Posts

Showing posts from August, 2013

Cisco Password 7 Decrypter

#!/usr/bin/perl
use File::Copy;

############################################################################
# Vigenere translation table
############################################################################
@V=(0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41, 0x2c, 0x2e,
    0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44,
    0x48, 0x53, 0x55, 0x42, 0x73, 0x67, 0x76, 0x63, 0x61, 0x36, 0x39,
    0x38, 0x33, 0x34, 0x6e, 0x63, 0x78, 0x76, 0x39, 0x38, 0x37, 0x33,
    0x32, 0x35, 0x34, 0x6b, 0x3b, 0x66, 0x67, 0x38, 0x37);
############################################################################

############################################################################
# Usage guidelines
############################################################################
if ($ARGV[0] eq ""){
   print "This script reveals the IOS passwords obfuscated using the Vigenere algorithm.n";
   print "n";
   print "Usage guidelines:n";
   print "…

Using aircrack-ng, airdecap-ng, tshark, and grep regex

Recently in a capture the flag event I had to utilize aircrack-ng to break the WEP key on a packet capture, then airdecap-ng to decrypt the contents of the WEP packets and export them to another packet capture, use tshark to output to text and then use a grep regular expression to extract base64 Authentication Basic username and passwords.

Below are the commands that I ran to accomplish this:

# aircrack-ng WIRELESS-C2.cap 
Opening WIRELESS-C2.cap
Read 73650 packets.

   #  BSSID              ESSID                     Encryption

   1  00:40:10:20:00:03  Wireless Challenge Two    WEP (25704 IVs)

Choosing first network as target.

Opening WIRELESS-C2.cap
Attack will be restarted every 5000 captured ivs.
Starting PTW attack with 25704 ivs.


                                            Aircrack-ng 1.2 beta1


                            [00:00:00] Tested 397 keys (got 25082 IVs)

   KB    depth   byte(vote)
    0    2/  4   DA(31232) C0(30976) 22(30720) E8(30720) 16(30208) 25(30208) D0(30208) 
    1    0/  1  …

Using python inside of gdb

To use python inside of gdb:

(gdb) run < <(python -c 'print "A"*345')