WeMos white Hacking


#White Hacking: WeMos and SquirelCrawl! (update 17.10.2017)

I was surfing the web for new hacking software and hardware tools and I found the Hacker Arsenal website. This website offers "ARTILLERY FOR CYBER WARRIORS" as they said; it is basically hardware and firmware for pentester. In summary, they have actually three products especially for Wi-Fi Sniffing.

Python Code: https://goo.gl/YuT5qm

I found the Winx-Portable (update 17.10.2017: they are not offering this product anymore, they are offering the WiNX) on the website and I thought I have something like that. I look for the boards that I've recently bought, and I find the WeMos WiFi ESP32 Development Tool. The boards are identical. Then, I tested the available firmware and they worked on my board.

WeMos
Fig. 1: WeMos WiFi ESP32 Development Tool

I google again to check if someone have done something with this board, and I found that Tomas C. has been also experimenting with it.

You need the following hardware, firmware and I included some video tutorials:

WeMos WeMos WiFi ESP32 Development Tool x 1
INR18650 INR18650 3.7v Battery x1
Arduino Hacker Arsenal Firmwares (at the end of the page)
Youtube Custom Captive Portals - Intructional Video
Python SquirelCrawl

Board use

You find instructional videos on the YouTube channel of Hacker Arsenal that explain the use of the board and firmware installation. I've listed on the table, that I found interesting "Custom Captive Portals - Instructional Video".

Steps to Upload Firmware

The steps to upload the Firmware can be found in the README file as

  1. Connect the WeMos to your laptop
  2. Check the port on which the device is mapped using the hardware manager (Device Manger -Windows + Pause Keys- on Windows) e.g. COM3, /dev/ttyUSB0 etc. depending on your Operating System
  3. Open a command prompt and navigate to the firmware directory
  4. Run the command below based on your OS
// Windows
$ python esptool.py --chip esp32 --port <COMXX> --baud 921600 --before default_reset --after hard_reset write_flash -z --flash_freq 80m --flash_mode dio --flash_size 4MB 0x1000 bootloader.bin 0x8000 WiNX-Deception.ino.partitions.bin 0xe000 boot_WiNX-Deception.bin 0x10000 WiNX-Deception.ino.bin 

// Linux
$ python esptool.py --chip esp32 --port </dev/ttyUSBX> --baud 921600 --before default_reset --after hard_reset write_flash -z --flash_freq 80m --flash_mode dio --flash_size 4MB 0x1000 bootloader.bin 0x8000 WiNX-Deception.ino.partitions.bin 0xe000 boot_WiNX-Deception.bin 0x10000 WiNX-Deception.ino.bin 

// Mac OS
python esptool.py --chip esp32 --port </dev/cu.SLAB_USBtoUART> --baud 921600 --before default_reset --after hard_reset write_flash -z --flash_freq 80m --flash_mode dio --flash_size 4MB 0x1000 bootloader.bin 0x8000 WiNX-Deception.ino.partitions.bin 0xe000 boot_WiNX-Deception.bin 0x10000 WiNX-Deception.ino.bin

Using putty is possible to access the data saved on the device. More info can be found on the Youtube video from Arsenal Hacker.

If you type the option STATUS, you'll see that the "Custom Captive Portals" is not configured. You have to load a login page. You do this using the WiNX-Deception-Helper.py also available in the zip file from Arsenal Hacker. You need to open a command prompt, navigate to the firmware directory and type

python WiNX-Deception-Helper.py -p <COMXX, /dev/ttyUSBX, /dev/cu.SLAB_USBtoUART> -f <template.html>

The maximal size of the webpage muss be under 150Kb.

SquirelCrawl in Python

Disclaimer

The author of the code assumes no responsibility for users' decision-making and their code usage and this post.

I've just uploaded a new repository. This code compress a webpage into an html file. Images are converted to base64 and integrated together with CSS files in the html. This code can be useful for webpages on microcontrollers (or low memory devices), or a complete offline copy of a webpage etc.

I wrote an use section on Github, but basically you should download the repository, install the requirements and type in a command prompt the following

python squirelcrawl --url <http(s)://...> --path <folder>

where --url is the webpage that you want to download and --path is the project folder, in which all files are downloaded and the output is generated. Some optional options are available to compress the output file (remember that the maximal size of the webpage is 150Kb).

I tested the code with a couple of pages, and it works. It's a beta version, it has a lot of errors and a lot of improvements. Some sites uses JavaScript for the translation between languages and you get the labels just as {{translate.parts.login.adhoc_buy_ticket}}. In this case, you have to work a little more. Use some Development Tools of Chrome/Firefox etc. select the code, copy it, and save it to a page.html. Then, start a local server with the page, it should work. :) Leave a comment if you find the code interesting. I am going to upload a video soon.

I assume no responsibility for the usage of this code and post. The book "The Hacker Playbook 2: Practical Guide to Penetration Testing - Peter Kim" says

Just remember, ONLY test systems on which you have written permission. Just Google the term “hacker jailed” and you will see plenty of different examples where young teens have been sentenced to years in prison for what they thought was a “fun time.” There are many free platforms where legal hacking is allowed and will help you further educate yourself.

{{ message }}

{{ 'Comments are closed.' | trans }}