From 33a22c1eaaab6e2b781cf1ec0e17e9a01b3384a4 Mon Sep 17 00:00:00 2001 From: Matias Barcenas Date: Thu, 21 Dec 2017 20:43:50 -0600 Subject: [PATCH] Added support for UTF-8 ESSIDs & bug fixes. Added support for ESSIDs containing non-ASCII and other special characters. Fixed a bug which would prevent exiting when the debug flag was active. Fixed a bug where attacks' unprep_attack wasn't being called on abort. Fixed a bug where fluxion_show_ap_info was escaping some ESSIDs. Added better logging messages to HashUtils. Added support for special characters to HashUtils. --- fluxion.sh | 44 ++++++++++++++++++++++++++++---------------- lib/HashUtils.sh | 12 +++++++----- 2 files changed, 35 insertions(+), 21 deletions(-) diff --git a/fluxion.sh b/fluxion.sh index f506d02..e3313f8 100755 --- a/fluxion.sh +++ b/fluxion.sh @@ -156,7 +156,7 @@ function fluxion_exitmode() { clear - exit + exit 0 } # Delete log only in Normal Mode ! @@ -186,6 +186,7 @@ fi function fluxion_handle_abort_attack() { if [ $(type -t stop_attack) ]; then stop_attack &> $FLUXIONOutputDevice + unprep_attack &> $FLUXIONOutputDevice else echo "Attack undefined, can't stop anything..." > $FLUXIONOutputDevice fi @@ -198,6 +199,7 @@ trap fluxion_handle_abort_attack SIGABRT function fluxion_handle_exit() { fluxion_handle_abort_attack fluxion_exitmode + exit 1 } # In case of unexpected termination, run fluxion_exitmode @@ -559,7 +561,7 @@ function fluxion_run_scanner() { fi # Begin scanner and output all results to "dump-01.csv." - if ! xterm $FLUXIONHoldXterm -title "$FLUXIONScannerHeader" $TOPLEFTBIG -bg "#000000" -fg "#FFFFFF" -e "airodump-ng -Mat WPA "${2:+"--channel $2"}" "${3:+"--band $3"}" -w \"$FLUXIONWorkspacePath/dump\" $1" 2> /dev/null; then + if ! xterm -title "$FLUXIONScannerHeader" $TOPLEFTBIG -bg "#000000" -fg "#FFFFFF" -e "airodump-ng -Mat WPA "${2:+"--channel $2"}" "${3:+"--band $3"}" -w \"$FLUXIONWorkspacePath/dump\" $1" 2> /dev/null; then echo -e "$FLUXIONVLine$CRed $FLUXIONGeneralXTermFailureError"; sleep 5; return 1 fi @@ -636,14 +638,18 @@ function fluxion_set_target_ap() { local i=${#TargetAPCandidatesMAC[@]} - TargetAPCandidatesMAC[i]=$(echo $candidateAPInfo | cut -d , -f 1) + TargetAPCandidatesMAC[i]=$(echo "$candidateAPInfo" | cut -d , -f 1) TargetAPCandidatesClientsCount[i]=$(echo "${TargetAPCandidatesClients[@]}" | grep -c "${TargetAPCandidatesMAC[i]}") - TargetAPCandidatesChannel[i]=$(echo $candidateAPInfo | cut -d , -f 4) - TargetAPCandidatesSecurity[i]=$(echo $candidateAPInfo | cut -d , -f 6) - TargetAPCandidatesPower[i]=$(echo $candidateAPInfo | cut -d , -f 9) - TargetAPCandidatesESSID[i]=$(echo $candidateAPInfo | cut -d , -f 14 | tr -d "'" | tr -d "\"" | tr -d "<" | tr -d ">" | tr -d "&") + TargetAPCandidatesChannel[i]=$(echo "$candidateAPInfo" | cut -d , -f 4) + TargetAPCandidatesSecurity[i]=$(echo "$candidateAPInfo" | cut -d , -f 6) + TargetAPCandidatesPower[i]=$(echo "$candidateAPInfo" | cut -d , -f 9) TargetAPCandidatesColor[i]=$([ ${TargetAPCandidatesClientsCount[i]} -gt 0 ] && echo $CGrn || echo $CClr) + # Parse any non-ascii characters by letting bash handle them. + # Just escape all single quotes in ESSID and let bash's $'...' handle it. + local sanitizedESSID=$(echo "${candidateAPInfo//\'/\\\'}" | cut -d , -f 14) + TargetAPCandidatesESSID[i]=$(eval "echo \$'$sanitizedESSID'") + local power=${TargetAPCandidatesPower[i]} if [ $power -eq -1 ]; then # airodump-ng's man page says -1 means unsupported value. @@ -684,9 +690,12 @@ function fluxion_set_target_ap() { APTargetMakerID=${APTargetMAC:0:8} APTargetMaker=$(macchanger -l | grep ${APTargetMakerID,,} | cut -d ' ' -f 5-) - # Remove any special characters allowed in WPA2 ESSIDs for normalization. - # Removing: ' ', '[', ']', '(', ')', '*', ':' - APTargetSSIDClean="`echo "$APTargetSSID" | sed -r 's/( |\[|\]|\(|\)|\*|:)*//g'`" + # Sanitize network ESSID to normalize it and make it safe for manipulation. + # Notice: Why remove these? Because some smartass might decide to name their + # network something like "; rm -rf / ;". If the string isn't sanitized accidentally + # shit'll hit the fan and we'll have an extremely distressed person subit an issue. + # Removing: ' ', '/', '.', '~' + APTargetSSIDClean=$(echo "$APTargetSSID" | sed -r 's/( |\/|\.|\~)+/_/g') # We'll change a single hex digit from the target AP's MAC address. # This new MAC address will be used as the rogue AP's MAC address. @@ -695,11 +704,14 @@ function fluxion_set_target_ap() { } function fluxion_show_ap_info() { - format_apply_autosize "%*s$CBlu%7s$CClr: %-32b%*s\n" + format_apply_autosize "%*s$CBlu%7s$CClr: %-32s%*s\n" - printf "$FormatApplyAutosize" "" "ESSID" "$APTargetSSID / $APTargetEncryption" "" - printf "$FormatApplyAutosize" "" "Channel" "$APTargetChannel" "" - printf "$FormatApplyAutosize" "" "BSSID" "$APTargetMAC ($CYel${APTargetMaker:-UNKNOWN}$CClr)" "" + local colorlessFormat="$FormatApplyAutosize" + local colorfullFormat=$(echo "$colorlessFormat" | sed -r 's/%-32s/-%32b/g') + + printf "$colorlessFormat" "" "ESSID" "\"$APTargetSSID\" / $APTargetEncryption" "" + printf "$colorlessFormat" "" "Channel" "$APTargetChannel" "" + printf "$colorfullFormat" "" "BSSID" "$APTargetMAC ($CYel${APTargetMaker:-UNKNOWN}$CClr)" "" echo } @@ -868,7 +880,7 @@ function fluxion_set_hash() { ###################################### < Attack > ###################################### function fluxion_unset_attack() { if [ "$FLUXIONAttack" ] - then unprep_attack + then unprep_attack fi FLUXIONAttack="" } @@ -954,7 +966,7 @@ function fluxion_run_attack() { stop_attack - if [ "$choice" = "$FLUXIONGeneralExitOption" ]; then fluxion_exitmode; fi + if [ "$choice" = "$FLUXIONGeneralExitOption" ]; then fluxion_handle_exit; fi fluxion_unset_attack } diff --git a/lib/HashUtils.sh b/lib/HashUtils.sh index b2d812a..5cdcac0 100755 --- a/lib/HashUtils.sh +++ b/lib/HashUtils.sh @@ -14,30 +14,32 @@ function hash_check_handshake() { local analysis local hashData - echo "Verifier $handshakeVerifier, path $handshakePath, SSID $handshakeAPSSID, MAC $handshakeAPMAC" > $HashOutputDevice + echo "Verifier Parameters: $handshakeVerifier, path $handshakePath, SSID \"$handshakeAPSSID\", MAC $handshakeAPMAC" > $HashOutputDevice case "$handshakeVerifier" in "pyrit") readarray analysis < <(pyrit -r "$handshakePath" analyze 2> $HashOutputDevice) if [ "${#analysis[@]}" -eq 0 -o $? != 0 ]; then - echo "pyrit seems to be broken!" + echo "Error: pyrit seems to be broken!" > $HashOutputDevice return 1 fi - local hashMeta=$(echo "${analysis[@]}" | grep "AccessPoint ${handshakeAPMAC,,} ('$handshakeAPSSID')") + local hashMeta=$(echo "${analysis[@]}" | grep -F "AccessPoint ${handshakeAPMAC,,} ('$handshakeAPSSID')") if [ "$hashMeta" ]; then local hashID=$(echo "$hashMeta" | awk -F'[ #:]' '{print $3}') hashData=$(echo "${analysis[@]}" | awk "\$0~/#$hashID: HMAC_SHA[0-9]+_AES/{ print \$0 }") + else + echo "No valid hash meta was found for \"$handshakeAPSSID\"" > $HashOutputDevice fi;; "aircrack-ng") readarray analysis < <(aircrack-ng "$handshakePath" 2> $HashOutputDevice) if [ "${#analysis[@]}" -eq 0 -o $? != 0 ]; then - echo "aircrack-ng seems to be broken!" + echo "Error: aircrack-ng seems to be broken!" > $HashOutputDevice return 1 fi - hashData=$(echo "${analysis[@]}" | grep -E "${handshakeAPMAC^^}\s+$handshakeAPSSID");; + hashData=$(echo "${analysis[@]}" | grep -E "${handshakeAPMAC^^}\s+" | grep -F "$handshakeAPSSID");; *) echo "Invalid verifier, quitting!"; return 1;; esac