├── .env ├── .github └── workflows │ ├── docker-image-aps-dev.yml │ ├── docker-image-aps.yml │ ├── docker-image-clients-dev.yml │ ├── docker-image-clients.yml │ ├── docker-image-nzyme-dev.yml │ └── docker-image-nzyme.yml ├── .gitignore ├── APs ├── .env ├── Dockerfile ├── README.md └── config │ ├── connectINET.sh │ ├── cronAPs.sh │ ├── dnsmasq.conf │ ├── html │ ├── index.php │ ├── lab.php │ ├── login.php │ ├── logout.php │ └── style.css │ ├── interfaces │ ├── mgt │ ├── hostapd_wpe.conf.tmp │ ├── hostapd_wpe.eap_user │ ├── hostapd_wpe2.conf.tmp │ ├── hostapd_wpe_relay.conf.tmp │ ├── hostapd_wpe_relay.eap_user │ ├── hostapd_wpe_relay_tablets.conf.tmp │ ├── hostapd_wpe_relay_tablets.eap_user │ ├── hostapd_wpe_tls.conf.tmp │ └── hostapd_wpe_tls.eap_user │ ├── ns-inet.sh │ ├── open │ ├── hostapd_open.conf.tmp │ └── hostapd_open_hidden.conf.tmp │ ├── opennds.conf.tmp │ ├── psk │ ├── hostapd_other0.conf.tmp │ ├── hostapd_other1.conf.tmp │ ├── hostapd_other2.conf.tmp │ ├── hostapd_other3.conf.tmp │ └── hostapd_wpa.conf.tmp │ ├── startAPs.sh │ ├── theme_user-email-login-basic.sh │ ├── wep │ └── hostapd_wep.conf.tmp │ ├── wlan_config_aps │ └── wpa3 │ ├── hostapd_bruteforce.conf.tmp │ └── hostapd_downgrade.conf.tmp ├── Attacker ├── Dockerfile ├── clean-ifaces.sh ├── installRDP.sh └── installTools.sh ├── Changelog.md ├── Clients ├── .env ├── Dockerfile ├── README.md └── config │ ├── connectINET.sh │ ├── cronClients.sh │ ├── html │ └── index.php │ ├── mgtClient │ ├── wpa_TLS.conf │ ├── wpa_TLS_phishing.conf │ ├── wpa_gtc.conf │ ├── wpa_md5.conf │ ├── wpa_mschapv2.conf │ ├── wpa_mschapv2_relay.conf │ ├── wpa_mschapv2_relay_tablets.conf │ └── wpa_mschapv2_relay_tabletsW.conf │ ├── ns-inet.sh │ ├── openClient │ ├── open_supplicant.conf │ ├── open_supplicant1.conf │ ├── open_supplicant2.conf │ └── open_supplicant3.conf │ ├── pskClient │ ├── wpa_psk.conf │ └── wpa_psk_noAP.conf │ ├── startClients.sh │ ├── wepClient │ └── wep.conf │ ├── wlan_config_clients │ └── wpa3Client │ └── downgrade_psk.conf ├── LICENSE ├── README.md ├── WiFiChallengeLab.png ├── certs ├── ca.conf ├── ca.crt ├── ca.csr ├── ca.ext ├── ca.key ├── ca.serial ├── client.conf ├── client.crt ├── client.csr ├── client.ext ├── client.key ├── client.pem.crt ├── createCert.sh ├── server.conf ├── server.crt ├── server.csr ├── server.ext └── server.key ├── docker-compose-local.yml ├── docker-compose-minimal.yml ├── docker-compose.yml ├── generateCerts.sh ├── images ├── B-WifiChallengeLab-LOGO.png └── B-WifiChallengeLab-LOGO.svg ├── nzyme ├── .env ├── Dockerfile ├── README.md ├── docker-entrypoint.sh ├── nzyme-logs.7z ├── nzyme.conf └── setRandomPass.sh └── vagrant ├── README.md ├── create.sh ├── install.sh └── vagrantfile /.env: -------------------------------------------------------------------------------- 1 | ADMIN_PASSWORD_HASH='8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918' 2 | DATABASE_URL='postgresql://localhost:5432/nzyme?user=nzyme&password=6iQ8TeFVPQE12ToyyEjf' 3 | POSTGRES_DB='nzyme' 4 | POSTGRES_USER='nzyme' 5 | POSTGRES_PASS='6iQ8TeFVPQE12ToyyEjf' 6 | EXTERNAL_URL='http://localhost:22900' 7 | WLAN='wlan60' -------------------------------------------------------------------------------- /.github/workflows/docker-image-aps-dev.yml: -------------------------------------------------------------------------------- 1 | name: Docker Image CI APs DEV 2 | 3 | on: 4 | push: 5 | branches: 6 | - 'dev' 7 | 8 | 9 | jobs: 10 | docker: 11 | runs-on: ubuntu-latest 12 | steps: 13 | - name: Set up QEMU 14 | uses: docker/setup-qemu-action@v1 15 | 16 | - name: Set up Docker Buildx 17 | uses: docker/setup-buildx-action@v1 18 | 19 | - name: Checkout 20 | uses: actions/checkout@v3 21 | 22 | - name: Login to DockerHub 23 | uses: docker/login-action@v1 24 | with: 25 | username: ${{ secrets.DOCKERHUB_USERNAME }} 26 | password: ${{ secrets.DOCKERHUB_TOKEN }} 27 | 28 | - name: Build and push 29 | id: docker_build 30 | uses: docker/build-push-action@v2 31 | with: 32 | context: ./APs 33 | platforms: linux/amd64,linux/arm64 34 | push: true 35 | tags: ${{ secrets.DOCKERHUB_USERNAME }}/wifichallengelab-aps:dev 36 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-aps.yml: -------------------------------------------------------------------------------- 1 | name: Docker Image CI APs 2 | 3 | on: 4 | push: 5 | tags: 6 | - 'v*' 7 | 8 | jobs: 9 | docker: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - name: Set up QEMU 13 | uses: docker/setup-qemu-action@v1 14 | 15 | - name: Set up Docker Buildx 16 | uses: docker/setup-buildx-action@v1 17 | 18 | - name: Checkout 19 | uses: actions/checkout@v3 20 | 21 | - name: Login to DockerHub 22 | uses: docker/login-action@v1 23 | with: 24 | username: ${{ secrets.DOCKERHUB_USERNAME }} 25 | password: ${{ secrets.DOCKERHUB_TOKEN }} 26 | 27 | - name: Extract metadata (tags, labels) for Docker 28 | id: meta 29 | uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 30 | with: 31 | images: ${{ secrets.DOCKERHUB_USERNAME }}/wifichallengelab-aps 32 | 33 | - name: Build and push 34 | id: docker_build 35 | uses: docker/build-push-action@v2 36 | with: 37 | context: ./APs 38 | platforms: linux/amd64,linux/arm64 39 | push: true 40 | tags: ${{ steps.meta.outputs.tags }} 41 | labels: ${{ steps.meta.outputs.labels }} -------------------------------------------------------------------------------- /.github/workflows/docker-image-clients-dev.yml: -------------------------------------------------------------------------------- 1 | name: Docker Image CI Clients DEV 2 | 3 | on: 4 | push: 5 | branches: 6 | - 'dev' 7 | 8 | jobs: 9 | docker: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - name: Set up QEMU 13 | uses: docker/setup-qemu-action@v1 14 | 15 | - name: Set up Docker Buildx 16 | uses: docker/setup-buildx-action@v1 17 | 18 | - name: Checkout 19 | uses: actions/checkout@v3 20 | 21 | - name: Login to DockerHub 22 | uses: docker/login-action@v1 23 | with: 24 | username: ${{ secrets.DOCKERHUB_USERNAME }} 25 | password: ${{ secrets.DOCKERHUB_TOKEN }} 26 | 27 | - name: Build and push 28 | id: docker_build 29 | uses: docker/build-push-action@v2 30 | with: 31 | context: ./Clients 32 | platforms: linux/amd64,linux/arm64 33 | push: true 34 | tags: ${{ secrets.DOCKERHUB_USERNAME }}/wifichallengelab-clients:dev 35 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-clients.yml: -------------------------------------------------------------------------------- 1 | name: Docker Image CI Clients 2 | 3 | on: 4 | push: 5 | tags: 6 | - 'v*' 7 | 8 | jobs: 9 | docker: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - name: Set up QEMU 13 | uses: docker/setup-qemu-action@v1 14 | 15 | - name: Set up Docker Buildx 16 | uses: docker/setup-buildx-action@v1 17 | 18 | - name: Checkout 19 | uses: actions/checkout@v3 20 | 21 | - name: Login to DockerHub 22 | uses: docker/login-action@v1 23 | with: 24 | username: ${{ secrets.DOCKERHUB_USERNAME }} 25 | password: ${{ secrets.DOCKERHUB_TOKEN }} 26 | 27 | - name: Extract metadata (tags, labels) for Docker 28 | id: meta 29 | uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 30 | with: 31 | images: ${{ secrets.DOCKERHUB_USERNAME }}/wifichallengelab-clients 32 | 33 | - name: Build and push 34 | id: docker_build 35 | uses: docker/build-push-action@v2 36 | with: 37 | context: ./Clients 38 | platforms: linux/amd64,linux/arm64 39 | push: true 40 | tags: ${{ steps.meta.outputs.tags }} 41 | labels: ${{ steps.meta.outputs.labels }} -------------------------------------------------------------------------------- /.github/workflows/docker-image-nzyme-dev.yml: -------------------------------------------------------------------------------- 1 | name: Docker Image CI nzyme DEV 2 | 3 | on: 4 | push: 5 | branches: 6 | - 'dev' 7 | 8 | jobs: 9 | docker: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - name: Set up QEMU 13 | uses: docker/setup-qemu-action@v1 14 | 15 | - name: Set up Docker Buildx 16 | uses: docker/setup-buildx-action@v1 17 | 18 | - name: Checkout 19 | uses: actions/checkout@v3 20 | 21 | - name: Login to DockerHub 22 | uses: docker/login-action@v1 23 | with: 24 | username: ${{ secrets.DOCKERHUB_USERNAME }} 25 | password: ${{ secrets.DOCKERHUB_TOKEN }} 26 | 27 | - name: Build and push 28 | id: docker_build 29 | uses: docker/build-push-action@v2 30 | with: 31 | context: ./nzyme 32 | platforms: linux/amd64,linux/arm64 33 | push: true 34 | tags: ${{ secrets.DOCKERHUB_USERNAME }}/wifichallengelab-nzyme:dev 35 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-nzyme.yml: -------------------------------------------------------------------------------- 1 | name: Docker Image CI nzyme 2 | 3 | on: 4 | push: 5 | tags: 6 | - 'v*' 7 | 8 | jobs: 9 | docker: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - name: Set up QEMU 13 | uses: docker/setup-qemu-action@v1 14 | 15 | - name: Set up Docker Buildx 16 | uses: docker/setup-buildx-action@v1 17 | 18 | - name: Checkout 19 | uses: actions/checkout@v3 20 | 21 | - name: Login to DockerHub 22 | uses: docker/login-action@v1 23 | with: 24 | username: ${{ secrets.DOCKERHUB_USERNAME }} 25 | password: ${{ secrets.DOCKERHUB_TOKEN }} 26 | 27 | - name: Extract metadata (tags, labels) for Docker 28 | id: meta 29 | uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 30 | with: 31 | images: ${{ secrets.DOCKERHUB_USERNAME }}/wifichallengelab-nzyme 32 | 33 | - name: Build and push 34 | id: docker_build 35 | uses: docker/build-push-action@v2 36 | with: 37 | context: ./nzyme 38 | platforms: linux/amd64,linux/arm64 39 | push: true 40 | tags: ${{ steps.meta.outputs.tags }} 41 | labels: ${{ steps.meta.outputs.labels }} -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | logsAP/* 2 | logsClient/* 3 | vagrant/.vagrant/* 4 | vagrant/date.log 5 | *.log 6 | .DS_Store -------------------------------------------------------------------------------- /APs/.env: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/r4ulcl/WiFiChallengeLab-docker/edab061d4358d88d8911f950c791ec475f2a0e2a/APs/.env -------------------------------------------------------------------------------- /APs/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian 2 | #FROM kalilinux/kali-rolling 3 | 4 | RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y macchanger sudo iw libcurl4-openssl-dev curl libz-dev module-assistant libssl-dev libnl-genl-3-dev libnl-3-dev pkg-config libsqlite3-dev git hostapd dnsmasq make g++ libnl-3-dev libnl-genl-3-dev apache2 openssl php libapache2-mod-php wpasupplicant iproute2 net-tools iptables kmod iputils-ping gettext-base wget 5 | 6 | #RUN date 7 | 8 | #Copy config files 9 | COPY config/open/ /root/open/ 10 | COPY config/psk/ /root/psk/ 11 | COPY config/mgt/ /root/mgt/ 12 | COPY config/wpa3/ /root/wpa3/ 13 | COPY config/wep/ /root/wep/ 14 | 15 | #COPY var file 16 | COPY config/wlan_config_aps /root/ 17 | 18 | #Copy connectINET.sh 19 | COPY config/connectINET.sh /root/ 20 | 21 | #Copy cron 22 | COPY config/cronAPs.sh /root/ 23 | 24 | #Update certs 25 | #RUN cd /root/certs/ ; make install 26 | 27 | COPY config/dnsmasq.conf /etc/dnsmasq.conf.tmp 28 | COPY config/interfaces /etc/network/interfaces.tmp 29 | 30 | #Copy HTML files 31 | COPY config/html /var/www/html/ 32 | RUN mkdir /var/www/html/.internalCA/ 33 | 34 | RUN chown -R www-data:www-data /var/www/html/ 35 | RUN rm /var/www/html/index.html 36 | 37 | # Make sure Apache uses index.php as the default file 38 | RUN echo "\n DirectoryIndex index.php index.html\n" > /etc/apache2/mods-enabled/dir.conf 39 | 40 | # Enable the SSL and rewrite modules 41 | RUN a2enmod ssl && a2enmod rewrite 42 | 43 | # Create a custom SSL VirtualHost configuration for Apache 44 | RUN echo "\n\ 45 | \n\ 46 | ServerAdmin webmaster@wifichallenge.com\n\ 47 | DocumentRoot /var/www/html\n\ 48 | SSLEngine on\n\ 49 | SSLCertificateFile /root/certs/server.crt\n\ 50 | SSLCertificateKeyFile /root/certs/server.key\n\ 51 | \n\ 52 | Options Indexes FollowSymLinks\n\ 53 | AllowOverride All\n\ 54 | Require all granted\n\ 55 | \n\ 56 | ErrorLog \${APACHE_LOG_DIR}/error.log\n\ 57 | CustomLog \${APACHE_LOG_DIR}/access.log combined\n\ 58 | \n\ 59 | " > /etc/apache2/sites-available/default-ssl.conf 60 | 61 | # Enable the SSL site 62 | RUN a2ensite default-ssl.conf 63 | RUN a2enmod ssl 64 | 65 | #WPS 66 | RUN touch /var/run/hostapd_wps_pin_requests 67 | 68 | 69 | #Change name of hostapd to avoid airmon-ng check kill, etc 70 | RUN mv /usr/sbin/hostapd /usr/sbin/host_aps_apd 71 | 72 | 73 | COPY config/ns-inet.sh /root/ 74 | COPY config/startAPs.sh /root/ 75 | 76 | #opennds 77 | RUN DEBIAN_FRONTEND=noninteractive apt-get install -y php-cli systemd 78 | 79 | RUN cd ; wget https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.71.tar.gz \ 80 | ; tar -xf libmicrohttpd-0.9.71.tar.gz ; cd libmicrohttpd-0.9.71 \ 81 | ; ./configure --disable-https ; make ; sudo rm /usr/local/lib/libmicrohttpd* \ 82 | ; sudo make install ; sudo rm /etc/ld.so.cache ; sudo ldconfig -v ; cd .. 83 | 84 | RUN cd ; wget wget https://codeload.github.com/opennds/opennds/tar.gz/v9.8.0 \ 85 | ; tar -xf v9.8.0 && cd openNDS-9.8.0 ; sudo touch /dev/log \ 86 | ; make && make install && rm -rf ~/v9.8.0 ~/openNDS-9.8.0 ~/libmicrohttpd-0.9.71 ~/libmicrohttpd-0.9.71.tar.gz 87 | 88 | # autoremove any dependencies that are no longer needed 89 | RUN sudo apt-get --yes autoremove ; sudo apt-get autoclean ; sudo apt-get clean 90 | 91 | COPY config/opennds.conf.tmp /etc/opennds/opennds.conf.tmp 92 | COPY config/theme_user-email-login-basic.sh /usr/lib/opennds/ 93 | RUN chmod +x /usr/lib/opennds/theme_user-email-login-basic.sh 94 | 95 | # Expose both HTTP and HTTPS ports 96 | EXPOSE 80 443 97 | 98 | # exec ns-inet.sh and waits aits 99 | CMD ["/bin/bash", "/root/ns-inet.sh"] 100 | -------------------------------------------------------------------------------- /APs/README.md: -------------------------------------------------------------------------------- 1 | #-v /lib/modules:/lib/modules --cap-add CAP_SYS_MODULE 2 | #docker run --rm -it --privileged -v /lib/modules:/lib/modules --cap-add CAP_SYS_MODULE --net host aps /bin/bash 3 | 4 | docker build -t wifichallengelab-docker-aps . 5 | docker run --name aps --rm -it --privileged -v /lib/modules:/lib/modules --net host wifichallengelab-docker-aps 6 | -------------------------------------------------------------------------------- /APs/config/connectINET.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | NS="ns-ap" 3 | ip netns exec ${NS} /bin/bash -------------------------------------------------------------------------------- /APs/config/cronAPs.sh: -------------------------------------------------------------------------------- 1 | while : 2 | do 3 | dnsmasq 4 | sleep 10 5 | done & 6 | 7 | LAST=$! 8 | wait $LAST -------------------------------------------------------------------------------- /APs/config/dnsmasq.conf: -------------------------------------------------------------------------------- 1 | server=8.8.8.8 2 | server=8.8.4.4 3 | 4 | dhcp-option=3 #Disable default router gateway 5 | dhcp-option=6 # Disables DNS 6 | 7 | # OPN 8 | dhcp-host=$WLAN_OPN,$MAC_OPN,$IP_OPN.1 9 | dhcp-range=$IP_OPN.2,$IP_OPN.100,24h 10 | 11 | # OPN FREE 12 | dhcp-host=$WLAN_OPN_HIDDEN,$MAC_OPN_HIDDEN,$IP_OPN_HIDDEN.1 13 | dhcp-range=$IP_OPN_HIDDEN.2,$IP_OPN_HIDDEN.100,24h 14 | 15 | # PSK 16 | dhcp-host=$WLAN_PSK,$MAC_PSK,$IP_PSK.1 17 | dhcp-range=$IP_PSK.2,$IP_PSK.100,24h 18 | 19 | # MGT 20 | dhcp-host=$WLAN_MGT,$MAC_MGT,$IP_MGT.1 21 | dhcp-range=$IP_MGT.2,$IP_MGT.100,24h 22 | 23 | # MGT 2 24 | dhcp-host=$WLAN_MGT2,$MAC_MGT2,$IP_MGT2.1 25 | dhcp-range=$IP_MGT2.2,$IP_MGT2.100,24h 26 | 27 | # MGT RELAY 28 | dhcp-host=$WLAN_MGTRELAY,$MAC_MGTRELAY,$IP_MGTRELAY.1 29 | dhcp-range=$IP_MGTRELAY.2,$IP_MGTRELAY.100,24h 30 | 31 | # MGT RELAY_TABLETS 32 | dhcp-host=$WLAN_MGTRELAY_TABLETS,$MAC_MGTRELAY_TABLETS,$IP_MGTRELAY_TABLETS.1 33 | dhcp-range=$IP_MGTRELAY_TABLETS.2,$IP_MGTRELAY_TABLETS.100,24h 34 | 35 | # MGT TLS 36 | dhcp-host=$WLAN_MGTTLS,$MAC_MGTTLS,$IP_MGTTLS.1 37 | dhcp-range=$IP_MGTTLS.2,$IP_MGTTLS.100,24h 38 | 39 | # Other 40 | #dhcp-host=wlan19,F0:9F:C2:71:22:88,192.168.9.1 41 | #dhcp-range=192.168.9.2,192.168.9.100,24h 42 | 43 | dhcp-host=$WLAN_OTHER0,$MAC_OTHER0,$IP_OTHER0.1 44 | dhcp-range=$IP_OTHER0.2,$IP_OTHER0.100,24h 45 | 46 | dhcp-host=$WLAN_OTHER1,$MAC_OTHER1,$IP_OTHER1.1 47 | dhcp-range=$IP_OTHER1.2,$IP_OTHER1.100,24h 48 | 49 | dhcp-host=$WLAN_OTHER2,$MAC_OTHER2,$IP_OTHER2.1 50 | dhcp-range=$IP_OTHER2.2,$IP_OTHER2.100,24h 51 | 52 | dhcp-host=$WLAN_OTHER3,$MAC_OTHER3,$IP_OTHER3.1 53 | dhcp-range=$IP_OTHER3.2,$IP_OTHER3.100,24h 54 | 55 | # WPA3 56 | 57 | dhcp-host=$WLAN_BRUTEFORCE,$MAC_BRUTEFORCE,$IP_BRUTEFORCE.1 58 | dhcp-range=$IP_BRUTEFORCE.2,$IP_BRUTEFORCE.100,24h 59 | 60 | dhcp-host=$WLAN_DOWNGRADE,$MAC_DOWNGRADE,$IP_DOWNGRADE.1 61 | dhcp-range=$IP_DOWNGRADE.2,$IP_DOWNGRADE.100,24h 62 | 63 | dhcp-host=$WLAN_WEP,$MAC_WEP,$IP_WEP.1 64 | dhcp-range=$IP_WEP.2,$IP_WEP.100,24h 65 | -------------------------------------------------------------------------------- /APs/config/html/index.php: -------------------------------------------------------------------------------- 1 | 7 | 8 | 9 | 10 | 11 | 12 | WiFi Router Configuration 13 | 14 | 15 | 16 | 17 | 18 | 31 | 32 |
33 | 34 |
"; 37 | echo "

"; 38 | 39 | if ($_SESSION["Username"] == "GLOBAL\GlobalAdmin") { 40 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.8.') !== false) { //only TLS 41 | echo "Flag: "; 42 | } else { 43 | echo "Your Princess Is in Another Castle!"; 44 | } 45 | } 46 | 47 | if ($_SESSION["Username"] == "CONTOSO\Administrator") { 48 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.5.') !== false) { //only MGT 1 49 | echo "Flag: "; 50 | } elseif (strpos($_SERVER['REMOTE_ADDR'], '192.168.6.') !== false) { //only MGT 2 51 | echo "Flag: "; 52 | } else { 53 | echo "Your Princess Is in Another Castle!"; 54 | } 55 | } 56 | 57 | if ($_SESSION["Username"] == "admin") { 58 | 59 | 60 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.6.') !== false) { //only MGT Relay 61 | echo "Hello"; 62 | } elseif (strpos($_SERVER['REMOTE_ADDR'], '192.168.1.') !== false) { //only wep 63 | echo "Flag: "; 64 | } elseif (strpos($_SERVER['REMOTE_ADDR'], '192.168.3.') !== false) { //only WPS 65 | echo "Flag: "; 66 | } elseif (strpos($_SERVER['REMOTE_ADDR'], '192.168.16.') !== false) { //only WPS 67 | echo "Flag: "; 68 | } else { 69 | echo "No FLAG, try logging in with another user ;)"; 70 | } 71 | } 72 | 73 | #ALL: and strpos($_SERVER['REMOTE_ADDR'], '192.168.X.') !== false to only use users in each network 74 | 75 | if ($_SESSION["Username"] == "CONTOSO\juan.tr") { 76 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.5.') !== false) { //only MGT 77 | echo "Flag: "; 78 | echo "

"; 79 | } elseif (strpos($_SERVER['REMOTE_ADDR'], '192.168.6.') !== false) { //only MGT 2 80 | echo "Flag: "; 81 | echo "

"; 82 | } else { 83 | echo "Your Princess Is in Another Castle!"; 84 | } 85 | } 86 | 87 | if ($_SESSION["Username"] == 'CONTOSO\test') { 88 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.5.') !== false) { //only MGT 1 89 | echo "Flag: "; 90 | echo "

"; 91 | } elseif (strpos($_SERVER['REMOTE_ADDR'], '192.168.6.') !== false) { //only MGT 2 92 | echo "Flag: "; 93 | echo "

"; 94 | } else { 95 | echo "Your Princess Is in Another Castle!"; 96 | } 97 | } 98 | 99 | if ($_SESSION["Username"] == 'CONTOSO\ftp') { 100 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.5.') !== false) { //only MGT 101 | echo "Flag: "; 102 | echo "

"; 103 | } elseif (strpos($_SERVER['REMOTE_ADDR'], '192.168.6.') !== false) { //only MGT 2 104 | echo "Flag: "; 105 | echo "

"; 106 | } else { 107 | echo "Your Princess Is in Another Castle!"; 108 | } 109 | } 110 | 111 | if ($_SESSION["Username"] == "test1") { 112 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.2.') !== false) { //only PSK 113 | echo "Flag: "; 114 | } else { 115 | echo "Your Princess Is in Another Castle!"; 116 | } 117 | } 118 | 119 | if ($_SESSION["Username"] == "test2") { 120 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.2.') !== false) { //only PSK 121 | echo "Flag: "; 122 | } else { 123 | echo "Your Princess Is in Another Castle!"; 124 | } 125 | } 126 | 127 | if ($_SESSION["Username"] == "free1") { 128 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.10.') !== false) { //only OPN 129 | echo "Flag: "; 130 | } else { 131 | echo "Your Princess Is in Another Castle!"; 132 | } 133 | } 134 | 135 | if ($_SESSION["Username"] == "free2") { 136 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.10.') !== false) { //only OPN 137 | echo "Flag: "; 138 | } else { 139 | echo "Your Princess Is in Another Castle!"; 140 | } 141 | } 142 | 143 | if ($_SESSION["Username"] == "anon1") { 144 | # NO AP LOGIN 145 | echo "Flag: "; 146 | } 147 | 148 | if ($_SESSION["Username"] == "administrator") { 149 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.1.') !== false) { //only WEP 150 | echo "Flag: "; 151 | } else { 152 | echo "Your Princess Is in Another Castle!"; 153 | } 154 | } 155 | 156 | #relay user 157 | if ($_SESSION["Username"] == "CONTOSOREG\luis.da") { # RELAY 158 | echo "Flag: "; 159 | echo "

"; 160 | echo "

"; 161 | } 162 | 163 | if ($_SESSION["Username"] == "CORPO\god") { # RELAY creds stolen in responder in regional network 164 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.7.') !== false) { //only WEP 165 | echo "Flag: "; 166 | echo "

"; 167 | echo "

"; 168 | echo "

"; 169 | echo "AP CONFIG:"; 170 | echo "

"; 171 | echo " 172 | eap_user_file=/root/mgt/hostapd_wpe.eap_user
173 | ca_cert=/root/certs/ca.crt
174 | server_cert=/root/certs/server.crt
175 | private_key=/root/certs/server.key
176 | private_key_passwd=whatever
177 | dh_file=/etc/hostapd-wpe/dh
178 |
179 | # 802.11 Options
180 | ssid=wifi-corp
181 | channel=44
"; 182 | echo "Certificate Authority: http://", $_SERVER['SERVER_ADDR'], "/.internalCA/ "; 183 | } else { 184 | echo "Your Princess Is in Another Castle!"; 185 | } 186 | } 187 | 188 | 189 | 190 | echo "

"; 191 | ?> 192 | 193 | Congratulation! You have logged into password protected page. Click here to Logout. 194 | 195 |
196 | 197 | 198 | -------------------------------------------------------------------------------- /APs/config/html/lab.php: -------------------------------------------------------------------------------- 1 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | WiFi Router Configuration 17 | 18 | 19 | 20 | 21 | 22 |
"; 25 | echo "

"; 26 | 27 | ?> 28 | 29 | Congratulation! You have logged into password protected page. Click here to go to index.php to get the flag. 30 | 31 | 32 | 33 | -------------------------------------------------------------------------------- /APs/config/html/login.php: -------------------------------------------------------------------------------- 1 | 'SuperSuperSecure@!@', 16 | 'CONTOSO\Administrator' => 'SuperSecure@!@', 17 | 'CONTOSO\juan.tr' => 'bulldogs1234', 18 | 'CONTOSO\test' => 'monkey', 19 | 'CONTOSO\ftp' => '12345678', 20 | 'CONTOSOREG\luis.da' => 'u89gh68!6fcv56ed', 21 | 'CORPO\god' => 'tommy1', 22 | 'admin' => 'admin', 23 | 'test1' => 'OYfDcUNQu9PCojb', 24 | 'test2' => '2q60joygCBJQuFo', 25 | 'free1' => 'Jyl1iq8UajZ1fEK', 26 | 'free2' => '5LqwwccmTg6C39y', 27 | 'administrator' => '123456789a', 28 | 'anon1' => 'CRgwj5fZTo1cO6Y' 29 | ); 30 | 31 | 32 | /* Check and assign submitted Username and Password to new variable */ 33 | $Username = isset($_POST['Username']) ? $_POST['Username'] : ''; 34 | $Password = isset($_POST['Password']) ? $_POST['Password'] : ''; 35 | 36 | /* Check Username and Password existence in defined array */ 37 | if (isset($logins[$Username]) && $logins[$Username] == $Password) { 38 | /* Success: Set session variables and redirect to Protected page */ 39 | $_SESSION['UserData']['Username'] = $logins[$Username]; 40 | /* Success: Set session variables USERNAME */ 41 | $_SESSION['Username'] = $Username; 42 | 43 | header("location:index.php"); 44 | exit; 45 | } else { 46 | /*Unsuccessful attempt: Set error message */ 47 | $msg = "Invalid Login Details"; 48 | } 49 | } 50 | 51 | 52 | ?> 53 | 54 | 55 | 56 | 57 | 58 | 59 | WiFi Router Configuration 60 | 61 | 62 | 63 | 64 | 77 | 78 |
79 | flag{3ddc7691df2591decd6ae75b30c4b917cedf6bd2}"; 96 | } 97 | 98 | # Check IP from CONTOSOREG Tablets Relay 99 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.18.') !== false) { 100 | echo "Flag: "; 101 | } 102 | 103 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.1.') !== false) { #only WEP 104 | echo "Flag: "; 105 | } 106 | 107 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.14.') !== false) { #only SAE management 108 | echo "Flag: "; 109 | } 110 | 111 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.15.') !== false) { #only SAE IT 112 | echo "Flag: "; 113 | } 114 | 115 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.8.') !== false) { //only MGT TLS 116 | echo "Hello Global Admin:"; 117 | echo "

"; 118 | echo "Your pass is: SuperSuperSecure@!@"; 119 | } 120 | 121 | ?> 122 | 123 | Open Router Login"; 126 | } 127 | 128 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.1.') !== false) { //only WEP 129 | echo "

WEP Router Login

"; 130 | } 131 | 132 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.2.') !== false) { //only PSK moviles 133 | echo "

PSK Router Login

"; 134 | } 135 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.3.') !== false) { //only WPS 136 | echo "

WPS Router Login"; 137 | } 138 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.4.') !== false) { //only krack 139 | echo "

krack Router Login

"; 140 | } 141 | 142 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.5.') !== false) { //only MGT 143 | echo "

Corp Router Login

"; 144 | } 145 | 146 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.7.') !== false) { //only MGT Relay 147 | echo "

Regional Router Login

"; 148 | } 149 | 150 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.18.') !== false) { //only MGT Relay 151 | echo "

Regional Tablets Router Login

"; 152 | } 153 | 154 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.8.') !== false) { //only ENTERPRISE 155 | echo "

Global Router Login

"; 156 | } 157 | 158 | if (strpos($_SERVER['REMOTE_ADDR'], '192.168.16.') !== false) { //only ENTERPRISE 159 | echo "

Wifi free Login

"; 160 | } 161 | 162 | ?> 163 |
164 | 165 | 166 | 167 | 170 | 171 | 172 | 173 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 |
168 | 169 |
174 |

Login

175 |
Username
Password
190 |
191 |
192 | 193 | 194 | -------------------------------------------------------------------------------- /APs/config/html/logout.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /APs/config/html/style.css: -------------------------------------------------------------------------------- 1 | body { 2 | font-family: "Helvetica Neue", sans-serif; 3 | background-color: #282a36; 4 | color: #f8f8f2; 5 | line-height: 1.6; 6 | } 7 | 8 | .menu { 9 | width: 50%; 10 | margin: 2rem auto; 11 | padding: 2rem; 12 | background: #44475a; 13 | box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.2); 14 | border-radius: 15px; 15 | } 16 | 17 | .menu ul { 18 | list-style: none; 19 | padding: 0; 20 | margin: 0; 21 | } 22 | 23 | .menu li { 24 | padding: 10px 0; 25 | border-bottom: 1px solid #6272a4; 26 | } 27 | 28 | .menu li:last-child { 29 | border-bottom: none; 30 | } 31 | 32 | .menu a { 33 | color: #f8f8f2; 34 | text-decoration: none; 35 | font-weight: 500; 36 | } 37 | 38 | .content { 39 | margin: 2rem auto; 40 | width: 50%; 41 | padding: 2rem; 42 | background: #44475a; 43 | box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.2); 44 | border-radius: 15px; 45 | } 46 | 47 | label { 48 | display: block; 49 | font-weight: 600; 50 | margin-bottom: 0.5rem; 51 | } 52 | 53 | input[type="file"], 54 | button, 55 | input[type="text"], 56 | input[type="password"] { 57 | box-sizing: border-box; 58 | width: 100%; 59 | padding: 15px; 60 | border: none; 61 | background: #6272a4; 62 | color: #f8f8f2; 63 | border-radius: 5px; 64 | font-size: 1.1em; 65 | } 66 | 67 | button { 68 | box-sizing: border-box; 69 | background-color: #ff79c6; 70 | color: #282a36; 71 | border: none; 72 | margin-top: 1rem; 73 | transition: all 0.3s ease; 74 | font-size: 1.2em; 75 | } 76 | 77 | button:disabled { 78 | background-color: #6272a4; 79 | cursor: not-allowed; 80 | opacity: 0.6; 81 | } 82 | 83 | .info { 84 | font-size: 0.8rem; 85 | color: #8be9fd; 86 | margin-top: 0.5rem; 87 | } 88 | 89 | .message { 90 | text-align: center; 91 | color: #ff5555; 92 | margin-bottom: 1rem; 93 | } 94 | 95 | .table { 96 | width: 100%; 97 | } 98 | 99 | .table td { 100 | padding: 10px; 101 | vertical-align: middle; 102 | } 103 | 104 | .Input { 105 | width: 100%; 106 | box-sizing: border-box; 107 | padding: 10px; 108 | border: 1px solid #6272a4; 109 | border-radius: 5px; 110 | background: #6272a4; 111 | color: #f8f8f2; 112 | font-size: 1.1em; 113 | } 114 | 115 | .Button3 { 116 | width: 100%; 117 | padding: 10px; 118 | border: none; 119 | background-color: #ff79c6; 120 | color: #282a36; 121 | border-radius: 5px; 122 | font-size: 1.2em; 123 | cursor: pointer; 124 | } 125 | 126 | .Button3:hover { 127 | background-color: #ff92d0; 128 | } 129 | -------------------------------------------------------------------------------- /APs/config/interfaces: -------------------------------------------------------------------------------- 1 | server=8.8.8.8 2 | server=8.8.4.4 3 | 4 | dhcp-option=3 #Disable default router gateway 5 | dhcp-option=6 # Disables DNS 6 | 7 | # OPN 8 | dhcp-host=$WLAN_OPN,$MAC_OPN,$IP_OPN.1 9 | dhcp-range=$IP_OPN.2,$IP_OPN.100,24h 10 | 11 | # OPN FREE 12 | dhcp-host=$WLAN_OPN_HIDDEN,$MAC_OPN_HIDDEN,$IP_OPN_HIDDEN.1 13 | dhcp-range=$IP_OPN_HIDDEN.2,$IP_OPN_HIDDEN.100,24h 14 | 15 | # PSK 16 | dhcp-host=$WLAN_PSK,$MAC_PSK,$IP_PSK.1 17 | dhcp-range=$IP_PSK.2,$IP_PSK.100,24h 18 | 19 | # MGT 20 | dhcp-host=$WLAN_MGT,$MAC_MGT,$IP_MGT.1 21 | dhcp-range=$IP_MGT.2,$IP_MGT.100,24h 22 | 23 | # MGT 2 24 | dhcp-host=$WLAN_MGT2,$MAC_MGT2,$IP_MGT2.1 25 | dhcp-range=$IP_MGT2.2,$IP_MGT2.100,24h 26 | 27 | # MGT RELAY 28 | dhcp-host=$WLAN_MGTRELAY,$MAC_MGTRELAY,$IP_MGTRELAY.1 29 | dhcp-range=$IP_MGTRELAY.2,$IP_MGTRELAY.100,24h 30 | 31 | # MGT RELAY_TABLETS 32 | dhcp-host=$WLAN_MGTRELAY_TABLETS,$MAC_MGTRELAY_TABLETS,$IP_MGTRELAY_TABLETS.1 33 | dhcp-range=$IP_MGTRELAY_TABLETS.2,$IP_MGTRELAY_TABLETS.100,24h 34 | 35 | # MGT TLS 36 | dhcp-host=$WLAN_MGTTLS,$MAC_MGTTLS,$IP_MGTTLS.1 37 | dhcp-range=$IP_MGTTLS.2,$IP_MGTTLS.100,24h 38 | 39 | # Other 40 | #dhcp-host=wlan19,F0:9F:C2:71:22:88,192.168.9.1 41 | #dhcp-range=192.168.9.2,192.168.9.100,24h 42 | 43 | dhcp-host=$WLAN_OTHER0,$MAC_OTHER0,$IP_OTHER0.1 44 | dhcp-range=$IP_OTHER0.2,$IP_OTHER0.100,24h 45 | 46 | dhcp-host=$WLAN_OTHER1,$MAC_OTHER1,$IP_OTHER1.1 47 | dhcp-range=$IP_OTHER1.2,$IP_OTHER1.100,24h 48 | 49 | dhcp-host=$WLAN_OTHER2,$MAC_OTHER2,$IP_OTHER2.1 50 | dhcp-range=$IP_OTHER2.2,$IP_OTHER2.100,24h 51 | 52 | dhcp-host=$WLAN_OTHER3,$MAC_OTHER3,$IP_OTHER3.1 53 | dhcp-range=$IP_OTHER3.2,$IP_OTHER3.100,24h 54 | 55 | # WPA3 56 | 57 | dhcp-host=$WLAN_BRUTEFORCE,$MAC_BRUTEFORCE,$IP_BRUTEFORCE.1 58 | dhcp-range=$IP_BRUTEFORCE.2,$IP_BRUTEFORCE.100,24h 59 | 60 | dhcp-host=$WLAN_DOWNGRADE,$MAC_DOWNGRADE,$IP_DOWNGRADE.1 61 | dhcp-range=$IP_DOWNGRADE.2,$IP_DOWNGRADE.100,24h 62 | 63 | dhcp-host=$WLAN_WEP,$MAC_WEP,$IP_WEP.1 64 | dhcp-range=$IP_WEP.2,$IP_WEP.100,24h 65 | -------------------------------------------------------------------------------- /APs/config/mgt/hostapd_wpe.eap_user: -------------------------------------------------------------------------------- 1 | # hostapd user database for integrated EAP server 2 | 3 | # Each line must contain an identity, EAP method(s), and an optional password 4 | # separated with whitespace (space or tab). The identity and password must be 5 | # double quoted ("user"). Password can alternatively be stored as 6 | # NtPasswordHash (16-byte MD4 hash of the unicode presentation of the password 7 | # in unicode) if it is used for MSCHAP or MSCHAPv2 authentication. This means 8 | # that the plaintext password does not need to be included in the user file. 9 | # Password hash is stored as hash:<16-octets of hex data> without quotation 10 | # marks. 11 | 12 | # [2] flag in the end of the line can be used to mark users for tunneled phase 13 | # 2 authentication (e.g., within EAP-PEAP). In these cases, an anonymous 14 | # identity can be used in the unencrypted phase 1 and the real user identity 15 | # is transmitted only within the encrypted tunnel in phase 2. If non-anonymous 16 | # access is needed, two user entries is needed, one for phase 1 and another 17 | # with the same username for phase 2. 18 | # 19 | # EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-FAST, EAP-SIM, and EAP-AKA do not use 20 | # password option. 21 | # EAP-MD5, EAP-MSCHAPV2, EAP-GTC, EAP-PAX, EAP-PSK, and EAP-SAKE require a 22 | # password. 23 | # EAP-PEAP, EAP-TTLS, and EAP-FAST require Phase 2 configuration. 24 | # 25 | # * can be used as a wildcard to match any user identity. The main purposes for 26 | # this are to set anonymous phase 1 identity for EAP-PEAP and EAP-TTLS and to 27 | # avoid having to configure every certificate for EAP-TLS authentication. The 28 | # first matching entry is selected, so * should be used as the last phase 1 29 | # user entry. 30 | # 31 | # "prefix"* can be used to match the given prefix and anything after this. The 32 | # main purpose for this is to be able to avoid EAP method negotiation when the 33 | # method is using known prefix in identities (e.g., EAP-SIM and EAP-AKA). This 34 | # is only allowed for phase 1 identities. 35 | # 36 | # Multiple methods can be configured to make the authenticator try them one by 37 | # one until the peer accepts one. The method names are separated with a 38 | # comma (,). 39 | # 40 | # [ver=0] and [ver=1] flags after EAP type PEAP can be used to force PEAP 41 | # version based on the Phase 1 identity. Without this flag, the EAP 42 | # authenticator advertises the highest supported version and select the version 43 | # based on the first PEAP packet from the supplicant. 44 | # 45 | # EAP-TTLS supports both EAP and non-EAP authentication inside the tunnel. 46 | # Tunneled EAP methods are configured with standard EAP method name and [2] 47 | # flag. Non-EAP methods can be enabled by following method names: TTLS-PAP, 48 | # TTLS-CHAP, TTLS-MSCHAP, TTLS-MSCHAPV2. TTLS-PAP and TTLS-CHAP require a 49 | # plaintext password while TTLS-MSCHAP and TTLS-MSCHAPV2 can use NT password 50 | # hash. 51 | # 52 | # Arbitrary RADIUS attributes can be added into Access-Accept packets similarly 53 | # to the way radius_auth_req_attr is used for Access-Request packet in 54 | # hostapd.conf. For EAP server, this is configured separately for each user 55 | # entry with radius_accept_attr= line(s) following the main user entry 56 | # line. 57 | 58 | # Phase 1 users 59 | #"user" MD5 "password" 60 | #"test user" MD5 "secret" 61 | #"example user" TLS 62 | #"DOMAIN\user" MSCHAPV2 "password" 63 | #"gtc user" GTC "password" 64 | #"pax user" PAX "unknown" 65 | #"pax.user@example.com" PAX 0123456789abcdef0123456789abcdef 66 | #"psk user" PSK "unknown" 67 | #"psk.user@example.com" PSK 0123456789abcdef0123456789abcdef 68 | #"sake.user@example.com" SAKE 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef 69 | #"ttls" TTLS 70 | #"not anonymous" PEAP 71 | # Default to EAP-SIM and EAP-AKA based on fixed identity prefixes 72 | #"0"* AKA,TTLS,TLS,PEAP,SIM 73 | #"1"* SIM,TTLS,TLS,PEAP,AKA 74 | #"2"* AKA,TTLS,TLS,PEAP,SIM 75 | #"3"* SIM,TTLS,TLS,PEAP,AKA 76 | #"4"* AKA,TTLS,TLS,PEAP,SIM 77 | #"5"* SIM,TTLS,TLS,PEAP,AKA 78 | #"6"* AKA' 79 | #"7"* AKA' 80 | #"8"* AKA' 81 | 82 | # Wildcard for all other identities 83 | #* PEAP,TTLS,TLS,SIM,AKA 84 | 85 | # Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users 86 | #"t-md5" MD5 "password" [2] 87 | #"DOMAIN\t-mschapv2" MSCHAPV2 "password" [2] 88 | #"t-gtc" GTC "password" [2] 89 | #"not anonymous" MSCHAPV2 "password" [2] 90 | #"user" MD5,GTC,MSCHAPV2 "password" [2] 91 | #"test user" MSCHAPV2 hash:000102030405060708090a0b0c0d0e0f [2] 92 | #"ttls-user" TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS-MSCHAPV2 "password" [2] 93 | 94 | # Default to EAP-SIM and EAP-AKA based on fixed identity prefixes in phase 2 95 | #"0"* AKA [2] 96 | #"1"* SIM [2] 97 | #"2"* AKA [2] 98 | #"3"* SIM [2] 99 | #"4"* AKA [2] 100 | #"5"* SIM [2] 101 | #"6"* AKA' [2] 102 | #"7"* AKA' [2] 103 | #"8"* AKA' [2] 104 | 105 | # WPE - DO NOT REMOVE - These entries are specifically in here 106 | * PEAP,TTLS,TLS,FAST 107 | #"t" TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,MSCHAPV2,MD5,GTC,TTLS,TTLS-MSCHAPV2 "t" [2] 108 | 109 | * PEAP,TTLS,TLS,FAST [ver=1] 110 | #"t" GTC,TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,MSCHAPV2,MD5,GTC,TTLS,TTLS-MSCHAPV2 "password" [2] 111 | 112 | # Allow anonymous identity 113 | "CONTOSO\anonymous" GTC,MSCHAPV2 114 | "anonymous@CONTOSO" GTC,MSCHAPV2 115 | 116 | 117 | "CONTOSO\Administrator" GTC,MSCHAPV2 "SuperSecure@!@" [2] 118 | "CONTOSO\juan.tr" MSCHAPV2 "bulldogs1234" [2] 119 | "CONTOSO\luis.da" MSCHAPV2 "u89gh68!6fcv56ed" [2] 120 | 121 | "CONTOSO\test" MSCHAPV2 "monkey" [2] 122 | "CONTOSO\ftp" MSCHAPV2 "12345678" [2] 123 | -------------------------------------------------------------------------------- /APs/config/mgt/hostapd_wpe_relay.eap_user: -------------------------------------------------------------------------------- 1 | # hostapd user database for integrated EAP server 2 | 3 | # Each line must contain an identity, EAP method(s), and an optional password 4 | # separated with whitespace (space or tab). The identity and password must be 5 | # double quoted ("user"). Password can alternatively be stored as 6 | # NtPasswordHash (16-byte MD4 hash of the unicode presentation of the password 7 | # in unicode) if it is used for MSCHAP or MSCHAPv2 authentication. This means 8 | # that the plaintext password does not need to be included in the user file. 9 | # Password hash is stored as hash:<16-octets of hex data> without quotation 10 | # marks. 11 | 12 | # [2] flag in the end of the line can be used to mark users for tunneled phase 13 | # 2 authentication (e.g., within EAP-PEAP). In these cases, an anonymous 14 | # identity can be used in the unencrypted phase 1 and the real user identity 15 | # is transmitted only within the encrypted tunnel in phase 2. If non-anonymous 16 | # access is needed, two user entries is needed, one for phase 1 and another 17 | # with the same username for phase 2. 18 | # 19 | # EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-FAST, EAP-SIM, and EAP-AKA do not use 20 | # password option. 21 | # EAP-MD5, EAP-MSCHAPV2, EAP-GTC, EAP-PAX, EAP-PSK, and EAP-SAKE require a 22 | # password. 23 | # EAP-PEAP, EAP-TTLS, and EAP-FAST require Phase 2 configuration. 24 | # 25 | # * can be used as a wildcard to match any user identity. The main purposes for 26 | # this are to set anonymous phase 1 identity for EAP-PEAP and EAP-TTLS and to 27 | # avoid having to configure every certificate for EAP-TLS authentication. The 28 | # first matching entry is selected, so * should be used as the last phase 1 29 | # user entry. 30 | # 31 | # "prefix"* can be used to match the given prefix and anything after this. The 32 | # main purpose for this is to be able to avoid EAP method negotiation when the 33 | # method is using known prefix in identities (e.g., EAP-SIM and EAP-AKA). This 34 | # is only allowed for phase 1 identities. 35 | # 36 | # Multiple methods can be configured to make the authenticator try them one by 37 | # one until the peer accepts one. The method names are separated with a 38 | # comma (,). 39 | # 40 | # [ver=0] and [ver=1] flags after EAP type PEAP can be used to force PEAP 41 | # version based on the Phase 1 identity. Without this flag, the EAP 42 | # authenticator advertises the highest supported version and select the version 43 | # based on the first PEAP packet from the supplicant. 44 | # 45 | # EAP-TTLS supports both EAP and non-EAP authentication inside the tunnel. 46 | # Tunneled EAP methods are configured with standard EAP method name and [2] 47 | # flag. Non-EAP methods can be enabled by following method names: TTLS-PAP, 48 | # TTLS-CHAP, TTLS-MSCHAP, TTLS-MSCHAPV2. TTLS-PAP and TTLS-CHAP require a 49 | # plaintext password while TTLS-MSCHAP and TTLS-MSCHAPV2 can use NT password 50 | # hash. 51 | # 52 | # Arbitrary RADIUS attributes can be added into Access-Accept packets similarly 53 | # to the way radius_auth_req_attr is used for Access-Request packet in 54 | # hostapd.conf. For EAP server, this is configured separately for each user 55 | # entry with radius_accept_attr= line(s) following the main user entry 56 | # line. 57 | 58 | # Phase 1 users 59 | #"user" MD5 "password" 60 | #"test user" MD5 "secret" 61 | #"example user" TLS 62 | #"DOMAIN\user" MSCHAPV2 "password" 63 | #"gtc user" GTC "password" 64 | #"pax user" PAX "unknown" 65 | #"pax.user@example.com" PAX 0123456789abcdef0123456789abcdef 66 | #"psk user" PSK "unknown" 67 | #"psk.user@example.com" PSK 0123456789abcdef0123456789abcdef 68 | #"sake.user@example.com" SAKE 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef 69 | #"ttls" TTLS 70 | #"not anonymous" PEAP 71 | # Default to EAP-SIM and EAP-AKA based on fixed identity prefixes 72 | #"0"* AKA,TTLS,TLS,PEAP,SIM 73 | #"1"* SIM,TTLS,TLS,PEAP,AKA 74 | #"2"* AKA,TTLS,TLS,PEAP,SIM 75 | #"3"* SIM,TTLS,TLS,PEAP,AKA 76 | #"4"* AKA,TTLS,TLS,PEAP,SIM 77 | #"5"* SIM,TTLS,TLS,PEAP,AKA 78 | #"6"* AKA' 79 | #"7"* AKA' 80 | #"8"* AKA' 81 | 82 | # Wildcard for all other identities 83 | #* PEAP,TTLS,TLS,SIM,AKA 84 | 85 | # Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users 86 | #"t-md5" MD5 "password" [2] 87 | #"DOMAIN\t-mschapv2" MSCHAPV2 "password" [2] 88 | #"t-gtc" GTC "password" [2] 89 | #"not anonymous" MSCHAPV2 "password" [2] 90 | #"user" MD5,GTC,MSCHAPV2 "password" [2] 91 | #"test user" MSCHAPV2 hash:000102030405060708090a0b0c0d0e0f [2] 92 | #"ttls-user" TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS-MSCHAPV2 "password" [2] 93 | 94 | # Default to EAP-SIM and EAP-AKA based on fixed identity prefixes in phase 2 95 | #"0"* AKA [2] 96 | #"1"* SIM [2] 97 | #"2"* AKA [2] 98 | #"3"* SIM [2] 99 | #"4"* AKA [2] 100 | #"5"* SIM [2] 101 | #"6"* AKA' [2] 102 | #"7"* AKA' [2] 103 | #"8"* AKA' [2] 104 | 105 | # WPE - DO NOT REMOVE - These entries are specifically in here 106 | #* PEAP,TTLS,TLS,FAST 107 | #"t" TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,MSCHAPV2,MD5,GTC,TTLS,TTLS-MSCHAPV2 "t" [2] 108 | 109 | * PEAP,TTLS,TLS,FAST [ver=1] 110 | #"t" TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,MSCHAPV2,MD5,GTC,TTLS,TTLS-MSCHAPV2 "t" [2] 111 | 112 | #"t" GTC,TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,MSCHAPV2,MD5,GTC,TTLS,TTLS-MSCHAPV2 "password" [2] 113 | 114 | # Allow anonymous identity 115 | "CONTOSOREG\anonymous" MSCHAPV2 116 | "anonymous@CONTOSOREG" MSCHAPV2 117 | 118 | "CONTOSOREG\luis.da" MSCHAPV2 "u89gh68!6fcv56ed" [2] 119 | "CORPO\god" MSCHAPV2 hash:cbdc3e5938885b7a507775cf22d56351 [2] -------------------------------------------------------------------------------- /APs/config/mgt/hostapd_wpe_relay_tablets.eap_user: -------------------------------------------------------------------------------- 1 | # hostapd user database for integrated EAP server 2 | 3 | # Each line must contain an identity, EAP method(s), and an optional password 4 | # separated with whitespace (space or tab). The identity and password must be 5 | # double quoted ("user"). Password can alternatively be stored as 6 | # NtPasswordHash (16-byte MD4 hash of the unicode presentation of the password 7 | # in unicode) if it is used for MSCHAP or MSCHAPv2 authentication. This means 8 | # that the plaintext password does not need to be included in the user file. 9 | # Password hash is stored as hash:<16-octets of hex data> without quotation 10 | # marks. 11 | 12 | # [2] flag in the end of the line can be used to mark users for tunneled phase 13 | # 2 authentication (e.g., within EAP-PEAP). In these cases, an anonymous 14 | # identity can be used in the unencrypted phase 1 and the real user identity 15 | # is transmitted only within the encrypted tunnel in phase 2. If non-anonymous 16 | # access is needed, two user entries is needed, one for phase 1 and another 17 | # with the same username for phase 2. 18 | # 19 | # EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-FAST, EAP-SIM, and EAP-AKA do not use 20 | # password option. 21 | # EAP-MD5, EAP-MSCHAPV2, EAP-GTC, EAP-PAX, EAP-PSK, and EAP-SAKE require a 22 | # password. 23 | # EAP-PEAP, EAP-TTLS, and EAP-FAST require Phase 2 configuration. 24 | # 25 | # * can be used as a wildcard to match any user identity. The main purposes for 26 | # this are to set anonymous phase 1 identity for EAP-PEAP and EAP-TTLS and to 27 | # avoid having to configure every certificate for EAP-TLS authentication. The 28 | # first matching entry is selected, so * should be used as the last phase 1 29 | # user entry. 30 | # 31 | # "prefix"* can be used to match the given prefix and anything after this. The 32 | # main purpose for this is to be able to avoid EAP method negotiation when the 33 | # method is using known prefix in identities (e.g., EAP-SIM and EAP-AKA). This 34 | # is only allowed for phase 1 identities. 35 | # 36 | # Multiple methods can be configured to make the authenticator try them one by 37 | # one until the peer accepts one. The method names are separated with a 38 | # comma (,). 39 | # 40 | # [ver=0] and [ver=1] flags after EAP type PEAP can be used to force PEAP 41 | # version based on the Phase 1 identity. Without this flag, the EAP 42 | # authenticator advertises the highest supported version and select the version 43 | # based on the first PEAP packet from the supplicant. 44 | # 45 | # EAP-TTLS supports both EAP and non-EAP authentication inside the tunnel. 46 | # Tunneled EAP methods are configured with standard EAP method name and [2] 47 | # flag. Non-EAP methods can be enabled by following method names: TTLS-PAP, 48 | # TTLS-CHAP, TTLS-MSCHAP, TTLS-MSCHAPV2. TTLS-PAP and TTLS-CHAP require a 49 | # plaintext password while TTLS-MSCHAP and TTLS-MSCHAPV2 can use NT password 50 | # hash. 51 | # 52 | # Arbitrary RADIUS attributes can be added into Access-Accept packets similarly 53 | # to the way radius_auth_req_attr is used for Access-Request packet in 54 | # hostapd.conf. For EAP server, this is configured separately for each user 55 | # entry with radius_accept_attr= line(s) following the main user entry 56 | # line. 57 | 58 | # Phase 1 users 59 | #"user" MD5 "password" 60 | #"test user" MD5 "secret" 61 | #"example user" TLS 62 | #"DOMAIN\user" MSCHAPV2 "password" 63 | #"gtc user" GTC "password" 64 | #"pax user" PAX "unknown" 65 | #"pax.user@example.com" PAX 0123456789abcdef0123456789abcdef 66 | #"psk user" PSK "unknown" 67 | #"psk.user@example.com" PSK 0123456789abcdef0123456789abcdef 68 | #"sake.user@example.com" SAKE 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef 69 | #"ttls" TTLS 70 | #"not anonymous" PEAP 71 | # Default to EAP-SIM and EAP-AKA based on fixed identity prefixes 72 | #"0"* AKA,TTLS,TLS,PEAP,SIM 73 | #"1"* SIM,TTLS,TLS,PEAP,AKA 74 | #"2"* AKA,TTLS,TLS,PEAP,SIM 75 | #"3"* SIM,TTLS,TLS,PEAP,AKA 76 | #"4"* AKA,TTLS,TLS,PEAP,SIM 77 | #"5"* SIM,TTLS,TLS,PEAP,AKA 78 | #"6"* AKA' 79 | #"7"* AKA' 80 | #"8"* AKA' 81 | 82 | # Wildcard for all other identities 83 | #* PEAP,TTLS,TLS,SIM,AKA 84 | 85 | # Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users 86 | #"t-md5" MD5 "password" [2] 87 | #"DOMAIN\t-mschapv2" MSCHAPV2 "password" [2] 88 | #"t-gtc" GTC "password" [2] 89 | #"not anonymous" MSCHAPV2 "password" [2] 90 | #"user" MD5,GTC,MSCHAPV2 "password" [2] 91 | #"test user" MSCHAPV2 hash:000102030405060708090a0b0c0d0e0f [2] 92 | #"ttls-user" TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS-MSCHAPV2 "password" [2] 93 | 94 | # Default to EAP-SIM and EAP-AKA based on fixed identity prefixes in phase 2 95 | #"0"* AKA [2] 96 | #"1"* SIM [2] 97 | #"2"* AKA [2] 98 | #"3"* SIM [2] 99 | #"4"* AKA [2] 100 | #"5"* SIM [2] 101 | #"6"* AKA' [2] 102 | #"7"* AKA' [2] 103 | #"8"* AKA' [2] 104 | 105 | # WPE - DO NOT REMOVE - These entries are specifically in here 106 | #* PEAP,TTLS,TLS,FAST 107 | #"t" TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,MSCHAPV2,MD5,GTC,TTLS,TTLS-MSCHAPV2 "t" [2] 108 | 109 | * PEAP,TTLS,TLS,FAST [ver=1] 110 | #"t" TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,MSCHAPV2,MD5,GTC,TTLS,TTLS-MSCHAPV2 "t" [2] 111 | 112 | #"t" GTC,TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,MSCHAPV2,MD5,GTC,TTLS,TTLS-MSCHAPV2 "password" [2] 113 | 114 | # Allow anonymous identity 115 | "CONTOSOREG\anonymous" MSCHAPV2 116 | "anonymous@CONTOSOREG" MSCHAPV2 117 | 118 | "CONTOSOREG\luis.da" MSCHAPV2 "u89gh68!6fcv56ed" [2] 119 | -------------------------------------------------------------------------------- /APs/config/mgt/hostapd_wpe_tls.eap_user: -------------------------------------------------------------------------------- 1 | # hostapd user database for integrated EAP server 2 | 3 | # Each line must contain an identity, EAP method(s), and an optional password 4 | # separated with whitespace (space or tab). The identity and password must be 5 | # double quoted ("user"). Password can alternatively be stored as 6 | # NtPasswordHash (16-byte MD4 hash of the unicode presentation of the password 7 | # in unicode) if it is used for MSCHAP or MSCHAPv2 authentication. This means 8 | # that the plaintext password does not need to be included in the user file. 9 | # Password hash is stored as hash:<16-octets of hex data> without quotation 10 | # marks. 11 | 12 | # [2] flag in the end of the line can be used to mark users for tunneled phase 13 | # 2 authentication (e.g., within EAP-PEAP). In these cases, an anonymous 14 | # identity can be used in the unencrypted phase 1 and the real user identity 15 | # is transmitted only within the encrypted tunnel in phase 2. If non-anonymous 16 | # access is needed, two user entries is needed, one for phase 1 and another 17 | # with the same username for phase 2. 18 | # 19 | # EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-FAST, EAP-SIM, and EAP-AKA do not use 20 | # password option. 21 | # EAP-MD5, EAP-MSCHAPV2, EAP-GTC, EAP-PAX, EAP-PSK, and EAP-SAKE require a 22 | # password. 23 | # EAP-PEAP, EAP-TTLS, and EAP-FAST require Phase 2 configuration. 24 | # 25 | # * can be used as a wildcard to match any user identity. The main purposes for 26 | # this are to set anonymous phase 1 identity for EAP-PEAP and EAP-TTLS and to 27 | # avoid having to configure every certificate for EAP-TLS authentication. The 28 | # first matching entry is selected, so * should be used as the last phase 1 29 | # user entry. 30 | # 31 | # "prefix"* can be used to match the given prefix and anything after this. The 32 | # main purpose for this is to be able to avoid EAP method negotiation when the 33 | # method is using known prefix in identities (e.g., EAP-SIM and EAP-AKA). This 34 | # is only allowed for phase 1 identities. 35 | # 36 | # Multiple methods can be configured to make the authenticator try them one by 37 | # one until the peer accepts one. The method names are separated with a 38 | # comma (,). 39 | # 40 | # [ver=0] and [ver=1] flags after EAP type PEAP can be used to force PEAP 41 | # version based on the Phase 1 identity. Without this flag, the EAP 42 | # authenticator advertises the highest supported version and select the version 43 | # based on the first PEAP packet from the supplicant. 44 | # 45 | # EAP-TTLS supports both EAP and non-EAP authentication inside the tunnel. 46 | # Tunneled EAP methods are configured with standard EAP method name and [2] 47 | # flag. Non-EAP methods can be enabled by following method names: TTLS-PAP, 48 | # TTLS-CHAP, TTLS-MSCHAP, TTLS-MSCHAPV2. TTLS-PAP and TTLS-CHAP require a 49 | # plaintext password while TTLS-MSCHAP and TTLS-MSCHAPV2 can use NT password 50 | # hash. 51 | # 52 | # Arbitrary RADIUS attributes can be added into Access-Accept packets similarly 53 | # to the way radius_auth_req_attr is used for Access-Request packet in 54 | # hostapd.conf. For EAP server, this is configured separately for each user 55 | # entry with radius_accept_attr= line(s) following the main user entry 56 | # line. 57 | 58 | # Phase 1 users 59 | #"user" MD5 "password" 60 | #"test user" MD5 "secret" 61 | #"example user" TLS 62 | #"DOMAIN\user" MSCHAPV2 "password" 63 | #"gtc user" GTC "password" 64 | #"pax user" PAX "unknown" 65 | #"pax.user@example.com" PAX 0123456789abcdef0123456789abcdef 66 | #"psk user" PSK "unknown" 67 | #"psk.user@example.com" PSK 0123456789abcdef0123456789abcdef 68 | #"sake.user@example.com" SAKE 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef 69 | #"ttls" TTLS 70 | #"not anonymous" PEAP 71 | # Default to EAP-SIM and EAP-AKA based on fixed identity prefixes 72 | #"0"* AKA,TTLS,TLS,PEAP,SIM 73 | #"1"* SIM,TTLS,TLS,PEAP,AKA 74 | #"2"* AKA,TTLS,TLS,PEAP,SIM 75 | #"3"* SIM,TTLS,TLS,PEAP,AKA 76 | #"4"* AKA,TTLS,TLS,PEAP,SIM 77 | #"5"* SIM,TTLS,TLS,PEAP,AKA 78 | #"6"* AKA' 79 | #"7"* AKA' 80 | #"8"* AKA' 81 | 82 | # Wildcard for all other identities 83 | #* PEAP,TTLS,TLS,SIM,AKA 84 | 85 | # Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users 86 | #"t-md5" MD5 "password" [2] 87 | #"DOMAIN\t-mschapv2" MSCHAPV2 "password" [2] 88 | #"t-gtc" GTC "password" [2] 89 | #"not anonymous" MSCHAPV2 "password" [2] 90 | #"user" MD5,GTC,MSCHAPV2 "password" [2] 91 | #"test user" MSCHAPV2 hash:000102030405060708090a0b0c0d0e0f [2] 92 | #"ttls-user" TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS-MSCHAPV2 "password" [2] 93 | 94 | # Default to EAP-SIM and EAP-AKA based on fixed identity prefixes in phase 2 95 | #"0"* AKA [2] 96 | #"1"* SIM [2] 97 | #"2"* AKA [2] 98 | #"3"* SIM [2] 99 | #"4"* AKA [2] 100 | #"5"* SIM [2] 101 | #"6"* AKA' [2] 102 | #"7"* AKA' [2] 103 | #"8"* AKA' [2] 104 | 105 | # WPE - DO NOT REMOVE - These entries are specifically in here 106 | #* PEAP,TTLS,TLS,FAST 107 | #* TLS 108 | #"t" TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,MSCHAPV2,MD5,GTC,TTLS,TTLS-MSCHAPV2 "t" [2] 109 | 110 | # Allow anonymous identity 111 | "GLOBAL\anonymous" TLS 112 | "anonymous@GLOBAL" TLS 113 | 114 | # Existing user identities 115 | "GLOBAL\GlobalAdmin" TLS 116 | "GLOBAL\Manager" TLS 117 | 118 | -------------------------------------------------------------------------------- /APs/config/ns-inet.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #https://gist.github.com/dpino/6c0dca1742093346461e11aa8f608a99 3 | # set -x 4 | 5 | if [[ $EUID -ne 0 ]]; then 6 | echo "You must be root to run this script" 7 | exit 1 8 | fi 9 | 10 | # Returns all available interfaces, except "lo" and "veth*". 11 | available_interfaces() 12 | { 13 | local ret=() 14 | 15 | local ifaces=$(ip li sh | cut -d " " -f 2 | tr "\n" " ") 16 | read -a arr <<< "$ifaces" 17 | 18 | for each in "${arr[@]}"; do 19 | each=${each::-1} 20 | if [[ ${each} != "lo" && ${each} != veth* ]]; then 21 | ret+=( "$each" ) 22 | fi 23 | done 24 | echo ${ret[@]} 25 | } 26 | 27 | IFACE="$1" 28 | #FORCE IFACE 29 | IFACE=`ip route show | grep 'default via' | awk '{print $5}'` 30 | if [[ -z "$IFACE" ]]; then 31 | ifaces=($(available_interfaces)) 32 | if [[ ${#ifaces[@]} -gt 0 ]]; then 33 | IFACE=${ifaces[0]} 34 | echo "Using interface $IFACE" 35 | else 36 | echo "Usage: ./ns-inet " 37 | exit 1 38 | fi 39 | else 40 | IFACE=`ip route show | grep 'default via' | awk '{print $5}'` 41 | echo "Using interface $IFACE" 42 | fi 43 | 44 | NS="ns-ap" 45 | VETH="veth1" 46 | VPEER="vpeer1" 47 | VETH_ADDR="10.200.1.1" 48 | VPEER_ADDR="10.200.1.2" 49 | 50 | trap cleanup EXIT 51 | 52 | cleanup() 53 | { 54 | ip li delete ${VETH} 2>/dev/null 55 | } 56 | 57 | # Remove namespace if it exists. 58 | ip netns del $NS &>/dev/null 59 | 60 | # Create namespace 61 | ip netns add $NS 62 | 63 | 64 | #----------------------------WiFiChallenge--------------------------------------------------------- 65 | #Check kill to avoid all problems 66 | 67 | #airmon-ng check kill 68 | 69 | # Define vlan for all dockers (in host, is the same mac80211_hwsim) 70 | #0-9 for the attacker 71 | #10-39 radios for AP 72 | #40-59 radios for Clients 73 | #60 for nzyme in attacker 74 | 75 | #if wlan < 20 (AP wifis) no executed 76 | if [[ $(iw dev | grep wlan | wc -l) -lt 20 ]] ; then 77 | sudo modprobe mac80211_hwsim -r 78 | fi 79 | 80 | sudo modprobe mac80211_hwsim radios=61 81 | 82 | # Rename interfaces APwlan, ClientWlan, wlan0 wlan5 83 | #TODO? 84 | 85 | # Add WiFi interfaces 10-39 86 | # 6-9 are for attacker but unnused, so ap 87 | for I in `seq 6 39` ; do 88 | PHY=`ls /sys/class/ieee80211/*/device/net/ | grep -B1 wlan$I | grep -Eo 'phy[0-9]+'` 89 | iw phy $PHY set netns name /run/netns/$NS 90 | done 91 | 92 | #-------------------------------------------------------------------------------------------------- 93 | 94 | 95 | # Create veth link. 96 | ip link add ${VETH} type veth peer name ${VPEER} 97 | 98 | # Add peer-1 to NS. 99 | ip link set ${VPEER} netns $NS 100 | 101 | # Setup IP address of ${VETH}. 102 | ip addr add ${VETH_ADDR}/24 dev ${VETH} 103 | ip link set ${VETH} up 104 | 105 | # Setup IP ${VPEER}. 106 | ip netns exec $NS ip addr add ${VPEER_ADDR}/24 dev ${VPEER} 107 | ip netns exec $NS ip link set ${VPEER} up 108 | ip netns exec $NS ip link set lo up 109 | ip netns exec $NS ip route add default via ${VETH_ADDR} 110 | 111 | # Enable IP-forwarding. 112 | echo 1 > /proc/sys/net/ipv4/ip_forward 113 | 114 | # Flush forward rules. 115 | iptables -P FORWARD DROP 116 | iptables -F FORWARD 117 | 118 | # Flush nat rules. 119 | iptables -t nat -F 120 | 121 | # Enable masquerading of 10.200.1.0. 122 | iptables -t nat -A POSTROUTING -s ${VPEER_ADDR}/24 -o ${IFACE} -j MASQUERADE 123 | 124 | iptables -A FORWARD -i ${IFACE} -o ${VETH} -j ACCEPT 125 | iptables -A FORWARD -o ${IFACE} -i ${VETH} -j ACCEPT 126 | 127 | # Get into namespace and exec startAP 128 | ip netns exec ${NS} /bin/bash /root/startAPs.sh --rcfile <(echo "PS1=\"${NS}> \"") 129 | #·ip netns exec ${NS} /bin/bash --rcfile <(echo "PS1=\"${NS}> \"") 130 | 131 | # if closed 132 | -------------------------------------------------------------------------------- /APs/config/open/hostapd_open.conf.tmp: -------------------------------------------------------------------------------- 1 | interface=$WLAN_OPN 2 | driver=nl80211 3 | 4 | hw_mode=g 5 | channel=6 6 | ssid=$ESSID_OPN 7 | 8 | wpa=0 9 | 10 | #macaddr_acl=1 11 | #accept_mac_file=/root/open/acceptMac.txt 12 | 13 | ap_isolate=1 -------------------------------------------------------------------------------- /APs/config/open/hostapd_open_hidden.conf.tmp: -------------------------------------------------------------------------------- 1 | interface=$WLAN_OPN_HIDDEN 2 | driver=nl80211 3 | 4 | hw_mode=g 5 | channel=11 6 | ssid=$ESSID_OPN_HIDDEN 7 | 8 | wpa=0 9 | 10 | #macaddr_acl=1 11 | #accept_mac_file=/root/open/acceptMac.txt 12 | 13 | ignore_broadcast_ssid=2 -------------------------------------------------------------------------------- /APs/config/opennds.conf.tmp: -------------------------------------------------------------------------------- 1 | # This is the legacy configuration file and is currently used by all non-OpenWrt installations. 2 | # It is deprecated and will be replaced by the UCI style configuration file as used in OpenWrt in a future release 3 | # 4 | # For details of possible options, please see the OpenWrt UCI config file or the documentation at https://opennds.readthedocs.io/ 5 | # 6 | # 7 | # The "#" character at the beginning of a line indicates that the whole line is a comment. 8 | # 9 | # "#" characters within a line are assumed to be part of the configured option 10 | # 11 | 12 | # GatewayName 13 | # Default: openNDS 14 | # 15 | # GatewayName openNDS 16 | 17 | # Option: GatewayInterface 18 | # Default: br-lan 19 | # 20 | # Set GatewayInterface to the interface on your router that is to be managed by openNDS. 21 | # The selected interface must be allocated an IPv4 address. 22 | # Typically on OpenWrt it is br-lan for the wired and wireless lan combined in a bridge. 23 | # On generic Linux though, it might be wlan0 24 | # 25 | GatewayInterface $WLAN_OPN 26 | gatewayfqdn disable 27 | gatewayport 8080 28 | 29 | 30 | # Login Option 31 | # Default: 1 32 | # Integer value sent to PreAuth script as login mode 33 | # 34 | # opennds comes preconfigured for three basic modes of operation 35 | # 36 | # option set to 1 - Default Dynamic Click to Continue splash sequence 37 | # 38 | # option set to 2 - Username/Emailaddress Dynamic Login 39 | # 40 | # option set to 3 - Use ThemeSpecPath to select a custom ThemeSpec file 41 | # 42 | login_option_enabled 2 43 | themespec_path /usr/lib/opennds/theme_user-email-login-basic.sh 44 | 45 | # Use outdated libmicrohttpd (MHD) 46 | # Default 0 47 | # Warning, if set to 1, this may be unstable or fail entirely - it would be better to upgrade MHD. 48 | # Use at your own risk 49 | # 50 | # If this option is set to 0 (default), NDS will terminate if MHD is earlier than 0.9.71 51 | # If this option is set to 1, NDS will attempt to start and log an error. 52 | #use_outdated_mhd 0 53 | 54 | # FirewallRuleSet: authenticated-users 55 | # 56 | # Control access for users after authentication. 57 | FirewallRuleSet authenticated-users { 58 | # FirewallRule passthrough all 59 | } 60 | 61 | FirewallRuleSet preauthenticated-users { 62 | } 63 | 64 | # FirewallRuleSet: users-to-router 65 | # Control access to the router itself from the GatewayInterface. 66 | # Essential - Allow ports for DNS and DHCP (disabling these will soft brick your router): 67 | FirewallRuleSet users-to-router { 68 | FirewallRule allow udp port 53 69 | FirewallRule allow tcp port 53 70 | FirewallRule allow udp port 67 71 | # You may want to allow ssh, http, and https to the router 72 | # for administration from the GatewayInterface. If not, 73 | # comment these out. 74 | FirewallRule allow tcp port 22 75 | FirewallRule allow tcp port 80 76 | FirewallRule allow tcp port 443 77 | } 78 | 79 | trustedmaclist 80:18:44:BF:72:47,B0:72:BF:B0:78:48,B0:72:BF:44:B0:49 80 | -------------------------------------------------------------------------------- /APs/config/psk/hostapd_other0.conf.tmp: -------------------------------------------------------------------------------- 1 | interface=$WLAN_OTHER0 2 | driver=nl80211 3 | 4 | hw_mode=g 5 | channel=3 6 | ssid=$ESSID_OTHER0 7 | 8 | wpa=2 9 | wpa_key_mgmt=WPA-PSK 10 | wpa_pairwise=TKIP CCMP 11 | wpa_passphrase="qwerty03" 12 | -------------------------------------------------------------------------------- /APs/config/psk/hostapd_other1.conf.tmp: -------------------------------------------------------------------------------- 1 | interface=$WLAN_OTHER1 2 | driver=nl80211 3 | 4 | hw_mode=g 5 | channel=6 6 | ssid=$ESSID_OTHER1 7 | 8 | wpa=2 9 | wpa_key_mgmt=WPA-PSK 10 | wpa_pairwise=TKIP CCMP 11 | wpa_passphrase="qwerty04" 12 | -------------------------------------------------------------------------------- /APs/config/psk/hostapd_other2.conf.tmp: -------------------------------------------------------------------------------- 1 | interface=$WLAN_OTHER2 2 | driver=nl80211 3 | 4 | hw_mode=g 5 | channel=9 6 | ssid=$ESSID_OTHER2 7 | 8 | wpa=2 9 | wpa_key_mgmt=WPA-PSK 10 | wpa_pairwise=TKIP 11 | wpa_passphrase="qwerty05" 12 | -------------------------------------------------------------------------------- /APs/config/psk/hostapd_other3.conf.tmp: -------------------------------------------------------------------------------- 1 | interface=$WLAN_OTHER3 2 | driver=nl80211 3 | 4 | hw_mode=g 5 | channel=6 6 | ssid=$ESSID_OTHER3 7 | 8 | wpa=2 9 | wpa_key_mgmt=WPA-PSK 10 | wpa_pairwise=CCMP 11 | wpa_passphrase="qwerty06" 12 | -------------------------------------------------------------------------------- /APs/config/psk/hostapd_wpa.conf.tmp: -------------------------------------------------------------------------------- 1 | interface=$WLAN_PSK 2 | driver=nl80211 3 | 4 | hw_mode=g 5 | channel=6 6 | ssid=$ESSID_PSK 7 | 8 | wpa=2 9 | wpa_key_mgmt=WPA-PSK 10 | wpa_pairwise=TKIP CCMP 11 | wpa_passphrase=starwars1 12 | -------------------------------------------------------------------------------- /APs/config/startAPs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # TODO move to Dockerfile 4 | envsubst_tmp (){ 5 | for F in ./*.tmp ; do 6 | #DO it only first time 7 | if [ "$F" != '/*.tmp' ]; then 8 | #echo $F 9 | NEW=`basename $F .tmp` 10 | envsubst < $F > $NEW 11 | rm $F 2> /dev/nil 12 | fi 13 | done 14 | } 15 | 16 | #LOAD VARIABLES FROM FILE (EXPORT) 17 | set -a 18 | source /root/wlan_config_aps 19 | 20 | 21 | 22 | #Replace variables in interfaces.tmp file (one is wrong, its useless, idk :) ) 23 | 24 | envsubst < /etc/network/interfaces.tmp > /etc/network/interfaces 25 | envsubst < /etc/dnsmasq.conf.tmp > /etc/dnsmasq.conf 26 | envsubst < /etc/opennds/opennds.conf.tmp > /etc/opennds/opennds.conf 27 | 28 | # Replace var in config AP files 29 | #OPN 30 | cd /root/open/ 31 | envsubst_tmp 32 | #PSK 33 | cd /root/psk/ 34 | envsubst_tmp 35 | #WPA3 36 | cd /root/wpa3/ 37 | envsubst_tmp 38 | #MGT 39 | cd /root/mgt/ 40 | envsubst_tmp 41 | #WEP 42 | cd /root/wep/ 43 | envsubst_tmp 44 | 45 | cd 46 | 47 | date 48 | 49 | echo 'nameserver 8.8.8.8' > /etc/resolv.conf 50 | 51 | service apache2 start > /root/logs/apache2.log 2>&1 & 52 | 53 | # Wlan first 6 for attacker, next 14 for AP, rest for client 54 | 55 | #F0:9F:C2:71 ubiquiti 56 | macchanger -m $MAC_OPN $WLAN_OPN > /root/logs/macchanger.log # OPN 57 | macchanger -m $MAC_OPN_HIDDEN $WLAN_OPN_HIDDEN > /root/logs/macchanger.log # OPN 58 | macchanger -m $MAC_WEP $WLAN_WEP >> /root/logs/macchanger.log # WEP 59 | macchanger -m $MAC_PSK $WLAN_PSK >> /root/logs/macchanger.log # PSK 60 | macchanger -m $MAC_WPS $WLAN_WPS >> /root/logs/macchanger.log # PSK WPS 61 | macchanger -m $MAC_KRACK $WLAN_KRACK >> /root/logs/macchanger.log # PSK VULN KRACKS TODO 62 | 63 | macchanger -m $MAC_MGT $WLAN_MGT >> /root/logs/macchanger.log # MGT 64 | macchanger -m $MAC_MGT2 $WLAN_MGT2 >> /root/logs/macchanger.log # MGT 2 65 | macchanger -m $MAC_MGTRELAY $WLAN_MGTRELAY >> /root/logs/macchanger.log # MGT Relay 66 | macchanger -m $MAC_MGTRELAY_TABLETS $WLAN_MGTRELAY_TABLETS >> /root/logs/macchanger.log # MGT Relay tablets 67 | 68 | macchanger -m $MAC_MGTTLS $WLAN_MGTTLS >> /root/logs/macchanger.log # MGT TLS 69 | 70 | macchanger -r $WLAN_OTHER0 >> /root/logs/macchanger.log # Other 0 71 | macchanger -r $WLAN_OTHER1 >> /root/logs/macchanger.log # Other 1 72 | macchanger -r $WLAN_OTHER2 >> /root/logs/macchanger.log # Other 2 73 | macchanger -r $WLAN_OTHER3 >> /root/logs/macchanger.log # Other 3 74 | macchanger -m $MAC_BRUTEFORCE $WLAN_BRUTEFORCE >> /root/logs/macchanger.log # WPA3 Bruteforce 75 | macchanger -m $MAC_DOWNGRADE $WLAN_DOWNGRADE >> /root/logs/macchanger.log # WPA3 DOWNGRADE 76 | #macchanger -r wlan24 >> /root/logs/macchanger.log # TODO 77 | macchanger -r $WLAN_NZYME >> /root/logs/macchanger.log # NZYME WIDS 78 | #macchanger -r wlan26 >> /root/logs/macchanger.log # TODO 79 | macchanger -m $MAC_MGT_LEGACY $WLAN_MGT_LEGACY >> /root/logs/macchanger.log # TODO 80 | #macchanger -r wlan28 >> /root/logs/macchanger.log # TODO 81 | macchanger -m $MAC_WEP $WLAN_WEP >> /root/logs/macchanger.log # TODO 82 | 83 | 84 | mkdir /root/logs/ 2> /dev/nil 85 | 86 | 87 | bash /root/cronAPs.sh > /root/logs/cronAPs.log 2>&1 & 88 | 89 | 90 | 91 | mkdir /root/logs/ 2> /dev/nil 92 | 93 | #TODO RE ORDER ALL WLAN and IP -> 0 OPN, 1 WEP, 2 PSK, 3 PSK WPS, 4 MGT, 5 MGTRelay, 6 MGT TLS, 7 8 , 9,10,11,12,13 others 94 | 95 | # Open 96 | ip addr add $IP_OPN.1/24 dev $WLAN_OPN 97 | host_aps_apd /root/open/hostapd_open.conf > /root/logs/hostapd_open.log & 98 | # opennds 99 | opennds > /root/logs/opennds.log 2>&1 100 | 101 | # Open hidden 102 | ip addr add $IP_OPN_HIDDEN.1/24 dev $WLAN_OPN_HIDDEN 103 | host_aps_apd /root/open/hostapd_open_hidden.conf > /root/logs/hostapd_open_hidden.log & 104 | 105 | # PSK 106 | ip addr add $IP_PSK.1/24 dev $WLAN_PSK 107 | host_aps_apd /root/psk/hostapd_wpa.conf > /root/logs/hostapd_wpa.log & 108 | 109 | # MGT 110 | ip addr add $IP_MGT.1/24 dev $WLAN_MGT 111 | host_aps_apd /root/mgt/hostapd_wpe.conf > /root/logs/hostapd_wpe.log & 112 | ip addr add $IP_MGT2.1/24 dev $WLAN_MGT2 113 | host_aps_apd /root/mgt/hostapd_wpe2.conf > /root/logs/hostapd_wpe2.log & 114 | 115 | # MGT Relay 116 | ip addr add $IP_MGTRELAY.1/24 dev $WLAN_MGTRELAY 117 | host_aps_apd /root/mgt/hostapd_wpe_relay.conf > /root/logs/hostapd_wpe_relay.log & 118 | 119 | # MGT Relay tablets 120 | ip addr add $IP_MGTRELAY_TABLETS.1/24 dev $WLAN_MGTRELAY_TABLETS 121 | host_aps_apd /root/mgt/hostapd_wpe_relay_tablets.conf > /root/logs/hostapd_wpe_relay_tablets.log & 122 | 123 | # MGT TLS 124 | ip addr add $IP_MGTTLS.1/24 dev $WLAN_MGTTLS 125 | host_aps_apd /root/mgt/hostapd_wpe_tls.conf > /root/logs/hostapd_wpe_tls.log & 126 | 127 | #TODO 128 | #ip addr add $IP_8.1/24 dev $WLAN_MGTTLS 129 | 130 | 131 | # PSK Other 132 | ip addr add $IP_OTHER0.1/24 dev $WLAN_OTHER0 133 | host_aps_apd /root/psk/hostapd_other0.conf > /root/logs/hostapd_other0.log & 134 | 135 | ip addr add $IP_OTHER1.1/24 dev $WLAN_OTHER1 136 | host_aps_apd /root/psk/hostapd_other1.conf > /root/logs/hostapd_other1.log & 137 | 138 | ip addr add $IP_OTHER2.1/24 dev $WLAN_OTHER2 139 | host_aps_apd /root/psk/hostapd_other2.conf > /root/logs/hostapd_other2.log & 140 | 141 | ip addr add $IP_OTHER3.1/24 dev $WLAN_OTHER3 142 | host_aps_apd /root/psk/hostapd_other3.conf > /root/logs/hostapd_other3.log & 143 | 144 | # WPA3 WPE 145 | ip addr add $IP_BRUTEFORCE.1/24 dev $WLAN_BRUTEFORCE 146 | host_aps_apd /root/wpa3/hostapd_bruteforce.conf > /root/logs/hostapd_bruteforce.log & 147 | 148 | ip addr add $IP_DOWNGRADE.1/24 dev $WLAN_DOWNGRADE 149 | host_aps_apd /root/wpa3/hostapd_downgrade.conf > /root/logs/hostapd_downgrade.log & 150 | 151 | ip addr add $IP_WEP.1/24 dev $WLAN_WEP 152 | host_aps_apd /root/wep/hostapd_wep.conf > /root/logs/hostapd_wep.log & 153 | 154 | #ip addr del $IP_190.15/24 dev enp0s3 155 | 156 | #bash /root/checkVWIFI.sh > /root/logs/checkVWIFI.log & 157 | 158 | #Generate WEP traffic 159 | ping $IP_WEP.2 > /dev/null 2>&1 & 160 | 161 | # start captive portal open network 162 | sudo systemctl enable dnsmasq 163 | service dnsmasq start 164 | 165 | #systemctl stop networking 166 | echo "ALL SET" 167 | 168 | #Generate WEP traffic 169 | ping $IP_WEP.2 > /dev/null 2>&1 170 | 171 | /bin/bash 172 | 173 | wait 174 | -------------------------------------------------------------------------------- /APs/config/wep/hostapd_wep.conf.tmp: -------------------------------------------------------------------------------- 1 | interface=$WLAN_WEP 2 | driver=nl80211 3 | #ignore_broadcast_ssid=2 4 | 5 | hw_mode=g 6 | channel=3 7 | ssid=$ESSID_WEP 8 | #wpa=2 9 | #wpa_key_mgmt=WPA-PSK 10 | #wpa_pairwise=CCMP TKIP 11 | #wpa_passphrase=adminadmin 12 | 13 | 14 | auth_algs=1 15 | wep_default_key=0 16 | wep_key0=11bb33cd55 -------------------------------------------------------------------------------- /APs/config/wlan_config_aps: -------------------------------------------------------------------------------- 1 | #SET WLAN AND IP FOR EVERYTHING 2 | ESSID_OPN='wifi-guest' 3 | WLAN_OPN=wlan10 4 | IP_OPN='192.168.10' 5 | MAC_OPN='F0:9F:C2:71:22:10' 6 | 7 | ESSID_WEP='wifi-old' 8 | WLAN_WEP=wlan11 9 | IP_WEP='192.168.1' 10 | MAC_WEP='F0:9F:C2:71:22:11' 11 | 12 | ESSID_PSK='wifi-mobile' 13 | WLAN_PSK=wlan12 14 | IP_PSK='192.168.2' 15 | MAC_PSK='F0:9F:C2:71:22:12' 16 | 17 | # ------------------------------------------ 18 | WLAN_WPS=wlan13 19 | IP_WPS='192.168.3' 20 | MAC_WPS='F0:9F:C2:71:22:13' 21 | 22 | WLAN_KRACK=wlan14 23 | IP_KRACK='192.168.4' 24 | MAC_KRACK='F0:9F:C2:71:22:14' 25 | 26 | # ------------------------------------------ 27 | 28 | ESSID_MGT='wifi-corp' 29 | WLAN_MGT=wlan15 30 | IP_MGT='192.168.5' 31 | MAC_MGT='F0:9F:C2:71:22:15' 32 | 33 | ESSID_MGT2='wifi-corp' 34 | WLAN_MGT2=wlan16 35 | IP_MGT2='192.168.6' 36 | MAC_MGT2='F0:9F:C2:71:22:1A' 37 | 38 | ESSID_MGTRELAY='wifi-regional' 39 | WLAN_MGTRELAY=wlan17 40 | IP_MGTRELAY='192.168.7' 41 | MAC_MGTRELAY='F0:9F:C2:71:22:16' 42 | 43 | ESSID_MGTTLS='wifi-global' 44 | WLAN_MGTTLS=wlan18 45 | IP_MGTTLS='192.168.8' 46 | MAC_MGTTLS='F0:9F:C2:71:22:17' 47 | 48 | # ------------------------------------------ 49 | WLAN_PMKID=wlan19 50 | IP_PMKID='192.168.9' 51 | MAC_PMKID='F0:9F:C2:72:33:19' 52 | # ------------------------------------------ 53 | 54 | ESSID_OTHER0='MOVISTAR_JYG2' 55 | WLAN_OTHER0=wlan20 56 | IP_OTHER0='192.168.30' 57 | MAC_OTHER0='88:15:44:AA:3A:10' 58 | 59 | ESSID_OTHER1='WIFI-JUAN' 60 | WLAN_OTHER1=wlan21 61 | IP_OTHER1='192.168.11' 62 | MAC_OTHER1='88:15:44:BC:FA:C1' 63 | 64 | ESSID_OTHER2='vodafone7123' 65 | WLAN_OTHER2=wlan22 66 | IP_OTHER2='192.168.12' 67 | MAC_OTHER2='88:15:44:BF:99:A2' 68 | 69 | ESSID_OTHER3='MiFibra-5-D6G3' 70 | WLAN_OTHER3=wlan23 71 | IP_OTHER3='192.168.13' 72 | MAC_OTHER3='88:15:44:78:8A:F3' 73 | 74 | ESSID_BRUTEFORCE='wifi-management' 75 | WLAN_BRUTEFORCE=wlan24 76 | IP_BRUTEFORCE='192.168.14' 77 | MAC_BRUTEFORCE='F0:9F:C2:11:0A:24' 78 | 79 | ESSID_DOWNGRADE='wifi-IT' 80 | WLAN_DOWNGRADE=wlan25 81 | IP_DOWNGRADE='192.168.15' 82 | MAC_DOWNGRADE='F0:9F:C2:1A:CA:25' 83 | 84 | ESSID_OPN_HIDDEN='wifi-free' 85 | WLAN_OPN_HIDDEN=wlan26 86 | IP_OPN_HIDDEN='192.168.16' 87 | MAC_OPN_HIDDEN='F0:9F:C2:6A:88:26' 88 | 89 | # ------------------------------------------ 90 | WLAN_MGT_LEGACY=wlan27 91 | IP_MGT_LEGACY='192.168.17' 92 | MAC_MGT_LEGACY='F0:9F:CB:3F:AA:17' 93 | # ------------------------------------------ 94 | 95 | ESSID_MGTRELAY_TABLETS='wifi-regional-tablets' 96 | WLAN_MGTRELAY_TABLETS=wlan28 97 | IP_MGTRELAY_TABLETS='192.168.18' 98 | MAC_MGTRELAY_TABLETS='F0:9F:C2:7A:33:28' 99 | 100 | # ------------------------------------------ 101 | WLAN_=wlan30 102 | IP_='192.168.20' 103 | MAC_='' 104 | # ------------------------------------------ -------------------------------------------------------------------------------- /APs/config/wpa3/hostapd_bruteforce.conf.tmp: -------------------------------------------------------------------------------- 1 | ##### hostapd configuration file ############################################## 2 | # Empty lines and lines starting with # are ignored 3 | 4 | interface=$WLAN_BRUTEFORCE 5 | logger_syslog=-1 6 | logger_syslog_level=2 7 | logger_stdout=-1 8 | logger_stdout_level=2 9 | ctrl_interface=/var/run/hostapd 10 | ctrl_interface_group=0 11 | ssid=$ESSID_BRUTEFORCE 12 | hw_mode=g 13 | channel=11 14 | beacon_int=100 15 | dtim_period=2 16 | max_num_sta=255 17 | rts_threshold=-1 18 | fragm_threshold=-1 19 | macaddr_acl=0 20 | auth_algs=1 21 | ignore_broadcast_ssid=0 22 | wmm_enabled=1 23 | wmm_ac_bk_cwmin=4 24 | wmm_ac_bk_cwmax=10 25 | wmm_ac_bk_aifs=7 26 | wmm_ac_bk_txop_limit=0 27 | wmm_ac_bk_acm=0 28 | wmm_ac_be_aifs=3 29 | wmm_ac_be_cwmin=4 30 | wmm_ac_be_cwmax=10 31 | wmm_ac_be_txop_limit=0 32 | wmm_ac_be_acm=0 33 | wmm_ac_vi_aifs=2 34 | wmm_ac_vi_cwmin=3 35 | wmm_ac_vi_cwmax=4 36 | wmm_ac_vi_txop_limit=94 37 | wmm_ac_vi_acm=0 38 | wmm_ac_vo_aifs=2 39 | wmm_ac_vo_cwmin=2 40 | wmm_ac_vo_cwmax=3 41 | wmm_ac_vo_txop_limit=47 42 | wmm_ac_vo_acm=0 43 | eapol_key_index_workaround=0 44 | eap_server=0 45 | own_ip_addr=127.0.0.1 46 | wpa=2 47 | wpa_passphrase=chocolate1 48 | wpa_key_mgmt=SAE 49 | ieee80211w=2 50 | 51 | # Use GCMP-128 52 | #rsn_pairwise=GCMP-128 53 | rsn_pairwise=CCMP 54 | 55 | # Enable WPA3-SAE with mandatory Management Frame Protection 56 | sae_require_mfp=1 -------------------------------------------------------------------------------- /APs/config/wpa3/hostapd_downgrade.conf.tmp: -------------------------------------------------------------------------------- 1 | ##### hostapd configuration file ############################################## 2 | interface=$WLAN_DOWNGRADE 3 | logger_syslog=-1 4 | logger_syslog_level=2 5 | logger_stdout=-1 6 | logger_stdout_level=2 7 | ctrl_interface=/var/run/hostapd 8 | ctrl_interface_group=0 9 | ssid=$ESSID_DOWNGRADE 10 | hw_mode=g 11 | channel=11 12 | beacon_int=100 13 | dtim_period=2 14 | max_num_sta=255 15 | rts_threshold=-1 16 | fragm_threshold=-1 17 | macaddr_acl=0 18 | auth_algs=3 19 | ignore_broadcast_ssid=0 20 | wmm_enabled=1 21 | wmm_ac_bk_cwmin=4 22 | wmm_ac_bk_cwmax=10 23 | wmm_ac_bk_aifs=7 24 | wmm_ac_bk_txop_limit=0 25 | wmm_ac_bk_acm=0 26 | wmm_ac_be_aifs=3 27 | wmm_ac_be_cwmin=4 28 | wmm_ac_be_cwmax=10 29 | wmm_ac_be_txop_limit=0 30 | wmm_ac_be_acm=0 31 | wmm_ac_vi_aifs=2 32 | wmm_ac_vi_cwmin=3 33 | wmm_ac_vi_cwmax=4 34 | wmm_ac_vi_txop_limit=94 35 | wmm_ac_vi_acm=0 36 | wmm_ac_vo_aifs=2 37 | wmm_ac_vo_cwmin=2 38 | wmm_ac_vo_cwmax=3 39 | wmm_ac_vo_txop_limit=47 40 | wmm_ac_vo_acm=0 41 | eapol_key_index_workaround=0 42 | eap_server=0 43 | own_ip_addr=127.0.0.1 44 | wpa=2 45 | wpa_passphrase=bubblegum 46 | wpa_key_mgmt=SAE WPA-PSK 47 | 48 | rsn_pairwise=CCMP 49 | -------------------------------------------------------------------------------- /Attacker/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM kalilinux/kali-rolling as builder 2 | 3 | RUN mkdir /root/tools 4 | 5 | WORKDIR /root/tools 6 | 7 | RUN apt-get update && apt-get install -y nmap python3 git make wget 8 | 9 | RUN cd /root/tools && git clone https://github.com/blackarrowsec/EAP_buster 10 | #RUN cd /root/tools && git clone https://github.com/ZerBea/hcxtools.git \ 11 | # && cd hcxtools && make && make install 12 | 13 | RUN cd /root/tools && apt-get install python3-pip -y \ 14 | && DEBIAN_FRONTEND=noninteractive apt-get install tshark -y \ 15 | && git clone https://github.com/r4ulcl/wifi_db \ 16 | && cd wifi_db && pip3 install -r requirements.txt \ 17 | && wget https://gist.githubusercontent.com/r4ulcl/f3470f097d1cd21dbc5a238883e79fb2/raw/pcapFilter.sh 18 | 19 | RUN cd /root/tools && git clone https://github.com/Snizz/crEAP 20 | 21 | RUN apt-get install -y eaphammer hostapd-wpe aircrack-ng arp-scan airgeddon \ 22 | build-essential libnl-genl-3-dev libssl-dev build-essential \ 23 | pkg-config git libnl-genl-3-dev libssl-dev reaver 24 | 25 | #RUN apt-get install -y mana-toolkit eapeak wpa_sycophant berate_ap air-hammer create_ap 26 | RUN apt-get install -y mdk4 wifipumpkin3 libpcap-dev curl 27 | 28 | #hostapd mana 29 | RUN cd /root/tools && git clone https://github.com/sensepost/hostapd-mana && cd hostapd-mana \ 30 | && make -C hostapd -j 4 && ln -s /root/tools/hostapd-mana/hostapd/hostapd /usr/bin/hostapd-mana 31 | 32 | # EAPEAK 33 | #RUN cd /root/tools && apt-get install libssl-dev swig python3-dev gcc -y \ 34 | # && pip3 install pipenv && git clone https://github.com/securestate/eapeak \ 35 | # && cd eapeak && pipenv --two install 36 | 37 | #Reaver 38 | RUN cd /root/tools && git clone https://github.com/t6x/reaver-wps-fork-t6x && cd reaver-wps-fork-t6x* \ 39 | && cd src && ./configure && make && make install 40 | 41 | #wpa_sycophant 42 | RUN cd /root/tools && git clone https://github.com/sensepost/wpa_sycophant && cd wpa_sycophant/ \ 43 | && make -C wpa_supplicant -j 4 44 | 45 | #berate_ap 46 | RUN cd /root/tools && git clone https://github.com/sensepost/berate_ap 47 | 48 | RUN apt-get install -y python2 49 | 50 | #air-hammer 51 | RUN cd /root/tools && git clone https://github.com/Wh1t3Rh1n0/air-hammer && cd air-hammer \ 52 | && curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py \ 53 | && python2 get-pip.py && pip2 install wpa_supplicant && pip2 install service_identity 54 | 55 | # autoremove any dependencies that are no longer needed 56 | RUN sudo apt-get --yes autoremove ; sudo apt-get autoclean ; sudo apt-get clean 57 | 58 | #FROM kalilinux/kali-rolling 59 | #COPY --from=builder 60 | 61 | #Enable ssh 62 | RUN apt-get install -y ssh 63 | RUN echo Port 2222 >> /etc/ssh/sshd_config && systemctl enable ssh 64 | 65 | CMD /bin/bash 66 | 67 | #RUN cd /root/tools && 68 | -------------------------------------------------------------------------------- /Attacker/clean-ifaces.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | docker-compose down 4 | 5 | # Remove network namespaces 6 | #sudo ip -all netns delete 7 | 8 | # Disable mac80211_hwsim 9 | sudo modprobe mac80211_hwsim -r 10 | 11 | sudo systemctl restart systemd-networkd 12 | -------------------------------------------------------------------------------- /Attacker/installRDP.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Install RDP 4 | sudo apt-get update 5 | sudo apt-get -y install ubuntu-desktop xrdp 6 | sudo apt-get -y install gnome-shell-extension-prefs 7 | 8 | sudo sed -i 's/^new_cursors=true/new_cursors=false/g' /etc/xrdp/xrdp.ini 9 | sudo sed -i 's/^startwm=startxfce4/startwm=startubuntu/g' /etc/xrdp/xrdp.ini 10 | 11 | echo "resolution=0" >> /etc/xrdp/xrdp.ini 12 | echo "width=1920" >> /etc/xrdp/xrdp.ini 13 | echo "height=1080" >> /etc/xrdp/xrdp.ini 14 | 15 | #gnome-extensions enable $(gnome-extensions list --enabled --extension-id | tr '\n' ' ') 16 | #gnome-shell-extension-prefs 17 | 18 | sudo systemctl enable xrdp 19 | sudo systemctl restart xrdp 20 | -------------------------------------------------------------------------------- /Attacker/installTools.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | if [ "$EUID" -ne 0 ] 4 | then echo "Please run as root" 5 | exit 6 | fi 7 | 8 | # Hacking tools 9 | cd 10 | FOLDER=`pwd` 11 | TOOLS=$FOLDER/tools 12 | mkdir $TOOLS 13 | 14 | export DEBIAN_FRONTEND="noninteractive" 15 | 16 | #echo "deb http://archive.canonical.com/ubuntu focal partner" >> /etc/apt/sources.list 17 | #echo "deb-src http://archive.canonical.com/ubuntu focal partner" >> /etc/apt/sources.list 18 | #echo "deb http://archive.ubuntu.com/ubuntu focal main universe restricted multiverse" >> /etc/apt/sources.list 19 | 20 | apt update 21 | 22 | # Basic tools 23 | apt install wget curl git -y 24 | 25 | # Rockyou and dicts 26 | cd 27 | curl https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt -s -L | head -n 1000000 > ~/rockyou-top100000.txt 28 | wget https://raw.githubusercontent.com/danielmiessler/SecLists/master/Usernames/top-usernames-shortlist.txt 29 | 30 | apt upgrade -y 31 | 32 | # Nmap 33 | apt install nmap -y 34 | 35 | # Python3 36 | apt install -y python3 37 | 38 | # wpa_gui 39 | apt install -y wpagui 40 | 41 | # EAP_buster 42 | cd $TOOLS 43 | git clone https://github.com/blackarrowsec/EAP_buster 44 | 45 | # OpenSSL 3 for Ubuntu 46 | apt install build-essential checkinstall zlib1g-dev -y 47 | cd /usr/local/src/ 48 | VERSION='openssl-3.2.1' 49 | wget https://www.openssl.org/source/$VERSION.tar.gz 50 | tar -xvf $VERSION.tar.gz > /dev/null 51 | rm $VERSION.tar.gz 52 | cd $VERSION 53 | ./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib 54 | source ~/.bashrc 55 | make -j $(nproc) 56 | make install 57 | 58 | # Hcxtools 59 | cd $TOOLS 60 | apt install python3-pip sqlitebrowser -y 61 | apt install tshark -y 62 | apt install pkg-config libcurl4-openssl-dev libssl-dev zlib1g-dev make gcc -y 63 | wget https://github.com/v1s1t0r1sh3r3/airgeddon_deb_packages/raw/refs/heads/master/amd64/hcxtools_6.0.2-1+b1_amd64.deb 64 | dpkg -i hcxtools_6.0.2-1+b1_amd64.deb 65 | apt --fix-broken install -y 66 | rm -rf hcxtools_6.0.2-1+b1_amd64.deb 67 | 68 | # Wifi_db 69 | cd $TOOLS 70 | git clone https://github.com/r4ulcl/wifi_db 71 | cd wifi_db 72 | pip3 install -r requirements.txt 73 | 74 | # PcapFilter.sh 75 | cd $TOOLS 76 | wget https://gist.githubusercontent.com/r4ulcl/f3470f097d1cd21dbc5a238883e79fb2/raw/78e097e1d4a9eb5f43ab0b2763195c04f02c4998/pcapFilter.sh 77 | chmod +x pcapFilter.sh 78 | 79 | # UnicastDeauth 80 | git clone 'https://github.com/mamatb/UnicastDeauth.git' 81 | pip install -r './UnicastDeauth/requirements.txt' 82 | 83 | # EapHammer 84 | #!/bin/bash 85 | 86 | # Navigate to the tools directory 87 | cd $TOOLS 88 | 89 | # Clone the EapHammer repository 90 | git clone https://github.com/r4ulcl/eaphammer.git 91 | cd eaphammer 92 | 93 | # Install dependencies listed in kali-dependencies.txt 94 | echo "Installing dependencies from kali-dependencies.txt..." 95 | while read -r dependency; do 96 | echo "Installing $dependency..." 97 | apt-get install "$dependency" -y || { echo "Failed to install $dependency. Attempting to fix."; apt --fix-broken install -y; } 98 | done < kali-dependencies.txt 99 | 100 | # Install additional packages 101 | echo "Installing additional packages..." 102 | apt-get install dsniff apache2 build-essential libssl-dev libffi-dev python-dev python-openssl python3-openssl -y || apt --fix-broken install -y 103 | 104 | # Disable and stop Apache2 service 105 | echo "Disabling Apache2 service..." 106 | systemctl stop apache2 107 | systemctl disable apache2 108 | update-rc.d apache2 disable 109 | 110 | # Run EapHammer setup 111 | echo "Running EapHammer setup..." 112 | ./ubuntu-unattended-setup || echo "Failed to run ubuntu-unattended-setup." 113 | 114 | # Install Python dependencies 115 | echo "Installing Python dependencies..." 116 | python3 -m pip install --upgrade flask || echo "Failed to install Python packages." 117 | python3 -m pip install --upgrade flask_cors || echo "Failed to install Python packages." 118 | python3 -m pip install --upgrade flask_socketio || echo "Failed to install Python packages." 119 | python3 -m pip install --upgrade pywebcopy || echo "Failed to install Python packages." 120 | python3 -m pip install --upgrade pyopenssl || echo "Failed to install Python packages." 121 | python3 -m pip install --upgrade gevent || echo "Failed to install Python packages." 122 | apt-get install python-netifaces -y || apt --fix-broken install -y 123 | 124 | echo "EapHammer setup completed successfully!" 125 | 126 | 127 | wget https://raw.githubusercontent.com/lgandx/Responder/master/Responder.conf -O /root/tools/eaphammer/settings/core/Responder.ini 128 | 129 | # Hostapd-wpe 130 | cd $TOOLS 131 | apt install libsqlite3-dev -y 132 | wget https://raw.githubusercontent.com/aircrack-ng/aircrack-ng/52925bbdd13f739af6fc32e11f589b8c3e6e1fe5/patches/wpe/hostapd-wpe/hostapd-2.11-wpe.patch 133 | wget https://w1.fi/releases/hostapd-2.11.tar.gz 134 | tar -zxf hostapd-2.11.tar.gz 135 | rm hostapd-2.11.tar.gz 136 | cd hostapd-2.11 137 | patch -p1 < ../hostapd-2.11-wpe.patch 138 | rm ../hostapd-2.11-wpe.patch 139 | cd hostapd 140 | make 141 | make install 142 | make wpe 143 | cd /etc/hostapd-wpe/certs 144 | ./bootstrap 145 | make install 146 | 147 | # Aircrack 148 | cd $TOOLS 149 | apt install build-essential autoconf automake libtool pkg-config libnl-3-dev libnl-genl-3-dev libssl-dev ethtool shtool rfkill zlib1g-dev libpcap-dev libsqlite3-dev libhwloc-dev libcmocka-dev hostapd wpasupplicant tcpdump screen iw usbutils expect -y 150 | git clone https://github.com/aircrack-ng/aircrack-ng.git 151 | cd aircrack-ng 152 | autoreconf -i 153 | ./configure 154 | make 155 | make install 156 | ldconfig 157 | cd $TOOLS 158 | rm -r aircrack-ng 159 | 160 | # Hashcat 161 | cd $TOOLS 162 | # Install old version for dependencies 163 | apt install hashcat p7zip -y 164 | wget https://hashcat.net/files/hashcat-6.0.0.7z 165 | p7zip -d hashcat-6.0.0.7z 166 | rm hashcat-6.0.0.7z 167 | wget https://http.kali.org/kali/pool/main/h/hashcat-utils/hashcat-utils_1.9-0kali2_amd64.deb 168 | dpkg -i hashcat-utils_1.9-0kali2_amd64.deb 169 | rm -rf hashcat-utils_1.9-0kali2_amd64.deb 170 | 171 | # Delete old version of hashcat to avoid confusion 172 | rm /usr/bin/hashcat > /dev/null 2>&1 173 | 174 | ln -s /root/tools/hashcat-6.0.0/hashcat.bin /usr/local/bin/hashcat > /dev/null 2>&1 175 | echo "alias hashcat='sudo hashcat'" >> /home/user/.bashrc 176 | 177 | # Creap 178 | cd $TOOLS 179 | git clone https://github.com/Snizz/crEAP 180 | 181 | # Arp-scan 182 | apt install arp-scan -y 183 | 184 | # Asleap 185 | wget https://github.com/v1s1t0r1sh3r3/airgeddon_deb_packages/raw/refs/heads/master/amd64/libssl1.0.2_1.0.2u-1~deb9u1_amd64.deb 186 | dpkg -i libssl1.0.2_1.0.2u-1~deb9u1_amd64.deb 187 | rm -rf libssl1.0.2_1.0.2u-1~deb9u1_amd64.deb 188 | wget https://github.com/v1s1t0r1sh3r3/airgeddon_deb_packages/raw/refs/heads/master/amd64/asleap_2.2-1parrot0_amd64.deb 189 | dpkg -i asleap_2.2-1parrot0_amd64.deb 190 | rm -rf asleap_2.2-1parrot0_amd64.deb 191 | 192 | # Bettercap 193 | apt install golang git build-essential libpcap-dev libusb-1.0-0-dev libnetfilter-queue-dev -y 194 | 195 | wget https://github.com/v1s1t0r1sh3r3/airgeddon_deb_packages/raw/refs/heads/master/amd64/bettercap_2.28-0kali2_amd64.deb 196 | dpkg -i bettercap_2.28-0kali2_amd64.deb 197 | rm -rf bettercap_2.28-0kali2_amd64.deb 198 | 199 | # BeEF 200 | apt install autoconf bison build-essential libssl-dev libyaml-dev libreadline-dev zlib1g-dev libffi-dev libgdbm6 libgdbm-dev libdb-dev ruby-bundler nodejs rbenv -y 201 | cd $HOME 202 | curl -fsSL https://github.com/rbenv/rbenv-installer/raw/HEAD/bin/rbenv-installer | bash 203 | export PATH="$HOME/.rbenv/bin:$PATH" 204 | eval "$(rbenv init -)" 205 | echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc 206 | echo 'eval "$(rbenv init -)"' >> ~/.bashrc 207 | source ~/.bashrc 208 | rbenv install 3.1.4 209 | rbenv global 3.1.4 210 | cd /usr/share/ 211 | git clone https://github.com/beefproject/beef.git 212 | cd beef 213 | rbenv local 3.1.4 214 | gem install bundler 215 | bundle install 216 | echo -e '#!/usr/bin/env bash\n\ncd /usr/share/beef\n./beef' > "/usr/local/bin/beef" 217 | chmod +x "/usr/local/bin/beef" 218 | 219 | # airgeddon 220 | apt install tshark john lighttpd pixiewps isc-dhcp-server reaver crunch xterm hostapd -y 221 | apt install ettercap-text-only hcxdumptool mdk3 mdk4 arping ccze -y 222 | systemctl disable lighttpd 223 | systemctl stop lighttpd 224 | cd $TOOLS 225 | git clone --depth 1 https://github.com/v1s1t0r1sh3r3/airgeddon.git 226 | cd airgeddon 227 | 228 | # Disable airgeddon auto-update 229 | sed -i '/^AIRGEDDON_AUTO_UPDATE=/c\AIRGEDDON_AUTO_UPDATE=false' .airgeddonrc 230 | 231 | # Plugins airgeddon 232 | cd plugins 233 | git clone --depth 1 https://github.com/OscarAkaElvis/airgeddon-plugins.git 234 | cp airgeddon-plugins/allchars_captiveportal/allchars_captiveportal.sh . 235 | cp airgeddon-plugins/wpa3_online_attack/wpa3_online_attack.sh . 236 | cp airgeddon-plugins/wpa3_online_attack/wpa3_online_attack.py . 237 | mkdir wpa_supplicant_binaries 238 | cp airgeddon-plugins/wpa3_online_attack/wpa_supplicant_binaries/wpa_supplicant_amd64 ./wpa_supplicant_binaries/ 239 | rm -rf airgeddon-plugins 240 | 241 | # Bully 242 | wget https://github.com/v1s1t0r1sh3r3/airgeddon_deb_packages/raw/refs/heads/master/amd64/bully_1.1.+git20190923-0kali1_amd64.deb 243 | dpkg -i bully_1.1.+git20190923-0kali1_amd64.deb 244 | rm -rf bully_1.1.+git20190923-0kali1_amd64.deb 245 | 246 | # Hostapd-mana 247 | apt install build-essential git libnl-genl-3-dev libssl-dev build-essential pkg-config git libnl-genl-3-dev libssl-dev -y 248 | 249 | cd $TOOLS 250 | git clone https://github.com/sensepost/hostapd-mana 251 | cd hostapd-mana 252 | make -C hostapd -j 4 253 | 254 | ln -s /root/tools/hostapd-mana/hostapd/hostapd /usr/bin/hostapd-mana 255 | 256 | # Eapeak 257 | cd $TOOLS 258 | apt install python-dev libssl-dev swig python3-dev gcc -y 259 | pip3 install pipenv 260 | git clone https://github.com/securestate/eapeak 261 | cd eapeak 262 | pipenv --two install 263 | 264 | # Reaver 265 | apt install libpcap-dev -y 266 | cd $TOOLS 267 | git clone https://github.com/t6x/reaver-wps-fork-t6x 268 | cd reaver-wps-fork-t6x* 269 | cd src 270 | ./configure 271 | make 272 | make install 273 | 274 | # Wpa_sycophant 275 | cd $TOOLS 276 | git clone https://github.com/sensepost/wpa_sycophant 277 | cd wpa_sycophant/ 278 | make -C wpa_supplicant -j 4 279 | 280 | # Berate_ap 281 | cd $TOOLS 282 | git clone https://github.com/sensepost/berate_ap 283 | 284 | # MDK4 285 | apt install pkg-config libnl-3-dev libnl-genl-3-dev libpcap-dev -y 286 | cd $TOOLS 287 | git clone https://github.com/aircrack-ng/mdk4 288 | cd mdk4 289 | make 290 | make install 291 | 292 | # Air-Hammer 293 | cd $TOOLS 294 | git clone https://github.com/Wh1t3Rh1n0/air-hammer 295 | cd air-hammer 296 | curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py 297 | pip2 install -U setuptools 298 | python2 get-pip.py 299 | pip2 install wpa_supplicant 300 | pip2 install service_identity 301 | 302 | # Wifipumpkin3 303 | cd $TOOLS 304 | apt install python3-dev libssl-dev libffi-dev build-essential python3 -y 305 | apt install python3-pyqt5 python3-bs4 python3-dnslib python3-dnspython python3-flask-restful python3-isc-dhcp-leases python3-netaddr python3-scapy python3-tabulate python3-termcolor python3-twisted python3-urwid -y 306 | git clone https://github.com/P0cL4bs/wifipumpkin3.git 307 | cd wifipumpkin3 308 | sed -i 's/python3.7/python3/g' makefile 309 | make install 310 | 311 | # LN home user 312 | chown -R user $TOOLS 313 | ln -s $TOOLS /home/user/tools 314 | 315 | # NEW 316 | apt install macchanger -y 317 | apt install wireshark-qt -y 318 | 319 | # Wacker WPA3 brute force online 320 | cd $TOOLS 321 | git clone https://github.com/blunderbuss-wctf/wacker 322 | cd wacker 323 | apt install -y pkg-config libnl-3-dev gcc libssl-dev libnl-genl-3-dev net-tools 324 | cp defconfig wpa_supplicant-2.10/wpa_supplicant/.config 325 | git apply wpa_supplicant.patch 326 | cd wpa_supplicant-2.10/wpa_supplicant 327 | make -j $(nproc) 328 | ls -al wpa_supplicant 329 | 330 | # Hcxtools 331 | cd $TOOLS 332 | git clone https://salsa.debian.org/pkg-security-team/hcxtools #For ubuntu 20 333 | cd hcxtools 334 | make 335 | make install 336 | 337 | # Wifiphisher 338 | cd $TOOLS 339 | git clone https://github.com/wifiphisher/extra-phishing-pages 340 | git clone https://github.com/wifiphisher/wifiphisher.git # Download the latest revision 341 | cd wifiphisher 342 | python3 setup.py install 343 | 344 | # Wifite2 345 | cd $TOOLS 346 | git clone https://github.com/derv82/wifite2.git 347 | cd wifite2 348 | python3 setup.py install 349 | 350 | # assless-chaps 351 | cd $TOOLS 352 | git clone https://github.com/sensepost/assless-chaps 353 | python3 -m pip install pycryptodome 354 | bzip2 -d assless-chaps/10-million-password-list-top-1000000.db.bz2 355 | 356 | # Enable ssh (if dont use vagrant) 357 | #apt install -y ssh 358 | #echo Port 2222 >> /etc/ssh/sshd_config && systemctl enable ssh 359 | -------------------------------------------------------------------------------- /Changelog.md: -------------------------------------------------------------------------------- 1 | # Changelog WiFiChallengeLab 2 | 3 | ## Changelog: WiFiChallengeLab v2.1 4 | 5 | ### New Features: 6 | - **ARM Architecture Support**: Added Docker compatibility for ARM platforms (refer to the README for setup details). 7 | - **Enhanced Docker Capabilities**: Optimized Dockerfile and `docker-compose` configurations for streamlined `nzyme` builds and improved health checks. 8 | - **Upgraded Tools**: 9 | - Fully integrated **Airgeddon** with all required dependencies. 10 | - Added `wpa_gui` for advanced Wi-Fi management. 11 | - Upgraded `hostapd-wpe` to version 2.11 and integrated the latest Aircrack-ng suite. 12 | - Updated `hostapd-mana` to its latest release. 13 | - Fixed issues with `EapHammer` and `hcxtools` for better functionality. 14 | 15 | ### Bug Fixes: 16 | - Enhanced Docker stability, resolving issues with health checks and restart scripts. 17 | - Unified TLS certificates and resolved Apache SSL configuration problems. 18 | - Enabled **HTTPS** support for the access point web server. 19 | - Improved installation scripts for key tools, including BeEF, Ruby, and SMBMap. 20 | - Fixed PHP session handling and addressed minor web server-related bugs. 21 | - Resolved anonymous login issues on MGT networks. 22 | - Fixed MSCHAPv2 authentication errors for GTC users on MGT networks. 23 | 24 | ### Documentation: 25 | - Updated the README with detailed VM creation steps and tool-specific updates, especially for ARM platforms. 26 | 27 | ### Miscellaneous Improvements: 28 | - Removed `watchtower`, added healthchecks, and fixed resource allocation issues. 29 | - Improved HTML coding of the website 30 | 31 | This release introduces full Airgeddon integration, expanded ARM support, significant Docker enhancements, and crucial fixes to ensure improved stability and performance. 32 | 33 | Special thanks to @OscarAkaElvis and @rsrdesarrollo for their invaluable contributions. 34 | 35 | [Download WiFiChallengeLab v2.1](https://drive.proton.me/urls/Q4WPB23W7R#Qk4nxMH8Q4oQ) 36 | 37 | --- 38 | 39 | ## WiFiChallengeLab v2.0.4 40 | 41 | ### **Key Updates** 42 | - Enhanced Docker configurations with updated CSS for a more intuitive user interface. 43 | - Fixed broken APs to ensure successful connections. 44 | - Upgraded tools for better performance and compatibility. 45 | - Challenges now use web server flags instead of passwords for improved security and accessibility. 46 | 47 | --- 48 | 49 | ## WiFiChallengeLab v2.0.3 50 | 51 | ### **Key Updates** 52 | - Introduced WEP attack scenarios. 53 | - Implemented minor fixes for improved stability. 54 | 55 | --- 56 | 57 | ## WiFiChallengeLab v2.0 58 | 59 | The first Docker-based release of WiFiChallengeLab. 60 | For detailed updates and commit history, visit the [Full Changelog](https://github.com/r4ulcl/WiFiChallengeLab-docker/commits/v2.0). 61 | 62 | To access version v1.0, visit: [WiFiChallengeLab v1.0](https://github.com/r4ulcl/WiFiChallengeLab/). 63 | 64 | **Note**: The VMs are split into multiple parts. Ensure all parts (`001`, `002`, and `003`) are downloaded before unzipping. -------------------------------------------------------------------------------- /Clients/.env: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/r4ulcl/WiFiChallengeLab-docker/edab061d4358d88d8911f950c791ec475f2a0e2a/Clients/.env -------------------------------------------------------------------------------- /Clients/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian 2 | #FROM kalilinux/kali-rolling 3 | RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y macchanger iw sudo libcurl4-openssl-dev curl libz-dev module-assistant libssl-dev libnl-genl-3-dev libnl-3-dev pkg-config libsqlite3-dev git hostapd dnsmasq curl kmod make g++ libnl-3-dev libnl-genl-3-dev wpasupplicant apache2 php iproute2 net-tools iptables 4 | 5 | RUN apt-get install -y inetutils-ping isc-dhcp-client 6 | 7 | RUN apt-get install -y smbmap 8 | 9 | # autoremove any dependencies that are no longer needed 10 | RUN sudo apt-get --yes autoremove ; sudo apt-get autoclean ; sudo apt-get clean 11 | 12 | #RUN date 13 | 14 | #COPY var file 15 | COPY config/wlan_config_clients /root/ 16 | 17 | #Copy config files 18 | COPY config/mgtClient/ /root/mgtClient/ 19 | COPY config/openClient/ /root/openClient/ 20 | COPY config/pskClient/ /root/pskClient/ 21 | COPY config/wpa3Client/ /root/wpa3Client/ 22 | COPY config/wepClient /root/wepClient 23 | 24 | #Copy connectINET.sh 25 | COPY config/connectINET.sh /root/ 26 | 27 | #Update certs 28 | #RUN cd /root/certs/ ; make install 29 | 30 | #COPY config/dnsmasq.conf /etc/dnsmasq.conf 31 | # Not used COPY config/interfaces /etc/network/interfaces 32 | 33 | #Copy HTML files 34 | COPY config/html /var/www/html/ 35 | RUN rm /var/www/html/index.html 36 | 37 | #Apache 38 | #COPY config/ports.conf /etc/apache2/ports.conf 39 | RUN update-rc.d apache2 defaults 40 | 41 | 42 | #RUN apt-get update && apt-get install -y linux-image-amd64 linux-headers-amd64 43 | 44 | #Change name of wpa_supplicant to avoid airmon-ng check kill and dhclient 45 | RUN cp /sbin/wpa_supplicant /sbin/wpa_wifichallenge_supplicant 46 | RUN cp /sbin/dhclient /sbin/dhclien-wifichallenge 47 | 48 | 49 | #Fix buf soft lockup, delete in docker? 50 | #RUN echo "kernel.watchdog_thresh=20" > /etc/sysctl.d/99-watchdog_thresh.conf && sysctl -p /etc/sysctl.d/99-watchdog_thresh.conf 51 | 52 | COPY config/ns-inet.sh /root/ 53 | COPY config/startClients.sh /root/ 54 | COPY config/cronClients.sh /root/ 55 | 56 | # exec ns-inet.sh and waits aits 57 | CMD ["/bin/bash", "/root/ns-inet.sh"] 58 | -------------------------------------------------------------------------------- /Clients/README.md: -------------------------------------------------------------------------------- 1 | #-v /lib/modules:/lib/modules --cap-add CAP_SYS_MODULE 2 | #docker run --rm -it --privileged -v /lib/modules:/lib/modules --cap-add CAP_SYS_MODULE --net host aps /bin/bash 3 | 4 | docker build -t wifichallengelab-docker-clients . 5 | docker run --name clients--rm -it --privileged -v /lib/modules:/lib/modules --net host ifichallengelab-docker-clients 6 | -------------------------------------------------------------------------------- /Clients/config/connectINET.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | NS="ns-client" 3 | ip netns exec ${NS} /bin/bash -------------------------------------------------------------------------------- /Clients/config/cronClients.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #Load variables 4 | set -a 5 | source /root/wlan_config_clients 6 | PHISHING_PASS='tommy1' 7 | 8 | 9 | function retry { 10 | $1 && echo "success" || (echo "fail" && retry $1) 11 | } 12 | 13 | #40-59 skip OPN 14 | killall dhclien-wifichallenge 2> /dev/nill & 15 | for N in `seq 40 46`; do 16 | timeout 5s dhclien-wifichallenge wlan$N 2> /dev/nill & 17 | done 18 | for N in `seq 50 59`; do 19 | timeout 5s dhclien-wifichallenge wlan$N 2> /dev/nill & 20 | done 21 | 22 | # Start Apache in client for Client isolation test 23 | service apache2 start > /root/logs/apache2.log 2>&1 & 24 | 25 | sleep 10 26 | 27 | # DHCP 28 | while : 29 | do 30 | killall dhclien-wifichallenge 2> /dev/nill & 31 | for N in `seq 40 46`; do 32 | timeout 5s dhclien-wifichallenge wlan$N 2> /dev/nill & 33 | done 34 | for N in `seq 50 59`; do 35 | timeout 5s dhclien-wifichallenge wlan$N 2> /dev/nill & 36 | done 37 | wait $! 38 | sleep 60 39 | done & 40 | 41 | # Normal clients curls 42 | while : 43 | do 44 | # MGT 45 | curl -s "http://$MAC_MGT_MSCHAP.1/login.php" --interface $WLAN_MGT_MSCHAP --compressed -H 'Content-Type: application/x-www-form-urlencoded' -H 'Connection: keep-alive' --data-raw 'Username=CONTOSO%5Cjuan.tr&Password=Secret%21&Submit=Login' -c /tmp/userjuan -b /tmp/userjuan & 46 | curl -s "http://$MAC_MGT_GTC.1/login.php" --interface $WLAN_MGT_GTC --compressed -H 'Content-Type: application/x-www-form-urlencoded' -H 'Connection: keep-alive' --data-raw 'Username=CONTOSO%5CAdministrator&Password=SuperSecure%40%21%40&Submit=Login' -c /tmp/userAdmin -b /tmp/userAdmin & 47 | 48 | # MGT Relay 49 | curl -s "http://$IP_MGT_RELAY.1/login.php" --interface $WLAN_MGT_RELAY --compressed -H 'Content-Type: application/x-www-form-urlencoded' -H 'Connection: keep-alive' --data-raw 'Username=CONTOSOREG%5Cluis.da&Password=u89gh68!6fcv56ed&Submit=Login' -c /tmp/userluis -b /tmp/userluis & 50 | 51 | # MGT TLS 52 | curl -s "http://$IP_TLS.1/login.php" --interface $WLAN_TLS --compressed -H 'Content-Type: application/x-www-form-urlencoded' -H 'Connection: keep-alive' --data-raw 'Username=GLOBAL%5CGlobalAdmin&Password=SuperSuperSecure%40%21%40&Submit=Login' -c /tmp/userGlobal -b /tmp/userGlobal & 53 | 54 | # MGT TLS PHISHING 55 | # TODO use template, get redirect and POST 56 | curl -s "http://$IP_TLS_PHISHING.1/login.php" --interface $WLAN_TLS_PHISHING --compressed -H 'Content-Type: application/x-www-form-urlencoded' -H 'Connection: keep-alive' --data-raw 'Username=GLOBAL%5CGlobalManager&Password=password1%40%21&Submit=Login' -c /tmp/userPhishing -b /tmp/userPhishing & 57 | 58 | # PSK, only login if cookies error 59 | STATUS=`curl -o /dev/null -w '%{http_code}\n' -s "http://$IP_WPA_PSK.1/lab.php" -c /tmp/userTest1 -b /tmp/userTest1` 60 | if [ "$STATUS" -ne 200 ] ; then 61 | curl -s "http://$IP_WPA_PSK.1/login.php" --interface $WLAN_WPA_PSK --compressed -H 'Content-Type: application/x-www-form-urlencoded' -H 'Connection: keep-alive' --data-raw 'Username=test1&Password=OYfDcUNQu9PCojb&Submit=Login' -c /tmp/userTest1 -b /tmp/userTest1 & 62 | fi 63 | 64 | STATUS=`curl -o /dev/null -w '%{http_code}\n' -s "http://$IP_WPA_PSK2.1/lab.php" -c /tmp/userTest2 -b /tmp/userTest2` 65 | if [ "$STATUS" -ne 200 ] ; then 66 | curl -s "http://$IP_WPA_PSK2.1/login.php" --interface $WLAN_WPA_PSK2 --compressed -H 'Content-Type: application/x-www-form-urlencoded' -H 'Connection: keep-alive' --data-raw 'Username=test2&Password=2q60joygCBJQuFo&Submit=Login' -c /tmp/userTest2 -b /tmp/userTest2 & 67 | fi 68 | 69 | # PSK NOAPP 70 | curl -s "http://$WLAN_PSK_NOAP.1/login.php" --interface $WLAN_PSK_NOAP --compressed -H 'Content-Type: application/x-www-form-urlencoded' -H 'Connection: keep-alive' --data-raw 'Username=anon1&Password=CRgwj5fZTo1cO6Y&Submit=Login' -c /tmp/userAnon1 -b /tmp/userAnon1 & 71 | curl -s "http://$WLAN_PSK_NOAP2.1/login.php" --interface $WLAN_PSK_NOAP2 --compressed -H 'Content-Type: application/x-www-form-urlencoded' -H 'Connection: keep-alive' --data-raw 'Username=anon1&Password=CRgwj5fZTo1cO6Y&Submit=Login' -c /tmp/userAnon11 -b /tmp/userAnon11 & 72 | 73 | # OPEN 74 | curl -s "http://$IP_OPN1.1/login.php" --interface $WLAN_OPN1 --compressed -H 'Content-Type: application/x-www-form-urlencoded' -H 'Connection: keep-alive' --data-raw 'Username=free1&Password=Jyl1iq8UajZ1fEK&Submit=Login' -c /tmp/userFree1 -b /tmp/userFree1 & 75 | curl -s "http://$IP_OPN2.1/login.php" --interface $WLAN_OPN2 --compressed -H 'Content-Type: application/x-www-form-urlencoded' -H 'Connection: keep-alive' --data-raw 'Username=free2&Password=5LqwwccmTg6C39y&Submit=Login' -c /tmp/userFree2 -b /tmp/userFree2 & 76 | curl -s "http://$IP_OPN3.1/login.php" --interface $WLAN_OPN3 --compressed -H 'Content-Type: application/x-www-form-urlencoded' -H 'Connection: keep-alive' --data-raw 'Username=free1&Password=Jyl1iq8UajZ1fEK&Submit=Login' -c /tmp/userFree11 -b /tmp/userFree11 & 77 | 78 | # WPA3 Downgrade 79 | curl -s "http://$IP_DOWNGRADE.1/login.php" --interface $WLAN_DOWNGRADE --compressed -H 'Content-Type: application/x-www-form-urlencoded' -H 'Connection: keep-alive' --data-raw 'Username=manager1&Password=Aaa23dF4r&Submit=Login' -c /tmp/userManager1 -b /tmp/userManager1 & 80 | 81 | wait $! 82 | sleep 10 83 | done & 84 | 85 | # Phishing 86 | while : 87 | do 88 | # TODO Phishing client connect 89 | #dhclien-wifichallenge -r $WLAN_TLS_PHISHING 2> /tmp/dhclien-wifichallenge 90 | timeout -k 1 5s dhclien-wifichallenge -v $WLAN_TLS_PHISHING 2> /tmp/dhclien-wifichallenge 91 | SERVER=`grep -E -o "from (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" /tmp/dhclien-wifichallenge | awk '{print $2}' | head -n 1` 92 | URL=`curl -L -s -o /dev/null -w %{url_effective} "http://$SERVER/" -c /tmp/userTLSPhishing -b /tmp/userTLSPhishing` 93 | curl -L -s "$URL" -H 'Content-Type: application/x-www-form-urlencoded' --data-raw "username=CORPO\god&password=$PHISHING_PASS" -c /tmp/userTLSPhishing -b /tmp/userTLSPhishing > /dev/null 94 | # avoid spam 95 | sleep 1 96 | done & 97 | 98 | # Responder 99 | while : 100 | do 101 | # TODO Responder client connect 102 | #dhclien-wifichallenge -r $WLAN_TLS_PHISHING 2> /tmp/dhclien-wifichallenge 103 | timeout -k 1 5s dhclien-wifichallenge -v $WLAN_TLS_PHISHING 2> /tmp/dhclien-wifichallenge-Responder 104 | SERVER=`grep -E -o "from (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" /tmp/dhclien-wifichallenge-Responder | awk '{print $2}' | head -n 1` 105 | # Responder ""vuln"" - 20 seconds because the SMB takes aprox 10 seconds in respond "Authentication error" 106 | # In background to be sure 107 | smbmap -d 'CORPO' -u 'god' -p "$PHISHING_PASS" -H $SERVER 2> /dev/nill & 108 | sleep 0.5 109 | smbmap -d 'CORPO' -u 'god' -p "$PHISHING_PASS" -H $SERVER 2> /dev/nill & 110 | smbmap -d 'CORPO' -u 'god' -p "$PHISHING_PASS" -H $SERVER 2> /dev/nill & 111 | timeout -k 1 20s smbmap -d 'CORPO' -u 'god' -p "$PHISHING_PASS" -H $SERVER 2> /dev/nill 112 | done & 113 | 114 | # WEP traffic 115 | while : 116 | do 117 | #Infine traffic WEP 118 | dhclien-wifichallenge $WLAN_WEP -v 119 | ping $IP_WEP.1 -s 1000 -f & 120 | ping $IP_WEP.1 -s 1000 -f 121 | done & 122 | 123 | # Infinite wait 124 | LAST=$! 125 | wait $LAST 126 | 127 | 128 | #curl "$URL" -X POST -H 'Content-Type: application/x-www-form-urlencoded' --data-raw 'username=user1&password=pass2' 129 | -------------------------------------------------------------------------------- /Clients/config/html/index.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Clients/config/mgtClient/wpa_TLS.conf: -------------------------------------------------------------------------------- 1 | # Cleaned up example, see original wpa_supplicant.conf for comments. 2 | 3 | #ctrl_interface=/var/run/wpa_supplicant 4 | #ctrl_interface_group=wheel 5 | 6 | eapol_version=1 7 | ap_scan=1 8 | fast_reauth=1 9 | 10 | network={ 11 | ssid="wifi-global" 12 | scan_ssid=0 13 | mode=0 14 | proto=RSN 15 | key_mgmt=WPA-EAP 16 | auth_alg=OPEN 17 | eap=TLS 18 | #anonymous_identity="GLOBAL\anonymous" 19 | identity="GLOBAL\GlobalAdmin" 20 | ca_cert="/root/certs/ca.crt" 21 | client_cert="/root/certs/client.crt" 22 | private_key="/root/certs/client.key" 23 | private_key_passwd="whatever" 24 | ieee80211w=2 # use Protected Management Frames (PMF) 25 | } -------------------------------------------------------------------------------- /Clients/config/mgtClient/wpa_TLS_phishing.conf: -------------------------------------------------------------------------------- 1 | # Cleaned up example, see original wpa_supplicant.conf for comments. 2 | 3 | network={ 4 | ssid="open-wifi" 5 | key_mgmt=NONE 6 | scan_ssid=1 7 | } 8 | 9 | network={ 10 | ssid="home-WiFi" 11 | psk="12345678" 12 | scan_ssid=1 13 | key_mgmt=WPA-PSK 14 | proto=WPA2 15 | } 16 | 17 | 18 | network={ 19 | ssid="WiFi-Restaurant" 20 | key_mgmt=NONE 21 | scan_ssid=1 22 | } 23 | 24 | network={ 25 | ssid="wifi-global" 26 | scan_ssid=1 27 | mode=0 28 | proto=RSN 29 | key_mgmt=WPA-EAP 30 | auth_alg=OPEN 31 | eap=TLS 32 | anonymous_identity="GLOBAL\anonymous" 33 | identity="GLOBAL\Manager" 34 | ca_cert="/root/certs/ca.crt" 35 | client_cert="/root/certs/client.crt" 36 | private_key="/root/certs/client.key" 37 | private_key_passwd="whatever" 38 | ieee80211w=0 # do not use Protected Management Frames (PMF) 39 | } -------------------------------------------------------------------------------- /Clients/config/mgtClient/wpa_gtc.conf: -------------------------------------------------------------------------------- 1 | ctrl_interface=/var/run/wpa_supplicant 2 | 3 | network={ 4 | ssid="wifi-corp" 5 | scan_ssid=1 6 | key_mgmt=WPA-EAP 7 | eap=PEAP 8 | anonymous_identity="CONTOSO\anonymous" 9 | identity="CONTOSO\Administrator" 10 | password="SuperSecure@!@" 11 | # phase1="peaplabel=0" 12 | phase2="autheap=GTC" 13 | ca_cert="/root/certs/ca.crt" 14 | } 15 | -------------------------------------------------------------------------------- /Clients/config/mgtClient/wpa_md5.conf: -------------------------------------------------------------------------------- 1 | ctrl_interface=/var/run/wpa_supplicant 2 | 3 | network={ 4 | ssid="wifi-corp-legacy" 5 | scan_ssid=1 6 | key_mgmt=WPA-EAP 7 | eap=MD5 8 | eapol_flags=0 9 | identity="CORPO\administrator" 10 | password="password123" 11 | # phase1="peaplabel=0" 12 | # phase2="autheap=GTC" 13 | # ca_cert="/root/certs/ca.crt" 14 | } 15 | -------------------------------------------------------------------------------- /Clients/config/mgtClient/wpa_mschapv2.conf: -------------------------------------------------------------------------------- 1 | ctrl_interface=/var/run/wpa_supplicant 2 | 3 | network={ 4 | ssid="AP_router" 5 | psk="874285738" 6 | scan_ssid=1 7 | key_mgmt=WPA-PSK 8 | proto=WPA2 9 | } 10 | 11 | network={ 12 | ssid="wifi-corp" 13 | scan_ssid=1 14 | key_mgmt=WPA-EAP 15 | eap=PEAP 16 | identity="CONTOSO\juan.tr" 17 | password="bulldogs1234" 18 | phase1="peapver=1" 19 | phase2="auth=MSCHAPV2" 20 | } 21 | -------------------------------------------------------------------------------- /Clients/config/mgtClient/wpa_mschapv2_relay.conf: -------------------------------------------------------------------------------- 1 | ctrl_interface=/var/run/wpa_supplicant 2 | # wifi-regional client are well configured and check the CA 3 | 4 | network={ 5 | ssid="wifi-regional" 6 | scan_ssid=1 7 | key_mgmt=WPA-EAP 8 | eap=PEAP 9 | anonymous_identity="CONTOSOREG\anonymous" 10 | identity="CONTOSOREG\luis.da" 11 | password="u89gh68!6fcv56ed" 12 | phase1="peapver=1" 13 | ca_cert="/root/certs/ca.crt" 14 | phase2="auth=MSCHAPV2" 15 | ieee80211w=0 16 | } 17 | -------------------------------------------------------------------------------- /Clients/config/mgtClient/wpa_mschapv2_relay_tablets.conf: -------------------------------------------------------------------------------- 1 | ctrl_interface=/var/run/wpa_supplicant 2 | # wifi-regional-tablets is vuln to relay and can login to wifi-regional-tablets and wifi-regional 3 | 4 | network={ 5 | ssid="wifi-regional-tablets" 6 | scan_ssid=1 7 | key_mgmt=WPA-EAP 8 | eap=PEAP 9 | anonymous_identity="CONTOSOREG\anonymous" 10 | identity="CONTOSOREG\luis.da" 11 | password="u89gh68!6fcv56ed" 12 | phase1="peapver=1" 13 | phase2="auth=MSCHAPV2" 14 | ieee80211w=0 15 | } 16 | -------------------------------------------------------------------------------- /Clients/config/mgtClient/wpa_mschapv2_relay_tabletsW.conf: -------------------------------------------------------------------------------- 1 | ctrl_interface=/var/run/wpa_supplicant 2 | # wifi-regional-tablets client are well configured and check the CA and hash 80211w 3 | 4 | network={ 5 | ssid="wifi-regional-tablets" 6 | scan_ssid=1 7 | key_mgmt=WPA-EAP 8 | eap=PEAP 9 | anonymous_identity="CONTOSOREG\anonymous" 10 | identity="CONTOSOREG\luis.da" 11 | password="u89gh68!6fcv56ed" 12 | ca_cert="/root/certs/ca.crt" 13 | phase1="peapver=1" 14 | phase2="auth=MSCHAPV2" 15 | ieee80211w=2 16 | } 17 | -------------------------------------------------------------------------------- /Clients/config/ns-inet.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #https://gist.github.com/dpino/6c0dca1742093346461e11aa8f608a99 3 | # set -x 4 | 5 | if [[ $EUID -ne 0 ]]; then 6 | echo "You must be root to run this script" 7 | exit 1 8 | fi 9 | 10 | # Returns all available interfaces, except "lo" and "veth*". 11 | available_interfaces() 12 | { 13 | local ret=() 14 | 15 | local ifaces=$(ip li sh | cut -d " " -f 2 | tr "\n" " ") 16 | read -a arr <<< "$ifaces" 17 | 18 | for each in "${arr[@]}"; do 19 | each=${each::-1} 20 | if [[ ${each} != "lo" && ${each} != veth* ]]; then 21 | ret+=( "$each" ) 22 | fi 23 | done 24 | echo ${ret[@]} 25 | } 26 | 27 | IFACE="$1" 28 | #FORCE IFACE 29 | IFACE=`ip route show | grep 'default via' | awk '{print $5}'` 30 | if [[ -z "$IFACE" ]]; then 31 | ifaces=($(available_interfaces)) 32 | if [[ ${#ifaces[@]} -gt 0 ]]; then 33 | IFACE=${ifaces[0]} 34 | echo "Using interface $IFACE" 35 | else 36 | echo "Usage: ./ns-inet " 37 | exit 1 38 | fi 39 | else 40 | IFACE=`ip route show | grep 'default via' | awk '{print $5}'` 41 | echo "Using interface $IFACE" 42 | fi 43 | 44 | NS="ns-client" 45 | VETH="veth2" 46 | VPEER="vpeer2" 47 | VETH_ADDR="10.200.2.1" 48 | VPEER_ADDR="10.200.2.2" 49 | 50 | trap cleanup EXIT 51 | 52 | cleanup() 53 | { 54 | ip li delete ${VETH} 2>/dev/null 55 | } 56 | 57 | # Remove namespace if it exists. 58 | ip netns del $NS &>/dev/null 59 | 60 | # Create namespace 61 | ip netns add $NS 62 | 63 | 64 | #----------------------------WiFiChallenge--------------------------------------------------------- 65 | 66 | echo "Waiting for APs (10 secs)" 67 | sleep 10 # wait for AP docker 68 | 69 | # Add WiFi interfaces wlan 40-59 70 | for I in `seq 40 59` ; do 71 | PHY=`ls /sys/class/ieee80211/*/device/net/ | grep -B1 wlan$I | grep -Eo 'phy[0-9]+'` 72 | iw phy $PHY set netns name /run/netns/$NS 73 | done 74 | 75 | #-------------------------------------------------------------------------------------------------- 76 | 77 | 78 | # Create veth link. 79 | ip link add ${VETH} type veth peer name ${VPEER} 80 | 81 | # Add peer-1 to NS. 82 | ip link set ${VPEER} netns $NS 83 | 84 | # Setup IP address of ${VETH}. 85 | ip addr add ${VETH_ADDR}/24 dev ${VETH} 86 | ip link set ${VETH} up 87 | 88 | # Setup IP ${VPEER}. 89 | ip netns exec $NS ip addr add ${VPEER_ADDR}/24 dev ${VPEER} 90 | ip netns exec $NS ip link set ${VPEER} up 91 | ip netns exec $NS ip link set lo up 92 | ip netns exec $NS ip route add default via ${VETH_ADDR} 93 | 94 | # Enable IP-forwarding. 95 | echo 1 > /proc/sys/net/ipv4/ip_forward 96 | 97 | # Flush forward rules. 98 | iptables -P FORWARD DROP 99 | iptables -F FORWARD 100 | 101 | # Flush nat rules. 102 | iptables -t nat -F 103 | 104 | # Enable masquerading of 10.200.1.0. 105 | iptables -t nat -A POSTROUTING -s ${VPEER_ADDR}/24 -o ${IFACE} -j MASQUERADE 106 | 107 | iptables -A FORWARD -i ${IFACE} -o ${VETH} -j ACCEPT 108 | iptables -A FORWARD -o ${IFACE} -i ${VETH} -j ACCEPT 109 | 110 | # Get into namespace and exec startAP 111 | ip netns exec ${NS} /bin/bash /root/startClients.sh --rcfile <(echo "PS1=\"${NS}> \"") 112 | #ip netns exec ${NS} /bin/bash --rcfile <(echo "PS1=\"${NS}> \"") 113 | 114 | # if closed 115 | -------------------------------------------------------------------------------- /Clients/config/openClient/open_supplicant.conf: -------------------------------------------------------------------------------- 1 | ctrl_interface=/var/run/wpa_supplicant 2 | 3 | network={ 4 | ssid="wifi-guest" 5 | key_mgmt=NONE 6 | scan_ssid=1 7 | } -------------------------------------------------------------------------------- /Clients/config/openClient/open_supplicant1.conf: -------------------------------------------------------------------------------- 1 | ctrl_interface=/var/run/wpa_supplicant 2 | 3 | network={ 4 | ssid="wifi-guest" 5 | key_mgmt=NONE 6 | scan_ssid=1 7 | } -------------------------------------------------------------------------------- /Clients/config/openClient/open_supplicant2.conf: -------------------------------------------------------------------------------- 1 | ctrl_interface=/var/run/wpa_supplicant 2 | 3 | network={ 4 | ssid="wifi-guest" 5 | key_mgmt=NONE 6 | scan_ssid=1 7 | } -------------------------------------------------------------------------------- /Clients/config/openClient/open_supplicant3.conf: -------------------------------------------------------------------------------- 1 | ctrl_interface=/var/run/wpa_supplicant 2 | 3 | network={ 4 | ssid="wifi-guest" 5 | key_mgmt=NONE 6 | scan_ssid=1 7 | } -------------------------------------------------------------------------------- /Clients/config/pskClient/wpa_psk.conf: -------------------------------------------------------------------------------- 1 | ctrl_interface=/var/run/wpa_supplicant 2 | 3 | network={ 4 | ssid="AP_router" 5 | psk="874285738" 6 | scan_ssid=1 7 | key_mgmt=WPA-PSK 8 | proto=WPA2 9 | } 10 | 11 | network={ 12 | ssid="wifi-mobile" 13 | psk="starwars1" 14 | scan_ssid=1 15 | key_mgmt=WPA-PSK 16 | proto=WPA2 17 | #pairwise=CCMP 18 | #group=CCMP 19 | } 20 | -------------------------------------------------------------------------------- /Clients/config/pskClient/wpa_psk_noAP.conf: -------------------------------------------------------------------------------- 1 | ctrl_interface=/var/run/wpa_supplicant 2 | 3 | network={ 4 | ssid="wifi-offices" 5 | psk="password1" 6 | scan_ssid=1 7 | key_mgmt=WPA-PSK 8 | proto=WPA2 9 | # pairwise=CCMP 10 | # group=CCMP 11 | } 12 | 13 | 14 | network={ 15 | ssid="Jason" 16 | psk="14353576" 17 | scan_ssid=1 18 | key_mgmt=WPA-PSK 19 | proto=WPA2 20 | } -------------------------------------------------------------------------------- /Clients/config/startClients.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -x 2 | 3 | envsubst_tmp (){ 4 | for F in ./*.tmp ; do 5 | echo $F 6 | NEW=`basename $F .tmp` 7 | envsubst < $F > $NEW 8 | rm $F 9 | done 10 | } 11 | 12 | function retry { 13 | $1 && echo "success" || (echo "fail" && retry $1) 14 | } 15 | 16 | 17 | function opnConnect { 18 | WLAN=$1 19 | IP=$2 20 | IP_OPN1=192.168.10 21 | echo "Starting $WLAN" 22 | retry "dhclien-wifichallenge $WLAN" 2> /dev/nill 23 | 24 | sleep 10 25 | curl --silent http://$IP_OPN1.1 -L 26 | 27 | 28 | # Remove IP to avoid Ip conflict 29 | echo start clean IP 30 | dhclien-wifichallenge $WLAN -r 31 | kill `ps aux | grep "dhclien-wifichallenge $WLAN" | grep -v grep | head -n 1 | awk '{print $2}'` # kill dhclient for this WLAN 32 | 33 | ip addr flush dev $WLAN 34 | echo end clean IP 35 | 36 | ifconfig $WLAN $IP/24 37 | echo "DONE $WLAN" 38 | } 39 | 40 | date 41 | 42 | echo 'nameserver 8.8.8.8' > /etc/resolv.conf 43 | 44 | #LOAD VARIABLES FROM FILE (EXPORT) 45 | set -a 46 | source /root/wlan_config_clients 47 | 48 | #cd /root/open/ 49 | #envsubst_tmp 50 | 51 | #sleep 5 52 | 53 | #sudo modprobe mac80211_hwsim radios=13 54 | #40-59 55 | macchanger -m $MAC_MGT_MSCHAP $WLAN_MGT_MSCHAP > /root/logs/macchanger.log 56 | macchanger -m $MAC_MGT_GTC $WLAN_MGT_GTC >> /root/logs/macchanger.log 57 | macchanger -m $MAC_TLS $WLAN_TLS >> /root/logs/macchanger.log 58 | macchanger -m $MAC_TLS_PHISHING $WLAN_TLS_PHISHING >> /root/logs/macchanger.log 59 | macchanger -m $MAC_MGT_RELAY $WLAN_MGT_RELAY >> /root/logs/macchanger.log 60 | macchanger -m $MAC_MGT_RELAY_TABLETS_W $WLAN_MGT_RELAY_TABLETS_W >> /root/logs/macchanger.log 61 | macchanger -m $MAC_MGT_RELAY_TABLETS $WLAN_MGT_RELAY_TABLETS >> /root/logs/macchanger.log 62 | 63 | macchanger -m $MAC_MGT_LEGACY $WLAN_MGT_LEGACY >> /root/logs/macchanger.log 64 | 65 | macchanger -m $MAC_WPA_PSK $WLAN_WPA_PSK >> /root/logs/macchanger.log 66 | macchanger -m $MAC_WPA_PSK2 $WLAN_WPA_PSK2 >> /root/logs/macchanger.log 67 | 68 | macchanger -m $MAC_PSK_NOAP $WLAN_PSK_NOAP >> /root/logs/macchanger.log 69 | macchanger -m $MAC_PSK_NOAP2 $WLAN_PSK_NOAP2 >> /root/logs/macchanger.log 70 | 71 | macchanger -m $MAC_OPN1 $WLAN_OPN1 >> /root/logs/macchanger.log 72 | macchanger -m $MAC_OPN2 $WLAN_OPN2 >> /root/logs/macchanger.log 73 | macchanger -m $MAC_OPN3 $WLAN_OPN3 >> /root/logs/macchanger.log 74 | macchanger -m $MAC_DOWNGRADE $WLAN_DOWNGRADE >> /root/logs/macchanger.log 75 | macchanger -m $MAC_WEP $WLAN_WEP >> /root/logs/macchanger.log 76 | 77 | 78 | 79 | #TODO 80 | macchanger -r wlan56 >> /root/logs/macchanger.log 81 | macchanger -r wlan57 >> /root/logs/macchanger.log 82 | macchanger -r wlan58 >> /root/logs/macchanger.log 83 | macchanger -r wlan59 >> /root/logs/macchanger.log 84 | 85 | sleep 5 86 | 87 | #vwifi-client 192.168.190.15 > /root/logs/vwifi-client.log & 88 | 89 | #sleep 15 90 | 91 | # Delete logs to >> always 92 | mkdir /root/logs/ 2> /dev/nill 93 | rm /root/logs/ 2> /dev/nill 94 | 95 | # Exec cronClient 96 | bash /root/cronClients.sh > /root/logs/cronClients.log & 97 | 98 | #ip addr del 192.168.190.15/24 dev enp0s3 99 | #bash /root/checkVWIFI.sh > /root/logs/checkVWIFI.log & 100 | 101 | # WPA SUPPLICANT OUPUT TO FILE 102 | # Reconnect to send the Identity and check certificate always 103 | 104 | # MGT .5 105 | while : 106 | do 107 | TIMEOUT=$(( ( RANDOM % 120 ) + 60 )) 108 | sudo timeout -k 1s ${TIMEOUT}s wpa_wifichallenge_supplicant -Dnl80211 -i$WLAN_MGT_MSCHAP -c /root/mgtClient/wpa_mschapv2.conf >> /root/logs/supplicantMSCHAP.log & 109 | wait $! 110 | done & 111 | 112 | while : 113 | do 114 | TIMEOUT=$(( ( RANDOM % 120 ) + 60 )) 115 | sudo timeout -k 1s ${TIMEOUT}s wpa_wifichallenge_supplicant -Dnl80211 -i$WLAN_MGT_GTC -c /root/mgtClient/wpa_gtc.conf >> /root/logs/supplicantGTC.log & 116 | wait $! 117 | done & 118 | 119 | # MGT Reg .6 120 | while : 121 | do 122 | TIMEOUT=$(( ( RANDOM % 150 ) + 60 )) 123 | sudo timeout -k 1s ${TIMEOUT}s wpa_wifichallenge_supplicant -Dnl80211 -i$WLAN_MGT_RELAY -c /root/mgtClient/wpa_mschapv2_relay.conf >> /root/logs/supplicantMSCHAP_relay.log & 124 | sudo timeout -k 1s ${TIMEOUT}s wpa_wifichallenge_supplicant -Dnl80211 -i$WLAN_MGT_RELAY_TABLETS_W -c /root/mgtClient/wpa_mschapv2_relay_tabletsW.conf >> /root/logs/supplicantMSCHAP_relay_tabletsW.log & 125 | sudo timeout -k 1s ${TIMEOUT}s wpa_wifichallenge_supplicant -Dnl80211 -i$WLAN_MGT_RELAY_TABLETS -c /root/mgtClient/wpa_mschapv2_relay_tablets.conf >> /root/logs/supplicantMSCHAP_relay_tablets.log & 126 | wait $! 127 | done & 128 | 129 | # MGT client TLS .7 130 | while : 131 | do 132 | TIMEOUT=$(( ( RANDOM % 150 ) + 60 )) 133 | sudo timeout -k 1s ${TIMEOUT}s wpa_wifichallenge_supplicant -Dnl80211 -i$WLAN_TLS -c /root/mgtClient/wpa_TLS.conf >> /root/logs/supplicantTLS.log & 134 | wait $! 135 | done & 136 | 137 | # MGT TLS .7 phishing 138 | while : 139 | do 140 | TIMEOUT=$(( ( RANDOM % 30 ) + 30 )) 141 | sudo timeout -k 1s ${TIMEOUT}s wpa_wifichallenge_supplicant -Dnl80211 -i$WLAN_TLS_PHISHING -c /root/mgtClient/wpa_TLS_phishing.conf >> /root/logs/supplicantTLS_phishing.log & 142 | wait $! 143 | done & 144 | 145 | # MGT Legacy MD5 .17 146 | while : 147 | do 148 | TIMEOUT=$(( ( RANDOM % 150 ) + 60 )) 149 | sudo timeout -k 1s ${TIMEOUT}s wpa_wifichallenge_supplicant -Dnl80211 -i$WLAN_MGT_LEGACY -c /root/mgtClient/wpa_md5.conf >> /root/logs/supplicantMD5.log & 150 | wait $! 151 | done & 152 | 153 | # Wait for this ID at the end 154 | LAST=$! 155 | 156 | # PSK .2 157 | sudo wpa_wifichallenge_supplicant -Dnl80211 -i$WLAN_WPA_PSK -c /root/pskClient/wpa_psk.conf > /root/logs/supplicantPSK.log & 158 | sudo wpa_wifichallenge_supplicant -Dnl80211 -i$WLAN_WPA_PSK2 -c /root/pskClient/wpa_psk.conf > /root/logs/supplicantPSK2.log & 159 | 160 | sudo wpa_wifichallenge_supplicant -Dnl80211 -i$WLAN_PSK_NOAP -c /root/pskClient/wpa_psk_noAP.conf > /root/logs/supplicantNoAP.log & 161 | sudo wpa_wifichallenge_supplicant -Dnl80211 -i$WLAN_PSK_NOAP2 -c /root/pskClient/wpa_psk_noAP.conf > /root/logs/supplicantNoAP2.log & 162 | 163 | # OPEN .0 164 | sudo wpa_wifichallenge_supplicant -Dnl80211 -i$WLAN_OPN1 -c /root/openClient/open_supplicant.conf > /root/logs/supplicantOpen1.log & 165 | sudo wpa_wifichallenge_supplicant -Dnl80211 -i$WLAN_OPN2 -c /root/openClient/open_supplicant.conf > /root/logs/supplicantOpen2.log & 166 | sudo wpa_wifichallenge_supplicant -Dnl80211 -i$WLAN_OPN3 -c /root/openClient/open_supplicant.conf > /root/logs/supplicantOpen3.log & 167 | 168 | # WPA3 .52 169 | sudo wpa_wifichallenge_supplicant -Dnl80211 -i$WLAN_DOWNGRADE -c /root/wpa3Client/downgrade_psk.conf > /root/logs/supplicantWPA3Downgrade.log & 170 | 171 | # WEP 172 | sudo wpa_wifichallenge_supplicant -Dnl80211 -i$WLAN_WEP -c /root/wepClient/wep.conf > /root/logs/supplicantWEP.log & 173 | 174 | 175 | sleep 10 176 | 177 | #OPN GET IP and accept captive portal 178 | opnConnect $WLAN_OPN1 $IP_OPN1.100 > /root/logs/OPNClients$WLAN_OPN1.log 2>&1 & 179 | opnConnect $WLAN_OPN2 $IP_OPN1.101 > /root/logs/OPNClients$WLAN_OPN2.log 2>&1 & 180 | opnConnect $WLAN_OPN3 $IP_OPN1.102 > /root/logs/OPNClients$WLAN_OPN3.log 2>&1 & 181 | 182 | LAST2=$! 183 | 184 | sleep 5 185 | 186 | ping $IP_OPN1.1 > /dev/nill & 187 | #ping -I wlan 192.168.1.1 > /dev/nill & 188 | ping $IP_WPA_PSK.1 > /dev/nill & 189 | 190 | sleep 10 && echo "ALL SET" 191 | 192 | /bin/bash 193 | 194 | wait $LAST 195 | wait $LAST2 196 | -------------------------------------------------------------------------------- /Clients/config/wepClient/wep.conf: -------------------------------------------------------------------------------- 1 | network={ 2 | ssid="wifi-old" 3 | key_mgmt=NONE 4 | wep_tx_keyidx=0 5 | wep_key0=11bb33cd55 6 | } -------------------------------------------------------------------------------- /Clients/config/wlan_config_clients: -------------------------------------------------------------------------------- 1 | WLAN_MGT_MSCHAP=wlan40 2 | MAC_MGT_MSCHAP='64:32:A8:07:6C:40' 3 | IP_MGT_MSCHAP='192.168.5.' 4 | 5 | WLAN_MGT_GTC=wlan41 6 | MAC_MGT_GTC='64:32:A8:BA:6C:41' 7 | IP_MGT_GTC='192.168.5' 8 | 9 | WLAN_TLS=wlan42 10 | MAC_TLS='64:32:A8:BA:18:42' 11 | IP_TLS='192.168.7' 12 | 13 | WLAN_WPA_PSK=wlan43 14 | MAC_WPA_PSK='28:6C:07:6F:F9:43' 15 | IP_WPA_PSK='192.168.2' 16 | 17 | WLAN_WPA_PSK2=wlan44 18 | MAC_WPA_PSK2='28:6C:07:6F:F9:44' 19 | IP_WPA_PSK2='192.168.2' 20 | 21 | WLAN_PSK_NOAP=wlan45 22 | MAC_PSK_NOAP='B4:99:BA:6F:F9:45' 23 | IP_PSK_NOAP='10.10.1' 24 | 25 | WLAN_PSK_NOAP2=wlan46 26 | MAC_PSK_NOAP2='78:C1:A7:BF:72:46' 27 | IP_PSK_NOAP2='10.10.1' 28 | 29 | WLAN_OPN1=wlan47 30 | MAC_OPN1='80:18:44:BF:72:47' 31 | IP_OPN1='192.168.10' 32 | 33 | WLAN_OPN2=wlan48 34 | MAC_OPN2='B0:72:BF:B0:78:48' 35 | IP_OPN2='192.168.10' 36 | 37 | WLAN_OPN3=wlan49 38 | MAC_OPN3='B0:72:BF:44:B0:49' 39 | IP_OPN3='192.168.10' 40 | 41 | WLAN_MGT_RELAY=wlan50 42 | MAC_MGT_RELAY='64:32:A8:AC:53:50' 43 | IP_MGT_RELAY='192.168.6' 44 | 45 | WLAN_TLS_PHISHING=wlan51 46 | MAC_TLS_PHISHING='64:32:A8:BC:53:51' 47 | IP_TLS_PHISHING='192.168.7' 48 | 49 | WLAN_DOWNGRADE=wlan52 50 | MAC_DOWNGRADE='10:F9:6F:AC:53:52' 51 | IP_DOWNGRADE='192.168.15' 52 | 53 | WLAN_MGT_LEGACY=wlan53 54 | MAC_MGT_LEGACY='64:32:A8:AD:AB:53' 55 | IP_MGT_LEGACY='192.168.16' 56 | 57 | WLAN_MGT_RELAY_TABLETS_W=wlan54 58 | MAC_MGT_RELAY_TABLETS_W='64:32:A8:BD:64:54' 59 | IP_MGT_RELAY_TABLETS_W='192.168.18' 60 | 61 | WLAN_MGT_RELAY_TABLETS=wlan55 62 | MAC_MGT_RELAY_TABLETS='64:32:A8:A9:DE:55' 63 | IP_MGT_RELAY_TABLETS='192.168.18' 64 | 65 | WLAN_WEP=wlan56 66 | MAC_WEP=64:32:A8:56:32:56'' 67 | IP_WEP='192.168.1' 68 | 69 | WLAN_=wlan57 70 | MAC_='' 71 | IP_='' 72 | 73 | WLAN_=wlan58 74 | MAC_='' 75 | IP_='' 76 | 77 | WLAN_=wlan59 78 | MAC_='' 79 | IP_='' 80 | -------------------------------------------------------------------------------- /Clients/config/wpa3Client/downgrade_psk.conf: -------------------------------------------------------------------------------- 1 | ctrl_interface=/var/run/wpa_supplicant 2 | 3 | network={ 4 | ssid="wifi-IT" 5 | psk="bubblegum" 6 | scan_ssid=1 7 | key_mgmt=SAE WPA-PSK 8 | proto=WPA2 9 | #pairwise=CCMP 10 | #group=CCMP 11 | } 12 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 | 3 |

4 | 5 |

6 | 7 | GitHub releases 8 | 9 | 10 | GitHub stars 11 | 12 | 13 | GitHub forks 14 | 15 | 16 | GitHub issues 17 | 18 | 19 | GitHub license 20 | 21 |

22 | 23 | # WiFiChallengeLab-docker 24 | 25 | [![Docker Image APs](https://github.com/r4ulcl/WiFiChallengeLab-docker/actions/workflows/docker-image-aps.yml/badge.svg)](https://hub.docker.com/r/r4ulcl/wifichallengelab-aps) [![Docker Image Clients](https://github.com/r4ulcl/WiFiChallengeLab-docker/actions/workflows/docker-image-clients.yml/badge.svg)](https://hub.docker.com/r/r4ulcl/wifichallengelab-clients) 26 | 27 | Docker version of WiFiChallenge Lab with modifications in the challenges and improved stability. Ubuntu virtual machine with virtualized networks and clients to perform WiFi attacks on OPN, WPA2, WPA3 and Enterprise networks. 28 | 29 | ## CTFd Lab 30 | 31 | For direct access to download the VM and complete the challenges go to the CTFd web site: 32 | 33 | [WiFiChallenge Lab v2.0](https://lab.WiFiChallenge.com/) 34 | 35 | ## Changelog from version v1.0 36 | 37 | The principal changes from version 1.0.5 to 2.0.3 are the following. 38 | 39 | - Remove Nested VMs. Replaced with Docker 40 | - Add new attacks and modify the existent to make them more real 41 | - WPA3 bruteforce and downgrade 42 | - MGT Multiples APs 43 | - Real captive portal evasion (instead of just MAC filtering) 44 | - Phishing client with fake website. 45 | - Eliminating the WPS pin attack as it is outdated, unrealistic, and overly simplistic. 46 | - Use Ubuntu as SO instead of Debian 47 | - Use vagrant to create the VM to be easy to replicate 48 | - More Virtual WiFi adapters 49 | - More APs 50 | - More clients 51 | - Monitorization and detection using nzyme WIDS. 52 | 53 | ## Using WiFiChallenge Lab 54 | 55 | ### Using the Virtual Machine (VM) from the Releases or Proton Drive 56 | 57 | To get started with the VM, download the appropriate version for your preferred platform: 58 | 59 | - [From GitHub releases](https://github.com/r4ulcl/WiFiChallengeLab-docker/releases) 60 | - [From Proton Drive](https://drive.proton.me/urls/Q4WPB23W7R#Qk4nxMH8Q4oQ) 61 | 62 | ### Using Docker on a Linux Host or Custom VM with Ubuntu 20.04 (Supports x86-64 and ARM) 63 | 64 | 1. Download a Ubuntu20.04 VM 65 | 2. Execute the following code as root 66 | 67 | ``` bash 68 | cd /var/ 69 | git clone https://github.com/r4ulcl/WiFiChallengeLab-docker 70 | bash /var/WiFiChallengeLab-docker/vagrant/install.sh 71 | ``` 72 | 73 | 3. Reboot and login with user/user 74 | 4. Continue in lab.wifichallenge.com 75 | 76 | ### Using Docker on a Linux Host or Custom VM like a kali linux 77 | 78 | Clone the repository and set up Docker to manage Access Points (APs), clients, and nzyme for alerts: 79 | 80 | ```bash 81 | git clone https://github.com/r4ulcl/WiFiChallengeLab-docker 82 | cd WiFiChallengeLab-docker 83 | docker compose up -d --file docker-compose.yml 84 | ``` 85 | 86 | ### Create your own VM using vagrant 87 | 88 | #### Requirements 89 | 90 | - A host with at least 4 CPU cores and 4 GB of RAM. 91 | - vagrant 92 | - VirtualBox, VMware or Hyper-V 93 | 94 | #### Create the VM with vagrant 95 | 96 | ```bash 97 | git clone https://github.com/r4ulcl/WiFiChallengeLab-docker 98 | cd WiFiChallengeLab-docker 99 | cd vagrant 100 | ``` 101 | 102 | Edit file vagrantfile memory and CPU to your needs. 103 | 104 | ```bash 105 | nano vagrantfile 106 | ``` 107 | 108 | If you want a VMWare VM: 109 | 110 | ```bash 111 | vagrant up vmware_vm 112 | ``` 113 | 114 | For a VirtualBox VM: 115 | 116 | ```bash 117 | vagrant up virtualbox_vm 118 | ``` 119 | 120 | And for a Hyper-v VM, in a admin console: 121 | 122 | ```bash 123 | vagrant up hyper-v_vm --provider=hyperv 124 | ``` 125 | 126 | ### Create the VM manually (M1, M2, etc recommended) 127 | 128 | - Download a Ubuntu20.04 VM 129 | - Execute the following code as root 130 | 131 | ```bash 132 | cd /var/ 133 | git clone https://github.com/r4ulcl/WiFiChallengeLab-docker 134 | bash /var/WiFiChallengeLab-docker/vagrant/install.sh 135 | ``` 136 | 137 | ## Usage 138 | 139 | ### Attack from Ubuntu VM 140 | 141 | - The tools are installed and can be found in the tools folder of the root home. 142 | - There are 7 antennas available, wlan0 to wlan6. 143 | - Do not disturb mode can be disabled with the following command. 144 | 145 | ### Attack from Host 146 | 147 | - Start the docker-compose.yml file and use the virtual WLAN. 148 | - Use your own tools and configurations to attack. 149 | 150 | ### Attack from Docker Attacker 151 | 152 | - TODO 153 | 154 | ## Modify config files 155 | 156 | To modify the files you can download the repository and edit both APs and clients (in the VM the path is /var/WiFiChallengeLab-docker). The files are divided by APs, Clients, and Nzyme files. 157 | 158 | ## Recompile Docker 159 | 160 | To recreate the Docker files with the changes made, modify the docker-compose.yml file by commenting out the "image:" line in each Docker and uncommenting the line with "build:". Then use "docker compose build" to create a new version. 161 | 162 | ## Support this project 163 | 164 | ### Certified WiFiChallenge Professional (CWP) 165 | 166 | [](https://academy.wifichallenge.com/courses/certified-wifichallenge-professional-cwp) 167 | 168 | ### Buymeacoffee 169 | 170 | [](https://www.buymeacoffee.com/r4ulcl) 171 | 172 | ## Collaborators 173 | 174 | - Raúl Sampedro (@rsrdesarrollo) - Update the Nzyme Docker configuration to support ARM architecture 175 | 176 | - Oscar Alfonso (OscarAkaElvis / v1s1t0r, [airgeddon](https://github.com/v1s1t0r1sh3r3/airgeddon) author) - Collaboration in testing and script improvement 177 | 178 | ## License 179 | 180 | [GNU General Public License v3.0](https://github.com/r4ulcl/WiFiChallengeLab-docker/blob/main/LICENSE) 181 | -------------------------------------------------------------------------------- /WiFiChallengeLab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/r4ulcl/WiFiChallengeLab-docker/edab061d4358d88d8911f950c791ec475f2a0e2a/WiFiChallengeLab.png -------------------------------------------------------------------------------- /certs/ca.conf: -------------------------------------------------------------------------------- 1 | [ req ] 2 | default_bits = 2048 3 | distinguished_name = req_DN 4 | string_mask = nombstr 5 | 6 | [ req_DN ] 7 | countryName = "1. Country Name (2 letter code)" 8 | countryName_default = ES 9 | countryName_min = 2 10 | countryName_max = 2 11 | stateOrProvinceName = "2. State or Province Name (full name) " 12 | stateOrProvinceName_default = Madrid 13 | localityName = "3. Locality Name (eg, city) " 14 | localityName_default = Madrid 15 | 0.organizationName = "4. Organization Name (eg, company) " 16 | 0.organizationName_default = WiFiChallenge 17 | organizationalUnitName = "5. Organizational Unit Name (eg, section) " 18 | organizationalUnitName_default = Certificate Authority 19 | commonName = "6. Common Name (eg, CA name) " 20 | commonName_max = 64 21 | commonName_default = WiFiChallenge CA 22 | emailAddress = "7. Email Address (eg, name@FQDN)" 23 | emailAddress_max = 40 24 | emailAddress_default = ca@WiFiChallenge.com 25 | -------------------------------------------------------------------------------- /certs/ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIE1DCCA7ygAwIBAgIUPVRLXVCaWVoDX+CVwIhuuixAyFEwDQYJKoZIhvcNAQEL 3 | BQAwgacxCzAJBgNVBAYTAkVTMQ8wDQYDVQQIEwZNYWRyaWQxDzANBgNVBAcTBk1h 4 | ZHJpZDEWMBQGA1UEChMNV2lGaUNoYWxsZW5nZTEeMBwGA1UECxMVQ2VydGlmaWNh 5 | dGUgQXV0aG9yaXR5MRkwFwYDVQQDExBXaUZpQ2hhbGxlbmdlIENBMSMwIQYJKoZI 6 | hvcNAQkBFhRjYUBXaUZpQ2hhbGxlbmdlLmNvbTAeFw0yNDEyMjAxNzA1MTBaFw0z 7 | NDEyMTgxNzA1MTBaMIGnMQswCQYDVQQGEwJFUzEPMA0GA1UECBMGTWFkcmlkMQ8w 8 | DQYDVQQHEwZNYWRyaWQxFjAUBgNVBAoTDVdpRmlDaGFsbGVuZ2UxHjAcBgNVBAsT 9 | FUNlcnRpZmljYXRlIEF1dGhvcml0eTEZMBcGA1UEAxMQV2lGaUNoYWxsZW5nZSBD 10 | QTEjMCEGCSqGSIb3DQEJARYUY2FAV2lGaUNoYWxsZW5nZS5jb20wggEiMA0GCSqG 11 | SIb3DQEBAQUAA4IBDwAwggEKAoIBAQChfyEa1iXMz0eVHtYg10YdUKpOpjHRThRd 12 | xEUCoT0EtfO2zx1iEfcnUzcbFyxSNh14rh0P3xzLtmrt5fQnOqKy0gei1nZsD+Wh 13 | 3dmRT4g0RoxhLaX4N7h9Bi7IwVvQjaNPUKUeUUZoSXY4V15fF6CqghPB+3NM9bxd 14 | 3u2mHrzPL6eI8l1R7FqeCQEUi7lqsF61Pr14MYMJY1ZRElZgr5joGd40QKD+/9Un 15 | NuurJWpko4ghu2ALYCLggUMKybl562gzvXtiDHOgZDlq8M2t+2yB4JjHaqvU3Jsn 16 | imdzwYjNWHe5bi2vHMyNtHswNqr4jkl/FeGiz8Xl6Iih2fdcWXg7AgMBAAGjgfUw 17 | gfIwDwYDVR0TBAgwBgEB/wIBADA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vV2lG 18 | aUNoYWxsZW5nZS5jb20vY2EvbXVzdGVybWFubi5jcmwwEQYJYIZIAYb4QgEBBAQD 19 | AgAHMDUGCWCGSAGG+EIBCAQoFiZodHRwOi8vV2lGaUNoYWxsZW5nZS5jb20vY2Ev 20 | cG9saWN5Lmh0bTA3BglghkgBhvhCAQQEKhYoaHR0cDovL1dpRmlDaGFsbGVuZ2Uu 21 | Y29tL2NhL2hlaW1wb2xkLmNybDAfBglghkgBhvhCAQ0EEhYQV2lGaUNoYWxsZW5n 22 | ZSBDQTANBgkqhkiG9w0BAQsFAAOCAQEAV6RXJSMRBtYW5pM+1yXzZYJ0RjWNOLW+ 23 | 46KimVF86MS7z2kV/NcULafQecF4z1O1TU3oLIMbLSYUucc4byL5sq92B4uXpiFO 24 | WaMxDQXytLQkpms2Gy3SrIkPEuN3X1wC1QDEgGZL4vQTisK2nHbMBjD8TcfkZuaL 25 | 3fB2QJkxKPznRG4PInw2DRfEQhrBrvk29+QZbUIb4MPsZZV+yGJdwi0kUbF4uCiw 26 | gGcjxMn/W/wmpbPrkBEI8zyLv4jsOju+Pa0D2jelzVsTo88xf1E/AoA2XGz8jmNQ 27 | Aj47ovdDfkZt2jcqSp0rDjbI0+8YWllNwy9v+EgCGgyqjq2tBZrQjw== 28 | -----END CERTIFICATE----- 29 | -------------------------------------------------------------------------------- /certs/ca.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIC7TCCAdUCAQAwgacxCzAJBgNVBAYTAkVTMQ8wDQYDVQQIEwZNYWRyaWQxDzAN 3 | BgNVBAcTBk1hZHJpZDEWMBQGA1UEChMNV2lGaUNoYWxsZW5nZTEeMBwGA1UECxMV 4 | Q2VydGlmaWNhdGUgQXV0aG9yaXR5MRkwFwYDVQQDExBXaUZpQ2hhbGxlbmdlIENB 5 | MSMwIQYJKoZIhvcNAQkBFhRjYUBXaUZpQ2hhbGxlbmdlLmNvbTCCASIwDQYJKoZI 6 | hvcNAQEBBQADggEPADCCAQoCggEBAKF/IRrWJczPR5Ue1iDXRh1Qqk6mMdFOFF3E 7 | RQKhPQS187bPHWIR9ydTNxsXLFI2HXiuHQ/fHMu2au3l9Cc6orLSB6LWdmwP5aHd 8 | 2ZFPiDRGjGEtpfg3uH0GLsjBW9CNo09QpR5RRmhJdjhXXl8XoKqCE8H7c0z1vF3e 9 | 7aYevM8vp4jyXVHsWp4JARSLuWqwXrU+vXgxgwljVlESVmCvmOgZ3jRAoP7/1Sc2 10 | 66slamSjiCG7YAtgIuCBQwrJuXnraDO9e2IMc6BkOWrwza37bIHgmMdqq9TcmyeK 11 | Z3PBiM1Yd7luLa8czI20ezA2qviOSX8V4aLPxeXoiKHZ91xZeDsCAwEAAaAAMA0G 12 | CSqGSIb3DQEBCwUAA4IBAQCZabz1NW5d3TuU8T09Ae+Dp6U1Zv5X1rFxShXhcPAn 13 | nh9YYb8UAea72qh66gHauKulEwNXifhbKZ5ze+5bG056hA3NXwTIlTJNnoVO+Ldb 14 | DG59Y/Ax8R4tMnurf4d8kjxcMb4RHN+rMNqhhbJBBm2zMvAznxMqbdSCmah/RVeZ 15 | YZTm5jjLuKgSt9PEqn6wdpwrBvbKn7OFGm3swYoZApgqLYUejpjngkdSQz3frLVh 16 | B3um1dL8p+zQRlAih2XXjhW141KDgxHBt/EkUMcfEW3Uqhtzy+cCC5gtU3f5hSOx 17 | ACyhPBMQs4y7QnsiH6+q+uBqVFenP26tkDTMqEKiBVyk 18 | -----END CERTIFICATE REQUEST----- 19 | -------------------------------------------------------------------------------- /certs/ca.ext: -------------------------------------------------------------------------------- 1 | extensions = x509v3 2 | 3 | [ x509v3 ] 4 | basicConstraints = CA:true,pathlen:0 5 | crlDistributionPoints = URI:http://WiFiChallenge.com/ca/mustermann.crl 6 | nsCertType = sslCA,emailCA,objCA 7 | nsCaPolicyUrl = "http://WiFiChallenge.com/ca/policy.htm" 8 | nsCaRevocationUrl = "http://WiFiChallenge.com/ca/heimpold.crl" 9 | nsComment = "WiFiChallenge CA" 10 | -------------------------------------------------------------------------------- /certs/ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEAoX8hGtYlzM9HlR7WINdGHVCqTqYx0U4UXcRFAqE9BLXzts8d 3 | YhH3J1M3GxcsUjYdeK4dD98cy7Zq7eX0JzqistIHotZ2bA/lod3ZkU+INEaMYS2l 4 | +De4fQYuyMFb0I2jT1ClHlFGaEl2OFdeXxegqoITwftzTPW8Xd7tph68zy+niPJd 5 | UexangkBFIu5arBetT69eDGDCWNWURJWYK+Y6BneNECg/v/VJzbrqyVqZKOIIbtg 6 | C2Ai4IFDCsm5eetoM717YgxzoGQ5avDNrftsgeCYx2qr1NybJ4pnc8GIzVh3uW4t 7 | rxzMjbR7MDaq+I5JfxXhos/F5eiIodn3XFl4OwIDAQABAoIBAGOfdOCFMhRB2bqX 8 | pyfjJJF47VZPF3QyYkXliVyx8l4xkAI5ibqxsnFD2D6R8PlWAKAtaCgeTjkscpIG 9 | xLJebXc6MRO2kJ7gv5s2q7wD/9Wfn4FjE3snhFs7sSiOfwEMHq4S5YjqQjCbAJ6I 10 | 5uJqROZqD54ea2YSQPz3REqxs29qz2XlDQuoWVxdF2WC5kwxYQLwRmS7fq7ZywQ1 11 | 8W5ty1COP6jARM/FhhDClE00YmYxi/MZ9GogieaNvY0MMD5CobwnUVMyoSzeD+0e 12 | 3KqQldKHR81oELcM43Vd0Dn1795+Fkf5PFMeqHUK67mJO7uFqAYsGsUWMUedcPSf 13 | 05/1jUECgYEAy9JV7fSA4XFNRqyCMbl4MB/kY/tceUhV+Vg3vW34FYy62keAEzLs 14 | xA3iBdu2d31vfXRmordtlL1GM598idfQUCfl0CevgKTovgeJs9k8Frw73jxPPwvQ 15 | tWwPkfBgnulobDHGz0jMrkHIimekJyEWqHqM8Y6/DVYpTVSinhvCpLkCgYEAytb6 16 | ifSzc6yAoxzSKX/hcqprIl2J93ogx1dTLab2eExxRrLGSy6DcJmea8bRM9SPvo8z 17 | 6pChMsgf6Cq6F66Mq0qTX2CIvZeQeYTlM9w2Jp12+EQI693OW39xLHGVfCma9cja 18 | iAnK6nmx7q2kPL0KVllV5NmgEWd06a229FfO8pMCgYEApkr/7NsV49mrMMRCnQsz 19 | ciAzGRfWBOXtrzg4kgcM55ggQ0MezYs4/WROSnVOVAM1WWgE7TE26KncgvXWiCha 20 | P2ut5rzaRd1GPvSrdt8AVZRSTClshoW/TKXTtkAmtMC+f7fE+w3sYSgu1C1nEr2+ 21 | XMtP/y111w27OOqamuEPV5ECgYADY5omCe+hpCU2FHoydU+IAe7uUQ/IEcNQcVYT 22 | cjG2CtjtrHkBspJBpF9wP48pRYjtTyk35xi6Z3uY/nXDhYgWKJXTxyIhwNGKJj1K 23 | I4jIFmNxfHmFr1wOTU/PxUoRHATZzHRSR4+bYVMmwMH4vdPZY3665yP0hnz+lodz 24 | B7COfwKBgQCF0gRdPZqs6psubpS4OMdyDjBvMYOgmYHsJBE8JQPEnOWfAbOThQgd 25 | glADJly/NF4xunVm37nHpwpDNNfLnTErLlfnHVI8abIjBa5HtSyFL6PY8ALfyMqZ 26 | 5YJ/+6EHxXnqGtH171YcYI80WDnzAqFJQW1hdEtsF+aSwKC6kzaOow== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /certs/ca.serial: -------------------------------------------------------------------------------- 1 | 03 2 | -------------------------------------------------------------------------------- /certs/client.conf: -------------------------------------------------------------------------------- 1 | [ req ] 2 | default_bits = 2048 3 | distinguished_name = req_DN 4 | string_mask = nombstr 5 | 6 | [ req_DN ] 7 | countryName = "1. Country Name (2 letter code)" 8 | countryName_default = ES 9 | countryName_min = 2 10 | countryName_max = 2 11 | stateOrProvinceName = "2. State or Province Name (full name) " 12 | stateOrProvinceName_default = Madrid 13 | localityName = "3. Locality Name (eg, city) " 14 | localityName_default = Madrid 15 | 0.organizationName = "4. Organization Name (eg, company) " 16 | 0.organizationName_default = WiFiChallenge 17 | organizationalUnitName = "5. Organizational Unit Name (eg, section) " 18 | commonName = "6. Common Name (eg, CA name) " 19 | commonName_max = 64 20 | commonName_default = WiFiChallenge CA 21 | emailAddress = "7. Email Address (eg, name@FQDN)" 22 | emailAddress_max = 40 23 | emailAddress_default = client@WiFiChallenge.com 24 | -------------------------------------------------------------------------------- /certs/client.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIID0TCCArmgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCRVMx 3 | DzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMGTWFkcmlkMRYwFAYDVQQKEw1XaUZp 4 | Q2hhbGxlbmdlMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxGTAXBgNV 5 | BAMTEFdpRmlDaGFsbGVuZ2UgQ0ExIzAhBgkqhkiG9w0BCQEWFGNhQFdpRmlDaGFs 6 | bGVuZ2UuY29tMB4XDTI0MTIyMDE3MDUxMVoXDTM0MTIxODE3MDUxMVowgYsxCzAJ 7 | BgNVBAYTAkVTMQ8wDQYDVQQIEwZNYWRyaWQxDzANBgNVBAcTBk1hZHJpZDEWMBQG 8 | A1UEChMNV2lGaUNoYWxsZW5nZTEZMBcGA1UEAxMQV2lGaUNoYWxsZW5nZSBDQTEn 9 | MCUGCSqGSIb3DQEJARYYY2xpZW50QFdpRmlDaGFsbGVuZ2UuY29tMIIBIjANBgkq 10 | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxE9OzKzvfzbeO8I7JFbsoAFcKcGT9srO 11 | NrWitFwGaZb8hPSk+2fsheC9sMBzgBrXCyBdqiJuOScRiRW1MrOflT9ALOha3Gz9 12 | n9Gf++3puof9yMc3vpxnxpKLTSvCJpRclJZw+VShRrdbgRQFsp7Hy5MwuzMWyJT4 13 | FM91mbzvRlI9ZPmVlkCbbvJ9d2U9Zx3Z8OGiwQ6+1fYij4+6QivCOpgRHkYPnZYx 14 | Or2Bq9GPRFmXKYJlHu5yzOF5c9HMMfIdaxFjKsmbzLzMLA2pjGjgQjz1P7MF04eI 15 | 4H529IcR61lvRX7JTKZ2zga6Ou6hyGgpWWJiQDUATRQ96gBWUF6b0QIDAQABoyIw 16 | IDARBglghkgBhvhCAQEEBAMCBLAwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBCwUA 17 | A4IBAQAHUNUFYqNPyKVvVaP9CY+Hng9Ktlr7aDf6RBqen3+3M2Mptw8zfj0R7P3O 18 | kEt2ZAXC2xVmmxEUpSyGk/CWYehIx9Y0BsK5cmVjwznLw10v0tdZ0k2JG/6zWOf9 19 | /yxBCLv8cMXHt/skwvah/sxq9bNqkku2kdEc8qit9qfAD3FWADLT+7t9dSbIfLsg 20 | dPvHR62MV3sTY20C7NXaJE+XpinnSpqz32EYo1afGagdJOZ8cl7vK+FORw9ibmGl 21 | 0oq5nZ9s9sQPE/7UEi0qsEqb8z/ShBZuQYOzqe/d8ulK5k+YgBwn/cEwKj/bArjD 22 | hOrWKoUW5qN7eiOqFcSNTtZqNr7O 23 | -----END CERTIFICATE----- 24 | -------------------------------------------------------------------------------- /certs/client.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIC0TCCAbkCAQAwgYsxCzAJBgNVBAYTAkVTMQ8wDQYDVQQIEwZNYWRyaWQxDzAN 3 | BgNVBAcTBk1hZHJpZDEWMBQGA1UEChMNV2lGaUNoYWxsZW5nZTEZMBcGA1UEAxMQ 4 | V2lGaUNoYWxsZW5nZSBDQTEnMCUGCSqGSIb3DQEJARYYY2xpZW50QFdpRmlDaGFs 5 | bGVuZ2UuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxE9OzKzv 6 | fzbeO8I7JFbsoAFcKcGT9srONrWitFwGaZb8hPSk+2fsheC9sMBzgBrXCyBdqiJu 7 | OScRiRW1MrOflT9ALOha3Gz9n9Gf++3puof9yMc3vpxnxpKLTSvCJpRclJZw+VSh 8 | RrdbgRQFsp7Hy5MwuzMWyJT4FM91mbzvRlI9ZPmVlkCbbvJ9d2U9Zx3Z8OGiwQ6+ 9 | 1fYij4+6QivCOpgRHkYPnZYxOr2Bq9GPRFmXKYJlHu5yzOF5c9HMMfIdaxFjKsmb 10 | zLzMLA2pjGjgQjz1P7MF04eI4H529IcR61lvRX7JTKZ2zga6Ou6hyGgpWWJiQDUA 11 | TRQ96gBWUF6b0QIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAF488XO3B/MNLEuU 12 | daAFviLF1MXr3YEvft+GINnUJNnrvBRRbIVQYssdB+EI/EXsyvZoCIyYIKye8HG/ 13 | i0HZUstYG3k0wBy2Z9JkJ0OkIZ6rphZA88d2uVzivHlK2yGo7We/lEsVRqJ3OPbw 14 | x3TtjQiw8BYuPt/ieSgMEC57oG8ApHvD7rdIAj9mYX0I8ELIxA9xSimAu5ePcgpC 15 | BSbiVx3K83Ci0+LNpHaVDcpeFLmzqLsHsdfrWln9AmuD4r6ezH4MnpCaU8zNdANG 16 | sFyI0wLcyoFgKvvcdvN8bNCkwGky2Jujo9SovFcf4VhJuxafWp4f/zq9me3md1Zm 17 | M33kMKo= 18 | -----END CERTIFICATE REQUEST----- 19 | -------------------------------------------------------------------------------- /certs/client.ext: -------------------------------------------------------------------------------- 1 | extensions = x509v3 2 | 3 | [ x509v3 ] 4 | nsCertType = client,email,objsign 5 | keyUsage = digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment 6 | -------------------------------------------------------------------------------- /certs/client.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEowIBAAKCAQEAxE9OzKzvfzbeO8I7JFbsoAFcKcGT9srONrWitFwGaZb8hPSk 3 | +2fsheC9sMBzgBrXCyBdqiJuOScRiRW1MrOflT9ALOha3Gz9n9Gf++3puof9yMc3 4 | vpxnxpKLTSvCJpRclJZw+VShRrdbgRQFsp7Hy5MwuzMWyJT4FM91mbzvRlI9ZPmV 5 | lkCbbvJ9d2U9Zx3Z8OGiwQ6+1fYij4+6QivCOpgRHkYPnZYxOr2Bq9GPRFmXKYJl 6 | Hu5yzOF5c9HMMfIdaxFjKsmbzLzMLA2pjGjgQjz1P7MF04eI4H529IcR61lvRX7J 7 | TKZ2zga6Ou6hyGgpWWJiQDUATRQ96gBWUF6b0QIDAQABAoIBAH+MG+HGNvHL34aq 8 | QyzwQVwQpiYHPTDrQiKvzyAqbowqarWkEpG6SyYNCJKP6DuCtNfo1pKVPlJp/O25 9 | qfpgVL5u0y6aZXa0ZfFyDOVuBh+I/i52qdRx4MdXLaUdWk8gtCpiuNJ21zaQKabr 10 | MGyG17+ASfhHUHVQvQMgbANQi5J+9uVvwAtTKSf3Iaz0DhTHf95C5o85a6UT6KAW 11 | SiRA0oQROA/r/Kz8FX3W6F7DwQhJAWmr/uWrOEpPIC+WlZ/BbOyaqTkEOkCD2xiQ 12 | Up/n2V3Yy5K7ZQA5i9c4fhJ1Mx5dm0JOGfSDvIEwbmZxy8Vf6USHfTqjL/LUCDX6 13 | tIzEUDECgYEA7HFrJJlMEGNyzVklWvrOiBGFQ/wAzjM/35HYjFJ6s2JfLKuaDtIj 14 | pH9569y9DyFAglxyW1/SnYFCK28UYdjwi+DvjQQuz36Wc5nOXsWhiNYVNr1LSH6y 15 | RBubjCOrU+zLj3hpbwtXeeEZec6dRLFLyIbI2jw+sR5ngrpJJ/FepR0CgYEA1IwV 16 | tD0aUfKQo121ZW1XJk97OB4NH4VPQjct7zuvNrMFaQTu6fLyvgTX5U1vXkJDqqRN 17 | 6rnraxCfkoQI7P5ztzLylrUVAPqD5WneHivquhah798QP1zcpqvKPfBlZB3TGwCk 18 | CRUaiFV3DQCrptC2HvziU7EQsVjqaKcRVDbYl0UCgYA4ajNrTxxkCKZ6spuEIrWm 19 | p6+JchZrHLVPzcfCa2eVZ5JX4TXn9WHFvRjFGy0M8B0pPY+Xl7x0EkRMgrt1QULb 20 | zTa7CdV1crnJKVihKjyJnrL/FZlh2cEFGSU7AcO+SZCkUdGuSiF8FiZy9sZ1fmwb 21 | k3VXBOrcbem6umH8Is43TQKBgBwPUl41IuBmsYmfuW7mfHbmT1IdRYY/xzLqrfnD 22 | W2JRSAmRSSlBlaJYaVgwXN+Ix/4jKtYuLVI5I5foLnV7MjOhWj1jMp6qc/c5fsVk 23 | 7twaWM6eGDsFO2wVieGbdwc8mL4b24wHaTVOcyUYTZD8RM7ae9aorZd8MZYXWEZR 24 | 504xAoGBAM+mYBrvzqYjpG15/g/0currRLdPtccPNVpwHKteWOTs87SoOkLI4p8I 25 | 25b2JaRB4zEEbIAL2T6nFp9+fF2S5DiAgxStqIssK7emBnGwPdIJ6+8Q4lmstfyd 26 | rZGA4w8J07nXe1IQeTeCpGhoBDEkEFOFvr1kR0SmDK+kf5EZ9STw 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /certs/client.pem.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIID0TCCArmgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCRVMx 3 | DzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMGTWFkcmlkMRYwFAYDVQQKEw1XaUZp 4 | Q2hhbGxlbmdlMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxGTAXBgNV 5 | BAMTEFdpRmlDaGFsbGVuZ2UgQ0ExIzAhBgkqhkiG9w0BCQEWFGNhQFdpRmlDaGFs 6 | bGVuZ2UuY29tMB4XDTI0MTIyMDE3MDUxMVoXDTM0MTIxODE3MDUxMVowgYsxCzAJ 7 | BgNVBAYTAkVTMQ8wDQYDVQQIEwZNYWRyaWQxDzANBgNVBAcTBk1hZHJpZDEWMBQG 8 | A1UEChMNV2lGaUNoYWxsZW5nZTEZMBcGA1UEAxMQV2lGaUNoYWxsZW5nZSBDQTEn 9 | MCUGCSqGSIb3DQEJARYYY2xpZW50QFdpRmlDaGFsbGVuZ2UuY29tMIIBIjANBgkq 10 | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxE9OzKzvfzbeO8I7JFbsoAFcKcGT9srO 11 | NrWitFwGaZb8hPSk+2fsheC9sMBzgBrXCyBdqiJuOScRiRW1MrOflT9ALOha3Gz9 12 | n9Gf++3puof9yMc3vpxnxpKLTSvCJpRclJZw+VShRrdbgRQFsp7Hy5MwuzMWyJT4 13 | FM91mbzvRlI9ZPmVlkCbbvJ9d2U9Zx3Z8OGiwQ6+1fYij4+6QivCOpgRHkYPnZYx 14 | Or2Bq9GPRFmXKYJlHu5yzOF5c9HMMfIdaxFjKsmbzLzMLA2pjGjgQjz1P7MF04eI 15 | 4H529IcR61lvRX7JTKZ2zga6Ou6hyGgpWWJiQDUATRQ96gBWUF6b0QIDAQABoyIw 16 | IDARBglghkgBhvhCAQEEBAMCBLAwCwYDVR0PBAQDAgTwMA0GCSqGSIb3DQEBCwUA 17 | A4IBAQAHUNUFYqNPyKVvVaP9CY+Hng9Ktlr7aDf6RBqen3+3M2Mptw8zfj0R7P3O 18 | kEt2ZAXC2xVmmxEUpSyGk/CWYehIx9Y0BsK5cmVjwznLw10v0tdZ0k2JG/6zWOf9 19 | /yxBCLv8cMXHt/skwvah/sxq9bNqkku2kdEc8qit9qfAD3FWADLT+7t9dSbIfLsg 20 | dPvHR62MV3sTY20C7NXaJE+XpinnSpqz32EYo1afGagdJOZ8cl7vK+FORw9ibmGl 21 | 0oq5nZ9s9sQPE/7UEi0qsEqb8z/ShBZuQYOzqe/d8ulK5k+YgBwn/cEwKj/bArjD 22 | hOrWKoUW5qN7eiOqFcSNTtZqNr7O 23 | -----END CERTIFICATE----- 24 | -----BEGIN RSA PRIVATE KEY----- 25 | MIIEowIBAAKCAQEAxE9OzKzvfzbeO8I7JFbsoAFcKcGT9srONrWitFwGaZb8hPSk 26 | +2fsheC9sMBzgBrXCyBdqiJuOScRiRW1MrOflT9ALOha3Gz9n9Gf++3puof9yMc3 27 | vpxnxpKLTSvCJpRclJZw+VShRrdbgRQFsp7Hy5MwuzMWyJT4FM91mbzvRlI9ZPmV 28 | lkCbbvJ9d2U9Zx3Z8OGiwQ6+1fYij4+6QivCOpgRHkYPnZYxOr2Bq9GPRFmXKYJl 29 | Hu5yzOF5c9HMMfIdaxFjKsmbzLzMLA2pjGjgQjz1P7MF04eI4H529IcR61lvRX7J 30 | TKZ2zga6Ou6hyGgpWWJiQDUATRQ96gBWUF6b0QIDAQABAoIBAH+MG+HGNvHL34aq 31 | QyzwQVwQpiYHPTDrQiKvzyAqbowqarWkEpG6SyYNCJKP6DuCtNfo1pKVPlJp/O25 32 | qfpgVL5u0y6aZXa0ZfFyDOVuBh+I/i52qdRx4MdXLaUdWk8gtCpiuNJ21zaQKabr 33 | MGyG17+ASfhHUHVQvQMgbANQi5J+9uVvwAtTKSf3Iaz0DhTHf95C5o85a6UT6KAW 34 | SiRA0oQROA/r/Kz8FX3W6F7DwQhJAWmr/uWrOEpPIC+WlZ/BbOyaqTkEOkCD2xiQ 35 | Up/n2V3Yy5K7ZQA5i9c4fhJ1Mx5dm0JOGfSDvIEwbmZxy8Vf6USHfTqjL/LUCDX6 36 | tIzEUDECgYEA7HFrJJlMEGNyzVklWvrOiBGFQ/wAzjM/35HYjFJ6s2JfLKuaDtIj 37 | pH9569y9DyFAglxyW1/SnYFCK28UYdjwi+DvjQQuz36Wc5nOXsWhiNYVNr1LSH6y 38 | RBubjCOrU+zLj3hpbwtXeeEZec6dRLFLyIbI2jw+sR5ngrpJJ/FepR0CgYEA1IwV 39 | tD0aUfKQo121ZW1XJk97OB4NH4VPQjct7zuvNrMFaQTu6fLyvgTX5U1vXkJDqqRN 40 | 6rnraxCfkoQI7P5ztzLylrUVAPqD5WneHivquhah798QP1zcpqvKPfBlZB3TGwCk 41 | CRUaiFV3DQCrptC2HvziU7EQsVjqaKcRVDbYl0UCgYA4ajNrTxxkCKZ6spuEIrWm 42 | p6+JchZrHLVPzcfCa2eVZ5JX4TXn9WHFvRjFGy0M8B0pPY+Xl7x0EkRMgrt1QULb 43 | zTa7CdV1crnJKVihKjyJnrL/FZlh2cEFGSU7AcO+SZCkUdGuSiF8FiZy9sZ1fmwb 44 | k3VXBOrcbem6umH8Is43TQKBgBwPUl41IuBmsYmfuW7mfHbmT1IdRYY/xzLqrfnD 45 | W2JRSAmRSSlBlaJYaVgwXN+Ix/4jKtYuLVI5I5foLnV7MjOhWj1jMp6qc/c5fsVk 46 | 7twaWM6eGDsFO2wVieGbdwc8mL4b24wHaTVOcyUYTZD8RM7ae9aorZd8MZYXWEZR 47 | 504xAoGBAM+mYBrvzqYjpG15/g/0currRLdPtccPNVpwHKteWOTs87SoOkLI4p8I 48 | 25b2JaRB4zEEbIAL2T6nFp9+fF2S5DiAgxStqIssK7emBnGwPdIJ6+8Q4lmstfyd 49 | rZGA4w8J07nXe1IQeTeCpGhoBDEkEFOFvr1kR0SmDK+kf5EZ9STw 50 | -----END RSA PRIVATE KEY----- 51 | -------------------------------------------------------------------------------- /certs/createCert.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #https://wiki.innovaphone.com/index.php?title=Howto:802.1X_EAP-TLS_With_FreeRadius#Creation_Of_A_Self-Signed_CA_Certificate 4 | 5 | # Global variable for certificate validity in days (10 years) 6 | CERT_VALIDITY_DAYS=3650 7 | 8 | # Clean up any existing files 9 | rm -f ca.* client.* server.* 10 | 11 | # Creation Of A Self-Signed CA Certificate 12 | openssl genrsa -out ca.key 2048 13 | 14 | cat < ca.conf 15 | [ req ] 16 | default_bits = 2048 17 | distinguished_name = req_DN 18 | string_mask = nombstr 19 | 20 | [ req_DN ] 21 | countryName = "1. Country Name (2 letter code)" 22 | countryName_default = ES 23 | countryName_min = 2 24 | countryName_max = 2 25 | stateOrProvinceName = "2. State or Province Name (full name) " 26 | stateOrProvinceName_default = Madrid 27 | localityName = "3. Locality Name (eg, city) " 28 | localityName_default = Madrid 29 | 0.organizationName = "4. Organization Name (eg, company) " 30 | 0.organizationName_default = WiFiChallenge 31 | organizationalUnitName = "5. Organizational Unit Name (eg, section) " 32 | organizationalUnitName_default = Certificate Authority 33 | commonName = "6. Common Name (eg, CA name) " 34 | commonName_max = 64 35 | commonName_default = WiFiChallenge CA 36 | emailAddress = "7. Email Address (eg, name@FQDN)" 37 | emailAddress_max = 40 38 | emailAddress_default = ca@WiFiChallenge.com 39 | EOF 40 | 41 | openssl req -config ca.conf -new -key ca.key -out ca.csr 42 | 43 | cat < ca.ext 44 | extensions = x509v3 45 | 46 | [ x509v3 ] 47 | basicConstraints = CA:true,pathlen:0 48 | crlDistributionPoints = URI:http://WiFiChallenge.com/ca/mustermann.crl 49 | nsCertType = sslCA,emailCA,objCA 50 | nsCaPolicyUrl = "http://WiFiChallenge.com/ca/policy.htm" 51 | nsCaRevocationUrl = "http://WiFiChallenge.com/ca/heimpold.crl" 52 | nsComment = "WiFiChallenge CA" 53 | EOF 54 | 55 | openssl x509 -days $CERT_VALIDITY_DAYS -extfile ca.ext -signkey ca.key -in ca.csr -req -out ca.crt 56 | 57 | # Creation Of A Server Certificate 58 | openssl genrsa -out server.key 2048 59 | 60 | cat < server.conf 61 | [ req ] 62 | default_bits = 2048 63 | distinguished_name = req_DN 64 | string_mask = nombstr 65 | 66 | [ req_DN ] 67 | countryName = "1. Country Name (2 letter code)" 68 | countryName_default = ES 69 | countryName_min = 2 70 | countryName_max = 2 71 | stateOrProvinceName = "2. State or Province Name (full name) " 72 | localityName = "3. Locality Name (eg, city) " 73 | localityName_default = Madrid 74 | 0.organizationName = "4. Organization Name (eg, company) " 75 | 0.organizationName_default = WiFiChallenge 76 | organizationalUnitName = "5. Organizational Unit Name (eg, section) " 77 | organizationalUnitName_default = Server 78 | commonName = "6. Common Name (eg, CA name) " 79 | commonName_max = 64 80 | commonName_default = WiFiChallenge CA 81 | emailAddress = "7. Email Address (eg, name@FQDN)" 82 | emailAddress_max = 40 83 | emailAddress_default = server@WiFiChallenge.com 84 | EOF 85 | 86 | # Generate the server.ext file dynamically 87 | cat < server.ext 88 | extensions = x509v3 89 | 90 | [ x509v3 ] 91 | nsCertType = server 92 | keyUsage = digitalSignature,nonRepudiation,keyEncipherment 93 | extendedKeyUsage = msSGC,nsSGC,serverAuth 94 | subjectAltName = @alt_names 95 | 96 | [ alt_names ] 97 | EOF 98 | 99 | # Add IPs from 192.168.1.1 to 192.168.20.1 to SAN 100 | COUNTER=1 101 | for i in $(seq 1 20); do 102 | echo "IP.$COUNTER = 192.168.$i.1" >> server.ext 103 | ((COUNTER++)) 104 | done 105 | 106 | # Initialize CA serial number 107 | echo -ne '01' > ca.serial 108 | 109 | # Create the Certificate Signing Request (CSR) 110 | openssl req -config server.conf -new -key server.key -out server.csr 111 | 112 | # Create the server certificate signed by the CA 113 | openssl x509 -days $CERT_VALIDITY_DAYS -extfile server.ext -CA ca.crt -CAkey ca.key -CAserial ca.serial -in server.csr -req -out server.crt 114 | 115 | # Creation Of A Client Certificate 116 | openssl genrsa -out client.key 2048 117 | 118 | cat < client.conf 119 | [ req ] 120 | default_bits = 2048 121 | distinguished_name = req_DN 122 | string_mask = nombstr 123 | 124 | [ req_DN ] 125 | countryName = "1. Country Name (2 letter code)" 126 | countryName_default = ES 127 | countryName_min = 2 128 | countryName_max = 2 129 | stateOrProvinceName = "2. State or Province Name (full name) " 130 | stateOrProvinceName_default = Madrid 131 | localityName = "3. Locality Name (eg, city) " 132 | localityName_default = Madrid 133 | 0.organizationName = "4. Organization Name (eg, company) " 134 | 0.organizationName_default = WiFiChallenge 135 | organizationalUnitName = "5. Organizational Unit Name (eg, section) " 136 | commonName = "6. Common Name (eg, CA name) " 137 | commonName_max = 64 138 | commonName_default = WiFiChallenge CA 139 | emailAddress = "7. Email Address (eg, name@FQDN)" 140 | emailAddress_max = 40 141 | emailAddress_default = client@WiFiChallenge.com 142 | EOF 143 | 144 | cat < client.ext 145 | extensions = x509v3 146 | 147 | [ x509v3 ] 148 | nsCertType = client,email,objsign 149 | keyUsage = digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment 150 | EOF 151 | 152 | openssl req -config client.conf -new -key client.key -out client.csr 153 | 154 | openssl x509 -days $CERT_VALIDITY_DAYS -extfile client.ext -CA ca.crt -CAkey ca.key -CAserial ca.serial -in client.csr -req -out client.crt 155 | 156 | cat client.crt client.key > client.pem.crt 157 | -------------------------------------------------------------------------------- /certs/server.conf: -------------------------------------------------------------------------------- 1 | [ req ] 2 | default_bits = 2048 3 | distinguished_name = req_DN 4 | string_mask = nombstr 5 | 6 | [ req_DN ] 7 | countryName = "1. Country Name (2 letter code)" 8 | countryName_default = ES 9 | countryName_min = 2 10 | countryName_max = 2 11 | stateOrProvinceName = "2. State or Province Name (full name) " 12 | localityName = "3. Locality Name (eg, city) " 13 | localityName_default = Madrid 14 | 0.organizationName = "4. Organization Name (eg, company) " 15 | 0.organizationName_default = WiFiChallenge 16 | organizationalUnitName = "5. Organizational Unit Name (eg, section) " 17 | organizationalUnitName_default = Server 18 | commonName = "6. Common Name (eg, CA name) " 19 | commonName_max = 64 20 | commonName_default = WiFiChallenge CA 21 | emailAddress = "7. Email Address (eg, name@FQDN)" 22 | emailAddress_max = 40 23 | emailAddress_default = server@WiFiChallenge.com 24 | -------------------------------------------------------------------------------- /certs/server.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEgzCCA2ugAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCRVMx 3 | DzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMGTWFkcmlkMRYwFAYDVQQKEw1XaUZp 4 | Q2hhbGxlbmdlMR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxGTAXBgNV 5 | BAMTEFdpRmlDaGFsbGVuZ2UgQ0ExIzAhBgkqhkiG9w0BCQEWFGNhQFdpRmlDaGFs 6 | bGVuZ2UuY29tMB4XDTI0MTIyMDE3MDUxMFoXDTM0MTIxODE3MDUxMFowgYsxCzAJ 7 | BgNVBAYTAkVTMQ8wDQYDVQQHEwZNYWRyaWQxFjAUBgNVBAoTDVdpRmlDaGFsbGVu 8 | Z2UxDzANBgNVBAsTBlNlcnZlcjEZMBcGA1UEAxMQV2lGaUNoYWxsZW5nZSBDQTEn 9 | MCUGCSqGSIb3DQEJARYYc2VydmVyQFdpRmlDaGFsbGVuZ2UuY29tMIIBIjANBgkq 10 | hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7HJVBLQRiKHKWtCj3MLf1D/rXa9u5K2 11 | IUegP0FMyLBSNEnbe9M/JVtixmZm8XZIHX8eDKPCuEAr3YDHW8yEVEaKmX7xuc7t 12 | pCZRFd1lMw7Braj9QyMPOUF0+th1iAV4JWCY8ohEcDqIo05JRBBXw4Hj5q5IB+Ds 13 | PzqpSBFVcK9fyjbXQFyVi8OC/Im5vkBA5SuyDSftw/gW4gq1wuUC9a02qB81gdIt 14 | pTeId7bG2ejD1eX9JyMnbn+6h5WqZJ6iOjRpl4CPq9eA+4eSdYHjZObpKJ/uUtV+ 15 | vgzVOcR3IjLUX5+n/hWlTofNpQ1LLxlejeuw/ewrfK+CC/odpkuWIQIDAQABo4HT 16 | MIHQMBEGCWCGSAGG+EIBAQQEAwIGQDALBgNVHQ8EBAMCBeAwKgYDVR0lBCMwIQYK 17 | KwYBBAGCNwoDAwYJYIZIAYb4QgQBBggrBgEFBQcDATCBgQYDVR0RBHoweIcEwKgB 18 | AYcEwKgCAYcEwKgDAYcEwKgEAYcEwKgFAYcEwKgGAYcEwKgHAYcEwKgIAYcEwKgJ 19 | AYcEwKgKAYcEwKgLAYcEwKgMAYcEwKgNAYcEwKgOAYcEwKgPAYcEwKgQAYcEwKgR 20 | AYcEwKgSAYcEwKgTAYcEwKgUATANBgkqhkiG9w0BAQsFAAOCAQEAPLWPkpdrkb0A 21 | K84lqWVqQRvktEwvwZJlvcgcb8weDt9L20c6AMfdOzF6ugUX3Mjy3xR0Jcpzq6Je 22 | 0+lBoX84VVc9YXQHlH2vEuz7CJp5Xl5R20Dt0ZxSHLX8OgOiCSlmHlZE5KWiQ+SK 23 | Pb9vYoZEQYOy+xEdGkrryjbT4mfjFdhC2ZGcoVci9qQ0QG+pP5V1GLO2wN2HfCMm 24 | 9rk/EWa3uEA1+aEuHPNmdCn8dLmwnrn/8y7RMnGTxHOHsP8OGBLmqjMGwjVFh9J2 25 | cUIa5e2Eyq/DrnoUtPdd8OeM6+5Z6rtKLQGQy0uuBH2DoQkK0hWKUoWLNg8I0MdL 26 | 6s+9WGjUeA== 27 | -----END CERTIFICATE----- 28 | -------------------------------------------------------------------------------- /certs/server.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIC0TCCAbkCAQAwgYsxCzAJBgNVBAYTAkVTMQ8wDQYDVQQHEwZNYWRyaWQxFjAU 3 | BgNVBAoTDVdpRmlDaGFsbGVuZ2UxDzANBgNVBAsTBlNlcnZlcjEZMBcGA1UEAxMQ 4 | V2lGaUNoYWxsZW5nZSBDQTEnMCUGCSqGSIb3DQEJARYYc2VydmVyQFdpRmlDaGFs 5 | bGVuZ2UuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7HJVBLQ 6 | RiKHKWtCj3MLf1D/rXa9u5K2IUegP0FMyLBSNEnbe9M/JVtixmZm8XZIHX8eDKPC 7 | uEAr3YDHW8yEVEaKmX7xuc7tpCZRFd1lMw7Braj9QyMPOUF0+th1iAV4JWCY8ohE 8 | cDqIo05JRBBXw4Hj5q5IB+DsPzqpSBFVcK9fyjbXQFyVi8OC/Im5vkBA5SuyDSft 9 | w/gW4gq1wuUC9a02qB81gdItpTeId7bG2ejD1eX9JyMnbn+6h5WqZJ6iOjRpl4CP 10 | q9eA+4eSdYHjZObpKJ/uUtV+vgzVOcR3IjLUX5+n/hWlTofNpQ1LLxlejeuw/ewr 11 | fK+CC/odpkuWIQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAGTq/4svsP3xlFZ4 12 | RsT2Md8GnL8wMJ/O/ncAXfhkTBjnIDFmQfjpQ0PSspbLSajUmdDFQpmGltKUJpXV 13 | ahswyAuaRPLUmM9so+b3c1me7VUFPlDXr4fHh4yTlCZ/QPAGSyAP4VdK0qZ4GgQo 14 | 5T7ZxFD87x1zHioaKFPKWQCPqlA272Msa+4sAxtN/KATJcYz39V2iuNnV3W+y3A8 15 | +BGV2C4sLolXXUi8oRwD85gJplaLDix3t2fznBjrLgc72Yn1IPH1DBnss6GncfZ7 16 | yChUbH0pzmEEnQdCdrKfrz1hRvDkxv61yOhQpyVpSPZcgo2u3GkobLRYfh/R0xVl 17 | zOVYuqA= 18 | -----END CERTIFICATE REQUEST----- 19 | -------------------------------------------------------------------------------- /certs/server.ext: -------------------------------------------------------------------------------- 1 | extensions = x509v3 2 | 3 | [ x509v3 ] 4 | nsCertType = server 5 | keyUsage = digitalSignature,nonRepudiation,keyEncipherment 6 | extendedKeyUsage = msSGC,nsSGC,serverAuth 7 | subjectAltName = @alt_names 8 | 9 | [ alt_names ] 10 | IP.1 = 192.168.1.1 11 | IP.2 = 192.168.2.1 12 | IP.3 = 192.168.3.1 13 | IP.4 = 192.168.4.1 14 | IP.5 = 192.168.5.1 15 | IP.6 = 192.168.6.1 16 | IP.7 = 192.168.7.1 17 | IP.8 = 192.168.8.1 18 | IP.9 = 192.168.9.1 19 | IP.10 = 192.168.10.1 20 | IP.11 = 192.168.11.1 21 | IP.12 = 192.168.12.1 22 | IP.13 = 192.168.13.1 23 | IP.14 = 192.168.14.1 24 | IP.15 = 192.168.15.1 25 | IP.16 = 192.168.16.1 26 | IP.17 = 192.168.17.1 27 | IP.18 = 192.168.18.1 28 | IP.19 = 192.168.19.1 29 | IP.20 = 192.168.20.1 30 | -------------------------------------------------------------------------------- /certs/server.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEAx7HJVBLQRiKHKWtCj3MLf1D/rXa9u5K2IUegP0FMyLBSNEnb 3 | e9M/JVtixmZm8XZIHX8eDKPCuEAr3YDHW8yEVEaKmX7xuc7tpCZRFd1lMw7Braj9 4 | QyMPOUF0+th1iAV4JWCY8ohEcDqIo05JRBBXw4Hj5q5IB+DsPzqpSBFVcK9fyjbX 5 | QFyVi8OC/Im5vkBA5SuyDSftw/gW4gq1wuUC9a02qB81gdItpTeId7bG2ejD1eX9 6 | JyMnbn+6h5WqZJ6iOjRpl4CPq9eA+4eSdYHjZObpKJ/uUtV+vgzVOcR3IjLUX5+n 7 | /hWlTofNpQ1LLxlejeuw/ewrfK+CC/odpkuWIQIDAQABAoIBAE7fdLKFP8gDyTjd 8 | yYtZGDhwKJw94xCcEN2yKaPySb6WjdFjPpJ4zF8X6jqMpapHWpJz6814POeDSRAS 9 | 1ir262lR91pLHnSSO6BzFeG58UeqU2sg7O9AgLnPlcGiD0HrTxoMPjzE/6sII4HE 10 | 4QFGJzPsMLSjL4YVG5qZs9ToK8P2fL0+bAIjmJxggURmjMVc0qbrYTE15KTl2wRb 11 | 17hf5677yt6HGoUQm8zFuSYMy74DGUxqw+jdVakjiQGY1AqCZW2wi2HfJPOg4YCG 12 | lNiYXFH0uVj0XNmfdG5JIA4ntMNUVigKj4zwbytDfYLsS79rrG8QPlvS59fIIgh0 13 | g04N3kUCgYEA/6UG9/zRcmZRAa1SAIhpKdSrNWlI00TIYWhHwvX9fJPf9r22QSUS 14 | 4BDq8rhyCUitOWZcz1KEe6ZI0wa2jvY4ixlC07mJxeLMLMbwm2N3PYmJfuul26Sz 15 | osLCMKOz4cAMoKrc/K0x1TCc4z+8sZpCTzakzw5ZJQhqW0PxEvwHuosCgYEAx/jZ 16 | V8lWg/+RXXgp5UzjPqBo1EI/WnoE1kc+zIEr2AEkoNz4SdG5RYPoC4c2j3jvRtVI 17 | UV5dJ7e0z6hVdpA1QTCHyt9usfFqneai/1i4/2qrSPjE4xSMjQ2K9qPQaKaqWxqM 18 | 0Bdwi42eFU3O92ZX78ZkoJAdSg4CQg/SGIPmg4MCgYEA8hXnxHzQJoJHocvshH6o 19 | /6jZvImIIjDXhI6IrlHeCtPJ2dGLPqOJ/U9n/hO2QZ5mE54gs1+T/7fW7KdFx5nY 20 | r7hrNS5VDmSYLqrxfGSzrT2KS/uBI78TMUU3OXI8TMJd8uP6wviL4TPYzcY0vQa0 21 | VmkLptwShOQ0O1radrzd4MMCgYAWSV2vsvi5bVo+GI5Sx+brq+UDAv8cjkzLtNUC 22 | 5cKFKFt0sivZzk3fuXu7DS6/frLsKgkNSH8JVigInLIprJjC0y3PJmen3UgMoQ+5 23 | daHolXLRhygqRrgDYGcEZe1sPGbwEF1xM6uPYhEkPq+6UuWqC2pbmrQo9La7thes 24 | M8cVEQKBgQCXJV6TMQCxWmsabM46QrXQV7cvRlmuCMqiw61BQS5A+JIs3kxxICn0 25 | ohSKegXCuWrzZKqm57mZzMYtRZiWBlEK3dXSNSisQT/t2QuC4KEDz27UNULH9I5/ 26 | twvYdwsjvwH7i521H2SZ2CBSY7hkYBnK7tEL/1g+I9N/teLCQOIIIg== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /docker-compose-local.yml: -------------------------------------------------------------------------------- 1 | services: 2 | aps: 3 | build: ./APs/ # uncomment to build the Docker file 4 | restart: unless-stopped 5 | container_name: WiFiChallengeLab-APs 6 | env_file: ./APs/.env 7 | volumes: 8 | - /lib/modules:/lib/modules 9 | - ./logsAP:/root/logs/ 10 | network_mode: host #NETNS 11 | privileged: true #NETNS 12 | 13 | clients: 14 | build: ./Clients/ # uncomment to build the Docker file 15 | restart: unless-stopped 16 | container_name: WiFiChallengeLab-Clients 17 | env_file: ./Clients/.env 18 | volumes: 19 | - /lib/modules:/lib/modules 20 | - ./logsClient:/root/logs/ 21 | depends_on: 22 | - aps 23 | network_mode: host #NETNS 24 | privileged: true #NETNS 25 | 26 | nzyme: 27 | build: ./nzyme/ 28 | restart: unless-stopped 29 | env_file: .env 30 | container_name: WiFiChallengeLab-nzyme 31 | security_opt: 32 | - no-new-privileges:true 33 | volumes: 34 | - ./nzyme/nzyme.conf:/etc/nzyme/nzyme.conf.tmp #copy in entrypoint 35 | - ./logsNzyme:/var/log/nzyme/ 36 | #ports: 37 | # - "22900:22900" 38 | depends_on: 39 | - aps 40 | - db 41 | environment: 42 | - TZ=Europe/Berlin 43 | - DATABASE_URL=$DATABASE_URL 44 | - ADMIN_PASSWORD_HASH=$ADMIN_PASSWORD_HASH 45 | - EXTERNAL_URL=$EXTERNAL_URL 46 | network_mode: host #USB Antena 47 | cap_add: # full access to wifi interface 48 | - NET_ADMIN 49 | - NET_RAW 50 | deploy: 51 | resources: 52 | limits: 53 | cpus: "0.50" 54 | memory: 512M 55 | reservations: 56 | memory: 128M 57 | db: 58 | image: postgres:14 59 | restart: unless-stopped 60 | env_file: .env 61 | container_name: WiFiChallengeLab-nzyme-db 62 | security_opt: 63 | - no-new-privileges:true 64 | depends_on: 65 | - aps 66 | environment: 67 | - TZ=Europe/Berlin 68 | - POSTGRES_DB=$POSTGRES_DB 69 | - POSTGRES_USER=$POSTGRES_USER 70 | - POSTGRES_PASSWORD=$POSTGRES_PASS 71 | volumes: 72 | - ./nzyme/data:/var/lib/postgresql/data 73 | ports: 74 | - 127.0.0.1:5432:5432 # Since we use host net on nzyme, listen only locally 75 | healthcheck: 76 | test: ["CMD", "pg_isready", "-U", "$POSTGRES_USER"] 77 | interval: 10s 78 | start_period: 30s 79 | deploy: 80 | resources: 81 | limits: 82 | cpus: "0.50" 83 | memory: 512M 84 | reservations: 85 | memory: 128M -------------------------------------------------------------------------------- /docker-compose-minimal.yml: -------------------------------------------------------------------------------- 1 | services: 2 | aps: 3 | image: r4ulcl/wifichallengelab-aps 4 | restart: unless-stopped 5 | container_name: WiFiChallengeLab-APs 6 | env_file: ./APs/.env 7 | volumes: 8 | - /lib/modules:/lib/modules 9 | - ./logsAP:/root/logs/ 10 | network_mode: host #NETNS 11 | privileged: true #NETNS 12 | 13 | clients: 14 | image: r4ulcl/wifichallengelab-clients 15 | restart: unless-stopped 16 | container_name: WiFiChallengeLab-Clients 17 | env_file: ./Clients/.env 18 | volumes: 19 | - /lib/modules:/lib/modules 20 | - ./logsClient:/root/logs/ 21 | depends_on: 22 | - aps 23 | network_mode: host #NETNS 24 | privileged: true #NETNS 25 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | aps: 3 | image: r4ulcl/wifichallengelab-aps:latest 4 | #build: ./APs/ # uncomment to build the Docker file 5 | restart: on-failure # Automatically restart on failure 6 | container_name: WiFiChallengeLab-APs 7 | #env_file: ./APs/.env 8 | volumes: 9 | - ./certs:/root/certs/:ro 10 | - ./certs:/root/mgt/certs/:ro 11 | - ./certs:/var/www/html/.internalCA/ 12 | - /lib/modules:/lib/modules 13 | - ./logsAP:/root/logs/ 14 | healthcheck: 15 | test: 16 | - CMD-SHELL 17 | - ip netns exec ns-ap /bin/bash -c ' 18 | curl -f -s http://localhost/login.php >/dev/null || exit 1; 19 | curl -s http://localhost:8080 >/dev/null || exit 2; 20 | if [ $(ps aux | grep host_aps_apd | grep -v grep | grep -c host_aps_apd) -ne 15 ]; then exit 3; fi' 21 | interval: 5s 22 | timeout: 5s 23 | retries: 3 24 | start_period: 30s 25 | network_mode: host #NETNS 26 | privileged: true #NETNS 27 | 28 | clients: 29 | image: r4ulcl/wifichallengelab-clients:latest 30 | #build: ./Clients/ # uncomment to build the Docker file 31 | restart: on-failure # Automatically restart on failure 32 | container_name: WiFiChallengeLab-Clients 33 | #env_file: ./Clients/.env 34 | volumes: 35 | - ./certs:/root/certs/:ro 36 | - /lib/modules:/lib/modules 37 | - ./logsClient:/root/logs/ 38 | depends_on: 39 | - aps 40 | network_mode: host #NETNS 41 | privileged: true #NETNS 42 | healthcheck: 43 | test: 44 | - CMD-SHELL 45 | - ip netns exec ns-client /bin/bash -c ' 46 | curl -s http://localhost >/dev/null || exit 1; 47 | if [ $(ps aux | grep wpa_wifichallenge_supplicant | grep -vE "grep|sudo|timeout" | grep -c wpa_wifichallenge_supplicant) -lt 17 ]; then exit 2; fi' 48 | interval: 5s 49 | timeout: 5s 50 | retries: 3 51 | start_period: 45s 52 | 53 | 54 | nzyme: 55 | image: r4ulcl/wifichallengelab-nzyme:latest 56 | #build: ./nzyme/ 57 | restart: on-failure # Automatically restart on failure 58 | #env_file: ./nzyme/.env 59 | env_file: .env 60 | container_name: WiFiChallengeLab-nzyme 61 | security_opt: 62 | - no-new-privileges:true 63 | volumes: 64 | - ./nzyme/nzyme.conf:/etc/nzyme/nzyme.conf.tmp #copy in entrypoint 65 | - ./logsNzyme:/var/log/nzyme/ 66 | #ports: 67 | # - "22900:22900" 68 | depends_on: 69 | - aps 70 | - db 71 | environment: 72 | - TZ=Europe/Berlin 73 | - DATABASE_URL=$DATABASE_URL 74 | - ADMIN_PASSWORD_HASH=$ADMIN_PASSWORD_HASH 75 | - EXTERNAL_URL=$EXTERNAL_URL 76 | network_mode: host #USB Antena 77 | healthcheck: 78 | test: ["CMD-SHELL", "curl -f -s http://localhost:22900 >/dev/null || exit 1"] 79 | interval: 5s 80 | timeout: 5s 81 | retries: 3 82 | start_period: 30s 83 | cap_add: # full access to wifi interface 84 | - NET_ADMIN 85 | - NET_RAW 86 | deploy: 87 | resources: 88 | limits: 89 | cpus: "0.50" 90 | memory: 512M 91 | reservations: 92 | memory: 128M 93 | 94 | db: 95 | image: postgres:14 96 | restart: unless-stopped 97 | #env_file: ./nzyme/.env 98 | env_file: .env 99 | container_name: WiFiChallengeLab-nzyme-db 100 | security_opt: 101 | - no-new-privileges:true 102 | depends_on: 103 | - aps 104 | environment: 105 | - TZ=Europe/Berlin 106 | - POSTGRES_DB=$POSTGRES_DB 107 | - POSTGRES_USER=$POSTGRES_USER 108 | - POSTGRES_PASSWORD=$POSTGRES_PASS 109 | volumes: 110 | - ./nzyme/data:/var/lib/postgresql/data 111 | ports: 112 | - 127.0.0.1:5432:5432 # Since we use host net on nzyme, listen only locally 113 | healthcheck: 114 | test: ["CMD", "pg_isready", "-U", "$POSTGRES_USER"] 115 | interval: 10s 116 | start_period: 30s 117 | deploy: 118 | resources: 119 | limits: 120 | cpus: "0.50" 121 | memory: 512M 122 | reservations: 123 | memory: 128M -------------------------------------------------------------------------------- /generateCerts.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | rm -r APs/config/certs 4 | rm -r Clients/config/certs 5 | 6 | cd certs 7 | bash createCert.sh 8 | cd .. 9 | 10 | cp -r certs APs/config/certs 11 | cp -r certs Clients/config/certs -------------------------------------------------------------------------------- /images/B-WifiChallengeLab-LOGO.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/r4ulcl/WiFiChallengeLab-docker/edab061d4358d88d8911f950c791ec475f2a0e2a/images/B-WifiChallengeLab-LOGO.png -------------------------------------------------------------------------------- /images/B-WifiChallengeLab-LOGO.svg: -------------------------------------------------------------------------------- 1 | B-WifiChallengeLab-LOGO -------------------------------------------------------------------------------- /nzyme/.env: -------------------------------------------------------------------------------- 1 | ADMIN_PASSWORD_HASH='17f947eb427e15deccdffea8388ba36a4c8f4cea064323a67b0f21bba928ef10' 2 | DATABASE_URL='postgresql://localhost:5432/nzyme?user=nzyme&password=6iQ8TeFVPQE12ToyyEjf' 3 | POSTGRES_DB='nzyme' 4 | POSTGRES_USER='nzyme' 5 | POSTGRES_PASS='6iQ8TeFVPQE12ToyyEjf' 6 | EXTERNAL_URL='http://localhost:22900' 7 | WLAN='wlan60' -------------------------------------------------------------------------------- /nzyme/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM chainguard/git:latest as repo 2 | RUN git clone --depth 1 --branch 1.2.2 https://github.com/nzymedefense/nzyme.git 3 | 4 | 5 | FROM maven:3.8.3-adoptopenjdk-11 as build 6 | COPY --from=repo /home/git/nzyme /nzyme 7 | WORKDIR /nzyme 8 | RUN mvn -Dmaven.test.skip=true install jdeb:jdeb 9 | 10 | 11 | FROM ubuntu:20.04 12 | COPY --from=build /nzyme/target/nzyme_1.2.2_all.deb nzyme.deb 13 | RUN apt-get update && apt-get install -y --no-install-recommends python3 libpcap0.8 openjdk-11-jre-headless wireless-tools gettext-base curl git \ 14 | && apt-get clean && rm -rf /var/lib/apt/lists/* \ 15 | && dpkg -i nzyme.deb && rm nzyme.deb 16 | 17 | # Entrypoint: Replace variables in config 18 | COPY docker-entrypoint.sh /bin/ 19 | COPY nzyme.conf /etc/nzyme/nzyme.conf.tmp 20 | RUN chmod +x /usr/bin/docker-entrypoint.sh 21 | 22 | ENTRYPOINT ["docker-entrypoint.sh"] 23 | 24 | CMD /usr/bin/java -jar /opt/nzyme/nzyme-1.2.2.jar -c /etc/nzyme/nzyme.conf -------------------------------------------------------------------------------- /nzyme/README.md: -------------------------------------------------------------------------------- 1 | # Docker compose version of Nzyme 2 | 3 | IMPORTANT: the docker is in host network mode. Read https://docs.docker.com/network/host/ 4 | - Only working on Linux 5 | - Container’s network stack is not isolated from the Docker host 6 | 7 | ## Usage 8 | 9 | ### Download github repository 10 | ``` 11 | git clone https://github.com/lennartkoopmann/nzyme 12 | cd nzyme/docker 13 | ``` 14 | 15 | ### OPTIONAL: Change passwords: 16 | ``` 17 | bash setRandomPass.sh 18 | ``` 19 | 20 | ### Configure files 21 | 22 | Please visit the [getting started page](https://www.nzyme.org/docs/intro) to configure nzyme.conf. 23 | 24 | - Edit .env file: 25 | - Set your IP or Domain in EXTERNAL_URL variable 26 | - OPTIONAL: 27 | - Update ADMIN_PASSWORD_HASH (echo -n secretpassword | sha256sum) 28 | - Change DB config and DATABASE_URL with the same information (DB. user and password) 29 | - Edit nzyme.conf file: 30 | - Modify channels in '802_11_monitors' 31 | - Add APs in '802_11_networks' 32 | 33 | ### Execute docker-compose in background 34 | ``` 35 | docker-compose up -d 36 | ``` 37 | 38 | ### Show logs 39 | ``` 40 | docker-compose logs f 41 | ``` 42 | 43 | ## Access webserver 44 | 45 | http://IP:22900 46 | 47 | ## Explanation options 48 | 49 | - The config file used is nzyme.conf 50 | - All logs will be in the logs folder. 51 | - All database data will be in the data folder. 52 | - network_mode: host → Is needed to have access to the host network interfaces inside the container (wlan). 53 | - privileged: true → Needed to have permissions over network interfaces (mode switching). 54 | 55 | ## Login Pass web 56 | admin:V6Slon4QrrM8RzzPrpluqZ8iI 57 | -------------------------------------------------------------------------------- /nzyme/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Replace environment variables 3 | 4 | echo Updating nzyme.conf using .env 5 | 6 | echo $DATABASE_URL 7 | 8 | # Create data_directory if not present 9 | mkdir /usr/share/nzyme 2> /dev/null 10 | 11 | envsubst < /etc/nzyme/nzyme.conf.tmp > /etc/nzyme/nzyme.conf 12 | 13 | #/bin/sh /usr/share/nzyme/bin/nzyme 14 | # Run the standard container command 15 | exec "$@" 16 | -------------------------------------------------------------------------------- /nzyme/nzyme-logs.7z: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/r4ulcl/WiFiChallengeLab-docker/edab061d4358d88d8911f950c791ec475f2a0e2a/nzyme/nzyme-logs.7z -------------------------------------------------------------------------------- /nzyme/nzyme.conf: -------------------------------------------------------------------------------- 1 | # Configuration reference: https://go.nzyme.org/configuration-reference 2 | 3 | # General nzyme configuration. 4 | general: { 5 | role: LEADER 6 | 7 | # The ID or name of this nzyme instance. Must be unique and contain only alphanumeric characters, underscores and dashes. 8 | id: nzyme-node-01 9 | 10 | # Admin password SHA256 hash. (64 characters) - generate with, for example, sha256sum on Linux: $ echo -n secretpassword | sha256sum 11 | # You will use this password to log in to the web interface. 12 | # echo -n secretpassword | sha256sum 13 | admin_password_hash: $ADMIN_PASSWORD_HASH # DO NOT CHANGE HERE, change it in .env 14 | 15 | # Path to postgreSQL database. Make sure to change username, password and database name. (This is described in the documentation) 16 | database_path: "$DATABASE_URL" # DO NOT CHANGE HERE, change it in .env 17 | 18 | # Download current list of manufacturers and enable MAC address to manufacturer lookup? 19 | fetch_ouis: true 20 | 21 | # Path to directory that the tracker will use to store some temporary information. (must be writable) 22 | data_directory: /usr/share/nzyme 23 | 24 | # We use Python to inject frames for traps. 25 | python { 26 | # Path to python executable. (nzyme supports both Python 3 and 2) 27 | path: /usr/bin/python3.8 28 | 29 | # Script directory. This must be an existing and writable directory. We'll store some generated Python scripts here. 30 | script_directory: /tmp 31 | 32 | # Script prefix. A prefix for the generate scripts. There is usually no reason to change this setting. 33 | script_prefix: nzyme_ 34 | } 35 | 36 | alerting { 37 | # Notifications and callbacks for triggered alerts. 38 | callbacks: [ 39 | { 40 | type: email 41 | enabled: false 42 | 43 | # One of: SMTP, SMTPS or SMTP_TLS 44 | transport_strategy: SMTP_TLS 45 | 46 | host: smtp.example.org 47 | port: 587 48 | username: "your_username" 49 | password: "your_password" 50 | 51 | from: "nzyme " 52 | subject_prefix: "[NZYME]" 53 | 54 | recipients: [ 55 | "Somebody ", 56 | "Somebody Else " 57 | ] 58 | } 59 | 60 | { 61 | type: file 62 | enabled: true 63 | 64 | path: /var/log/nzyme/alerts.log 65 | } 66 | ] 67 | 68 | # Length of the training period. Do not change this if you don't know what this means. 69 | training_period_seconds: 300 70 | } 71 | 72 | # Regularly check if this version of nzyme is outdated? 73 | versionchecks: true 74 | } 75 | 76 | # Web interface and REST API configuration. 77 | interfaces: { 78 | # Make sure to set this to an IP address you can reach from your workstation. 79 | rest_listen_uri: "http://0.0.0.0:22900/" 80 | 81 | # This is usually the same as the `rest_listen_uri`. Take a look at the configuration documentation to learn about 82 | # other use-cases. It will be interesting if you run behind a load balancer or NAT. (basically, it is the address 83 | # that your web browser will use to try to connect to nzyme and it has to be reachable for it.) 84 | http_external_uri: "$EXTERNAL_URL" # DO NOT CHANGE HERE, change it in .env 85 | 86 | # Use TLS? (HTTPS) See https://go.nzyme.org/docs-https 87 | use_tls: false 88 | } 89 | 90 | # List of uplinks. Sends frame meta information and alerts to log management systems like Graylog for threat hunting and 91 | # forensics. See https://go.nzyme.org/uplinks 92 | uplinks: [] 93 | 94 | # 802.11/Wifi adapters that are designated to read traffic. 95 | # The more monitors you have listening on different channels, the more traffic will be picked up and the more 96 | # traffic will be available as the basis for alerts and analysis. 97 | # See: https://go.nzyme.org/configuration-reference 98 | 802_11_monitors: [ 99 | { 100 | # The 802.11/WiFi adapter name. (from `ifconfig` or `ip link`) 101 | device: "$WLAN" 102 | 103 | # WiFi interface and 802.11 channels to use. Nzyme will cycle your network adapters through these channels. 104 | # Consider local legal requirements and regulations. 105 | # See also: https://en.wikipedia.org/wiki/List_of_WLAN_channels 106 | channels: [1,2,3,4,5,6,7,8,9,10,11,12,13,36,40,44,48,52,56,60,64,100,104,108,112,116,120,124,128,132,136,140,149,153,157,161,165] 107 | #channels: [1,6,11] 108 | 109 | # There is no way for nzyme to configure your wifi interface directly. We are using direct operating system commands to 110 | # configure the adapter. Examples for Linux are in the documentation. 111 | channel_hop_command: "iwconfig {interface} channel {channel}" 112 | 113 | # Channel hop interval in seconds. Leave at default if you don't know what this is. 114 | channel_hop_interval: 1 115 | 116 | # Time this monitor can remain without recording any frames until it is marked as failing. Under certain conditions, 117 | # it can be normal to not record any frames for an extended period of time. If you receive warnings and alerts for 118 | # failed probes when there were simply no frames to record, increase this value. Default: 60 119 | max_idle_time_seconds: 60 120 | 121 | # Skip the automatic monitor mode configuration of this interface. Only enable this if for some reason libpcap can't 122 | # properly configure this interface into monitor mode. In that case, you can try to set it manually instead. 123 | skip_enable_monitor: false 124 | } 125 | ] 126 | 127 | # A list of all your 802.11/WiFi networks. This will be used for automatic alerting. 128 | # It is recommended to leave this empty or on default at first start of nzyme and 129 | # then build it using the data nzyme shows in the web interface. For example, the 130 | # "security" and "fingerprints" strings can be copied from the web interface. 131 | # See: https://go.nzyme.org/network-monitoring 132 | 802_11_networks: [ 133 | { 134 | ssid: wifi-mobile 135 | channels: [6] 136 | security: [WPA2-PSK-CCMP-TKIP] 137 | beacon_rate: 4760 138 | bssids: [ 139 | { 140 | address: "f0:9f:c2:71:22:12", 141 | fingerprints: [ 7303e2cb387b7367923cf58574b7e0e7edf58dc541a9714d117d16384bd00613 ] 142 | } 143 | ] 144 | }, 145 | { 146 | ssid: wifi-guest 147 | channels: [6] 148 | security: [NONE] 149 | beacon_rate: 4760 150 | bssids: [ 151 | { 152 | address: "f0:9f:c2:71:22:10", 153 | fingerprints: [ 4db0e3114b3db19c2b3fae7a69a692e1edcf7ec718a4a6bf43311dc31185d132 ] 154 | } 155 | ] 156 | }, 157 | { 158 | ssid: wifi-management 159 | channels: [11] 160 | security: [WPA3-SAE-CCMP] 161 | beacon_rate: 4760 162 | bssids: [ 163 | { 164 | address: "f0:9f:c2:11:0a:24", 165 | fingerprints: [ df5b5f9eec31df5ec9e9e020d00abacde6fd7acd3e4cce45675510b72bbb107b ] 166 | } 167 | ] 168 | }, 169 | { 170 | ssid: wifi-IT 171 | channels: [11] 172 | security: [WPA3-PSK-SAE-CCMP] 173 | beacon_rate: 47600 174 | bssids: [ 175 | { 176 | address: "f0:9f:c2:1a:ca:25", 177 | fingerprints: [ 0d8c1f599eedc365bafbe63fb7c7c8f5592f01c3059a619d79035902fa5d781a ] 178 | } 179 | ] 180 | }, 181 | 182 | { 183 | ssid: wifi-corp 184 | channels: [44] 185 | security: [WPA2-EAM-CCMP] 186 | beacon_rate: 4760 187 | bssids: [ 188 | { 189 | address: "f0:9f:c2:71:22:15", 190 | fingerprints: [ 80efa82dc7030f12d9c6d2b585a152a82acf54b12d69b804195b6d0be83362b7 ] 191 | }, 192 | { 193 | address: "f0:9f:c2:71:22:1a", 194 | fingerprints: [ 80efa82dc7030f12d9c6d2b585a152a82acf54b12d69b804195b6d0be83362b7 ] 195 | } 196 | ] 197 | }, 198 | { 199 | ssid: wifi-global 200 | channels: [44] 201 | security: [WPA2-EAM-CCMP] 202 | beacon_rate: 4760 203 | bssids: [ 204 | { 205 | address: "f0:9f:c2:71:22:17", 206 | fingerprints: [ 6bc2339da79076b7fe043a855922b06d98dcbea4c3655f59ede516998202e52a ] 207 | } 208 | ] 209 | }, 210 | { 211 | ssid: wifi-regional 212 | channels: [44] 213 | security: [WPA2-EAM-CCMP] 214 | beacon_rate: 4760 215 | bssids: [ 216 | { 217 | address: "f0:9f:c2:71:22:16", 218 | fingerprints: [ 6bc2339da79076b7fe043a855922b06d98dcbea4c3655f59ede516998202e52a ] 219 | } 220 | ] 221 | }, 222 | { 223 | ssid: wifi-regional-tablets 224 | channels: [44] 225 | security: [WPA2-EAM-CCMP] 226 | beacon_rate: 4760 227 | bssids: [ 228 | { 229 | address: "f0:9f:c2:7a:33:28", 230 | fingerprints: [ 6bc2339da79076b7fe043a855922b06d98dcbea4c3655f59ede516998202e52a ] 231 | } 232 | ] 233 | }, 234 | { 235 | ssid: wifi-old 236 | channels: [3] 237 | security: [NONE] 238 | beacon_rate: 4760 239 | bssids: [ 240 | { 241 | address: "f0:9f:c2:71:22:11", 242 | fingerprints: [ 4db0e3114b3db19c2b3fae7a69a692e1edcf7ec718a4a6bf43311dc31185d132 ] 243 | } 244 | ] 245 | }, 246 | 247 | ] 248 | 249 | 250 | # The deauthentication monitor is used to monitor the number of recorded of deauthentication and disassociation frames. 251 | # The global_threshold parameter is used to control when a DEAUTH_FLOOD alert is triggered. 252 | deauth_monitor { 253 | global_threshold: 10 254 | } 255 | 256 | # List of enabled 802.11/WiFi alert types. Remove or comment out (#) an alert type to mute it. 257 | # See: https://go.nzyme.org/alerting 258 | 802_11_alerts: [ 259 | unexpected_bssid 260 | unexpected_ssid 261 | crypto_change 262 | unexpected_channel 263 | unexpected_fingerprint 264 | beacon_rate_anomaly 265 | multiple_signal_tracks 266 | pwnagotchi_advertisement 267 | bandit_contact 268 | unknown_ssid 269 | deauth_flood 270 | ] 271 | 272 | # Optional: Traps to set up. See: https://go.nzyme.org/deception-and-traps 273 | 802_11_traps: [] 274 | 275 | reporting: { 276 | email: { 277 | # One of: SMTP, SMTPS or SMTP_TLS 278 | transport_strategy: SMTP_TLS 279 | 280 | host: smtp.example.org 281 | port: 587 282 | username: "your_username" 283 | password: "your_password" 284 | 285 | from: "nzyme " 286 | subject_prefix: "[NZYME]" 287 | } 288 | } 289 | 290 | # Optional: A device to communicate with nzyme trackers, used to track down physical location of bandits. Please read 291 | # more in the documentation. See: https://go.nzyme.org/bandits-and-trackers 292 | groundstation_device: {} 293 | -------------------------------------------------------------------------------- /nzyme/setRandomPass.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Generate new passwords 4 | PASS_WEB=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c25` 5 | PASS_DB=`< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c25` 6 | 7 | # Replace DB password in files 8 | sed -i 's/NEW_PASSWORD/'$PASS_DB'/' .env 9 | 10 | # Gnerate sha256 password and replace WEB password in file 11 | PASS_WEB_256=`echo -n $PASS_WEB | sha256sum | awk '{print $1}'` 12 | sed -i "s/95d30169a59c418b52013315fc81bc99fdf0a7b03a116f346ab628496f349ed5/$PASS_WEB_256/" .env 13 | 14 | echo "Your new web password is $PASS_WEB" 15 | -------------------------------------------------------------------------------- /vagrant/README.md: -------------------------------------------------------------------------------- 1 | # Create WiFiChallenge Lab 2.0 using Vagrant 2 | 3 | ## For VirtualBox 4 | 5 | Create and start the VM (about 1 hour 30 minutes): 6 | 7 | ```bash 8 | vagrant up virtualbox_vm 9 | ``` 10 | 11 | Connect the VM 12 | 13 | ```bash 14 | vagrant ssh virtualbox_vm 15 | ``` 16 | 17 | Or RDP to IP 192.168.56.10 and port 3389 (using [remmina](https://remmina.org/) or other RDP client) 18 | 19 | 20 | ### Compress after install to export OVA 21 | 22 | ``` 23 | VBoxManage modifyhd --compact ubuntu-focal-20.04-cloudimg.vmdk 24 | ``` 25 | 26 | 27 | ## For VMWare 28 | Create and start the VM (about 1 hour 30 minutes):: 29 | 30 | ``` bash 31 | vagrant up vmware_vm 32 | ``` 33 | 34 | Connect the VM 35 | ``` bash 36 | vagrant ssh vmware_vm 37 | ``` 38 | 39 | Or RDP to IP 192.168.59.10 and port 3389 (using [remmina](https://remmina.org/) or other RDP client) 40 | 41 | ### Compress after install to export OVA 42 | 43 | ``` 44 | ``` 45 | 46 | ## After create VM 47 | 48 | - SSH as user and as vagrant to configure GUI 49 | - Remove /etc/fstab share folder if used 50 | -------------------------------------------------------------------------------- /vagrant/create.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | DESTROY=true 4 | HALT=true 5 | #HALT=false 6 | 7 | OPTION=$1 8 | 9 | if [ -z "${OPTION}" ]; then 10 | echo "Unknown option, only vmware, virtualbox or both" 11 | exit 1 12 | fi 13 | 14 | if [ "$OPTION" == "vmware" ]; then 15 | echo "VMware" 16 | if [ "$DESTROY" = true ] ; then 17 | vagrant destroy vmware_vm --force 18 | fi 19 | D=`date` 20 | echo "$D Start vmware_vm " | tee -a vmware_vm.log 21 | vagrant up vmware_vm 22 | D=`date` 23 | echo "$D Finish vmware_vm " | tee -a vmware_vm.log 24 | 25 | # Configure background, etc 26 | vagrant halt vmware_vm 27 | vagrant up vmware_vm 28 | timeout 30s vagrant ssh vmware_vm 29 | if [ "$HALT" = true ] ; then 30 | vagrant halt vmware_vm 31 | fi 32 | 33 | elif [ $OPTION == "virtualbox" ]; then 34 | echo "VirtualBox" 35 | if [ "$DESTROY" = true ] ; then 36 | vagrant destroy virtualbox_vm --force 37 | fi 38 | D=`date` 39 | echo "$D Start virtualbox_vm " | tee -a virtualbox_vm.log 40 | vagrant up virtualbox_vm 41 | D=`date` 42 | echo "$D Finish virtualbox_vm " | tee -a virtualbox_vm.log 43 | # Configure background, etc 44 | vagrant halt virtualbox_vm 45 | vagrant up virtualbox_vm 46 | timeout 30s vagrant ssh virtualbox_vm 47 | if [ "$HALT" = true ] ; then 48 | vagrant halt virtualbox_vm 49 | fi 50 | 51 | elif [ $OPTION == "hyper-v" ]; then 52 | echo "hyper-v" 53 | if [ "$DESTROY" = true ] ; then 54 | vagrant destroy hyper-v_vm --force 55 | fi 56 | D=`date` 57 | echo "$D Start hyper-v_vm " | tee -a hyper-v_vm.log 58 | vagrant up hyper-v_vm 59 | D=`date` 60 | echo "$D Finish hyper-v_vm " | tee -a hyper-v_vm.log 61 | # Configure background, etc 62 | vagrant halt hyper-v_vm 63 | vagrant up hyper-v_vm 64 | timeout 30s vagrant ssh hyper-v_vm 65 | if [ "$HALT" = true ] ; then 66 | vagrant halt hyper-v_vm 67 | fi 68 | 69 | 70 | elif [ $OPTION == "all" ]; then 71 | echo "all same time" 72 | echo $0 73 | # Start vmware 74 | bash $0 vmware & 75 | LAST1=$! 76 | # Start vbox 77 | bash $0 virtualbox & 78 | LAST2=$! 79 | 80 | # Start hyper-v 81 | bash $0 hyper-v & 82 | LAST3=$! 83 | 84 | #Wait for them 85 | wait $LAST1 86 | wait $LAST2 87 | wait $LAST3 88 | 89 | else 90 | echo "Unknown option, only VMware, VirtualBox, hyper-v or all" 91 | exit 1 92 | fi 93 | 94 | 95 | 96 | 97 | exit 0 98 | 99 | 100 | 101 | 102 | 103 | -------------------------------------------------------------------------------- /vagrant/install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Function to edit a configuration file 4 | edit_config_file() { 5 | local file="$1" 6 | local setting="$2" 7 | local value="$3" 8 | 9 | if grep -q "^${setting}" "${file}"; then 10 | sudo sed -i "s|^${setting}.*|${setting} \"${value}\";|" "${file}" 11 | else 12 | echo "${setting} \"${value}\";" | sudo tee -a "${file}" > /dev/null 13 | fi 14 | } 15 | 16 | DEV=False 17 | 18 | # update package lists 19 | sudo apt-get update 20 | sudo apt-get full-upgrade -y 21 | 22 | 23 | sudo apt remove unattended-upgrades -y 24 | sudo apt remove update-manager -y 25 | sudo apt remove update-notifier -y 26 | 27 | 28 | ## Install drivers modprobe 29 | sudo apt-get install -y linux-generic 30 | 31 | # Create a sudo user 32 | # Create the user 33 | sudo useradd -m -s /bin/bash user 34 | echo "user:user" | sudo chpasswd 35 | # Add the user to the sudo group 36 | sudo usermod -aG sudo user 37 | # Configure sudo to not prompt for a password 38 | echo "user ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/user 39 | sudo chmod 0440 /etc/sudoers.d/user 40 | 41 | # Allow user to scan WiFi 42 | echo '[Allow Wifi Scan] 43 | Identity=unix-user:* 44 | Action=org.freedesktop.NetworkManager.wifi.scan;org.freedesktop.NetworkManager.enable-disable-wifi;org.freedesktop.NetworkManager.settings.modify.own;org.freedesktop.NetworkManager.settings.modify.system;org.freedesktop.NetworkManager.network-control 45 | ResultAny=yes 46 | ResultInactive=yes 47 | ResultActive=yes' >> /etc/polkit-1/localauthority/50-local.d/47-allow-wifi-scan.pkla 48 | 49 | echo '[Allow Colord all Users] 50 | Identity=unix-user:* 51 | Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile 52 | ResultAny=no 53 | ResultInactive=no 54 | ResultActive=yes' > /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla 55 | 56 | 57 | ## Install Docker 58 | sudo apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common 59 | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - 60 | sudo apt-key fingerprint 0EBFCD88 61 | sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" 62 | sudo apt-get update 63 | sudo apt-get install -y docker-ce docker-ce-cli containerd.io 64 | 65 | # Fix DNS error Docker 66 | sudo apt-get install bridge-utils -y 67 | sudo service docker restart 68 | 69 | 70 | if [ "$DEV" == "True" ]; then 71 | ## Go to WiFiChallengeFolder (git clone...) 72 | cd /var 73 | git clone -b dev https://github.com/r4ulcl/WiFiChallengeLab-docker 74 | else 75 | cd /var 76 | git clone https://github.com/r4ulcl/WiFiChallengeLab-docker 77 | fi 78 | 79 | cd /var/WiFiChallengeLab-docker 80 | 81 | ## Install RDP server 82 | echo 'Install RDP server' 83 | sudo bash Attacker/installRDP.sh 84 | 85 | ## Install hacking WiFi tools 86 | echo 'Install hacking WiFi tools' 87 | sudo bash Attacker/installTools.sh 88 | 89 | ## Extract nzyme default logs (attacker) 90 | cd /var/WiFiChallengeLab-docker/nzyme/ 91 | rm -r logs/ data/ 92 | sudo apt-get install -y p7zip-full 93 | 7z x nzyme-logs.7z 94 | 95 | ## Enable docker 96 | cd /var/WiFiChallengeLab-docker/ 97 | sudo docker compose -f docker-compose.yml up -d 98 | #sudo docker compose -f docker-compose-minimal.yml up -d 99 | 100 | 101 | ## remove all non-essential programs in an Ubuntu 20 minimal ISO-based Vagrant VM 102 | # remove all non-essential packages 103 | sudo apt-get --yes remove --purge `dpkg --get-selections | grep -v "^lib" | grep -v "^ubuntu-minimal" | grep -v "^tzdata" | grep -v "^gpgv" | grep -v "^gnupg" | grep -v "^apt" | grep -v "^dirmngr" | awk '{print $1}'` 104 | # Remove games 105 | sudo apt-get --yes purge aisleriot gnome-sudoku mahjongg ace-of-penguins gnomine gbrainy gnome-mines 106 | # Remove libreoffice 107 | sudo apt-get --yes purge libreoffice-core libreoffice-calc libreoffice-draw libreoffice-impress libreoffice-math libreoffice-writer 108 | sudo apt-get --yes purge thunderbird snapd 109 | # Remove transmission and cheese 110 | sudo apt-get --yes purge cheese transmission-* gnome-mahjongg 111 | # autoremove any dependencies that are no longer needed 112 | sudo apt-get --yes autoremove 113 | # clean up the package cache 114 | sudo apt-get clean 115 | 116 | sudo apt-get -y autoremove --purge ubuntu-web-launchers landscape-client-ui-install gnome-games-common libreoffice* empathy transmission-gtk cheese gnome-software-common gnome-software-plugin-flatpak gnome-software-plugin-snap gnome-terminal gnome-orca onboard simple-scan gnome-font-viewer gnome-calculator gnome-clocks gnome-screenshot gnome-system-log gnome-system-monitor gnome-documents gnome-music gnome-video-effects gnome-boxes gnome-dictionary gnome-photos gnome-weather gnome-maps gnome-logs gnome-clocks gnome-characters gnome-calendar aisleriot gnome-sudoku gnome-mines gnome-mahjongg thunderbird 117 | 118 | # First FLAG 119 | echo 'flag{2162ae75cdefc5f731dfed4efa8b92743d1fb556}' | sudo tee /root/flag.txt 120 | 121 | echo '#!/bin/bash 122 | cd /var/WiFiChallengeLab-docker 123 | 124 | sudo docker compose restart aps 125 | sudo docker compose restart clients' | sudo tee /root/restartWiFi.sh /home/user/restartWiFi.sh 126 | chmod +x /root/restartWiFi.sh /home/user/restartWiFi.sh 127 | 128 | echo '#!/bin/bash 129 | #Update images from AP and clients 130 | cd /var/WiFiChallengeLab-docker 131 | sudo docker compose pull 132 | sudo docker compose up --detach 133 | ' | sudo tee /root/updateWiFiChallengeLab.sh /home/user/updateWiFiChallengeLab.sh 134 | chmod +x /root/updateWiFiChallengeLab.sh /home/user/updateWiFiChallengeLab.sh 135 | 136 | # Fix "Your kernel does not support swap limit capabilities or the cgroup is not mounted. Memory limited without swap." 137 | 138 | grub_file="/etc/default/grub" 139 | params="cgroup_enable=memory swapaccount=1" 140 | 141 | # Check if the parameters are already present 142 | if grep -q "$params" "$grub_file"; then 143 | echo "Parameters already present in GRUB_CMDLINE_LINUX." 144 | else 145 | # Add the parameters to GRUB_CMDLINE_LINUX 146 | sudo sed -i "/^GRUB_CMDLINE_LINUX=/ s/\"$/ $params\"/" "$grub_file" 147 | fi 148 | sudo update-grub 149 | 150 | #Fix password on wifi scan 151 | # Change the configuration file 152 | sudo sed -i 's/wifi.powersave = 3/wifi.powersave = 2/' /etc/NetworkManager/conf.d/default-wifi-powersave-on.conf 153 | # Restart the network manager 154 | sudo service network-manager restart 155 | # Confirm the changes have been made 156 | echo "The system policy has been updated and the network manager has been restarted. Wi-Fi scans should now be allowed." 157 | 158 | #Copy script 159 | sudo mkdir /opt/background/ 160 | sudo cp WiFiChallengeLab.png /opt/background/WiFiChallengeLab.png 161 | 162 | # nzyme alerts 163 | sudo apt-get install -y jq 164 | # nzyme icon for alerts 165 | sudo wget https://www.nzyme.org/favicon.ico -O /opt/background/nzyme.ico 166 | 167 | echo '#!/bin/bash 168 | 169 | #check if running 170 | PID_FILE=/var/run/nzyme-alerts.pid 171 | 172 | if [ -e "${PID_FILE}" ]; then 173 | PID=$(cat "${PID_FILE}") 174 | if ps -p "${PID}" > /dev/null; then 175 | echo "Error: Script is already running with PID ${PID}." 176 | exit 1 177 | else 178 | echo "Warning: PID file exists but process is not running. Deleting PID file." 179 | rm "${PID_FILE}" 180 | fi 181 | fi 182 | 183 | # Register a signal trap to remove the PID file if the script is terminated 184 | trap "rm ${PID_FILE}; exit 0" SIGINT SIGTERM SIGHUP 185 | 186 | echo $$ > "${PID_FILE}" 187 | # Loop 188 | GREP_STRING="MULTIPLE_SIGNAL_TRACKS|BANDIT_CONTACT|DEAUTH_FLOOD|UNEXPECTED_FINGERPRINT|UNEXPECTED_BSSID|UNEXPECTED_CHANNEL" 189 | ALERT1=`cat /var/WiFiChallengeLab-docker/logsNzyme/alerts.log | grep -E "$GREP_STRING" | tail -n 1 | jq .message` 190 | while true ; do 191 | ALERT2=`cat /var/WiFiChallengeLab-docker/logsNzyme/alerts.log | grep -E "$GREP_STRING" | tail -n 1 | jq .message` 192 | if [ "$ALERT1" != "$ALERT2" ] ; then 193 | ALERT1=$ALERT2 194 | notify-send -i /opt/background/nzyme.ico "WIDS Nzyme" "$ALERT2" 195 | fi 196 | sleep 0.1 197 | done 198 | ' > /var/nzyme-alerts.sh 199 | 200 | sudo chown user:user /var/nzyme-alerts.sh 201 | sudo chmod +x /var/nzyme-alerts.sh 202 | 203 | echo 'nohup bash /var/nzyme-alerts.sh > /tmp/nzyme-alerts-user.log 2>&1 &' >> /home/user/.bashrc 204 | echo 'nohup bash /var/nzyme-alerts.sh > /tmp/nzyme-alerts-vagrant.log 2>&1 &' >> /home/vagrant/.bashrc 205 | 206 | 207 | echo '#!/bin/bash 208 | #Script to set nzyme interface in monitor mode always 209 | sudo ip link set wlan60 down 210 | sudo iw wlan60 set type monitor 211 | sudo ip link set wlan60 up' > /var/aux.sh 212 | chmod +x /var/aux.sh 213 | 214 | # Configure GUI when user open terminal first time, then delete 215 | cat << 'EOF' > /etc/configureUser.sh 216 | # Enable dock 217 | gnome-extensions enable ubuntu-dock@ubuntu.com 218 | gnome-extensions enable ubuntu-appindicators@ubuntu.com 219 | gnome-extensions enable desktop-icons@csoriano 220 | 221 | # Set background 222 | gsettings set org.gnome.desktop.background picture-uri file:////opt/background/WiFiChallengeLab.png 223 | 224 | # Cron to monitor mode to nzyme 225 | (crontab -l ; echo "* * * * * bash /var/aux.sh") | crontab - 226 | 227 | 228 | # Dark theme 229 | # Check if gnome-tweaks is installed 230 | if ! [ -x "$(command -v gnome-tweaks)" ]; then 231 | sudo apt-get -y install gnome-tweaks 232 | fi 233 | 234 | # Change theme to Adwaita-dark 235 | gsettings set org.gnome.desktop.interface gtk-theme "Adwaita-dark" 236 | 237 | # Change icon theme to Adwaita 238 | gsettings set org.gnome.desktop.interface icon-theme "Adwaita" 239 | 240 | # Add CA to system and firefox to TLS 241 | sudo cp /var/WiFiChallengeLab-docker/certs/ca.crt /usr/local/share/ca-certificates/ && sudo update-ca-certificates 242 | 243 | # Configure firefox for TLS 244 | firefox & 245 | sleep 10 246 | CA_CERT_PATH="/var/WiFiChallengeLab-docker/certs/ca.crt" 247 | PROFILE_PATH="$HOME/.mozilla/firefox" 248 | PROFILE_DIR=$(ls $PROFILE_PATH | grep -E '\.default-release$') 249 | 250 | # Path to the Firefox cert8.db (or cert9.db for newer Firefox versions) 251 | CERT_DB="$PROFILE_PATH/$PROFILE_DIR/cert9.db" 252 | 253 | # Check if certutil (from the `libnss3-tools` package) is installed 254 | if ! command -v certutil &> /dev/null; then 255 | echo "certutil not found. Installing libnss3-tools..." 256 | sudo apt-get update && sudo apt-get install -y libnss3-tools 257 | fi 258 | 259 | # Add the CA certificate to Firefox 260 | echo "Adding CA certificate to Firefox..." 261 | certutil -A -n "WiFiChallenge CA" -t "C,," -d sql:$PROFILE_PATH/$PROFILE_DIR -i "$CA_CERT_PATH" 262 | 263 | sudo rm -rf /var/WiFiChallengeLab-docker/zerofile 2> /dev/null 264 | 265 | # Auto delete 266 | sed -i "s/bash \/etc\/configureUser.sh//g" /home/vagrant/.bashrc 2> /dev/null 267 | sed -i "s/bash \/etc\/configureUser.sh//g" /home/user/.bashrc 2> /dev/null 268 | 269 | 270 | # Add Terminal to favorites 271 | gsettings set org.gnome.shell favorite-apps "$(gsettings get org.gnome.shell favorite-apps | sed s/.$//), 'wireshark.desktop', 'org.gnome.Terminal.desktop']" 272 | 273 | # Remove fstab info in VBox 274 | sudo sed -i "/$(echo 'media_WiFiChallenge /media/WiFiChallenge vboxsf uid=1000,gid=1000,_netdev 0 0' | sudo sed -e 's/[\/&]/\\&/g')/d" /etc/fstab 275 | 276 | EOF 277 | 278 | echo 'bash /etc/configureUser.sh' >> /home/vagrant/.bashrc 279 | echo 'bash /etc/configureUser.sh' >> /home/user/.bashrc 280 | 281 | 282 | 283 | # Enable SSH password login 284 | # Open the SSH server configuration file for editing 285 | sudo sed -i 's/#PasswordAuthentication.*/PasswordAuthentication yes/g' /etc/ssh/sshd_config 286 | # Add the line if it doesn't exist 287 | grep -q "PasswordAuthentication yes" /etc/ssh/sshd_config || echo "PasswordAuthentication yes" | sudo tee -a /etc/ssh/sshd_config > /dev/null 288 | # Restart the SSH server to apply the changes 289 | sudo service ssh restart 290 | 291 | firefox_dir="/usr/lib/firefox" 292 | 293 | # Create a new file in the Firefox installation directory 294 | sudo tee $firefox_dir/distribution/policies.json > /dev/null < $SCRIPT_PATH 319 | #!/bin/bash 320 | 321 | # Loop to constantly monitor containers' health 322 | while true; do 323 | for container in $(docker ps --filter "health=unhealthy" --format "{{.Names}}"); do 324 | # Wait 30 seconds and check again if the container is still unhealthy 325 | sleep 30 326 | if docker ps --filter "health=unhealthy" --filter "name=$container" --format "{{.Names}}" | grep -q "$container"; then 327 | echo "$(date) - Restarting unhealthy container: $container" 328 | docker restart "$container" 329 | fi 330 | done 331 | 332 | # Sleep before checking again 333 | sleep 30 334 | done 335 | EOF 336 | 337 | # Make the monitor-health.sh script executable 338 | chmod +x $SCRIPT_PATH 339 | 340 | echo "monitor-health.sh script created and made executable." 341 | 342 | # 2. Create the systemd service file 343 | echo "Creating the systemd service file..." 344 | 345 | cat << EOF > $SERVICE_PATH 346 | [Unit] 347 | Description=Monitor Docker Health and Restart Unhealthy Containers 348 | After=docker.service 349 | 350 | [Service] 351 | ExecStart=$SCRIPT_PATH 352 | Restart=always 353 | User=root 354 | Group=root 355 | 356 | [Install] 357 | WantedBy=multi-user.target 358 | EOF 359 | 360 | # 3. Reload systemd, enable and start the service 361 | # Reload systemd to pick up the new service file 362 | systemctl daemon-reload 363 | # Enable the service to start on boot 364 | systemctl enable monitor-health.service 365 | # Start the service immediately 366 | systemctl start monitor-health.service 367 | # 4. Verify the service is running 368 | systemctl status monitor-health.service --no-pager 369 | 370 | 371 | # Disable systemd-resolved 372 | sudo sed -i 's/^DNSStubListener=yes/DNSStubListener=no/g' /etc/systemd/resolved.conf 373 | sudo systemctl stop systemd-resolved.service 374 | sudo systemctl disable systemd-resolved.service 375 | # Configure DNS servers 376 | sudo rm /etc/resolv.conf 377 | echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf >/dev/null 378 | echo "nameserver 8.8.4.4" | sudo tee -a /etc/resolv.conf >/dev/null 379 | # Restart networking service 380 | sudo systemctl restart networking.service 381 | 382 | # Install guest additions 383 | # Check if system is running on VMware 384 | if [[ $(dmidecode | grep -i vmware) ]]; then 385 | echo "Installing open-vm-tools-desktop for VMware" 386 | sudo apt-get update 387 | sudo apt-get install -y open-vm-tools-desktop 388 | # Check if system is running on VirtualBox 389 | elif [[ $(dmidecode | grep -i virtualbox) ]]; then 390 | echo "Installing VirtualBox Guest Additions for VirtualBox" 391 | sudo apt-get update 392 | sudo apt-get install -y virtualbox-guest-additions-iso 393 | sudo apt-get install -y virtualbox-guest-x11 394 | else 395 | echo "This script only supports VMware and VirtualBox virtual machines." 396 | fi 397 | 398 | 399 | # Root acces GUI 400 | su -c 'xhost si:localuser:root' vagrant 401 | su vagrant -c 'xhost +SI:localuser:root' 402 | echo 'xhost si:localuser:root > /dev/null 2>&1' >> /home/vagrant/.bashrc 403 | 404 | su -c 'xhost si:localuser:root' user 405 | su user -c 'xhost +SI:localuser:root' 406 | echo 'xhost si:localuser:root > /dev/null 2>&1' >> /home/user/.bashrc 407 | export PATH=$PATH:/sbin 408 | 409 | # Make VM smallest posible 410 | rm -rf /root/tools/eaphammer/wordlists/rockyou.txt /root/tools/eaphammer/wordlists/rockyou.txt.tar.gz 411 | sudo apt-get -y autoremove 412 | sudo apt-get -y autoclean 413 | sudo apt-get -y clean 414 | 415 | docker system prune -a -f 416 | 417 | echo "Starting dd, this may take a while" 418 | sudo dd if=/dev/zero of=/tmp/zerofile bs=1M ; sudo rm -rf /tmp/zerofile 419 | sudo rm -rf /tmp/zerofile -------------------------------------------------------------------------------- /vagrant/vagrantfile: -------------------------------------------------------------------------------- 1 | VAGRANT_COMMAND = ARGV[0] 2 | 3 | Vagrant.configure("2") do |config| 4 | 5 | 6 | config.vm.define "hyper-v_vm" do |hyper_v_vm| 7 | # Add other configuration options here 8 | hyper_v_vm.vm.box = "generic/ubuntu2004" 9 | hyper_v_vm.vm.define "WiFiChallengeLab HyperV" 10 | # hyper_v_vm.vm.network "private_network", ip: "192.168.58.10" 11 | hyper_v_vm.vm.hostname = "WiFiChallengeLab" 12 | hyper_v_vm.vm.provider "hyperv" do |hv| 13 | hv.vmname = "WiFiChallenge Lab v2.1" 14 | hv.maxmemory = 4096 15 | hv.memory = 4096 16 | hv.cpus = 4 17 | end 18 | hyper_v_vm.vm.provision :shell, path: "./install.sh" 19 | end 20 | 21 | config.vm.define "virtualbox_vm" do |virtualbox_vm| 22 | # Add other configuration options here 23 | virtualbox_vm.vm.box = "generic/ubuntu2004" 24 | virtualbox_vm.vm.define "WiFiChallengeLab vbox" 25 | virtualbox_vm.vm.hostname = "WiFiChallengeLab" 26 | virtualbox_vm.vm.provider "virtualbox" do |vb| 27 | vb.memory = "4096" 28 | vb.cpus = 4 29 | vb.name = "WiFiChallenge Lab v2.1" 30 | end 31 | virtualbox_vm.vm.provision :shell, path: "./install.sh" 32 | end 33 | 34 | config.vm.define "vmware_vm" do |vmware_vm| 35 | # Add other configuration options here 36 | vmware_vm.vm.box = "generic/ubuntu2004" 37 | vmware_vm.vm.define "WiFiChallengeLab VMWare" 38 | vmware_vm.vm.provider "vmware_desktop" do |v| 39 | v.linked_clone = false 40 | v.clone_directory = "E:/VMWare" 41 | v.force_vmware_license = "workstation" # force the licence for fix some vagrant plugin issue 42 | v.gui = true 43 | v.vmx["displayName"] = "WiFiChallenge Lab v2.1" 44 | v.memory = "4096" 45 | v.cpus = 4 46 | end 47 | #vmware_vm.vm.network "private_network", ip: "192.168.57.10" 48 | vmware_vm.vm.hostname = "WiFiChallengeLab" 49 | vmware_vm.vm.provision :shell, path: "./install.sh" 50 | end 51 | 52 | config.vm.define "qemu_arm_vm" do |qemu_vm| 53 | # Add other configuration options here 54 | qemu_vm.vm.box = "generic/ubuntu2004" 55 | qemu_vm.vm.define "WiFiChallengeLab QEMU" 56 | qemu_vm.vm.hostname = "WiFiChallengeLab" 57 | qemu_vm.vm.provider "qemu" do |libvirt| 58 | #qemu_vm.vm.provider :libvirt do |libvirt| 59 | libvirt.memory = "4096" 60 | libvirt.cpus = 4 61 | libvirt.driver = "qemu" 62 | libvirt.machine_type = "virt" 63 | libvirt.cpu_model = "cortex-a57" 64 | end 65 | qemu_vm.vm.provision :shell, path: "./install.sh" 66 | end 67 | 68 | end 69 | --------------------------------------------------------------------------------