From 728f71e7fa61b62ef3b251aec83fbb7440851b32 Mon Sep 17 00:00:00 2001 From: Camerin Figueroa Date: Thu, 23 Dec 2021 15:38:53 -0500 Subject: [PATCH 1/6] Finished the POC Article --- public/api/articles.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/api/articles.json b/public/api/articles.json index fe37763..09267d6 100644 --- a/public/api/articles.json +++ b/public/api/articles.json @@ -16,7 +16,7 @@ "id": 2, "title": "(POC) Cracking Wifi using Phone Numbers", "desc": "Showing you how to crack wifi passwords using phone numbers.", - "contents":"*Introduction*This article is a proof of concept and should show you why it's dangerous to use your phone number as your wifi password. Since the introduction of wifi, people have tried breaking into and exploiting it. WEP an old edition of wifi password security was a very weak method and could be easily broken just by sniffing wifi traffic coming to/from the AP. Since the introduction of WPA security, cracking has become more and more difficult. Although, if you can find the right password, one could potentially crack the login for wireless networks. This is done by sniffing for a specific traffic containing an EAPoL or Extensible Authentication Protocol over Lan. This essentially contains an hashed version of the wifi password. Using this we can then bruteforce the password and crack the password. As found in another article (see references) many people use their phone numbers as their wifi passwords. This can make it specifically easy to crack since your phone number is often related to your location through your area code. For example, if I was living in New York City, my area code would be either 212 or 718. If the wifi's password hash was sniffed somewhere in NYC, every phone number could be stored in a file around 200MB in size. With the technology of today, that password would be cracked in a matter of minutes if you used a phone number as your password. *Prerequisits*~Linux~ ~Wifi Card~ ~git~ ~python3~ *Creating a Phone List* In order to create the list of phone numbers you'll need to use a tool that I created. You can grab the files by cloning the repository `git clone https://github.com/RaspberryProgramming/phone-wordlist-generator` Enter the folder by running `cd phone-wordlsit-generator` Using this you can generate every phone number in your area code and put it into a file. Replacing AREA with your area code run `python3 main.py --staticnum AREA` You will then find the phone numbers in a file called phones.list *Capturing Wifi Hashes* You might be wondering, how would I even get these password hashes? Theres a simple tool called aircrack-ng that gives you a suite of tools that you'll need. If you're running Ubuntu Linux you can run `sudo apt install aircrack-ng` To install all of the necessary tools. On Arch/Manjaro run `sudo pacman -Sy aircrack-ng-git` Now that you've got aircrack installed, you can now set your wifi card in monitor mode. Run `ifconfig`. You'll get something similar to the following output `wlan0: flags=4163 mtu 1500\ninet 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255\nether db:3d:4d:b5:ff:12 txqueuelen 1000 (Ethernet)\nRX packets 130672 bytes 152955605 (152.9 MB)\nRX errors 0 dropped 0 overruns 0 frame 0\nTX packets 40063 bytes 8409394 (8.4 MB)\nTX errors 0 dropped 0 overruns 0 carrier 0 collisions 0`" + "contents":"*Introduction*This article is a proof of concept and should show you why it's dangerous to use your phone number as your wifi password. Since the introduction of wifi, people have tried breaking into and exploiting it. WEP an old edition of wifi password security was a very weak method and could be easily broken just by sniffing wifi traffic coming to/from the AP. Since the introduction of WPA security, cracking has become more and more difficult. Although, if you can find the right password, one could potentially crack the login for wireless networks. This is done by sniffing for a specific traffic containing an EAPoL or Extensible Authentication Protocol over Lan. This essentially contains an hashed version of the wifi password. Using this we can then bruteforce the password and crack the password. As found in another article (see references) many people use their phone numbers as their wifi passwords. This can make it specifically easy to crack since your phone number is often related to your location through your area code. For example, if I was living in New York City, my area code would be either 212 or 718. If the wifi's password hash was sniffed somewhere in NYC, every phone number could be stored in a file around 200MB in size. With the technology of today, that password would be cracked in a matter of minutes if you used a phone number as your password. *Prerequisits*~Linux~ ~Wifi Card~ ~git~ ~python3~ *Creating a Phone List* In order to create the list of phone numbers you'll need to use a tool that I created. You can grab the files by cloning the repository `git clone https://github.com/RaspberryProgramming/phone-wordlist-generator` Enter the folder by running `cd phone-wordlist-generator` Using this you can generate every phone number in your area code and put it into a file. Replacing AREA with your area code run `python3 main.py --staticnum AREA` You will then find the phone numbers in a file called phones.list *Capturing Wifi Hashes* You might be wondering, how would I even get these password hashes? Theres a simple tool called aircrack-ng that gives you a suite of tools that you'll need. If you're running Ubuntu Linux you can run `sudo apt install aircrack-ng` To install all of the necessary tools. On Arch/Manjaro run `sudo pacman -Sy aircrack-ng-git` Now that you've got aircrack installed, you can now set your wifi card in monitor mode. Run `ifconfig` You'll get something similar to the following output `wlan0: flags=4163 mtu 1500\ninet 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255\nether db:3d:4d:b5:ff:12 txqueuelen 1000 (Ethernet)\nRX packets 130672 bytes 152955605 (152.9 MB)\nRX errors 0 dropped 0 overruns 0 frame 0\nTX packets 40063 bytes 8409394 (8.4 MB)\nTX errors 0 dropped 0 overruns 0 carrier 0 collisions 0`In my case, I'll be using the wlan0 for any sniffing. This may be unneccesary, but I'll be killing any conflicting processed by running. `sudo airmon-ng check kill` Run the following to put your wifi card in monitor mode `sudo airmon-ng start wlan0` You should now have a wlan0mon which is the monitor interface for the wlan0 card. If you had something longer like wlx... it may be the same as the original name. Now that you created the monitor interface, you can now start the sniff traffic. You can do this by running airodump. Replace INTERFACE with your monitor interface. The -w argument specifies the filename we'll be storing the capture to. The --output-format argument specifies we want a pcap file. `sudo airodump-ng --output-format pcap -w capfile INTERFACE` After a while, you may start to capture handshakes. There are multiple ways to determine this but the way I'll go over is using aircrack-ng. You may have multiple capture files if you ran the command multiple times, so we'll run ls to find the file. `ls` Look for a file with the extension .pcap. Next, run aircrack-ng with FILENAME as the filename of your capture file `sudo aircrack-ng FILENAME` You should see a list of SSIDs similar to the following output `Reading packets, please wait...\nOpening capfile-02.cap\nRead 370 packets.\n\n # BSSID ESSID Encryption\n\n 1 00:5F:67:FB:48:FC Unknown\n 2 64:05:E4:6A:E1:2A CarPlay_e12a WPA (1 handshake)\n 3 B6:BC:1F:14:72:0B AndroidAP_6374 WPA (0 handshake)\n 4 BC:82:5D:57:FC:AC WiFi Hotspot 4877 Unknown\n 5 C6:D4:38:D1:4A:2A Unknown\n 6 F8:55:CD:67:54:E0 HotspotLftY Unknown\n 7 F8:55:CD:68:0A:1F Truck WiFi Unknown\n\nIndex number of target network ? 1` If you see, we have 1 handshake from CarPlay_e12a. We can then use the wordlist we made before to try to crack the password. Run aircrack with the wordlist argument `sudo aircrack-ng -w phones.list` You can then select the ssid or wifi name with the handshake to start cracking. If you have the password you'll see the following message `KEY FOUND: 1839231234`" } ] } \ No newline at end of file From eed5f7c6ea335f07e9866cad469f295c55a3c8d9 Mon Sep 17 00:00:00 2001 From: Camerin Figueroa Date: Thu, 23 Dec 2021 15:42:51 -0500 Subject: [PATCH 2/6] Changed to textarea --- src/components/ArticleEditor.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/components/ArticleEditor.js b/src/components/ArticleEditor.js index e7d975a..1d4c256 100644 --- a/src/components/ArticleEditor.js +++ b/src/components/ArticleEditor.js @@ -15,7 +15,7 @@ const ArticleEditor = (props) => { return (
- {setContent(e.target.value)}}/> +
); }; From bb554342f43ed6327df63464c61980542738666e Mon Sep 17 00:00:00 2001 From: Camerin Figueroa Date: Thu, 23 Dec 2021 15:44:12 -0500 Subject: [PATCH 3/6] Fit textarea to fit with --- src/components/ArticleEditor.js | 2 +- src/components/css/ArticleEditor.css | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/components/ArticleEditor.js b/src/components/ArticleEditor.js index 1d4c256..b855669 100644 --- a/src/components/ArticleEditor.js +++ b/src/components/ArticleEditor.js @@ -15,7 +15,7 @@ const ArticleEditor = (props) => { return (
- +
); }; diff --git a/src/components/css/ArticleEditor.css b/src/components/css/ArticleEditor.css index a356569..29c5e15 100644 --- a/src/components/css/ArticleEditor.css +++ b/src/components/css/ArticleEditor.css @@ -1,4 +1,4 @@ -.ArticleEditor input { +.ArticleEditor textarea { width:100%; height: 35vh; border-style: solid; From e835ac96b5a65aa5eb866b4806ccf222facb0393 Mon Sep 17 00:00:00 2001 From: Camerin Figueroa Date: Thu, 23 Dec 2021 16:24:39 -0500 Subject: [PATCH 4/6] Fixed Link Bug --- src/components/Article.js | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/src/components/Article.js b/src/components/Article.js index 7013c1f..0e81ab6 100644 --- a/src/components/Article.js +++ b/src/components/Article.js @@ -46,26 +46,31 @@ const Article = ({article}) => { */ let output = [""]; // Stores all text in a list let loc = 0; // Stores the current location in output that we're working with - - for (let i = 0; i < text.length; i++) { // Iterate through the entire text string + let tmp; + let i = 0; + console.log(text); + while (i < text.length) { // Iterate through the entire text string if (text.slice(i, i+4) === "http"){ // slice from i to 4 chars plus and check for http let x = i; // store i in x so the location is not modified - for (i; text[i] !== " " && i < text.length; i++){} // iterate until we find the end of the link denoted by a space + for (let y = i; ![" ", "\n"].includes(text[y]) && y < text.length; y++){ + i=y; + } // iterate until we find the end of the link denoted by a space if (output[loc] !== "") { // if the current output location isn't empty, increment loc loc++; } - + tmp = text.slice(x, i+1); // Put anchor for link into output list - output[loc] = {text.slice(x, i)}; + output[loc] = {tmp}; output[++loc] = ""; // Create new location in output with empty string - } else { // Append current char to output output[loc] += text[i]; } + i++; + } // Return the output @@ -99,7 +104,10 @@ const Article = ({article}) => { } } tmp[++loc] = ""; + } else { + tmp = text[i] } + output.push(tmp) } @@ -108,15 +116,14 @@ const Article = ({article}) => { }; let articleFormatter = (text) => { - let output = []; // Used to store separate formatted text + let output = [""]; // Used to store separate formatted text let type = []; // Parallel to output list to signify format type let ind = 0; // Denote index of output let tick=false; // used to check if we're currently in formatted text. let delimiters = ['', '`', '*', '~']; // Denotes characters used to format - for (let i = 0; i < text.length; i++) { // Iterate through input - if (delimiters.indexOf(text[i]) !== -1) { // Detect Code Delimiter + if (delimiters.indexOf(text[i]) >= 0) { // Detect Code Delimiter if (tick) { // Close the code section output[++ind] = "" @@ -125,7 +132,7 @@ const Article = ({article}) => { } else { // Start a new code section type.push(delimiters.indexOf(text[i])); - if (!output[ind]) { + if (output.length < ind) { output[ind] = ""; @@ -142,14 +149,14 @@ const Article = ({article}) => { if (output.length > type.length) { // If this is the beggining of a default text type type.push(0); - output[ind] = "" + //output[ind] = text[i] + } else if (output.length < type.length) { + output[++ind] = "" } - - - - output[ind] += text[i] } + + output[ind] += text[i] } return [...output.keys()].map((i)=>{ // Format text and return as jsx From e87a3b4981293a4488524eaa7d81cbd3bbb68bff Mon Sep 17 00:00:00 2001 From: Camerin Figueroa Date: Thu, 23 Dec 2021 16:35:56 -0500 Subject: [PATCH 5/6] Added copy to clipboard tool --- src/components/ArticleEditor.js | 11 +++++++++++ src/components/css/ArticleEditor.css | 20 ++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/src/components/ArticleEditor.js b/src/components/ArticleEditor.js index b855669..4f9b8d8 100644 --- a/src/components/ArticleEditor.js +++ b/src/components/ArticleEditor.js @@ -12,8 +12,19 @@ const ArticleEditor = (props) => { "contents": content }; + let copyToClipboard = () => { + navigator.clipboard.writeText(content).then(function() { + console.log('Async: Copying to clipboard was successful!'); + }, function(err) { + console.error('Async: Could not copy text: ', err); + }); + }; + return (
+
+
Copy to Clipboard
+
diff --git a/src/components/css/ArticleEditor.css b/src/components/css/ArticleEditor.css index 29c5e15..44c05ec 100644 --- a/src/components/css/ArticleEditor.css +++ b/src/components/css/ArticleEditor.css @@ -9,6 +9,26 @@ text-align: left; } +.ArticleEditor .toolbar { + width: 100%; + height: 56px; + display: flex; +} + +.ArticleEditor .toolbar .btn { + color: white; + background-color: darkgreen; + text-align: center; + align-items:center; + justify-content: center; + display: flex; + padding-left: 3px; + padding-right: 3px; +} +.ArticleEditor .toolbar .btn:hover{ + background-color: #005400 +} + .article .open { max-height:100vh; } From e9ff48ce3097b5a1bca0c99a4e920ab972da00c0 Mon Sep 17 00:00:00 2001 From: Camerin Figueroa Date: Thu, 23 Dec 2021 17:37:19 -0500 Subject: [PATCH 6/6] Implemented newLineProcessor --- src/components/Article.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/components/Article.js b/src/components/Article.js index 80ab284..df8b1ef 100644 --- a/src/components/Article.js +++ b/src/components/Article.js @@ -126,7 +126,7 @@ const Article = ({article}) => { return [...output.keys()].map((i)=>{ // Format text and return as jsx let text = linkProcessor(output[i]); // Process links - + text = newLineProcessor(text); if (type[i] === 0){ // Return default text type return
{text}
;