______ Y ______
My own personal time capsule.
Tag Archives: linux
wpa_supplicant – quick reference
June 9, 2013
Posted by on wpa_supplicant is an amazing tool for linux that allows to connect to various WPA-enabled networks. Frankly speaking is so simple to use that it should take less than 30sec to configure provided that you know what config can be used for which network. Here is the list of tested configs:
Open Network
ctrl_interface=/var/run/wpa_supplicant ap_scan=1 ctrl_interface_group=0 network={ ssid="<your SSID>" key_mgmt=NONE priority=2 }
WPA Network
ctrl_interface=/var/run/wpa_supplicant ap_scan=1 ctrl_interface_group=0 network={ scan_ssid=1 ssid="<your SSID>" proto=WPA key_mgmt=WPA-PSK pairwise=CCMP TKIP group=CCMP TKIP WEP104 WEP40 psk=<psk key> }
WPA2 Network
ctrl_interface=/var/run/wpa_supplicant ap_scan=1 ctrl_interface_group=0 network={ scan_ssid=1 mode=0 ssid="<your SSID>" proto=WPA2 key_mgmt=WPA-PSK pairwise=CCMP TKIP group=CCMP TKIP psk="<psk key> }
EAP-PEAP
ctrl_interface=/var/run/wpa_supplicant ap_scan=1 ctrl_interface_group=0 network={ scan_ssid=1 mode=0 ssid="<your SSID>" proto=RSN key_mgmt=WPA-EAP pairwise=CCMP wpa=group=CCMP eap=PEAP priority=2 eapol_flags=0 identity="<username>" password="<password>" }
Cisco LEAP
ctrl_interface=/var/run/wpa_supplicant ap_scan=1 ctrl_interface_group=0 network={ scan_ssid=1 mode=0 ssid="<your SSID>" proto=WPA key_mgmt=WPA-EAP pairwise=TKIP eap=LEAP priority=2 auth_alg=LEAP eapol_flags=0 identity="<username>" password="<password>" }
EAP-TTLS
ctrl_interface=/var/run/wpa_supplicant ap_scan=1 ctrl_interface_group=0 network={ scan_ssid=1 mode=0 ssid="<your SSID>" proto=RSN key_mgmt=IEEE8021X wpa-phase2=PAP # [Can also be: CHAP, MSCHAP, MSCHAPV2] eap=TTLS identity="<username>" password="<password>" }
EAP-TLS
step 1) openssl pkcs12 -in <your_network_certificate>.pfx -out ca.pem -cacerts -nokeys openssl pkcs12 -in <your_network_certificate>.pfx -out user.pem -clcerts step 2) wpa_supplicant config: ctrl_interface=/var/run/wpa_supplicant ap_scan=1 ctrl_interface_group=0 network={ ssid="<your SSID>" scan_ssid=1 key_mgmt=WPA-EAP pairwise=CCMP TKIP group=CCMP TKIP eap=TLS identity="username" ca_cert="cert.pem" client_cert="ca.pem" private_key="user.pem" private_key_passwd="1234" }
How do we even use wpa_supplicant? Simply follow these steps:
Step 1) download and install it (source here)
Step 2) save one of the above configs to a file – e.g. ‘/etc/wpa_supplicant_LEAP.conf’
Step 3) if the network is PSK based use wpa_passphase to generate it & copy into the config – note the ‘psk key’ markers in the configs above where the PSK should be
Step 4) run wpa_supplicant as follows:
wpa_supplicant -c <path_to_your_config_file> -i <your interface>
Alternatively run above command with -dd for extra debugging output.
IDS/IPS Testing with EICAR
January 26, 2012
Posted by on Following script will attempt to submit common malware string EICAR on multiple ports for IDS/IPS system to alert on in. It can be used to test how well does IDS pick up various malware that can be seen on the wire.
# IMPORTS import socket import httplib,urllib import ftplib import telnetlib # the eicar string to test with EICAR = "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" ############# CONFIGURATION ############# IP = "127.0.0.1" ############# END OF CONF ############# def info(): print "[+] Multi-Protocol EICAR tester by Y" print "[+] contact : If you know me then give me a shout" print "[+] Supports - HTTP, FTP, TELNET, SSL , TCP , UDP , DNS" print "[+] NOTE: Set NC listener on specific ports between the hosts and DIS and watch IDS alerting on protocols" print "[+] Following ports are used: 21(TCP),23(TCP),25(TCP),100(UDP),80(TCP),22(TCP),443(TCP),53(UDP)" def sendHTTP(data,target,port): try: print "[+] Sending HTTP request" conn = httplib.HTTPConnection(target,port) try: print "\t HEAD" conn.request("HEAD",EICAR) except: pass try: print "\t GET" conn.request("GET",EICAR) except: pass try: print "\t POST" params = urllib.urlencode({'eicar': EICAR}) headers = {"Content-type": "application/x-www-form-urlencoded","Accept": "text/plain"} conn.request("POST", "", params, headers) except: pass try: print "\t PUT" conn.request("PUT",EICAR) except: pass try: print "\t DELETE" conn.request("DELETE",EICAR) except: pass except Exception,e: print "[-] Unable to send HTTP data due to : ",e pass def sendFTP(data,target,port): try: print "[+] Sending FTP request" ftp = ftplib.FTP() ftp.connect(target, port) ftp.putline(data) # send single EICAR request ftp.close() except Exception,e: print "[-] Unable to send FTP data due to : ",e pass def sendTelnet(data,target,port): try: print "[+] Sending TELNET request" tn = telnetlib.Telnet(target,port) tn.write(EICAR) tn.close() except Exception,e: print "[-] Unable to send TELNET data due to : ",e pass def sendSMTP(data,target,port): try: print "[+] Sending SMTP request" tn = telnetlib.Telnet(target,port) tn.write("HELO localhost") tn.write("MAIL FROM: root@localhost") tn.write("RCPT TO: root@localhost") tn.write("DATA \n") tn.write(EICAR) tn.write("\n\t\n\t") tn.write("QUIT") tn.close() except Exception,e: print "[-] Unable to send SMTP data due to : ",e pass def sendSSH(data,targer,port): pass def sendSSL(data,target,port): try: print "[+] Sending HTTP request" conn = httplib.HTTPSConnection(target,port) try: print "\t HEAD" conn.request("HEAD",EICAR) except: pass try: print "\t GET" conn.request("GET",EICAR) except: pass try: print "\t POST" params = urllib.urlencode({'eicar': EICAR}) headers = {"Content-type": "application/x-www-form-urlencoded","Accept": "text/plain"} conn.request("POST", "", params, headers) except: pass try: print "\t PUT" conn.request("PUT",EICAR) except: pass try: print "\t DELETE" conn.request("DELETE",EICAR) except: pass except Exception,e: print "[-] Unable to send HTTP data due to : ",e pass def sendICMP(data,target): pass def sendRCP(data,target,port): pass def sendTCP(data,target,port): try: print "[+] Sending TCP data " socket.setdefaulttimeout(4) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((target, int(port))) s.send(data) s.close() except Exception,e: print "[-] Unable to send TCP data due to : ",e pass def sendUDP(data,target,port): try: print "[+] Sending UDP data " sock = socket.socket( socket.AF_INET, socket.SOCK_DGRAM ) sock.sendto( data, (target, port)) except Exception,e: print "[-] Unable to send UDP data due to : ",e pass def sendNETBIOS(data,target,port): pass def sendDNS(data,target,port): try: print "[+] Sending DNS request " sendUDP(data, target, port) # dirty trick except Exception,e: print "[-] Unable to send DNS data due to : ",e pass def end(): print "Done, now review IDS logs for each protocol" def start_test(): info() sendFTP(EICAR, IP, 21) sendTelnet(EICAR, IP, 23) sendSMTP(EICAR, IP, 25) sendUDP(EICAR,IP, 100) sendHTTP(EICAR, IP, 80) sendTCP(EICAR, IP, 22) sendSSL(EICAR, IP, 443) sendDNS(EICAR,IP,53) #TODO: #Protocol play ( these are HPING2 wrappers ) #sendICMP(EICAR,'192.168.2.79') #sendRCP(EICAR, '192.168.2.79', 445) #sendNETBIOS(EICAR, '192.168.2.79', 139) #sendSSH(EICAR, '192.168.2.79', 22) sendDNS(EICAR,IP,53) end() # start_test the test start_test()