Winpeas: More checks & fixes

peass-ng · Feb 24, 2020 · c657598 · c657598
1 parent 8477b15
commit c657598
Show file tree

Hide file tree

Showing 73 changed files with 28,092 additions and 153 deletions.
diff --git a/linPEAS/linpeas.sh b/linPEAS/linpeas.sh
diff --git a/projects/wwjuggler/.vscode/settings.json b/projects/wwjuggler/.vscode/settings.json
@@ -0,0 +1,3 @@
+{
+    "python.pythonPath": "/usr/bin/python3"
+}
diff --git a/projects/wwjuggler/app/__init__.py b/projects/wwjuggler/app/__init__.py
diff --git a/projects/wwjuggler/app/__pycache__/__init__.cpython-37.pyc b/projects/wwjuggler/app/__pycache__/__init__.cpython-37.pyc
diff --git a/projects/wwjuggler/app/__pycache__/app.cpython-37.pyc b/projects/wwjuggler/app/__pycache__/app.cpython-37.pyc
diff --git a/projects/wwjuggler/app/__pycache__/forms.cpython-37.pyc b/projects/wwjuggler/app/__pycache__/forms.cpython-37.pyc
diff --git a/projects/wwjuggler/app/__pycache__/utils.cpython-37.pyc b/projects/wwjuggler/app/__pycache__/utils.cpython-37.pyc
diff --git a/projects/wwjuggler/app/app.py b/projects/wwjuggler/app/app.py
@@ -0,0 +1,358 @@
+from flask import Flask, render_template, flash, redirect, url_for, request
+app = Flask(__name__)
+
+from flask_httpauth import HTTPBasicAuth
+from flask_bootstrap import Bootstrap
+bootstrap = Bootstrap(app)
+from werkzeug.security import generate_password_hash, check_password_hash
+#from app import app
+from app.forms import DoSForm, ClientForm, CreateCertForm, HandshakeCapture, ExecForm, WPSCracking
+from app.utils import *
+
+import os, glob, signal
+from subprocess import Popen, PIPE
+from time import sleep
+
+app.config['SECRET_KEY'] = os.urandom(32)
+
+auth = HTTPBasicAuth()
+users = {
+    "hacker": generate_password_hash("wwjuggler"),
+}
+
+
+@auth.verify_password
+def verify_password(username, password):
+    if username in users:
+        return check_password_hash(users.get(username), password)
+    return False
+
+
+@auth.login_required
+@app.route('/change_wlan_mode/<string:wiface>', methods=['GET'])
+def change_wlan_mode(wiface):
+    wlans = get_wlan_interfaces()
+    print(wiface)
+    if wiface in wlans:
+        if wlans[wiface] == "Managed":
+            #p = Popen(("iwconfig '"+wiface+"' mode monitor").split(" "), stdout=PIPE, stderr=PIPE)
+            p = Popen(("airmon-ng start '"+wiface).split(" "), stdout=PIPE, stderr=PIPE)
+        else:
+            #p = Popen(("iwconfig '"+wiface+"' mode managed").split(" "), stdout=PIPE, stderr=PIPE)
+            p = Popen(("airmon-ng stop '"+wiface).split(" "), stdout=PIPE, stderr=PIPE)
+        stdout, stderr = p.communicate()
+
+        if stdout:
+            flash(stdout.decode("utf-8"))
+        if stderr:
+            flash("STDERR: "+stderr.decode("utf-8"))
+    return render_template('index.html', wlans=get_wlan_interfaces())
+
+
+
+@app.route('/')
+@app.route('/index')
+@auth.login_required
+def index():
+    wlans = get_wlan_interfaces()
+    return render_template('index.html', wlans=wlans)
+
+
+
+@auth.login_required
+@app.route('/scan_results')
+def scan_results():
+    stations,clients = get_scan_results()
+    return render_template('scan_results.html', aps=stations, clients=clients)
+
+
+@auth.login_required
+@app.route('/dos', methods=['GET', 'POST'])
+def dos():
+    station_macs, essids, clients_macs = get_macs_aps_clients()
+    form = DoSForm(request.form)
+    form.interface.choices = [(wlan, "{} ({})".format(wlan, mode)) for wlan,mode in get_wlan_interfaces().items()]
+    form.essid1.choices = [(e, e) for e in essids]
+    form.bssid1.choices = [(b, b) for b in station_macs]
+    form.client1.choices = [(c, c) for c in clients_macs]
+
+    if form.validate_on_submit():
+        essid = form.essid2.data if form.essid2.data else ( form.essid1.data if form.essid1.data else "")
+        bssid = form.bssid2.data if form.bssid2.data else ( form.bssid1.data if form.bssid1.data else "")
+        client = form.client2.data if form.client2.data else ( form.client1.data if form.client1.data else "")
+
+        exec_msg = "Executing " + form.option.data + " in interface " + form.interface.data
+        cmd = scripts_path+"/DoS.sh -o "+ form.option.data + " -i " + form.interface.data
+        if essid:
+            exec_msg += ", against ESSID " + essid
+            cmd += " -e \"" + essid + "\""
+        if bssid:
+            exec_msg += ", against BSSID " + bssid
+            cmd += " -b " + bssid
+        if client:
+            exec_msg += ", against Client " + client
+            cmd += " -m " + client
+        if form.channel.data:
+            exec_msg += " in Channel " + str(form.channel.data)
+            cmd += " -c " + str(form.channel.data)
+        if form.fake_essids.data:
+            exec_msg += " anouncing fake ESSIDS ("+form.fake_essids.data+")"
+            cmd += " -f \"" + form.fake_essids.data + "\""
+        if form.time.data:
+            exec_msg += " during " + str(form.time.data) + "s"
+            cmd += " -t " + str(form.time.data)
+        else:
+            exec_msg += " indefinitely"
+        if form.stealth.data:
+            exec_msg += " and stealthy"
+            cmd += " -s"
+        flash(exec_msg)
+
+        outfile = current_store_path+"/"+form.interface.data+"-"+form.option.data+str(count_ps)+".out"
+        errfile = current_store_path+"/"+form.interface.data+"-"+form.option.data+str(count_ps)+".err"
+        my_execute(cmd, outfile, errfile, True)
+
+        return redirect(url_for('console'))
+
+    return render_template('form.html', formtype="DoS Attack", form=form)
+
+
+@auth.login_required
+@app.route('/client', methods=['GET', 'POST'])
+def client():
+    station_macs, essids, clients_macs = get_macs_aps_clients()
+    form = ClientForm(request.form)
+    form.interface.choices = [(wlan, "{} ({})".format(wlan, mode)) for wlan,mode in get_wlan_interfaces().items()]
+    form.essid_whitelist.choices = [(e, e) for e in essids]
+    form.essid_blacklist.choices = [(e, e) for e in essids]
+    form.mac_whitelist.choices = [(c, c) for c in clients_macs]
+    form.mac_blacklist.choices = [(c, c) for c in clients_macs]
+
+    if form.validate_on_submit():
+        essid = form.essid2.data if form.essid2.data else ( form.essid1.data if form.essid1.data else "")
+
+        exec_msg = "Executing " + form.option.data + " in interface " + form.interface.data + " using as authentication "+form.auth.data
+        cmd = scripts_path+"/Client.sh -o "+ form.option.data + " -i " + form.interface.data + " -a " + form.auth.data
+        if form.wpa_version.data:
+            exec_msg += "(" + form.wpa_version.data +")"
+            cmd += " -w " + form.wpa_version.data
+        if essid:
+            exec_msg += ", as ESSID " + essid
+            cmd += " -e " + essid
+        if form.bssid.data:
+            exec_msg += ", as BSSID " + form.bssid.data
+            cmd += " -e " + essid
+        if form.channel.data:
+            exec_msg += " in Channel " + str(form.channel.data)
+            cmd += " -c " + str(form.channel.data)
+        if form.loud.data:
+            exec_msg += " (Loud mode)"
+            cmd += " -l"
+        if form.known_beacons.data:
+            exec_msg += " - Known Beacons declared"
+            cmd += " -k " + ",".join(form.known_beacons.data)
+        if form.mac_whitelist.data:
+            exec_msg += " - Mac Whitelist declared"
+            cmd += " -p " + ",".join(form.mac_whitelist.data)
+        if form.mac_blacklist.data:
+            exec_msg += " - Mac Blacklist declared"
+            cmd += " -v " + ",".join(form.mac_blacklist.data)
+        if form.essid_whitelist.data:
+            exec_msg += " - ESSID Whitelist declared"
+            cmd += " -n " + ",".join(form.essid_whitelist.data)
+        if form.essid_blacklist.data:
+            exec_msg += " - ESSID Blacklist declared"
+            cmd += " -m " + ",".join(form.essid_blacklist.data)
+        flash(exec_msg)
+
+        outfile = current_store_path+"/"+form.interface.data+"-"+form.option.data+str(count_ps)+".out"
+        errfile = current_store_path+"/"+form.interface.data+"-"+form.option.data+str(count_ps)+".err"
+        my_execute(cmd.split(" "), outfile, errfile)
+
+        return redirect(url_for('console'))
+
+    return render_template('form.html', formtype="Client Attack", form=form)
+
+
+@auth.login_required
+@app.route('/create_cert', methods=['GET', 'POST'])
+def create_cert():
+    form = CreateCertForm(request.form)
+
+    if form.validate_on_submit():        
+        exec_msg = "Creating certificate with CC: "+form.cc.data+", State:"+form.state.data+", City: "+form.city.data+", Organization: "+form.organization.data+", Department: "+form.department.data+", Email"+form.email.data+", CN:"+form.cn.data
+        cmd = scripts_path+"/Create_cert.sh '{}' '{}' '{}' '{}' '{}' '{}' '{}'".format(form.cc.data, form.state.data, form.city.data, form.organization.data, form.department.data, form.email.data, form.cn.data)
+        flash(exec_msg)
+
+        outfile = current_store_path+"/create_cert"+str(count_ps)+".out"
+        errfile = current_store_path+"/create_cert"+str(count_ps)+".err"
+        my_execute(cmd, outfile, errfile, True)
+        return redirect(url_for('console'))
+
+    return render_template('form.html', formtype="Create EAP Certificate", form=form)
+
+
+@auth.login_required
+@app.route('/wps_cracking', methods=['GET', 'POST'])
+def wps_cracking():
+    station_macs, essids, clients_macs = get_macs_aps_clients()
+    form = WPSCracking(request.form)
+    form.interface.choices = [(wlan, "{} ({})".format(wlan, mode)) for wlan,mode in get_wlan_interfaces().items()]
+    form.bssid.choices = [(b, b) for b in station_macs]
+
+    if form.validate_on_submit():        
+        exec_msg = "WPS cracking with option "+form.option.data+" against BSSID "+form.bssid.data+" in channel "+str(form.channel.data)
+        cmd = scripts_path+"/WPS.sh -t {} -i '{}' -b '{}' -c '{}' -o '{}'".format(form.tool.data, form.interface.data, form.bssid.data, form.channel.data, form.option.data)
+
+        if form.ignore_locks.data:
+            exec_msg += "(ignore LOCK)"
+            cmd += " -l"
+
+        if form.pin.data:
+            exec_msg += ", PIN: "+str(form.pin.data)
+            cmd += " -p "+str(form.pin.data)
+
+        if form.option.data == "nullpin":
+            cmd.replace("bully", "reaver")
+
+        flash(exec_msg)
+
+        outfile = current_store_path+"/"+form.interface.data+"-"+str(count_ps)+".out"
+        errfile = current_store_path+"/"+form.interface.data+"-"+str(count_ps)+".err"
+        my_execute(cmd, outfile, errfile, True)
+        return redirect(url_for('console'))
+
+    return render_template('form.html', formtype="WPS Cracking", form=form)
+
+
+@auth.login_required
+@app.route('/capture_handshake', methods=['GET', 'POST'])
+def capture_handshake():
+    station_macs, essids, clients_macs = get_macs_aps_clients()
+    form = HandshakeCapture(request.form)
+    form.interface.choices = [(wlan, "{} ({})".format(wlan, mode)) for wlan,mode in get_wlan_interfaces().items()]
+    form.bssid.choices = [(b, b) for b in station_macs]
+
+    if form.validate_on_submit():        
+        exec_msg = "Capturing handshakes using interface " + form.interface.data + " of bssid " + form.bssid.data + " in channel "+str(form.channel.data)
+        cmd = scripts_path+"/Capture_handshakes.sh " + form.interface.data + " " +str(form.channel.data) + " " + form.bssid.data + " " + current_store_path + "/psk"
+        flash(exec_msg)
+
+        outfile = current_store_path+"/"+form.interface.data+"-"+form.option.data+str(count_ps)+".out"
+        errfile = current_store_path+"/"+form.interface.data+"-"+form.option.data+str(count_ps)+".err"
+        my_execute(cmd.split(" "), outfile, errfile)
+        return redirect(url_for('console'))
+
+    return render_template('form.html', formtype="Capture Handshakes", form=form)
+
+
+@auth.login_required
+@app.route('/execute', methods=['GET', 'POST'])
+def execute():
+    form = ExecForm()
+
+    if form.validate_on_submit():        
+        exec_msg = "Going to execute: " + form.cmd.data 
+        flash(exec_msg)
+
+        outfile = current_store_path+"/execute"+str(count_ps)+".out"
+        errfile = current_store_path+"/execute"+str(count_ps)+".err"
+        my_execute(form.cmd.data , outfile, errfile, True)
+        sleep(1)#So when you gets to console the command is probably executed already
+        return redirect(url_for('console'))
+
+    return render_template('form.html', formtype="Execute", form=form)
+
+
+@auth.login_required
+@app.route('/console')
+def console():
+    procs = get_procs()
+    return render_template('console.html', procs=procs)
+
+
+@auth.login_required
+@app.route('/kill/<string:file_name>', methods=['GET'])
+def kill(file_name):
+    global executing_procs
+    procs = get_procs()
+
+    if ".err" in file_name:
+        file_name=file_name.replace(".err",".out")
+
+    if file_name in executing_procs and any([p["terminated"] == "Running" for p in procs if p["name"] == file_name]): #Check that the process is still running
+        pid = executing_procs[file_name].pid
+        try:
+            if not "mana" in file_name and not "evil_twin" in file_name:
+                os.killpg(pid, signal.SIGTERM)
+            else:
+                executing_procs[file_name].communicate(input=b"\n")
+                sleep(4)
+            flash("Process terminated ("+file_name.split(".")[0]+") with PID "+str(pid)+".")
+        except Exception as e:
+            print(e)
+
+    #if os.path.exists(current_store_path+"/"+file_name.split(".")[0]+".out"):
+    #    os.remove(current_store_path+"/"+file_name.split(".")[0]+".out")
+    #if os.path.exists(current_store_path+"/"+file_name.split(".")[0]+".err"):
+    #    os.remove(current_store_path+"/"+file_name.split(".")[0]+".err")
+
+    return redirect(url_for('console'))
+
+
+@auth.login_required
+@app.route('/killall', methods=['GET'])
+def killall():
+    global executing_procs
+    procs = get_procs()
+
+    for file_name in executing_procs:
+        if any([p["terminated"] == "Running" for p in procs if p["name"] == file_name]): #Check that the process is still running
+            pid = executing_procs[file_name].pid
+            try:
+                if not "mana" in file_name and not "evil_twin" in file_name:
+                    os.killpg(pid, signal.SIGTERM)
+                else:
+                    executing_procs[file_name].communicate(input=b"\n")
+                    sleep(4)
+                flash("Process terminated ("+file_name.split(".")[0]+") with PID "+str(pid)+".")
+            except:
+                pass
+
+            #if os.path.exists(current_store_path+"/"+file_name.split(".")[0]+".out"):
+            #    os.remove(current_store_path+"/"+file_name.split(".")[0]+".out")
+            #if os.path.exists(current_store_path+"/"+file_name.split(".")[0]+".err"):
+            #    os.remove(current_store_path+"/"+file_name.split(".")[0]+".err")
+
+    executing_procs = {}
+
+    return redirect(url_for('console'))
+
+
+@auth.login_required
+@app.route('/restart_airodump', methods=['POST'])
+def restart_airodump():
+    restart_airo()
+    return redirect(url_for('index'))
+
+
+@auth.login_required
+@app.route('/reboot', methods=['POST'])
+def reboot():
+    os.system("reboot")
+
+
+
+##################################################
+################ INITIAL ACTIONS #################
+##################################################
+#clean_exec_procs_dir()              #Start cleaning other executions
+if not os.path.exists(store_path):  #Create main dir if it doesn't exit (1st run)
+    os.mkdir(store_path)
+if not os.path.exists(current_store_path):  #Create main dir if it doesn't exit (1st run)
+    os.mkdir(current_store_path)
+if not os.path.exists(store_airodump):  #Create main dir if it doesn't exit (1st run)
+    os.mkdir(store_airodump)
+    sleep(0.5)
+
+restart_airo()                      #"Restart" any airodump to capture packets