pre charla

sample-scripts/dot11/lel_ap.py

@@ -0,0 +1,60 @@
+from os import geteuid
+
+from scapy.config import conf
+from scapy.layers.dot11 import Dot11, Dot11Beacon, Dot11Elt, RadioTap
+from scapy.volatile import RandMAC
+
+import random
+import argparse
+import time
+
+# Based on 10N spanish elections
+# political parties with more than 5 congressmen 
+LEL_AP = (
+    "PSOE \xf0\x9f\xa4\xb7\xe2\x80\x8d\xe2\x99\x82\xef\xb8\x8f\xf0\x9f\x92\x83\xf0\x9f\x92\xb0",
+    "PP \xf0\x9f\x92\xb0\xe2\x9c\x89",
+    "VOX \xf0\x9f\x90\x82",
+    "UP \xf0\x9f\x8f\xa1\xf0\x9f\x92\xb0",
+    "ERC \xf0\x9f\x96\xa8",
+    "CS \xf0\x9f\x93\x89\xf0\x9f\x90\xb6\xf0\x9f\x8d\xbc",
+    "JxC \x33\xef\xb8\x8f\xe2\x83\xa3\x25",
+    "PNV \xf0\x9f\x8d\xb7\xf0\x9f\xa5\xa9"
+)
+
+def rnd_aps(iface):
+    s = conf.L2socket(iface=iface)
+
+    rnd_mac = RandMAC()
+    itx = 0
+
+    try:
+        while True:
+            s.send(
+                RadioTap()/
+                Dot11(
+                    addr1="ff:ff:ff:ff:ff:ff",
+                    addr2=rnd_mac,
+                    addr3=rnd_mac,
+                    addr4=rnd_mac
+                )/
+                Dot11Beacon(cap="ESS")/
+                Dot11Elt(ID="SSID",info="VOTA " + LEL_AP[itx])/
+                Dot11Elt(ID="Rates",info="\x0c\x12\x18\x24\x30\x48\x60\x6c")/
+                Dot11Elt(ID="DSset",info=chr(1))
+            )
+            itx = (itx + 1)%len(LEL_AP)
+            time.sleep(0.001)
+    except Exception as e:
+        print(e)
+        s.close()
+
+if __name__ == '__main__':
+    if geteuid() != 0:
+        print('You must be root!')
+        os.exit(1)
+
+    parser = argparse.ArgumentParser()
+    parser.add_argument("iface", help="Interface in mode monitor", default="mon0")
+    ops = parser.parse_args()
+
+    rnd_aps(ops.iface)

sample-scripts/start_iface.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+PHY=${1:-phy0}
+
+sudo iw phy $PHY set channel 1
+sudo iw phy $PHY interface add mon0 type monitor
+
+docker run \
+    -p7474:7474 -p7687:7687 \
+    --rm  -ti\
+    --env NEO4J_AUTH=neo4j/demo \
+    neo4j:latest

slides.md

@@ -13,13 +13,15 @@ logoImg: false
 
 # with
 
-![Python](/img/python.logo.png =350x)
+![Python](/img/python.logo.png =250x)
 
 ---
 
 <!-- .slide: style="text-align: left;" -->
 
-### What's Scapy
+### What's Scapy 
+
+![Scapy](img/scapy.logo.png =200x)
 
 _"Is a **Python program** that enables the user to **send**, **sniff**, **dissect**  and **forge network packets**"_
 
@@ -31,6 +33,8 @@ _"In other words, is a **powerful** interactive packet manipulation program"_
 
 --
 
+### Do you Remember OSI?
+
 ![alt](img/wireshark_layers_icmp.png)
 
 --
@@ -96,7 +100,7 @@ pkg.show()
 
 --
 
-### Now, show me the code
+### Now, show the code
 
 ```python
 pkg = IP(dst="8.8.8.8")/ICMP(type=8)/"Payload Data"
@@ -151,3 +155,46 @@ sniff(prn=arp_monitor_callback, filter="arp", store=0)
 00:0c:29:ff:ff:ff 192.168.177.131
 00:50:56:ff:ff:ff 192.168.177.2
 ```
+
+--
+
+#### Little break for some code reading
+
+* [sendp - write packages at layer 2](https://github.com/secdev/scapy/blob/master/scapy/sendrecv.py#L338)
+* [sniff and AsyncSniffer - for package reading from interface](https://github.com/secdev/scapy/blob/43fda76e560e3c94ab64fc23f8ee29c582b459be/scapy/sendrecv.py#L1021)
+
+---
+
+#### Did you said powerful???
+
+![sounds good to me](/img/gif/sounds_good_to_me.gif =x500)
+
+--
+
+`ping -c1 8.8.8.8`
+
+`tcpdump arp`
+
+---
+
+## DEMO 1
+
+--
+
+![cat board](/img/gif/cat_board.gif =x800)
+
+---
+
+## DEMO 2
+
+[Pinecone - deauth module](https://github.com/pinecone-wifi/pinecone/blob/master/modules/attack/deauth/deauth.py#L72)
+
+--
+
+![elmo](img/gif/elmo.webp)
+
+---
+
+## DEMO 3
+
+[Pinecone - recon module](https://github.com/pinecone-wifi/pinecone/blob/master/modules/discovery/recon/recon.py#L91)