Is it possible to make send the file to an email/ftp ?!
minanagehsalalma opened this issue ยท 45 comments
Hi, sorry for responding that late, but yeah it's possible, maybe i'll put it one day
Thanks for using my script ๐
I committed a new file named ฮต013-ftp.vbs.
Hope that you'll enjoy it ๐
Don't hesitate to give me feedbacks !
@0v3rl0w great mate but how does it work ?
so it needs a firewall allow filter when host isn't ?
HOST = "localhost"
You just have to replace the variables with your FTP server's informations and no need to disable any firewall because I use the FTP client built-in Windows
You just have to replace the variables with your FTP server's informations and no need to disable any firewall because I use the FTP client built-in Windows
@0v3rl0w ... i think it's a little bit not safe to store FTP server's informations on clear text .vbs
I can tell you that it's impossible to properly hide the password. Even in another programming language. If I redo it in C++ for example, you'll be able to see it in plain text in the binary.
If you have an idea how I can hide it don't hesitate to share your idea :)
I can tell you that it's impossible to properly hide the password. Even in another programming language. If I redo it in C++ for example, you'll be able to see it in plain text in the binary.
If you have an idea how I can hide it don't hesitate to share your idea :)
@0v3rl0w
i don't really know .. but i have read about a way that Depends on receiving the password only when the attack tries to run ... receive it from a server maybe .. in more controllable way like you got the request then you allow the server to send the password but on parts ..
and i think there is a better way to send the wifi password maybe using query stings
what do you think ?
So, I've just made a kind of One Time HTTP Server (so when it reads a file it deletes it directly) (see HERE), but because I don't have access to a Window computer at the moment. So I'm not able to make a HTTP Patch for the script at the moment
So, I've just made a kind of One Time HTTP Server (so when it reads a file it deletes it directly) (see HERE), but because I don't have access to a Window computer at the moment. So I'm not able to make a HTTP Patch for the script at the moment
@0v3rl0w
you mean once it read the password it deletes the file that contains the password ?
what about the query string trick to send the password to web server using a url just like this
www.test.com/pass?ssid=dsadsad&pass=46d4sa65d4
and it's written in ruby , right ?
i can't test it !
(see HERE),
Yeah it's written in ruby, because sockets are easier in ruby
@0v3rl0w well i don't know how to run ruby on windows !!
Well, Here's the solution
@0v3rl0w lol that was funny ...
btw you didn't explain what does that script do or even what do i need to change to make it work?
I explained everything about the script earlier, it's an HTTP Server that, when you ask a file (http://localhost/password.txt for example), it destroy it immediately.
But you'll need to modify some stuff in e013-ftp.vbs to make it work proberly. Feel free to fork it and do your own modifications.
I explained everything about the script earlier, it's an HTTP Server that, when you ask a file (http://localhost/password.txt for example), it destroy it immediately.
But you'll need to modify some stuff in e013-ftp.vbs to make it work proberly. Feel free to fork it and do your own modifications.
@0v3rl0w
you mean it destroies it after using it like it's a one time password ?
Yes it is
@0v3rl0w it seems Great but i don't think i have the enough skill to
"But you'll need to modify some stuff in e013-ftp.vbs to make it work proberly. Feel free to fork it and do your own modifications."
and what about the
"the query string trick to send the password to web server using a url just like this
www.test.com/pass?ssid=dsadsad&pass=46d4sa65d4"
Yes, it can be easily archived with a little bit of PHP, I'll add it into the project page of the repo ;)
@0v3rl0w thanks mate i have the PHP part of code if you want it anyway :)
You're welcome, but I prefer to do it by myself, thank you anyway ๐
I pushed the code with all the features you asked, if you have any issue, feel free to open another issue.
@0v3rl0w awesome but how do i run it and what do i need to change else than HOST = "http://localhost:8000/e013-http.php"
And i got this while trying to run it !!
and i need to upload the php file first on my server right ?
and got this when i tried the ftp one
....
and do you think that this will work with it ?
..
and why do you think it failed to connect using cmd ?
thanks :)
i tried the ftp ip instead of the domain name and it connected in the cmd but still the vbs didn't work !!!
For the first error, I have an idea for that (I'll do a fix very very soon), and can you do a screenshot of the code of the ftp version. Because I don't have any errors while running it
So you put in HOST :
http://YOUR_WEBSITE_ADDR_HERE/THE_NAME_OF_THE_PHP_SCRIPT.php
For the first error, I have an idea for that (I'll do a fix very very soon), and can you do a screenshot of the code of the ftp version. Because I don't have any errors while running it
This is the error
and the code
Do you have any line before the HOST line ?
@0v3rl0w i got it working now ... the problem was saving it using notepad it messed up the unicode or some thing
check this for more info https://www.computerperformance.co.uk/error-codes/800a0408/
or
https://stackoverflow.com/questions/2039104/vbscript-invalid-character-800a0408-compilation-error
and you should mention this in README.md
....
but i am unable to connect to my server i don't why !
but when i tired it on a local server i faced another problem that your script doesn't support custom ports !!
you should check this for a fix
https://superuser.com/questions/1248499/cannot-connect-to-non-standard-port-number-with-windows-command-line-ftp-cmd-ft
@0v3rl0w and another bug
in one of the exported password files it picked out the string Present instead of the password that starts with #
Voila, I fixed the problem can you try it please ?
@0v3rl0w whoooa it works like a charm but here one last problem
in this one using the http method the network name wasn't complete and the password is wrong it's not a part of the network name
the network name "test-PC_Network"
the script named the file test- and putted network as it's password !!
and btw why does it use powershell ?!
and can we make it a little bit noise less like open the network tabs in the background ?
and can we base64 encode the password and maybe the wifi ssid maybe ? and opening it in incognito window ?
i have tested the ftp one too and it works just Great :)
Keep it up mate
@0v3rl0w and an Option to cd a Specific folder before uploading the files in FTP would really be useful !
and btw why does it use powershell ?!
as this will make it doesn't work on older windows versions like 7
The http version use powershell to encode the password and the wifi name in URL format, because it was easier. For the HTTP issue and the FTP I'll do an update
And because Windows version greater than 7 represent all most 90% of the all market share Source, I won't remove Powershell, because it's easier for the HTTP Version
And because Windows version greater than 7 represent all most 90% of the all market share Source, I won't remove Powershell, because it's easier for the HTTP Version
maybe curl would be easier and better and would work for win 7 i think ...
"The http version use powershell to encode the password and the wifi name in URL format"
why just not base64 encode it ?
Then the php script decode it and parse it.
@0v3rl0w
The problem is that I want no dependencies on this code, for making as portable as possible. So it wouldn't be possible to implement Curl or Base64.
(Except if I write my own base64 encoder)
For CURL, it wouldn't be possible because i'll need dependencies (the one needed is the one you had issue with here). I can download it with Powershell, but it would be pointless.
@0v3rl0w awesome but how do i run it and what do i need to change else than HOST = "http://localhost:8000/e013-http.php"
And i got this while trying to run it !!
and i need to upload the php file first on my server right ?
and got this when i tried the ftp one
....
and do you think that this will work with it ?
..
and why do you think it failed to connect using cmd ?
thanks :)
For CURL, it wouldn't be possible because i'll need dependencies
why isn't it already implanted in windows ?
"(Except if I write my own base64 encoder)"
i don't think that's there is need for that powershell have this function already
@0v3rl0w
Of course, but I don't see why the script needs base64 encoding
@0v3rl0w
cause sending passwords via http requests isn't safe at all i think .
Base64 isn't safe too, it's very very very easy to decode it.
But if you want it to be safe, just take a hosting with https, it'll be safer
@0v3rl0w "Base64 isn't safe too"
i know but it's better than plain text and will not catch that Attention ...
"just take a hosting with https"
i don't think that it will be safer .. cause even with https you still be able to catch the url which the password is in ... but not be able to decrypt the content of that https traffic.
I won't implement base64, because the script will be slower. Normally it won't catch any attentions because the browser tab close it self automatically;