Published on May 16th, 2016 | by MaxiSoler


CROZONO Framework v1.0 – Hacking with Drones & Robots

CROZONO is focused on the development of a modular attack framework that enables the user to perform automated penetration tests on security perimeters from non-conventional mobile devices that could ease the access to the physical medium of a wireless network (drones, robots, remote controlled prototypes, etc.).

CROZONO has the capability of performing automated attacks and targeted to a network or a group of networks, and to take decisions -without the need of the attacker’s intervention- on which attacks to perform based on pre-established parameters and the information gathered about its target.

The goal of CROZONO is to breach a network and compromise one or more stations on it. To achieve it, it includes several modules that implement diverse attacks for WLAN and LAN.



CROZONO is a smart framework: it adjusts its hardware configuration automatically, it looks for the target and knows how to choose it; it performs the adequate attack for the current target network and once it succeeds, it creates a map of the network obtaining information on each active station, and performs the specified attack. Among the available attacks, there are sniffing & MITM attacks, MITM attacks deploying Evilgrade payloads, or exploits launched by the use of the Metasploit framework. These attacks, once performed, establish a reverse shell connection sending the information gathered to the attacker, via the victim’s network connection.

In order to achieve this, CROZONO performs, in summary, the following steps: Upon starting, it sets up its hardware, which implies detecting the current USB WiFi adapter, setting it to monitor mode, spoofing its MAC address, among other settings. Then it obtains information about all nearby access points (which takes around 60 seconds). Based on the information it gathers, CROZONO will decide which one will be its target (unless previously specified). For such task, it will consider signal strength and initialization vectors (IV’s) captured.

Upon launching the attack on the WiFi network, CROZONO analyzes the target’s privacy settings (WEP, WPA/WPA2, WPA/WPA2 with WPS) to quickly perform the appropriate attack based on the security protocol implemented. The framework will try to crack the network in the quickest possible way, by implementing several attack modules and deciding on which to use. If eventually the attack selected by CROZONO were not successful, it will change to another type of attack, considering the security level configured by the victim.

In case CROZONO was unable to obtain the password for the WiFi access point, it will save the captured information (for example, the WPA/WPA2 handshake) and the attacking device will have the option to return to its starting point, so that the attacker is able to perform an offline attack with more processing power. Once the password could be obtained, it is possible to provide CROZONO with the cracked password in order for it to go back to the access point and carry on with the second phase of the attack, this time targeting the LAN.

Once the access point’s password has been found, CROZONO modifies its hardware configuration and connects to the network. Herein lies the biggest threat for the victim, as CROZONO performs a full scan of the network, gathering information about each terminal and its services and open ports; and relaying this information back to the attacker in real time, executing at the same time the pre-defined attack, e.g.: sniffing and MITM, or access to a network system using Evilgrade, sending the attacker a Meterpreter session or any other agent (by using the victim’s local network connection).

More Information: here

Thanks to our friends Sheila and Pablo for sharing this tool with us. 😉

Tags: , , , , ,

About the Author

www.artssec.com @maxisoler

Back to Top ↑