cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1258
Views
0
Helpful
2
Replies

EEM script to change guest SSID to always include current time and change the psk

ian.m.covington
Level 1
Level 1

Below is a script I wrote that changes the guest SSID on my Cisco access point to always tell the current time. It also changes the pre-shared key every time the script runs. There is no way to connect using guest SSID. It is just a way to have fun with the neighbors and visitors. Feel free to use and share!

##################

event manager applet ssid-clock
event timer watchdog name ssid-clock-timer time 30
action 0.00 cli command "enable"
action 0.01 cli command "configure terminal"
action 1.00 cli command "do sho run | sec dot11 ssid CurrentTimeIs"
action 1.01 regexp "[A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9]" "$_cli_result" key
action 2.00 cli command "do show run | inc dot11 ssid CurrentTimeIs[0-9]"
action 2.01 gets $_cli_result
action 2.02 cli command "no $_cli_result"
action 2.03 cli command "do show run | inc ^ssid CurrentTimeIs[0-9]"
action 2.04 gets $_cli_result
action 2.05 cli command "interface Dot11Radio0/1/0"
action 2.06 cli command "no $_cli_result"
action 2.07 cli command "exit"
action 3.00 cli command "do show clock"
action 3.01 gets $_cli_result
action 3.02 regexp "[0-9][0-9]" "$_cli_result" hours
action 3.03 cli command "do show clock"
action 3.04 gets $_cli_result
action 3.05 regexp ":[0-9][0-9]" "$_cli_result" minutes
action 3.06 gets $minutes
action 3.07 regexp "[0-9][0-9]" "$minutes" minutes
action 4.00 cli command "configure terminal"
action 4.01 cli command "dot11 ssid CurrentTimeIs$hours$minutes"
action 4.02 cli command "wpa-psk ascii $key"
action 4.03 cli command "guest-mode"
action 4.04 cli command "exit"
action 4.05 cli command "interface Dot11Radio0/1/0"
action 4.06 cli command "ssid CurrentTimeIs$hours$minutes"
action 4.07 cli command "exit"
action 5.00 exit

##################

2 Replies 2

Joe Clarke
Cisco Employee
Cisco Employee

Nice EEM learning exercise.  Though I suppose one could predict the next SSID and key and be ready for it :-).

In any event, can you redo this as a Document in this forum?  Thanks.

It would definitely be reasonable to predict, especially if the attacker had knowledge of how many characters of the previous encrypted key were used for the next key and the limited number of possible character values.

For this script to work as is, a couple lines of config should be in place to match what the EEM script looks for. This seeds the $key value needed for it to work correctly. Otherwise you run into the "chicken or the egg" problem.

I've recreated this as a document. Let me know if you'd like this discussion removed.

Thanks,

Ian