Hacking_and_Penetration_Testing_with_Low_Power_Devices
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Penetration</strong> testing <strong>with</strong> a single remote drone<br />
145<br />
There is a simple <strong>and</strong> elegant way to determine if the mon0 interface is available<br />
in Python, but it requires the Python netifaces module to be installed. If you want to<br />
add this check to your scripts, first, install this module by running sudo apt-get<br />
install python-netifaces. Then, add the following to the beginning of your wireless<br />
sniffing script (or any script using mon0 for that matter) in order to check that<br />
mon0 is available <strong>and</strong> create it if it is not:<br />
import netifaces, os<br />
interface_list ¼ netifaces.interfaces()<br />
if ’mon0’ not in interface_list:<br />
wifi_list ¼ filter(lambda x: ’wlan’ in x, interface_list)<br />
if len(wifi_list) > 0:<br />
# The following will fail if you need a password for sudo<br />
# or you are not running script as root<br />
os.system(“sudo airmon-ng start wifi_list[0]”)<br />
else:<br />
print “Could not find any wireless interfaces!”<br />
exit(0)<br />
Now that the target network has been identified, Scapy can be used for some further<br />
analysis. Another simple script can be used to monitor traffic for a short while<br />
<strong>and</strong> detect any attached clients. The monitor interface should be set to remain on the<br />
appropriate channel so that no packets are dropped unnecessarily. In order to ensure<br />
this is the case, execute the following two comm<strong>and</strong>s before running this script: sudo<br />
iwconfig wlan0 channel <strong>and</strong> sudo iwconfig mon0 channel<br />
. Note that in some cases, you may have to take an interface down<br />
before changing the channel using sudo ifconfig down <strong>and</strong> then bring<br />
it back up <strong>with</strong> sudo ifconfig up after the channel has been changed<br />
<strong>with</strong> iwconfig. The following script captures for a minute <strong>and</strong> also prints out attached<br />
clients in case we need to deauthenticate a client or two in order to capture<br />
h<strong>and</strong>shakes:<br />
#!/usr/bin/env python<br />
# simple script to capture wireless packets <strong>with</strong> scapy<br />
# As presented in the book<br />
# <strong>Hacking</strong> <strong>and</strong> <strong>Penetration</strong> <strong>Testing</strong> With <strong>Low</strong> <strong>Power</strong> <strong>Devices</strong><br />
# by Dr. Phil Polstra<br />
from scapy.all import *<br />
import optparse<br />
# create a list to store networks<br />
client_list ¼ []<br />
pkt_list ¼ []<br />
# define a function to be called <strong>with</strong> each received packet<br />
def packet_h<strong>and</strong>ler(pkt) :