Hash subroutines, attack subroutines, & bug fixes.

Implemented modular hash and attack subroutines. Fixed minor bugs with script startup.
2018-01-06 22:21:37 -06:00 · 2018-01-06 22:21:37 -06:00 · 1613eec221
parent 7987e28b56
commit 1613eec221
2 changed files with 375 additions and 98 deletions
--- a/300
+++ b/300
@ -90,7 +90,7 @@ declare -r FLUXIONCLIArguments=$FLUXIONCLIArguments
 # ============= < Argument Loaded Configurables > ============ #
 eval set -- "$FLUXIONCLIArguments" # Set environment parameters.
-[ "$1" ] && declare -r FLUXIONAuto=1 # Auto-mode if using CLI.
+[ "$1" != "--" ] && declare -r FLUXIONAuto=1 # Auto-mode if using CLI.
 while [ "$1" != "--" ]; do
  case "$1" in
@ -478,33 +478,35 @@ function fluxion_do_sequence() {
  # The for-loop implementation must support the subroutines
  # defined above, including updating the namespace tracker.
-  local -r namespace=$1
+  local -r __fluxion_do_sequence__namespace=$1
-  local -r sequence=("${!2}")
+  local -r __fluxion_do_sequence__sequence=("${!2}")
-  if [ ${#sequence[@]} -eq 0 ]; then return -2; fi
+  if [ ${#__fluxion_do_sequence__sequence[@]} -eq 0 ]; then
    return -2
  fi
-  local -A index=()
+  local -A __fluxion_do_sequence__index=()
  local i
-  for i in $(seq ${#sequence[@]}); do
+  for i in $(seq ${#__fluxion_do_sequence__sequence[@]}); do
-    index["${sequence[i-1]}"]=$i
+    __fluxion_do_sequence__index["${__fluxion_do_sequence__sequence[i-1]}"]=$i
  done
-  local instruction=${sequence[0]}
+  local __fluxion_do_sequence__instruction=${__fluxion_do_sequence__sequence[0]}
-  while [ "$instruction" ]; do
+  while [ "$__fluxion_do_sequence__instruction" ]; do
-    if ! fluxion_do $namespace $instruction; then
+    if ! fluxion_do $__fluxion_do_sequence__namespace $__fluxion_do_sequence__instruction; then
-      if ! fluxion_undo $namespace
+      if ! fluxion_undo $__fluxion_do_sequence__namespace
        then break
      fi
    fi
    if ! fluxion_done; then return -3; fi
-    local instructionIndex=${index["$FluxionDone"]}
+    local __fluxion_do_sequence__instructionIndex=${__fluxion_do_sequence__index["$FluxionDone"]}
-    if [ ! "$instructionIndex" ]; then return -4; fi
+    if [ ! "$__fluxion_do_sequence__instructionIndex" ]; then return -4; fi
-    instruction=${sequence["$instructionIndex"]}
+    __fluxion_do_sequence__instruction=${__fluxion_do_sequence__sequence["$__fluxion_do_sequence__instructionIndex"]}
  done
 }
@ -1007,9 +1009,279 @@ function fluxion_get_target() {
  FLUXIONGetTargetRogueMAC="${FLUXIONGetTargetMAC::13}${rogueMACHex:1:1}${FLUXIONGetTargetRogueMAC:14:4}"
 }
 function fluxion_target_show() {
  format_apply_autosize "%*s$CBlu%7s$CClr: %-32s%*s\n"
  local colorlessFormat="$FormatApplyAutosize"
  local colorfullFormat=$(echo "$colorlessFormat" | sed -r 's/%-32s/%-32b/g')
  printf "$colorlessFormat" "" "ESSID" "\"${FLUXIONGetTargetSSID:-[N/A]}\" / ${FLUXIONGetTargetEncryption:-[N/A]}" ""
  printf "$colorlessFormat" "" "Channel" "${FLUXIONGetTargetChannel:-[N/A]}" ""
  printf "$colorfullFormat" "" "BSSID" "${FLUXIONGetTargetMAC:-[N/A]} ($CYel${FLUXIONGetTargetMaker:-[N/A]}$CClr)" ""
  echo
 }
 # =================== < Hash Subroutines > =================== #
 # Parameters: <hash path> <bssid> <essid> [channel [encryption [maker]]]
 function fluxion_hash_verify() {
  if [ ${#@} -lt 3 ]; then return 1; fi
  local -r hashPath=$1
  local -r hashBSSID=$2
  local -r hashESSID=$3
  local -r hashChannel=$4
  local -r hashEncryption=$5
  local -r hashMaker=$6
  if [ ! -f "$hashPath" -o ! -s "$hashPath" ]; then
    echo -e "$FLUXIONVLine $FLUXIONHashFileDoesNotExistError"
    sleep 3
    return 2
  fi
  if [ "$FLUXIONAuto" ]; then
    local -r verifier="pyrit"
  else
    fluxion_header
    echo -e "$FLUXIONVLine $FLUXIONHashVerificationMethodQuery"
    echo
    fluxion_show_ap_info
      "$hashESSID" \
      "$hashEncryption" \
      "$hashChannel" \
      "$hashBSSID" \
      "$hashMaker"
    local choices=( \
      "$FLUXIONHashVerificationMethodPyritOption" \
      "$FLUXIONHashVerificationMethodAircrackOption" \
      "$FLUXIONGeneralBackOption" \
    )
    io_query_choice "" choices[@]
    echo
    case "$IOQueryChoice" in
      "$FLUXIONHashVerificationMethodPyritOption")
        local -r verifier="pyrit" ;;
      "$FLUXIONHashVerificationMethodAircrackOption")
        local -r verifier="aircrack-ng" ;;
      "$FLUXIONGeneralBackOption")
        return -1 ;;
    esac
  fi
  hash_check_handshake \
    "$verifier" \
    "$hashPath" \
    "$APTargetSSID" \
    "$APTargetMAC"
  local -r hashResult=$?
  # A value other than 0 means there's an issue with the hash.
  if [ $hashResult -ne 0 ]; then
    echo -e "$FLUXIONVLine $FLUXIONHashInvalidError"
  else
    echo -e "$FLUXIONVLine $FLUXIONHashValidNotice"
  fi
  sleep 3
  if [ $hashResult -ne 0 ]; then return 1; fi
 }
 function fluxion_hash_unset_path() {
  FluxionHashPath=""
 }
 # Parameters: <hash path> <bssid> <essid> [channel [encryption [maker]]]
 function fluxion_hash_set_path() {
  if [ "$FluxionHashPath" ]; then return 0; fi
  fluxion_hash_unset_path
  local -r hashPath=$1
  # If we've got a default path, check if a hash exists.
  # If one exists, ask users if they'd like to use it.
  if [ "$hashPath" -a -f "$hashPath" -a -s "$hashPath" ]; then
    local choices=( \
      "$FLUXIONUseFoundHashOption" \
      "$FLUXIONSpecifyHashPathOption" \
      "$FLUXIONHashSourceRescanOption" \
      "$FLUXIONGeneralBackOption" \
    )
    fluxion_header
    echo -e "$FLUXIONVLine $FLUXIONFoundHashNotice"
    echo -e "$FLUXIONVLine $FLUXIONUseFoundHashQuery"
    echo
    io_query_choice "" choices[@]
    echo
    case "$IOQueryChoice" in
      "$FLUXIONUseFoundHashOption")
        FluxionHashPath=$hashPath
        return ;;
      "$FLUXIONHashSourceRescanOption")
        fluxion_hash_set_path "$hashPath"
        return $? ;;
      "$FLUXIONGeneralBackOption")
        return -1 ;;
    esac
  fi
  while [ ! "$FluxionHashPath" ]; do
    fluxion_header
    echo
    echo -e "$FLUXIONVLine $FLUXIONPathToHandshakeFileQuery"
    echo -e "$FLUXIONVLine $FLUXIONPathToHandshakeFileReturnTip"
    echo
    echo -ne "$FLUXIONAbsolutePathInfo: "
    read FluxionHashPath
    # Back-track when the user leaves the hash path blank.
    # Notice: Path is cleared if we return, no need to unset.
    if [ ! "$FluxionHashPath" ]; then return -1; fi
    # Make sure the path points to a valid generic file.
    if [ ! -f "$FluxionHashPath" -o ! -s "$FluxionHashPath" ]; then
      echo -e "$FLUXIONVLine $FLUXIONEmptyOrNonExistentHashError"
      sleep 5
      fluxion_hash_unset_path
    fi
  done
 }
 # Paramters: <defaultHashPath> <bssid> <essid>
 function fluxion_hash_get() {
  # Assure we've got the bssid and the essid passed in.
  if [ ${#@} -lt 2 ]; then return 1; fi
  if ! fluxion_hash_set_path "$1"; then return $?; fi
  # TODO: People are gonna bitch about this, I can already tell:
  # "The back button isn't taking me back!" So yeah, fix this.
  if ! fluxion_hash_verify "$@"; then return $?; fi
  # Copy to hash file to workspace for operations.
  cp "$APTargetHashPath" "$hashPath"
 }
 # ================== < Attack Subroutines > ================== #
 function fluxion_unset_attack() {
  FluxionAttack=""
 }
 function fluxion_set_attack() {
  if [ "$FluxionAttack" ]; then return 0; fi
  fluxion_unset_attack
  fluxion_header
  echo -e "$FLUXIONVLine $FLUXIONAttackQuery"
  echo
  fluxion_target_show
  local attacks
  readarray -t attacks < <(ls -1 attacks)
  local descriptions
  readarray -t descriptions < <(head -n 3 attacks/*/language/$FLUXIONLanguage.sh | grep -E "^# description: " | sed -E 's/# \w+: //')
  local identifiers=()
  local attack
  for attack in "${attacks[@]}"; do
    local identifier="$(head -n 3 "attacks/$attack/language/$FLUXIONLanguage.sh" | grep -E "^# identifier: " | sed -E 's/# \w+: //')"
    if [ "$identifier" ]; then identifiers+=("$identifier")
      else identifiers+=("$attack")
    fi
  done
  attacks+=("$FLUXIONGeneralExitOption")
  identifiers+=("$FLUXIONGeneralExitOption")
  descriptions+=("")
  io_query_format_fields "" "\t$CRed[$CSYel%d$CClr$CRed]$CClr%0.0s $CCyn%b$CClr %b\n" attacks[@] identifiers[@] descriptions[@]
  echo
  if [ "${IOQueryFormatFields[1]}" = "$FLUXIONGeneralExitOption" ]; then
    fluxion_shutdown
  fi
  FluxionAttack=${IOQueryFormatFields[0]}
 }
 function fluxion_unprep_attack() {
  if type -t unprep_attack &> /dev/null; then
    unprep_attack
  fi
  return 1 # Trigger another undo since prep isn't significant.
 }
 function fluxion_prep_attack() {
  local -r path="$FLUXIONPath/attacks/$FluxionAttack"
  if [ ! -x "$path/attack.sh" ]; then return 1; fi
  if [ ! -x "$path/language/$FLUXIONLanguage.sh" ]; then return 2; fi
  # Load attack and its corresponding language file.
  # Notice: If the attack is a targetted attack, sourcing
  # will define the constant FLUXIONAttackTargetted.
  source "$path/language/$FLUXIONLanguage.sh"
  source "$path/attack.sh"
  if ! prep_attack "$@"; then
    fluxion_unprep_attack
    return 1
  fi
 }
 function fluxion_run_attack() {
  start_attack
  local choices=( \
    "$FLUXIONSelectAnotherAttackOption" \
    "$FLUXIONGeneralExitOption" \
  )
  io_query_choice \
    "`io_dynamic_output $FLUXIONAttackInProgressNotice`" choices[@]
  echo
  # IOQueryChoice is a global, meaning, its value is volatile.
  # We need to make sure to save the choice before it changes.
  local choice="$IOQueryChoice"
  stop_attack
  if [ "$choice" = "$FLUXIONGeneralExitOption" ]; then
    fluxion_handle_exit
  fi
  fluxion_unset_attack
 }
 # ============================================================ #
--- a/lib/HashUtils.sh
+++ b/lib/HashUtils.sh
@ -6,46 +6,45 @@ readonly HashUtilsVersion="1.0"
 HashOutputDevice="/dev/stdout"
 function hash_check_handshake() {
-  local handshakeVerifier=$1
+  local -r handshakeVerifier=$1
-  local handshakePath=$2
+  local -r handshakePath=$2
-  local handshakeAPSSID=$3
+  local -r handshakeAPSSID=$3
-  local handshakeAPMAC=$4
+  local -r handshakeAPMAC=$4
-  local analysis
+  echo "Verifier Parameters: $handshakeVerifier, path $handshakePath, SSID \"$handshakeAPSSID\", MAC $handshakeAPMAC" > $HashOutputDevice
  local hashData
-  echo "Verifier Parameters: $handshakeVerifier, path $handshakePath, SSID \"$handshakeAPSSID\", MAC $handshakeAPMAC" >$HashOutputDevice
+  local analysis # Since it's being used in all relevant instances.
  case "$handshakeVerifier" in
-  "pyrit")
+    "pyrit")
-    readarray analysis < <(pyrit -r "$handshakePath" analyze 2>$HashOutputDevice)
+      readarray analysis < <(pyrit -r "$handshakePath" analyze 2> $HashOutputDevice)
-    if [ "${#analysis[@]}" -eq 0 -o $? != 0 ]; then
+      if [ "${#analysis[@]}" -eq 0 -o $? != 0 ]; then
-      echo "Error: pyrit seems to be broken!" >$HashOutputDevice
+        echo "Error: pyrit seems to be broken!" > $HashOutputDevice
        return 1
      fi
      local hashMeta=$(echo "${analysis[@]}" | grep -F "AccessPoint ${handshakeAPMAC,,} ('$handshakeAPSSID')")
      if [ "$hashMeta" ]; then
        local hashID=$(echo "$hashMeta" | awk -F'[ #:]' '{print $3}')
        local hashData=$(echo "${analysis[@]}" | awk "\$0~/#$hashID: HMAC_SHA[0-9]+_AES/{ print \$0 }")
      else
        echo "No valid hash meta was found for \"$handshakeAPSSID\"" > $HashOutputDevice
      fi
      ;;
    "aircrack-ng")
      readarray analysis < <(aircrack-ng "$handshakePath" 2> $HashOutputDevice)
      if [ "${#analysis[@]}" -eq 0 -o $? != 0 ]; then
        echo "Error: aircrack-ng seems to be broken!" > $HashOutputDevice
        return 1
      fi
      local hashData=$(echo "${analysis[@]}" | grep -E "${handshakeAPMAC^^}\s+" | grep -F "$handshakeAPSSID")
      ;;
    *)
      echo "Invalid verifier, quitting!" > $HashOutputDevice
      return 1
-    fi
+      ;;
    local hashMeta=$(echo "${analysis[@]}" | grep -F "AccessPoint ${handshakeAPMAC,,} ('$handshakeAPSSID')")
    if [ "$hashMeta" ]; then
      local hashID=$(echo "$hashMeta" | awk -F'[ #:]' '{print $3}')
      hashData=$(echo "${analysis[@]}" | awk "\$0~/#$hashID: HMAC_SHA[0-9]+_AES/{ print \$0 }")
    else
      echo "No valid hash meta was found for \"$handshakeAPSSID\"" >$HashOutputDevice
    fi
    ;;
  "aircrack-ng")
    readarray analysis < <(aircrack-ng "$handshakePath" 2>$HashOutputDevice)
    if [ "${#analysis[@]}" -eq 0 -o $? != 0 ]; then
      echo "Error: aircrack-ng seems to be broken!" >$HashOutputDevice
      return 1
    fi
    hashData=$(echo "${analysis[@]}" | grep -E "${handshakeAPMAC^^}\s+" | grep -F "$handshakeAPSSID")
    ;;
  *)
    echo "Invalid verifier, quitting!"
    return 1
    ;;
  esac
  if [ -z "$hashData" ]; then
@ -53,18 +52,24 @@ function hash_check_handshake() {
    return 1
  fi
  local hashResult
  case "$handshakeVerifier" in
-  "pyrit") hashResult=$(echo "$hashData" | grep "good") ;;
+    "pyrit")
-  "aircrack-ng") hashResult=$(echo "$hashData" | grep "(1 handshake)") ;;
+      if echo "$hashData" | grep -qF "good"; then
        local -r hashResult=1
      fi ;;
    "aircrack-ng")
      if echo "$hashData" | grep -qE "\([0-9]+ handshake\)"; then
        local -r hashResult=1
      fi ;;
  esac
  if [ -z "$hashResult" ]; then
-    echo "Invalid hash for $handshakeAPSSID ($handshakeAPMAC)!"
+    echo "Invalid hash for $handshakeAPSSID ($handshakeAPMAC)!" > $HashOutputDevice
    HASHCheckHandshake="invalid"
    return 1
  else
-    echo "Valid hash for $handshakeAPSSID ($handshakeAPMAC)!"
+    echo "Valid hash for $handshakeAPSSID ($handshakeAPMAC)!" > $HashOutputDevice
    HASHCheckHandshake="valid"
  fi
 }