Skip to content

CommandInWiFi: Investigating Command Injection Flaws in WiFi Access Point Storage

License

Notifications You must be signed in to change notification settings

V33RU/CommandInWiFi-Zeroclick

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CommandInWiFi

CommandInWiFi sticker

Investigating Command Injection Flaws in WiFi Access Point Storage
Inspired by Zero-Click Attacks


Disclaimer

this project under building..
  • Purpose of the Code: For testing or educational purposes only. Use ethically and legally.
  • IoT Security Testing: Ideal for IoT Security Engineers for penetration testing to assess device behavior under different network conditions.

Description

This code Creates Wi-Fi SSIDs based provided payload data names, focussing on how these devices save and discover SSIDs. Some devices may use SSID names as payload carriers, which can be executed at the bash level. This vulnerability ranges from causing Denial of Service (DoS) to Remote Code Execution (RCE), including unauthorized port access, impacting Wi-Fi network-based IoT devices significantly. The code aims to reboot devices when they encounter a pre-set payload-bearing SSID.

Status Condition
SAFE Device does not reboot.
UNSAFE Device reboots upon encountering a specific SSID or at user-defined intervals.

Target Devices Vulnerable to Zero-Click Attacks

S.No Description of Vulnerable Devices Level of Impact Risk
1. Devices that join open Wi-Fi networks or execute payloads during discovery Zero-Click
2. Devices reading SSIDs as bash-level commands with user interaction or after some time period of saved network ssid Critical
3. Devices storing data in a payload format with special charactors are not getting encrypted - here we need to max trial and error Low Risk

Proof of Concept (PoC)


Todo List

  • Build framework
  • Add function to discover vulnerable devices
  • Document the project
  • Include vulnerable source code
  • Compile a payload list
  • Develop terminal base tool
  • Add other test cases
    • Active payloads for OS Command Injection in IoT Devices
    • bluetooth
    • NFC - not started yet
    • Includes more in future

Referral Links

About

CommandInWiFi: Investigating Command Injection Flaws in WiFi Access Point Storage

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published