search

s0lst1c3 / eaphammer

Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
GNU General Public License v3.0
2.11k stars 306 forks source link

Create-Template stalls until keyboard interrupt #172

Closed ightnapovial closed 11 months ago

ightnapovial commented 3 years ago

Describe the bug

Creating captive portal template stalls after warning about pywebcopy global config being missing requiring keyboard interrupt to stop.

To Reproduce

Steps to reproduce the behavior:

run: sudo ./eaphammer --create-template --name testing --url --https://www.facebook.com/ as an example

Expected behavior

Presumably that that template is created. I have yet to see a template created successfully.

Screenshots

N/A

Command string(s) used

sudo ./eaphammer --create-template --name testing --url --https://www.facebook.com/

EAPHammer verbose output (using the --debug flag)

[?] Am I root?
[*] Checking for rootness...
[*] I AM ROOOOOOOOOOOOT
[*] Root privs confirmed! 8D
[debug] Settings:
{
    "core": {
        "eap_user_methods": {
            "peap_version": {
                "gtc_downgrade": "1"
            },
            "phase1": {
                "balanced": "PEAP,TTLS,TLS,FAST",
                "gtc_downgrade": "PEAP",
                "speed": "PEAP,TTLS,TLS,FAST",
                "weakest": "PEAP,TTLS,TLS,FAST"
            },
            "phase2": {
                "balanced": "GTC,MSCHAPV2,TTLS-MSCHAPV2,TTLS,TTLS-CHAP,TTLS-PAP,TTLS-MSCHAP,MD5",
                "gtc_downgrade": "GTC",
                "speed": "MSCHAPV2,TTLS-MSCHAPV2,TTLS,TTLS-CHAP,GTC,TTLS-PAP,TTLS-MSCHAP,MD5",
                "weakest": "GTC,TTLS-PAP,MD5,TTLS-CHAP,TTLS-MSCHAP,MSCHAPV2,TTLS-MSCHAPV2,TTLS"
            }
        },
        "eaphammer": {
            "general": {
                "default_ssid_list": "example_known_ssids_file.txt",
                "default_wordlist": "rockyou.txt",
                "openssl_build_options": "'enable-ssl2 enable-ssl3 enable-ssl3-method enable-des enable-rc4 enable-weak-ssl-ciphers no-shared'",
                "openssl_source": "'https://github.com/openssl/openssl/archive/OpenSSL_1_1_1a.tar.gz'",
                "openssl_version": "'1.1.1a'",
                "proc_ipforward": "/proc/sys/net/ipv4/ip_forward",
                "version": "'0.1.4'",
                "wordlist_source": "https://github.com/danielmiessler/SecLists/blob/43e28e38957f456cac37d29e6596284cd7c88f90/Passwords/rockyou.txt.tar.gz?raw=true"
            },
            "services": {
                "avahi": "avahi-daemon",
                "avahi_bin": "/usr/sbin/avahi-daemon",
                "avahi_sleep_time": "2",
                "dhcpcd": "dhcpcd",
                "dhcpcd_bin": "/sbin/dhcpcd",
                "dhcpcd_sleep_time": "2",
                "dnsmasq": "dnsmasq",
                "dnsmasq_bin": "dnsmasq",
                "dnsmasq_sleep": "2",
                "dnsspoof": "None",
                "dnsspoof_bin": "dnsspoof",
                "dnsspoof_sleep": "2",
                "httpd": "apache2",
                "httpd_bin": "None",
                "httpd_sleep": "2",
                "network_manager": "network-manager",
                "network_manager_sleep": "2",
                "sleep_time": "2",
                "stop_avahi": "False",
                "stop_dhcpcd": "False",
                "use_network_manager": "True",
                "use_systemd": "True",
                "wlan_clean_sleep": "2",
                "wpa_supplicant": "wpa_supplicant",
                "wpa_supplicant_bin": "None",
                "wpa_supplicant_sleep": "2"
            }
        },
        "hostapd": {
            "80211n": {
                "ieee80211n": "1",
                "require_ht": "0"
            },
            "args": {
                "debug": "False"
            },
            "eap": {
                "capture_wpa_handshakes": "0",
                "eap_fast_a_id": "101112131415161718191a1b1c1d1e1f",
                "eap_fast_a_id_info": "hostapd-wpe",
                "eap_fast_prov": "3",
                "eap_server": "1",
                "ieee8021x": "1",
                "pac_key_lifetime": "604800",
                "pac_key_refresh_time": "86400",
                "pac_opaque_encr_key": "000102030405060708090a0b0c0d0e0f",
                "wpa_key_mgmt": "WPA-EAP"
            },
            "general": {
                "beacon_int": "100",
                "bssid": "00:11:22:33:44:00",
                "channel": "1",
                "country_code": "US",
                "ctrl_interface": "./run/hostapd-control-interface",
                "ctrl_interface_group": "0",
                "driver": "nl80211",
                "dtim_period": "1",
                "fragm_threshold": "2346",
                "hw_mode": "g",
                "ieee80211w": "0",
                "ignore_broadcast_ssid": "0",
                "interface": "wlan0",
                "known_beacons": "0",
                "logger_stdout": "-1",
                "logger_stdout_level": "2",
                "logger_syslog": "-1",
                "logger_syslog_level": "2",
                "loud_karma": "0",
                "macaddr_acl": "0",
                "max_num_sta": "255",
                "rts_threshold": "2347",
                "ssid": "eaphammer",
                "ssid_acl_mode": "0",
                "use_autocrack": "0",
                "use_karma": "0"
            },
            "owe": {
                "owe_ieee80211w": "2",
                "rsn_pairwise": "CCMP",
                "wpa": "2",
                "wpa_key_mgmt": "OWE"
            },
            "owe_transition": {
                "owe_transition_bssid": "fe:e1:de:ce:a5:ed",
                "owe_transition_ieee80211w": "2",
                "owe_transition_ignore_broadcast_ssid": "1",
                "owe_transition_ssid": "remmahpae",
                "rsn_pairwise": "CCMP",
                "wpa": "2",
                "wpa_key_mgmt": "OWE"
            },
            "psk": {
                "capture_wpa_handshakes": "1",
                "wpa_passphrase": "ermahgerdbestpasswordevar"
            },
            "wmm": {
                "wmm_ac_be_acm": "0",
                "wmm_ac_be_aifs": "3",
                "wmm_ac_be_cwmax": "10",
                "wmm_ac_be_cwmin": "4",
                "wmm_ac_be_txop_limit": "0",
                "wmm_ac_bk_acm": "0",
                "wmm_ac_bk_aifs": "7",
                "wmm_ac_bk_cwmax": "10",
                "wmm_ac_bk_cwmin": "4",
                "wmm_ac_bk_txop_limit": "0",
                "wmm_ac_vi_acm": "0",
                "wmm_ac_vi_aifs": "2",
                "wmm_ac_vi_cwmax": "4",
                "wmm_ac_vi_cwmin": "3",
                "wmm_ac_vi_txop_limit": "94",
                "wmm_ac_vo_acm": "0",
                "wmm_ac_vo_aifs": "2",
                "wmm_ac_vo_cwmax": "3",
                "wmm_ac_vo_cwmin": "2",
                "wmm_ac_vo_txop_limit": "47",
                "wmm_enabled": "1"
            },
            "wpa": {
                "auth_algs": "3",
                "wpa": "2",
                "wpa_pairwise": "TKIP CCMP"
            },
            "wrapper": {
                "sleep_time": "3"
            }
        },
        "responder": {
            "HTTP Server": {
                "exedownloadname": "ProxyClient.exe",
                "exefilename": "files/BindShell.exe",
                "htmlfilename": "files/AccessDenied.html",
                "htmltoinject": "<img src='file://RespProxySrv/pictures/logo.jpg' alt='Loading' height='1' width='1'>",
                "serve-always": "Off",
                "serve-exe": "Off",
                "serve-html": "Off",
                "wpadscript": "function FindProxyForURL(url, host){if ((host == \"localhost\") || shExpMatch(host, \"localhost.*\") ||(host == \"127.0.0.1\") || isPlainHostName(host)) return \"DIRECT\"; if (dnsDomainIs(host, \"ProxySrv\")||shExpMatch(host, \"(*.ProxySrv|ProxySrv)\")) return \"DIRECT\"; return 'PROXY ProxySrv:3128; PROXY ProxySrv:3141; DIRECT';}"
            },
            "HTTPS Server": {
                "sslcert": "certs/responder.crt",
                "sslkey": "certs/responder.key"
            },
            "Responder Core": {
                "analyzelog": "Analyzer-Session.log",
                "autoignoreaftersuccess": "Off",
                "capturemultiplecredentials": "On",
                "capturemultiplehashfromsamehost": "On",
                "challenge": "Random",
                "database": "Responder.db",
                "dns": "Off",
                "dontrespondto": "",
                "dontrespondtoname": "ISATAP",
                "ftp": "On",
                "http": "Off",
                "https": "On",
                "imap": "On",
                "kerberos": "On",
                "ldap": "On",
                "poisonerslog": "Poisoners-Session.log",
                "pop": "On",
                "responderconfigdump": "Config-Responder.log",
                "respondto": "",
                "respondtoname": "",
                "sessionlog": "Responder-Session.log",
                "smb": "On",
                "smtp": "On",
                "sql": "On"
            }
        },
        "wskeyloggerd": {
            "filenames": {
                "keylogger_script": "wsk.min.js",
                "login_template": "login.html",
                "main_log": "wskeylogger.log",
                "socketio_script": "socket.io.min.js"
            },
            "general": {
                "parent_template_dir": "dont_touch",
                "redir_param": "orig_url",
                "secret_key": "secret"
            },
            "keylogger": {
                "connect_event": "connect",
                "connect_event_response_msg": "confirm connection",
                "disconnect_event": "disconnect",
                "keydown_event": "keydown",
                "msg_details_param": "jskdetails",
                "namespace": "/test",
                "send_details_event": "send_details"
            },
            "routes": {
                "keylogger_script_route": "/wks",
                "portal_route": "/login",
                "socketio_script_route": "/sio"
            }
        }
    },
    "paths": {
        "asleap": {
            "bin": "/home/kali/tools/eaphammer/local/asleap/asleap"
        },
        "certs": {
            "active_certs_dir": "/home/kali/tools/eaphammer/certs/active",
            "active_full_chain": "/home/kali/tools/eaphammer/certs/active/fullchain.pem",
            "ca_certs_dir": "/home/kali/tools/eaphammer/certs/ca",
            "dh": "/home/kali/tools/eaphammer/certs/dh",
            "server_certs_dir": "/home/kali/tools/eaphammer/certs/server"
        },
        "dhcp": {
            "script": "/home/kali/tools/eaphammer/scripts/dhcp_script.py"
        },
        "directories": {
            "asleap": "/home/kali/tools/eaphammer/local/asleap",
            "certs": "/home/kali/tools/eaphammer/certs",
            "conf": "/home/kali/tools/eaphammer/settings",
            "db": "/home/kali/tools/eaphammer/db",
            "hcxdumptool": "/home/kali/tools/eaphammer/local/hcxdumptool",
            "hcxtools": "/home/kali/tools/eaphammer/local/hcxtools",
            "hostapd": "/home/kali/tools/eaphammer/local/hostapd-eaphammer/hostapd",
            "local": "/home/kali/tools/eaphammer/local",
            "log": "/home/kali/tools/eaphammer/logs",
            "loot": "/home/kali/tools/eaphammer/loot",
            "responder": "/home/kali/tools/eaphammer/local/Responder",
            "root": "/home/kali/tools/eaphammer",
            "saves": "/home/kali/tools/eaphammer/saved-configs",
            "scripts": "/home/kali/tools/eaphammer/scripts",
            "tmp": "/home/kali/tools/eaphammer/tmp",
            "wordlists": "/home/kali/tools/eaphammer/wordlists"
        },
        "dnsmasq": {
            "conf": "/home/kali/tools/eaphammer/tmp/dnsmasq-2021-03-02-20-38-44-rczuQlyWVih9YNa4OZ2PTfv5yvnInrLE.conf",
            "log": "/home/kali/tools/eaphammer/logs/dnsmasq.log"
        },
        "eap_spray": {
            "log": "/home/kali/tools/eaphammer/logs/eap_spray.log"
        },
        "hcxdumptool": {
            "bin": "/home/kali/tools/eaphammer/local/hcxdumptool/hcxdumptool",
            "filter": "/home/kali/tools/eaphammer/tmp/hcxdumptool-filter-2021-03-02-20-38-44-itN5m0y7JXVmVUYuawpClTPjjUlFVwFl.txt",
            "ofile": "/home/kali/tools/eaphammer/tmp/hcxdumptool-output-2021-03-02-20-38-44-wFrGwEX60he3Nu8rfuapWtwsiAZicQzb.txt"
        },
        "hcxtools": {
            "hcxpcaptool": {
                "bin": "/home/kali/tools/eaphammer/local/hcxtools/hcxpcaptool",
                "ofile": "/home/kali/tools/eaphammer/tmp/hcxpcaptool-output-2021-03-02-20-38-44-PzaLqyvPzd6UGRo1HmCul67u5wXGMCtr.txt"
            }
        },
        "hostapd": {
            "bin": "/home/kali/tools/eaphammer/local/hostapd-eaphammer/hostapd/hostapd-eaphammer",
            "conf": "/home/kali/tools/eaphammer/tmp/hostapd-2021-03-02-20-38-44-3iB3sorG07wllH5tLDimzJQKv1COwsPe.conf",
            "ctrl_interface": "/home/kali/tools/eaphammer/run/ctrl-iface-2021-03-02-20-38-44-NbLg1hgK",
            "eap_user": "/home/kali/tools/eaphammer/tmp/2021-03-02-20-38-44-yqbZ4kDgTpPgVOeZ9FJJvXW2rQCWFa0P.eap_user",
            "eap_user_header": "/home/kali/tools/eaphammer/db/eap_user.header",
            "fifo": "/home/kali/tools/eaphammer/tmp/2021-03-02-20-38-44-fbK4Q5IQyD5OPrMxu5Qb8uwtyQSPuSnS.fifo",
            "known_ssids": "/home/kali/tools/eaphammer/tmp/2021-03-02-20-38-44-IEED93mrec1WvuxIRzGgLsI9VXrLe85D.known_ssids",
            "lib": "/home/kali/tools/eaphammer/local/hostapd-eaphammer/hostapd/libhostapd-eaphammer.so",
            "log": "/home/kali/tools/eaphammer/logs/hostapd-eaphammer.log",
            "mac_blacklist": "/home/kali/tools/eaphammer/tmp/2021-03-02-20-38-44-6tt7aI6Ehbkw9QDDqcBsLtECFRTjMLwT.deny",
            "mac_whitelist": "/home/kali/tools/eaphammer/tmp/2021-03-02-20-38-44-8UDnzaLxcbLJppH7ILfg7qoKEnmalEae.accept",
            "phase1_accounts": "/home/kali/tools/eaphammer/db/phase1.accounts",
            "phase2_accounts": "/home/kali/tools/eaphammer/db/phase2.accounts",
            "save": "/home/kali/tools/eaphammer/saved-configs/hostapd-2021-03-02-20-38-44-3iB3sorG07wllH5tLDimzJQKv1COwsPe.conf",
            "ssid_blacklist": "/home/kali/tools/eaphammer/tmp/2021-03-02-20-38-44-QqZtlIG6mPDZtsENlgKifeWvpl0IllNf.deny",
            "ssid_whitelist": "/home/kali/tools/eaphammer/tmp/2021-03-02-20-38-44-GVaR7oWcFVPOyOkmdt6WA3aAEixS8viE.accept"
        },
        "openssl": {
            "bin": "/home/kali/tools/eaphammer/local/openssl/local/bin/openssl"
        },
        "psk": {
            "psk_capture_file": "/home/kali/tools/eaphammer/loot/wpa_handshake_capture-2021-03-02-20-38-44-0zUGHO5KYPOk5EC3x1szYU7m0Lfr0ENi.hccapx"
        },
        "responder": {
            "analyzer_log": "/home/kali/tools/eaphammer/logs/Analyzer-Session.log",
            "bin": "/home/kali/tools/eaphammer/local/Responder/Responder.py",
            "cert": "/home/kali/tools/eaphammer/local/Responder/certs/responder.crt",
            "conf": "/home/kali/tools/eaphammer/local/Responder/Responder.conf",
            "config_log": "/home/kali/tools/eaphammer/logs/Config-Responder.log",
            "db": "/home/kali/tools/eaphammer/db/Responder.db",
            "exe": "/home/kali/tools/eaphammer/local/Responder/files/BindShell.exe",
            "html": "/home/kali/tools/eaphammer/local/Responder/files/AccessDenied.html",
            "key": "/home/kali/tools/eaphammer/local/Responder/certs/responder.key",
            "poisoners_log": "/home/kali/tools/eaphammer/logs/Poisoners-Session.log",
            "session_log": "/home/kali/tools/eaphammer/logs/Responder-Session.log"
        },
        "wskeyloggerd": {
            "par_templates": "/home/kali/tools/eaphammer/core/wskeyloggerd/templates/dont_touch",
            "payloads": "/home/kali/tools/eaphammer/payloads",
            "static": "/home/kali/tools/eaphammer/core/wskeyloggerd/static",
            "static_sl": "/home/kali/tools/eaphammer/static",
            "templates": "/home/kali/tools/eaphammer/core/wskeyloggerd/templates",
            "usr_templates": "/home/kali/tools/eaphammer/core/wskeyloggerd/templates/user_defined",
            "usr_templates_sl": "/home/kali/tools/eaphammer/templates"
        }
    }
}
[debug] Options:
{
    "add_download_form": false,
    "advanced_help": false,
    "algorithm": "sha256",
    "auth": null,
    "auth_alg": null,
    "author": "",
    "autocrack": false,
    "beacon_interval": null,
    "bootstrap": false,
    "bssid": null,
    "ca_cert": null,
    "ca_key": null,
    "ca_key_passwd": null,
    "captive_portal": false,
    "captive_portal_server_only": false,
    "capture_wpa_handshakes": null,
    "cert_wizard": false,
    "channel": null,
    "channel_width": null,
    "cloaking": null,
    "cn": null,
    "country": null,
    "create_template": true,
    "debug": true,
    "delete_template": false,
    "description": "",
    "dh_file": null,
    "disable_tx_stbc": false,
    "dl_form_message": "Please download our secure profile to continue.",
    "driver": null,
    "dsss_cck_40": false,
    "dtim_period": null,
    "eap_methods_phase_1": "PEAP,TTLS,TLS,FAST",
    "eap_methods_phase_2": "GTC,TTLS-PAP,MD5,TTLS-CHAP,TTLS-MSCHAP,MSCHAPV2,TTLS-MSCHAPV2,TTLS",
    "eap_spray": false,
    "eap_user_file": null,
    "email": null,
    "essid": null,
    "fragm_threshold": null,
    "greenfield": false,
    "hostile_portal": false,
    "ht40": null,
    "ht_delayed_block_ack": false,
    "hw_mode": null,
    "interface": null,
    "interface_pool": null,
    "karma": false,
    "key_length": 2048,
    "known_beacons": false,
    "known_ssids": null,
    "known_ssids_file": null,
    "ldpc": false,
    "lhost": "10.0.0.1",
    "list_templates": false,
    "locale": null,
    "loud": false,
    "lport": 80,
    "lsig_txop_prot": false,
    "mac_blacklist": null,
    "mac_whitelist": null,
    "manual_config": null,
    "max_num_stations": null,
    "max_spatial_streams": null,
    "name": "test3",
    "negotiate": "balanced",
    "not_after": 94608000,
    "not_before": 0,
    "obss_interval": null,
    "org": null,
    "org_unit": null,
    "owe_transition_bssid": null,
    "owe_transition_ssid": null,
    "password": null,
    "payload": "profile.msi",
    "peap_version": null,
    "pivot": false,
    "pmf": null,
    "pmkid": false,
    "portal_cert": null,
    "portal_debug": false,
    "portal_fullchain": null,
    "portal_https": false,
    "portal_private_key": null,
    "portal_user_template": "login",
    "private_key": null,
    "private_key_passwd": null,
    "psk_capture_file": null,
    "reap_creds": false,
    "remote_rig": null,
    "require_ht": false,
    "rts_threshold": null,
    "save_config": null,
    "save_config_only": null,
    "self_signed": false,
    "server_cert": null,
    "short_gi": false,
    "smps": null,
    "ssid_blacklist": null,
    "ssid_whitelist": null,
    "state": null,
    "troll_defender": false,
    "url": "https://www.facebook.com/",
    "use_max_a_msdu_length": false,
    "user_list": null,
    "wmm": false,
    "wordlist": "/home/kali/tools/eaphammer/wordlists/rockyou.txt",
    "wpa_passphrase": null,
    "wpa_version": null
}
download
login
[*] Setting module name to test3
/usr/local/lib/python3.9/dist-packages/pywebcopy/webpage.py:82: UserWarning: Global Configuration is not setup. You can ignore this if you are going manual.This is just one time warning regarding some unexpected behavior.
  warnings.warn(

everything beyond this point is printed after keyboard interrupt

^CTraceback (most recent call last):
  File "/home/kali/tools/eaphammer/./eaphammer", line 1210, in <module>
    create_template()
  File "/home/kali/tools/eaphammer/./eaphammer", line 1138, in create_template
    mm.run()
  File "/home/kali/tools/eaphammer/core/module_maker.py", line 229, in run
    self.clone_website()
  File "/home/kali/tools/eaphammer/core/module_maker.py", line 97, in clone_website
    cloaner.run()
  File "/home/kali/tools/eaphammer/core/module_maker.py", line 38, in run
    save_webpage(
  File "/usr/local/lib/python3.9/dist-packages/pywebcopy/api.py", line 94, in save_webpage
    zip_project(config['join_timeout'])
  File "/usr/local/lib/python3.9/dist-packages/pywebcopy/core.py", line 39, in zip_project
    thread.join(timeout=timeout)
  File "/usr/lib/python3.9/threading.py", line 1033, in join
    self._wait_for_tstate_lock()
  File "/usr/lib/python3.9/threading.py", line 1049, in _wait_for_tstate_lock
    elif lock.acquire(block, timeout):
KeyboardInterrupt
^CException ignored in: <module 'threading' from '/usr/lib/python3.9/threading.py'>
Traceback (most recent call last):
  File "/usr/lib/python3.9/threading.py", line 1428, in _shutdown
    lock.acquire()
KeyboardInterrupt:

EAPHammer Version (./eaphammer --version)

1.13.5

OS (the OS from which you are running EAPHammer) Kali 2021.1

Configuration of Target Access Point (if known / applicable)

N/A

Configuration of Target Client Device (if known / applicable)

N/A

Additional context

Add any other context about the problem here.

Dfte commented 3 years ago

Hey! So it seems like the pywebcopy library is having an issue with semaphore deadlock:

https://github.com/rajatomar788/pywebcopy/issues/46

On the thread davidwgrossman mentionned a fork of the pywebcopy that doesn't use multithreading and i can confirm it does work. So all you need to do is:

pip3 uninstall pywebcopy git clone https://github.com/davidwgrossman/pywebcopy python3 setup.py install

:)

s0lst1c3 commented 11 months ago

Resolved 1.14.0