Tylous/SniffAir

Auto EAP Password not properly escaped

haxorthematrix opened this issue · 6 comments

Testing the Auto EAP module with known good credentials it fails as the password contains a dollar sign ($):

[default][Auto EAP]# set Interface wlan0
[default][Auto EAP]# set SSID WiFi
[default][Auto EAP]# set Encryption WPA2
[default][Auto EAP]# set Key Management CCMP
[default][Auto EAP]# set Password 17GP4ttWYassA$!w
[default][Auto EAP]# exploit
Traceback (most recent call last):
File "./SniffAir.py", line 703, in
main_menu()
File "./SniffAir.py", line 138, in main_menu
choice()
File "./SniffAir.py", line 118, in choice
exec_menu(choice)
File "./SniffAir.py", line 156, in exec_menu
menu_actionscmd
File "./SniffAir.py", line 519, in use
choice()
File "./SniffAir.py", line 128, in choice
exec_menu(choice)
File "./SniffAir.py", line 156, in exec_menu
menu_actionscmd
File "./SniffAir.py", line 474, in info
choice()
File "./SniffAir.py", line 128, in choice
exec_menu(choice)
File "./SniffAir.py", line 156, in exec_menu
menu_actionscmd
File "./SniffAir.py", line 597, in set
choice()
File "./SniffAir.py", line 128, in choice
exec_menu(choice)
File "./SniffAir.py", line 156, in exec_menu
menu_actionscmd
File "./SniffAir.py", line 474, in info
choice()
File "./SniffAir.py", line 128, in choice
exec_menu(choice)
File "./SniffAir.py", line 156, in exec_menu
menu_actionscmd
File "./SniffAir.py", line 597, in set
choice()
File "./SniffAir.py", line 128, in choice
exec_menu(choice)
File "./SniffAir.py", line 156, in exec_menu
menu_actionscmd
File "./SniffAir.py", line 597, in set
choice()
File "./SniffAir.py", line 128, in choice
exec_menu(choice)
File "./SniffAir.py", line 156, in exec_menu
menu_actionscmd
File "./SniffAir.py", line 597, in set
choice()
File "./SniffAir.py", line 128, in choice
exec_menu(choice)
File "./SniffAir.py", line 156, in exec_menu
menu_actionscmd
File "./SniffAir.py", line 597, in set
choice()
File "./SniffAir.py", line 128, in choice
exec_menu(choice)
File "./SniffAir.py", line 156, in exec_menu
menu_actionscmd
File "./SniffAir.py", line 597, in set
choice()
File "./SniffAir.py", line 128, in choice
exec_menu(choice)
File "./SniffAir.py", line 156, in exec_menu
menu_actionscmd
File "./SniffAir.py", line 639, in exploit
args = ' -s "'+ list1['SSID']+'" -K '+ list1['Key_Management'] +' -E '+list1['Encryption'] +' -U '+list1['Username_File']+' -p '+ list1['Password']+' -i '+ list1['Interface']+' -W '+workspace+''
TypeError: cannot concatenate 'str' and 'list' objects

It looks like your trying to authenticate to a PSK network if that is the case try using the auto_psk module. Auto_EAP is used for EAP/PEAP authentication where usernames and passwords are required (usually these are domain credentials). If it is a EAP network your missing some options and Key Management should be set to WPA-EAP and encryption should be set to PEAP.

It is definitely a PEAP network not PSK. Don't you remember who I am? :-)

Are those particular combinations documented anywhere? If so, I must have missed them. I'll give the Key Management and Encryption changes a try.

Update: Password is not properly escaped (note the difference to the variable as set, and the one noted to be sent):

[temp][Auto EAP]# info
Globally Set Varibles
=====================
Module: Auto EAP
Interface: wlan0
SSID: WiFi
Encryption: PEAP
Key Management: WPA-EAP
Password: 17GP4ttWYassA$!w
Username File: /root/SniffAir/userlist.txt
[temp][Auto EAP]# exploit
Initialized...
Trying Username user1 with Password 17GP4ttWYassAw: FAILED
Trying Username user2 with Password 17GP4ttWYassAw: FAILED
Trying Username user3 with Password 17GP4ttWYassAw: FAILED
Completed

You're probably thinking of wytshadow. In any event, yes this is a bug we need to address and will have a fix pushed out shortly. Thank you for bringing it to our attention.

Sorry for the delay but I've pushed a fix. Please feel free to let us know if you encounter any other issues.

Closed