p = rdpcap('packets.pcap', p)
+    p.show()
+
+def scan():
+    res, unans = sr( IP(dst='192.168.1.114')/TCP(flags='S', dport=(1, 1024)))
+    print res.summary()
+
+scan()
\ No newline at end of file
diff --git a/Network_and_802.11/scapy/stealing_emails.py b/Network_and_802.11/scapy/stealing_emails.py
index 358a009..db6c0eb 100755
--- a/Network_and_802.11/scapy/stealing_emails.py
+++ b/Network_and_802.11/scapy/stealing_emails.py
@@ -2,3 +2,29 @@
 
 __author__ = "bt3"
 
+''' A simple sniffer to capture SMTP, POP3, IMAP credentials'''
+
+
+''''
+DOCUMENTATION:
+# sniffer that dissects and dumps the packets out
+# filter allows to specify a BPF, wireshark style to packets,
+# for example, to sniff all HTTP packets you use a BPF filter of tcp
+# and port 80
+# iface parameter tells the sniffer which network interface to sniff on
+# prn parameter specifies a callback function to every packet that matches the filter
+# and it will receive packet as its single parameter
+# count specifies how many packets you want to sniff (blank: infinite)
+sniff(filter'', iface='any', prn=function, count=N)
+'''
+
+
+from scapy.all import *
+
+# our packet callback
+def packet_callback(packet):
+    print packet.show()
+
+# fire up the sniffer
+
+
diff --git a/Network_and_802.11/scapy/tcp_handshake.py b/Network_and_802.11/scapy/tcp_handshake.py
new file mode 100644
index 0000000..113d0eb
--- /dev/null
+++ b/Network_and_802.11/scapy/tcp_handshake.py
@@ -0,0 +1,29 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+from scapy.all import *
+
+# Set port & MAC address
+FAKE_IP = "10.0.4.4" # Use something that nobody else is going to have
+MAC_ADDR = "60:67:20:eb:7b:bc" # My actual MAC address
+
+# Broadcast our fake IP address
+srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(psrc=FAKE_IP, hwsrc=MAC_ADDR))
+
+source_port += 1
+ip_header = IP(dst=dest, src=FAKE_IP) # Set the source port to
+ans = sr1(ip_header / TCP(dport=80, sport=source_port,  flags="S", seq=random.randint(0, 1000))) # SYN
+# ans is the SYN-ACK
+reply = ip_header / TCP(dport=80, sport=source_port, seq=ans.ack, ack = ans.seq + 1, flags="A") # ACK
+send(reply) # Send ACK
+pkt = ip_header / TCP(dport=80, sport=source_port, seq=reply.seq, flags="AP") / "GET / HTTP/1.1\r\n\r\n" # Send our real packet
+send(pkt)
+
+
+ip = IP(src='192.168.1.114', dst='192.168.1.25')
+SYN = TCP(sport=1024, dport=80, flags='S', seq=12345)
+packet = ip/SYN
+
+SYNACK = sr1(packet)
+ack = SYNACK.seq + 1
\ No newline at end of file
diff --git a/Network_and_802.11/scapy/tools.py b/Network_and_802.11/scapy/tools.py
new file mode 100644
index 0000000..e602637
--- /dev/null
+++ b/Network_and_802.11/scapy/tools.py
@@ -0,0 +1,19 @@
+#!/usr/bin/env python
+
+__author__ = "bt3"
+
+from scapy.all import *
+
+HOST ='www.google.com'
+
+def tr():
+    print traceroute(HOST)
+
+def pi():
+    print arping('192.168.1.114')
+
+#pi()
+
+#tr()
+
+print sniff(iface="wlp1s0",prn=lambda x:x.sprintf("{Dot11Beacon:%Dot11.addr3%\t%Dot11Beacon.info%\t%PrismHeader.channel%\tDot11Beacon.cap%}"))
\ No newline at end of file
diff --git a/Network_and_802.11/scapy/traceroute_simple.py b/Network_and_802.11/scapy/traceroute_simple.py
deleted file mode 100644
index 90cf883..0000000
--- a/Network_and_802.11/scapy/traceroute_simple.py
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/usr/bin/env python
-
-__author__ = "bt3"
-
-from scapy.all import *
-
-HOST = "google.com"
-
-def traceroute():
-    for i in range(1, 28):
-
-        pkt = IP(dst=HOST, ttl=i) / UDP(dport=33434)
-        # Send the packet and get a reply
-        reply = sr1(pkt, verbose=0)
-
-        if reply is None:
-            # No reply =(
-            break
-
-        elif reply.type == 3:
-            # We've reached our destination
-            print "Done!", reply.src
-            break
-
-        else:
-            # We're in the middle somewhere
-            print "%d hops away: " % i , reply.src
-
-
-if __name__ == '__main__':
-    traceroute()
\ No newline at end of file
diff --git a/Network_and_802.11/socket/README.md b/Network_and_802.11/socket/README.md
index 624dd89..a25d2c2 100644
--- a/Network_and_802.11/socket/README.md
+++ b/Network_and_802.11/socket/README.md
@@ -1,4 +1,4 @@
-# The Socket Module
+# The Socket Module (by bt3)
 
 Python's [socket](https://docs.python.org/2/library/socket.html) module   contains all the tools to write [TCP](http://en.wikipedia.org/wiki/Transmission_Control_Protocol)/[UDP](http://en.wikipedia.org/wiki/User_Datagram_Protocol) clients and servers, including [raw sockets](http://en.wikipedia.org/wiki/Raw_socket). It's really nice!
 
diff --git a/Network_and_802.11/socket/__init__.py b/Network_and_802.11/socket/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/Network_and_802.11/telnetlib/__init__.py b/Network_and_802.11/telnetlib/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/Network_and_802.11/wireshark_stuff/README.md b/Network_and_802.11/wireshark_stuff/README.md
index b0b026b..260c4c7 100644
--- a/Network_and_802.11/wireshark_stuff/README.md
+++ b/Network_and_802.11/wireshark_stuff/README.md
@@ -1,11 +1,10 @@
-# [WIRESHARK GUIDE (by bt3)](http://bt3gl.github.io/wiresharking-for-fun-or-profit.html)
+# [Wireshark Guide (by bt3)](http://bt3gl.github.io/wiresharking-for-fun-or-profit.html)
 
 
 [Wireshark](https://www.wireshark.org/) is an open source **network packet analyzer** that allows live  traffic analysis, with support to several  protocols.
 
 Wireshark also allows **network forensic**, being very useful for CTFs for example (check my writeups for the  [D-CTF Quals 2014](http://bt3gl.github.io/exploring-d-ctf-quals-2014s-exploits.html) and for the CSAW Quals 2014 in [Networking](http://bt3gl.github.io/csaw-ctf-2014-networking-100-big-data.html) and [Forensics](http://bt3gl.github.io/csaw-ctf-2014-forensics-200-why-not-sftp.html)).
 
-In this blog post I introduce Wireshark and I talk about my favorite features in the tool.
 
 
 ------------------------------------------------------
diff --git a/Network_and_802.11/wireshark_stuff/__init__.py b/Network_and_802.11/wireshark_stuff/__init__.py
new file mode 100644
index 0000000..e69de29