diff -u xtest-1.0/main.c xtest-1.0-jlw/main.c --- xtest-1.0/main.c 2008-08-26 20:43:45.000000000 -0400 +++ xtest-1.0-jlw/main.c 2010-10-06 13:22:10.000000000 -0400 @@ -33,6 +33,8 @@ #include "cdp_sniffer.h" #include "xtest.h" #include "cdp_spoof.h" +#include +#include #define DEFAULT_IFNAME "eth0" #define DEFAULT_IFNAME_LEN 4 @@ -459,7 +461,7 @@ printf("Usage: xtest [options]\n"); printf(" -u Username sent via EAP-MD5\n"); printf(" -p Password sent via EAP-MD5\n"); - printf(" -w Dictionary file name\n"); + printf(" -w Dictionary file name (\"-\" for STDIN)\n"); printf(" -e 8021x MitM - Sniff for EAP and CDP Packets \n"); printf(" -d Remove the Virtual interface \n"); printf(" -c pcap file to read from\n"); @@ -899,7 +901,7 @@ if_request.cmd = ADD_VLAN_CMD; if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) { - printf("Error trying to add VLAN %u to Interface %s: %s\n",vvid, IfName); + printf("Error trying to add VLAN %u to Interface %s: %s\n",vvid, IfName, strerror(errno)); } else { printf("Added VLAN %u to Interface %s\n",vvid, IfName); } diff -u xtest-1.0/README xtest-1.0-jlw/README --- xtest-1.0/README 2008-08-27 06:35:41.000000000 -0400 +++ xtest-1.0-jlw/README 2010-09-03 14:03:59.000000000 -0400 @@ -11,7 +11,7 @@ ./xtest -c file.pcap -w dict.txt WHAT IS XTEST? -XTest is a simple, practical, and free, wired 802.1x supplicant security tool implementing the RFC 3847 EAP-MD5 Authentication method. It can be used to assess the password strength within wired ethernet environments that rely on 802.1x to protect IP Phones and the VoIP Infrastructure against rogue PC access. XTest is developed in C and freely available to anyone, under the GPLv3 license. +XTest is a simple, practical, and free, wired 802.1x supplicant security tool implementing the RFC 3748 EAP-MD5 Authentication method. It can be used to assess the password strength within wired ethernet environments that rely on 802.1x to protect IP Phones and the VoIP Infrastructure against rogue PC access. XTest is developed in C and freely available to anyone, under the GPLv3 license. WHY? XTest was developed with the specific aim of improving the security of environments that use 802.1x to protect IP Phone endpoints and their supporting VoIP Infrastructure. With the increasing prevalence of 802.1x Supplicant support in wired hard Phones, 802.1x will be increasingly used to ensure that remote IP Phones placed in areas with low physical security will have their directly connected ethernet switch ports secured against unauthorized access. Furthermore, the tool can demonstrate the danger[1,2] of relying solely on 802.1x, because the current wired 802.1x implementation only requires authentication when the port initially comes up/up. Subsequent packets are not authenticated, allowing an attacker to share a connection on a hub with the valid 802.1x supplicant, allowing unauthorized switchport access. Only in xtest-1.0-jlw/: sample-pcaps Only in xtest-1.0-jlw/: sample-pcaps.zip Only in xtest-1.0-jlw/: shortlist diff -u xtest-1.0/utils.c xtest-1.0-jlw/utils.c --- xtest-1.0/utils.c 2008-08-26 19:55:44.000000000 -0400 +++ xtest-1.0-jlw/utils.c 2010-10-06 13:21:01.000000000 -0400 @@ -304,7 +304,7 @@ int count,dcount,rcount,buftest,i,j = 0; FILE *in_file; /* input file */ - int ch,lcount=0; + int ch,lcount=0,stdindict=0; unsigned long wordcount=0; unsigned long passwdcount=0; unsigned char reqChalBuffer[SIG_SIZE]; @@ -315,21 +315,31 @@ float elapsed=0; /* READ DICT FILE FOR LIST OF PASSWORDS */ - in_file = fopen(dictFile, "r"); - if (in_file == NULL) { - printf("[-] Cannot open %s\n", dictFile); - exit(8); + if (*dictFile == '-') { + in_file = stdin; + stdindict=1; + } else { + in_file = fopen(dictFile, "r"); + if (in_file == NULL) { + printf("[-] Cannot open %s\n", dictFile); + exit(8); } + } printf("[+] Total Number of 802.1x Successful Authentication Sequences: %d\n",respPacketCount); - printf("[+] Please wait while testing password in pcap against dictionary file\n"); + if (!stdindict) { + printf("[+] Please wait while testing password in pcap against dictionary file\n"); + + /* Calculate Total Number of passwords for attack */ + while( fgets(passwd, sizeof(passwd), in_file) != NULL ) { + wordcount++; + } + rewind(in_file); + printf("[+] Attempting Dictionary Attack with %lu passwords of the dictionary %s\n",wordcount,dictFile); + } else { + printf("[+] Using STDIN for dictionary wordlist.\n"); + } - /* Calculate Total Number of passwords for attack */ - while( fgets(passwd, sizeof(passwd), in_file) != NULL ) { - wordcount++; - } - rewind(in_file); - printf("[+] Attempting Dictionary Attack with %d passwords of the dictionary %s\n",wordcount,dictFile); for(i=1;i<=reqPacketCount;i++) { @@ -360,7 +370,7 @@ buf[0] = id[i]; strncpy(buf+1, passwd, strlen(passwd)); if ( verbosity ) { - printf("[+] Trying Passwd %d of %d: %s",passwdcount,wordcount,passwd); + printf("[+] Trying Passwd %lu of %lu: %s",passwdcount,wordcount,passwd); } buffer_length = strlen(buf)-1; memcpy(buf+buffer_length, reqChalValue,SIG_SIZE); @@ -382,7 +392,7 @@ } gettimeofday(&finish, 0); printf("[+] Password found: %s", passwd); - printf("[+] Password found at line %d of the dictionary file.\n",passwdcount); + printf("[+] Password found at line %lu of the dictionary file.\n",passwdcount); passwdFoundFlag=1; break; }