PDA

View Full Version : FrankenScript by Slim76 - It Attacks Access Points and .pcap files



Pages : 1 [2]

Quest
2015-04-30, 12:05
quite obvious that the script counts the dotted lines as an entree. Can you tell it to ignore the dotted lines? So that 1. correspond to the first result, and not the dotted lines.

EDIT:

and btw, the original problem that I mistook for just a weird AP, was in fact the problem here. Where the essid was followed by dotted lines, trowing everything after that offset. So there is a big clue in Wash_Network_Scan-2.txt

slim76
2015-04-30, 12:17
quite obvious that the script counts the dotted lines as an entree. Can you tell it to ignore the dotted lines? So that 1. correspond to the first result, and not the dotted lines.

EDIT:

and btw, the original problem that I mistook for just a weird AP, was in fact the problem here. Where the essid was followed by dotted lines, trowing everything after that offset. So there is a big clue in Wash_Network_Scan-2.txt

Yeah the dotted lines are obviously whats causing your problem, can't believe it kept getting overlooked.
I'll make some changes and should upload it very soon for you to test. :-)

Quest
2015-04-30, 12:23
ok, but if mi rig explodes I'm calling my lawyers.

just a thought, if the script detects and eliminates double entrees (like the dotted lines), then if the dotted lines are not lined up perfectly they will appear twice, as observed in the Scan Results.

slim76
2015-04-30, 12:42
I think I've already solved that problem with a single sed command :-)
Recheck the wpa attack too. ;-)

Try this one:
http://www66.zippyshare.com/v/0vgOeFOf/file.html

Quest
2015-04-30, 13:06
will post a pic later so you can see, but now

1. the window went from being too large, to too narrow.
2. essid is not there.
3 it's all messed up
4 attacks don't work. Just hangs.

Slim the dotted line serve a purpose. It keeps the format of the window. Without it things are messed up. You'll see in the pic. Have to go in Windows to run that pic in Photoshop first.

I cannot believe that you don't get the same results on your installation. It would be super useful if you could get your rig straight, to see what we all see.

Quest
2015-04-30, 13:13
566 that's what it looks like.

slim76
2015-04-30, 13:28
will post a pic later so you can see, but now

1. the window went from being too large, to too narrow.
2. essid is not there.
3 it's all messed up
4 attacks don't work. Just hangs.

Slim the dotted line serve a purpose. It keeps the format of the window. Without it things are messed up. You'll see in the pic. Have to go in Windows to run that pic in Photoshop first.

I cannot believe that you don't get the same results on your installation. It would be super useful if you could get your rig straight, to see what we all see.

No, the dotted lines serve no purpose cause it's all being reformatted.
Who's we all LOL, Only two people including your self have reported this issue. LOL
I've tested FrankenScript on two different computers, one desktop pc and one laptop and FrankenScript functioned correctly on both machines.

What does the ScanResults.txt look like now?.

Quest
2015-04-30, 13:43
ok, let's wait for more feedback then, because if only me and nuroo have that problem it makes you chase ghosts.

I'm running Kali 1.1.0a x64 btw, not that it would change anything. Really curious where the difference is.

Did you do your test on 2 different comps with the same USB installation? If so, that might be the problem. Could you format that USB pendrive and reinstall fresh?

I'll do the same. Let's get this solved at least. Takes 30mins then we'll be on the same page. See you in a bit.

Quest
2015-04-30, 14:06
now get this.

I've installed the first version FrankenScript_Portable.26.April.2015.tar.gz, on my Kali 1.1.0a i386 USB

I'm seeing what you're seeing. No problems at all. No doted lines.

could it be a x64 vs i386 issue? What's your version x64 or i386?

slim76
2015-04-30, 14:07
ok, let's wait for more feedback then, because if only me and nuroo have that problem it makes you chase ghosts.

I'm running Kali 1.1.0a x64 btw, not that it would change anything. Really curious where the difference is.

Did you do your test on 2 different comps with the same USB installation? If so, that might be the problem. Could you format that USB pendrive and reinstall fresh?

I'll do the same. Let's get this solved at least. Takes 30mins then we'll be on the same page. See you in a bit.

Tested it on laptop and pc with kali installed to HDD, and I tested it using a kali-64bit-live usb on the desktop.

Anyway, try this one before you go through all that hassle.

http://www12.zippyshare.com/v/wGoo9X8v/file.html

Quest
2015-04-30, 14:16
well that would explain the lack of feedback if no one else is seeing what me and nuroo are seeing.

So now that everything works with on my i386 USB, lets keep the first version (FrankenScript_Portable.26.April.2015.tar.gz) and move on from there right? Because all the subsequent version after that one was ghost chasing. What do you think?

Quest
2015-04-30, 14:37
browsed the first page of this thread by mistake, and I found that bit interesting.. https://forums.kali.org/showthread.php?19913-FrankenScript-by-Slim76-It-Attacks-Access-Points-and-pcap-files&p=30226&viewfull=1#post30226

Anyways will wait to see how you want to proceed.

memasonman
2015-04-30, 14:48
Hey guys when i go to try an attack,it tells me this.

/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 504: /root/FrankenScript_Portable/Reaver/: Is a directory


also when it says "input the ammount of deauth requests to be sent" i press any number and enter and it dont do anything it keeps flashing and not sending any deauths at all,dont know why? any help would be appreciated :)

Quest
2015-04-30, 15:08
get this #2

I've fired up an older version, FrankenScript_v3.1Updated_9-10-14.deb, on my 1.1.0a x64 version (the one I'm having problems with), and did the same wash scan. The results are all messed up with the doted line.

So, it's obviously not the new version of FS that is causing this. I have no idea what is going on.

Quest
2015-04-30, 17:36
Hey guys when i go to try an attack,it tells me this.

/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 504: /root/FrankenScript_Portable/Reaver/: Is a directory


also when it says "input the ammount of deauth requests to be sent" i press any number and enter and it dont do anything it keeps flashing and not sending any deauths at all,dont know why? any help would be appreciated :)

Hi memasonman, welcome to the nuthouse where weird things happen..

Please state your version of Kali and FS version also.

memasonman
2015-04-30, 17:46
Hi memasonman, welcome to the nuthouse where weird things happen..

Please state your version of Kali and FS version also.

hi Quest yes i have the new kali 1.1.0a and FrankenScript_Portable.30th.April.2015.tar.gz

Quest
2015-04-30, 19:53
oh the "input the ammount of deauth requests to be sent" option is back in!? Thanks for informing me. Had no idea.

Will give it a spin later.

Quest
2015-04-30, 21:23
Hey guys when i go to try an attack,it tells me this.

/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 504: /root/FrankenScript_Portable/Reaver/: Is a directory
I don't know what you mean by that. Are you talking about launching an attack from the FS interface with the available choices from the menu? If so which attacks are they? Or do you mean that you tried to start a script? Because that's what it looks like to me.




also when it says "input the ammount of deauth requests to be sent" i press any number and enter and it dont do anything it keeps flashing and not sending any deauths at all,dont know why? any help would be appreciated :)

I've tried it and I think that function is not ready. I have the same result.

memasonman
2015-04-30, 22:56
ok when i pick
1] = Reaver.t6x + Pixiewps (Fixed Arguments)
it brings me to a list
[1] = Try Arguments(-a -P -K 1,2,3 -vv) Then (-a -K 1,2,3 -vv)
[2] = Try -a P -K 1 -vv (Ralink Chipset)
[3] = Try -a P -K 2 -vv (Broadcom Chipset)
[4] = Try -a P -K 3 -vv (Realtek Chipset)
[5] = Try -a K 1 -vv (Ralink Chipset)
[6] = Try -a K 2 -vv (Broadcom Chipset)
[7] = Try -a K 3 -vv (Realtek Chipset)
[8] = Try -a W 1 -vv (Belkin)
[9] = Try -a W 2 -vv (D-Link)
[r] = Return To The Main WPS Attack Menu
[p] = Proceed To Attack The Next Target, Or Quit WPS Attacks

all of these that i try from 1 to 9 gives me this
/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 603: /root/FrankenScript_Portable/Reaver/: Is a directory

i have my folder in Home and everything else works but this.??

slim76
2015-04-30, 23:17
I don't know what you mean by that. Are you talking about launching an attack from the FS interface with the available choices from the menu? If so which attacks are they? Or do you mean that you tried to start a script? Because that's what it looks like to me.




I've tried it and I think that function is not ready. I have the same result.

Ok, the wpa issue is my bad, I put the deauth option back in but didn't test it, Sorry. :-(

What does the ScanResult.txt file look like now?

slim76
2015-04-30, 23:20
Hey guys when i go to try an attack,it tells me this.

/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 504: /root/FrankenScript_Portable/Reaver/: Is a directory


also when it says "input the ammount of deauth requests to be sent" i press any number and enter and it dont do anything it keeps flashing and not sending any deauths at all,dont know why? any help would be appreciated :)

Can you post more information regarding the wps.sh error please.
What options did you choose and where abouts in the script did it happen?.

slim76
2015-04-30, 23:30
I really don't understand how people are getting different results from the same functions.
I'm thinking it must be something to do with what we have or haven't got installed in kali, or something to do with how kali has been customized.

memasonman
2015-04-30, 23:43
also theres a different line number for each one

/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 504: /root/FrankenScript_Portable/Reaver/: Is a directory

Quest
2015-04-30, 23:50
me and nuroo were both experimenting with the new Aircrack-ng suite. So it might be what is causing us to have different result. Regardless, I'm running Kali 1.1.0a i386 from now on, and all is good now, no offsets. Let's forget about the Wash Scan Results being offset, and move on.

What version of FS do you want to continue with?

Lets revert back to FrankenScript_Portable.26.April.2015.tar.gz, because after that we went on a ghost hunt, and all modifications are bound to cause problems like attacks not working.

slim76
2015-05-01, 00:01
me and nuroo were both experimenting with the new Aircrack-ng suite. So it might be what is causing us to have different result. Regardless, I'm running Kali 1.1.0a i386 from now on, and all is good now, no offsets. Let's forget about the Wash Scan Results being offset, so lets move on.

What version of FS do you want to continue with?

Lets revert back to FrankenScript_Portable.26.April.2015.tar.gz, because after that we went on a ghost hunt, and all modifications are bound to cause problems like attacks not working.

I did say I thought it was your kali setup. LOL
I'm going to upload another version just for testing, I've added some check points to help me locate the wps.sh issue memasonman mentioned.

TEST VERSION ONLY:
http://www58.zippyshare.com/v/ijvS4wQt/file.html

Quest
2015-05-01, 00:08
yes I think that you are a couple of post behind. https://forums.kali.org/showthread.php?19913-FrankenScript-by-Slim76-It-Attacks-Access-Points-and-pcap-files&p=44732&viewfull=1#post44732

But yeah, 50 posts later, the problem was on my end. I will use a dedicated Kali install to prevent such embarrassing situation from happening. That really sucked.

So start back with FrankenScript_Portable.26.April.2015.tar.gz if you can, and let's pickup from there.

slim76
2015-05-01, 01:38
yes I think that you are a couple of post behind. https://forums.kali.org/showthread.php?19913-FrankenScript-by-Slim76-It-Attacks-Access-Points-and-pcap-files&p=44732&viewfull=1#post44732

But yeah, 50 posts later, the problem was on my end. I will use a dedicated Kali install to prevent such embarrassing situation from happening. That really sucked.

So start back with FrankenScript_Portable.26.April.2015.tar.gz if you can, and let's pickup from there.

Lets just stick with the test version I posted. LOL

slim76
2015-05-01, 01:51
Hey guys when i go to try an attack,it tells me this.

/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 504: /root/FrankenScript_Portable/Reaver/: Is a directory


also when it says "input the ammount of deauth requests to be sent" i press any number and enter and it dont do anything it keeps flashing and not sending any deauths at all,dont know why? any help would be appreciated :)

Try the test version I uploaded and report back please

slim76
2015-05-01, 10:57
I'm guessing it must be working for memasonman as the person didn't reply back.

Quest
2015-05-01, 11:01
there's two problems in his post. Which one are you referring to? And also he's on an admin approval post, so his posts are delayed.

Quest
2015-05-01, 11:08
like this one appeared sometime this morning https://forums.kali.org/showthread.php?19913-FrankenScript-by-Slim76-It-Attacks-Access-Points-and-pcap-files&p=44766&viewfull=1#post44766

slim76
2015-05-01, 11:37
like this one appeared sometime this morning https://forums.kali.org/showthread.php?19913-FrankenScript-by-Slim76-It-Attacks-Access-Points-and-pcap-files&p=44766&viewfull=1#post44766

I forgot about the admin approval thing, it's a bit of a pain in the *** but I guess its done for a good reason.

Quest
2015-05-01, 12:02
yes he's got another post after that one. I still don't understand his problem. Sounds like he did not install correctly?

masonman, Did you install FS by decompressing the archive in Home > double click on FrankenScript.sh > Run in the terminal ?


ok when i pick
1] = Reaver.t6x + Pixiewps (Fixed Arguments)
it brings me to a list
[1] = Try Arguments(-a -P -K 1,2,3 -vv) Then (-a -K 1,2,3 -vv)
[2] = Try -a P -K 1 -vv (Ralink Chipset)
[3] = Try -a P -K 2 -vv (Broadcom Chipset)
[4] = Try -a P -K 3 -vv (Realtek Chipset)
[5] = Try -a K 1 -vv (Ralink Chipset)
[6] = Try -a K 2 -vv (Broadcom Chipset)
[7] = Try -a K 3 -vv (Realtek Chipset)
[8] = Try -a W 1 -vv (Belkin)
[9] = Try -a W 2 -vv (D-Link)
[r] = Return To The Main WPS Attack Menu
[p] = Proceed To Attack The Next Target, Or Quit WPS Attacks

all of these that i try from 1 to 9 gives me this
/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 603: /root/FrankenScript_Portable/Reaver/: Is a directory

i have my folder in Home and everything else works but this.??

hmm strange.

slim76
2015-05-01, 12:14
@ masonman

Use this test version and then post what the line under WPS Check Point 1 says, please.

http://www13.zippyshare.com/v/UtDGd1gJ/file.html

@ Quest
Can you test this version too please. :-)

Quest
2015-05-01, 12:56
there are no check points, and the deauth packets option still don't work. Other than that I don't see anything.

[1] = Try Arguments(-a -P -K 1,2,3 -vv) Then (-a -K 1,2,3 -vv), works here. Though cannot really test as I never had luck with the whole pixie thing, and therefore cannot compare, and confirm that it is working. nuroo might be able to.

memasonman
2015-05-01, 14:07
hi slim76, yes i tried your test one,and i cant get even the scans to show,


@Quest yes i extracted the tar file into my home folder,and then opened it up in terminal,everything works except what i posted above bud.weird.

memasonman
2015-05-01, 14:35
i tried your test one ,it showed me my scans now, it didnt before,but its the same result as the other frankenscript i used,im just registered here so my posts takes a long time to get to you ,i understand :)

slim76
2015-05-01, 14:50
there are no check points, and the deauth packets option still don't work. Other than that I don't see anything.

[1] = Try Arguments(-a -P -K 1,2,3 -vv) Then (-a -K 1,2,3 -vv), works here. Though cannot really test as I never had luck with the whole pixie thing, and therefore cannot compare, and confirm that it is working. nuroo might be able to.

I just checked the deauth options and found the problem, i did fix it but I uploaded the wrong version.
I'm scrapping the test version and sticking to just one version from now on.

I hope to have everything fixed by tonight, I've added some other functions/options and will upload it once its finished.

Quest
2015-05-01, 20:44
pixiewps 1.1 https://forums.kali.org/showthread.php?25018-Pixiewps-wps-pixie-dust-attack-tool&p=44817&viewfull=1#post44817

and a reaver-wps-fork-t6x https://github.com/t6x/reaver-wps-fork-t6x

slim76
2015-05-02, 23:53
Heres the latest version.

FrankenScript_Portable.3rd.May.2015.tar.gz:

http://www12.zippyshare.com/v/0tnn263D/file.html

I plan to make some changes to the attacks next. :-)

Quest
2015-05-03, 01:17
1. The handshake works, thank you =]

2. If I capture more than 1 handshake from different clients connected to the same AP, the latest handshake crushes the previous one? So it's not possible to capture more than 1 handshake per AP? Keep the MAC of the client rather than the name of the AP for the cap file name maybe? Or XXXXX.cap, XXXXX2.cap, XXXX3.cap? Or separate folders?

3. It's easy to loose a handshake by mistake if choosing [2] = Pyrit Handshake Validation > [1] = Check For A Good Handshake, because 90% of the time it wont pass that check and the handshake will be evaporated. So it would be better to keep the validation in a separate process because...

4. The validation process should be available on the main menu from the start. The user should be able to verify any cap file at anytime.


############# Main Menu ##############
#
# [1] = Scans & Attacks
# [2] = View Recovered Passkeys
# [3] = Handshake Validation

# [4] = Update Backup Archives
# [5] = Reinstall FrankenScript Apps
#
# [q] = Exit FrankenScript
#
######################################


Please choose an option: 3


Cheers!

slim76
2015-05-03, 10:43
1. The handshake works, thank you =]

2. If I capture more than 1 handshake from different clients connected to the same AP, the latest handshake crushes the previous one? So it's not possible to capture more than 1 handshake per AP? Keep the MAC of the client rather than the name of the AP for the cap file name maybe? Or XXXXX.cap, XXXXX2.cap, XXXX3.cap? Or separate folders?

3. It's easy to loose a handshake by mistake if choosing [2] = Pyrit Handshake Validation > [1] = Check For A Good Handshake, because 90% of the time it wont pass that check and the handshake will be evaporated. So it would be better to keep the validation in a separate process because...

4. The validation process should be available on the main menu from the start. The user should be able to verify any cap file at anytime.



Cheers!

I see your point about not being able to target and store multiple handshakes, I'll look into capturing and storing multiple handshakes soon.

Regarding the Pyrit handshake check,:
The pyrit handshake check you mention only checks for a good handshake, so you need a good handshake to pass the check.
(try getting closer to the access poin If you're getting bad handshakes)
The other pyrit handshake check option might be the option you want, it checks for a good or workable handshake, or can you use the cowpatty check.
For the reason above I won't be changing the pyrit option.

Putting a handshake validation option on the main menu doesn't make sense to me.
FrankenScript offers the option to validate the handshake after one has been captured, doing it this way saves the user time as they wouldn't need to scan for a target again or setup their system to perform another capture.
FrankenScript only captures and stores the handshakes, it doesn't offer an option to crack them yet.
So why would you want to skip the original check?, and why would you want to check it later?.

Quest
2015-05-03, 12:12
For experiments purposes. Especially considering that if I run a check at the end of the routine it will not save that cap file.

it's good that the routine offers the choice to verify the .cap file, or not. But for some, verifying a .cap is a separate process, especially is you add .cap files from a different source and would like to check them. Then it is not possible to run a cap file check with FS, as that option is not there.

Quest
2015-05-03, 12:38
have you seen that post Slim..

https://forums.kali.org/showthread.php?24286-WPS-Pixie-Dust-Attack-(Offline-WPS-Attack)&p=44838&viewfull=1#post44838


Hey guys, I am a little bit confused as to the usage of -f in the new pixiewps. It refers to mode4??? anyone kind enough to clarify?

Yes sorry I should've clarified. The --force option is used only for what I call mode 4 which is Realtek 's PRNG seed bruteforce. I was planning on adding modes selection but I didn't and I left those modes on the usage screen and I didn't want to explicitly refer to vendors in the program.

The best practice is to run the program without -f and if you get a warning saying that the router might be vulnerable to mode 4 it means that you may want to try again with -f or with another set of data that could lead you (mode 2) secret nonces = enrollee nonce. I also refer to modes because that's how the program runs internally: it tries for every possible vulnerability. When it bruteforce the new PRNG though (that is mode 4) it tests normally for a small window of time (approximately 10 days) because the new bruteforce is more consuming power.

So --force is basically used only if the router has set its time to past (more than 10 days ago). To exhaust it probably takes 20 - 30 mins. Also -f doesn't take any argument. The program just doesn't complain if you pass it some extra arguments. I gotta fix that. :)

Also would you mind replying on the pixiewps thread for program related questions? Thanks.

slim76
2015-05-03, 13:20
have you seen that post Slim..

https://forums.kali.org/showthread.php?24286-WPS-Pixie-Dust-Attack-(Offline-WPS-Attack)&p=44838&viewfull=1#post44838

FrankenScript doesn't directly interact with pixiewps, t6x's reaver mod does that job and does it nicely too. :-)
FrankenScript only interacts with t6x's reaver mod, so hopefully t6x will add something for the -f into his version of reaver.

FrankenScript will only deal with things its processed by its self, so if you captured a handshake using other means FrankenScript wont check it.
Why wouldn't you just use FrankenScript to capture the handshake in the first place, what situation would involve capturing a handshake using other means and then needing FrankenScript to check it?.

Quest
2015-05-03, 13:46
I might want to use different means of capping then regroup all .cap in one place and/or want to verify those .cap at a later time. More options = better.

Quest
2015-05-03, 13:53
https://forums.kali.org/showthread.php?25123-Reaver-modfication-for-Pixie-Dust-Attack&p=43900&viewfull=1#post43900

wash -i mon0 -g -c 2
XX:XX:XX:XX:XX:XX| 1|-68|1.0|No |AAA| D-Link| DIR-615
XX:XX:XX:XX:XX:XX| 1|-58|1.0|No |CCC| ASUSTeK Computer Inc.| RT-N56U

I luv information gathering, if you could bring FS to scan like above as an option, for each AP, after a normal wash, that would be cool.

Also, the new Airodump totally rocks. If you could extract Airodump from the Aircrack-ng suite, and make it work with FS..

https://forums.kali.org/showthread.php?25131-*News*-Aircrack-Version-1-2-rc2-Released-10-April-2015&p=44149&viewfull=1#post44149

slim76
2015-05-03, 19:38
https://forums.kali.org/showthread.php?25123-Reaver-modfication-for-Pixie-Dust-Attack&p=43900&viewfull=1#post43900


I luv information gathering, if you could bring FS to scan like above as an option, for each AP, after a normal wash, that would be cool.

Also, the new Airodump totally rocks. If you could extract Airodump from the Aircrack-ng suite, and make it work with FS..

https://forums.kali.org/showthread.php?25131-*News*-Aircrack-Version-1-2-rc2-Released-10-April-2015&p=44149&viewfull=1#post44149

I've just quickly checked airodump-ng and I think I might be able to put something together.. LOL
I'd need to make a lot of changes, but i'll still look into it.

Quest
2015-05-04, 15:08
wow major turn of events here.. https://bugs.kali.org/view.php?id=2219&nbn=2#bugnotes



Aircrack-ng v1.2 RC2 Update

Aircrack-ng is the de facto penetration tool suite – essential for any wireless penetration tests or assessments. In this latest Aircrack-ng release, amongst the normal bug fixes and code improvements there has been a significant change to airmon-ng, the tool used to put wireless cards into monitor mode. Other new and notable features are that airtun-ng is now able to decrypt WPA as well as several new airodump-ng flags, such as – -wps and – -uptime.

https://www.kali.org/penetration-testing/pixiewps-reaver-aircrack-ng-updates/

nuroo
2015-05-04, 16:18
In reaver 1.5.2, only -K1 is necessary. reaver now automatically does -K2,3.............

-K --pixie-dust=<number> [1] Run pixiewps with PKE, PKR, E-Hash1, E-Hash2 and E-Nonce (Ralink, Broadcom, Realtek)
no need to have your script execute -K1,2,3 >>> just -K1

In reaver 1.5.2 the -W1 and -W2 options are only for specific brands (belkin and dlink?). In my opinion the possible pins should not be displayed unless user attacking those brands, otherwise confusing.

As of reaver 1.5.2, user still must notice if new pixiewps 1.1 thinks router may be vulnerable to -f option, then try it manually. So that response should showed to user.

##############
If the user decides he wants a spoof/random mac address, does your script also pass the -m option to reaver
ie:
reaver -i mon0 -b 00:11:22:33:44:55:66 -m 11:00:11:00:11:00 -vv -S -N -K1
also in aireplay, the -h option:
aireplay-ng -1 6000 -o 1 -q 10 -e teddy -a 00:11:22:33:44:55:66 -h 11:00:11:00:11:00 mon0
I recommend for mac filtering routers. Reaver will still pass the real mac if above -m not used......

nuroo
2015-05-04, 16:20
wow major turn of events here.. https://bugs.kali.org/view.php?id=2219&nbn=2#bugnotes




https://www.kali.org/penetration-testing/pixiewps-reaver-aircrack-ng-updates/

+1 new Aircrack-ng is much improved. Just hate that he changed monitor naming though. I cant even test this script on other pc, because of it.

Quest
2015-05-04, 16:38
yes Slim will have to re-write everything again I suppose. All good though, and better now than later. I worry abit about massive confusion until K1.1.1 comes out, as some will not see the same things and have different results. Though we inadvertently provided Slim with a practice run with that Wash Scan Results 50 posts episode.

Thanks for the feedback. Did you have any luck with that FS pixie attack? Can you confirm that it works?

nuroo
2015-05-04, 17:00
Actually I did not. I got some association errors, from reaver. Against routers that were in range, and just attacked with command line. Could have been my fault. I will double check my process.

Curious to why Frankenstein insist on installing reaver and pixie---- i had latest versions already!! Plus no confirmation to install, Slim luv confirmation?

Quest
2015-05-04, 17:07
oh it does not install them, just decompress them in the FrankenScript_Portable. It does not change anything, but avoids the user from installing them if not installed.

Ok thanks for checking that for me because I don't have a pixie vulnerable AP, and therefore cannot really test that attack. Cheers!!

nuroo
2015-05-04, 17:13
Oh ok That is brilliant idea. Save user from having to have preinstalled. And insure script has helper apps it needs. +A

Now when script ask if I want to update archive, ill know it only means it's archive copies.

slim76
2015-05-05, 02:28
In reaver 1.5.2, only -K1 is necessary. reaver now automatically does -K2,3.............

-K --pixie-dust=<number> [1] Run pixiewps with PKE, PKR, E-Hash1, E-Hash2 and E-Nonce (Ralink, Broadcom, Realtek)
no need to have your script execute -K1,2,3 >>> just -K1

In reaver 1.5.2 the -W1 and -W2 options are only for specific brands (belkin and dlink?). In my opinion the possible pins should not be displayed unless user attacking those brands, otherwise confusing.

As of reaver 1.5.2, user still must notice if new pixiewps 1.1 thinks router may be vulnerable to -f option, then try it manually. So that response should showed to user.

##############
If the user decides he wants a spoof/random mac address, does your script also pass the -m option to reaver
ie:
reaver -i mon0 -b 00:11:22:33:44:55:66 -m 11:00:11:00:11:00 -vv -S -N -K1
also in aireplay, the -h option:
aireplay-ng -1 6000 -o 1 -q 10 -e teddy -a 00:11:22:33:44:55:66 -h 11:00:11:00:11:00 mon0
I recommend for mac filtering routers. Reaver will still pass the real mac if above -m not used......

Cheers for the info, i'll be updating the attacks soon.
I left the -W options just incase any other ap's use the same pin generation method, it's a long shot I know but still worth a try.

slim76
2015-05-05, 02:32
@ Quest

I'm currently rewriting the wpa attack script, I think you might be happy with this next one if all goes to plan. LOL

Quest
2015-05-05, 02:52
I was enjoying that latest version of FS. The new Aircrack-ng, kinda put the brakes on my fun level. The two not being compatible. Still it's for the best, and I'm sure you will bring the creature, also known as Frank, back from the dead,.. again!

RIP mon0. You will be missed :)

nuroo
2015-05-05, 15:02
Not at my computer at the moment. Can Frankenscript declock hide access points using client macs that may be connected during its scanning?

Older version of wifite, by Brian pow on github does it well. I was surprised by how many "hidden routers" it found.

Killer feature, what u guys think......lol adding extra work

Quest
2015-05-05, 21:58
oh yes, and that falls right in the information gathering category, so naturally I'm all for it.

slim76
2015-05-06, 19:56
I've got FrankenScript working with the new airmon-ng, but I'm having trouble capturing the wps info from the new airodump-ng.
When I manage to solve the airodump issue I'll upload the new version of FrankenScript. :-)

slim76
2015-05-06, 19:59
Not at my computer at the moment. Can Frankenscript declock hide access points using client macs that may be connected during its scanning?

Older version of wifite, by Brian pow on github does it well. I was surprised by how many "hidden routers" it found.

Killer feature, what u guys think......lol adding extra work

FrankenScript has 3 different scan functions:
1) iw dev scan
2) wash scan
3) airodump scan.

I could be wrong but doesn't airodump-ng decloak hidden access points automatically.

smittyrock_1
2015-05-06, 20:12
I receive an error: No usable WiFi devices were found, please fix the issue before running FrankenScript again. Is this talked about earlier in the threads? If not, what should i do?

Quest
2015-05-06, 22:47
I'm experimenting with salt, garlic and besside-ng. What makes it interesting other than being a nasty little monster, is that it come with its own .cap file cleaning "Crawler"
besside-ng-crawler <SearchDir> <CapFileOut>


http://www.aircrack-ng.org/doku.php?id=besside-ng

It's not included in the Aircrack-ng 1.2 though. Have to download Aircrack-ng SVN version.


EDIT: meh it doesn't seem to do anything right.

Quest
2015-05-07, 12:09
I receive an error: No usable WiFi devices were found, please fix the issue before running FrankenScript again. Is this talked about earlier in the threads? If not, what should i do?

Correct. The new FS is not ready yet.

OT: Do you have a pixie attack vulnerable router smittyrock?

nuroo
2015-05-07, 12:56
I've got FrankenScript working with the new airmon-ng, but I'm having trouble capturing the wps info from the new airodump-ng.
When I manage to solve the airodump issue I'll upload the new version of FrankenScript. :-)

Greet news that FrankenScript supports new aircrack because as u know, Kali officially upgraded its aricrack-ng to the newest version.

@slim
using wash maybe alot easier to parse, especially with -P option. It was intended for use by programmers, scriptwriters, embedded systems, etc., (also great on my netbook)
> wash -i mon0 -P -c1

00:00:00:00:70:2A| 1|-58|1.0|No |marg000000
00:00:00:00:AA:70| 1|-53|1.0|No |TG100000
00:00:00:00:15:00| 1|-58|1.0|No |TG10000
00:00:00:00:B4:7E| 1|-47|1.0|No |Leaf 0000000
00:00:00:00:AF:20| 1|-58|1.0|No |DG00000
00:00:00:00:93:CA| 1|-55|1.0|No |702
00:00:00:00:76:90| 1|-52|1.0|No |DG100000

slim76
2015-05-07, 19:26
I receive an error: No usable WiFi devices were found, please fix the issue before running FrankenScript again. Is this talked about earlier in the threads? If not, what should i do?

Can you provide more details.
1) What version of Frankencript are you using.

2) Are you using the new or old airmon-ng?.

3) Are you using kali-linux or a different os?.

Quest
2015-05-07, 19:28
Hey Slim!

he probably updated his Kali installation. That's what I'm getting also.

slim76
2015-05-07, 19:29
Greet news that FrankenScript supports new aircrack because as u know, Kali officially upgraded its aricrack-ng to the newest version.

@slim
using wash maybe alot easier to parse, especially with -P option. It was intended for use by programmers, scriptwriters, embedded systems, etc., (also great on my netbook)
> wash -i mon0 -P -c1

00:00:00:00:70:2A| 1|-58|1.0|No |marg000000
00:00:00:00:AA:70| 1|-53|1.0|No |TG100000
00:00:00:00:15:00| 1|-58|1.0|No |TG10000
00:00:00:00:B4:7E| 1|-47|1.0|No |Leaf 0000000
00:00:00:00:AF:20| 1|-58|1.0|No |DG00000
00:00:00:00:93:CA| 1|-55|1.0|No |702
00:00:00:00:76:90| 1|-52|1.0|No |DG100000

I've already sorted the wash scan and iw dev scan, I just need to finish the airodump scan.

Quest
2015-05-08, 03:25
you know what.. I've been thinking that it might be better for Frank to have its own Aircrack-ng, and run everything internally, independently. Otherwise it will be a huge mess until K1.1.1 comes out, or even way after it has.

That message up there from smittyrock_1, you will get alot of the same.

slim76
2015-05-08, 15:14
you know what.. I've been thinking that it might be better for Frank to have its own Aircrack-ng, and run everything internally, independently. Otherwise it will be a huge mess until K1.1.1 comes out, or even way after it has.

That message up there from smittyrock_1, you will get alot of the same.

I've sorted out all those issues already, I just need to finish editing the attacks. :-)

Quest
2015-05-08, 15:34
moreover if they make changes upstream (and there will probly be alot of that), boom back to square one, no worki. So if that's what you had in mind also great!!

Also, just a thought for future dev. Considering that many scripts don't work anymore, wouldn't that be a good time to reintroduce Script Launcher? So two Aircrack-ng? See what I mean?

slim76
2015-05-08, 18:45
moreover if they make changes upstream (and there will probly be alot of that), boom back to square one, no worki. So if that's what you had in mind also great!!

Also, just a thought for future dev. Considering that many scripts don't work anymore, wouldn't that be a good time to reintroduce Script Launcher? So two Aircrack-ng? See what I mean?

Dude that really doesn't make sense, what's the point of adding a script launcher if most of the scripts don't work anymore. Lol

Quest
2015-05-08, 18:55
They don't work because of the new Aircrack-ng. If you can make FS independent by running its own Aircrack-ng, then nothing prevents adding also the older Aircrack-ng, making the now defunct scripts work again. Daya follow me?

slim76
2015-05-08, 21:10
They don't work because of the new Aircrack-ng. If you can make FS independent by running its own Aircrack-ng, then nothing prevents adding also the older Aircrack-ng, making the now defunct scripts work again. Daya follow me?

That makes more sense to me now, and I think its actually a good idea too.
Changing things now is going to cause a further delay, so I might finish editing the attacks and then upload it, then I might make the changes

Quest
2015-05-08, 21:18
that would be great. You will save yourself alot of work in the long run, and make alot of friends in the process.

slim76
2015-05-08, 22:44
that would be great. You will save yourself alot of work in the long run, and make alot of friends in the process.

I don't mind the work really, I actually enjoy it. :-)
Make alot of friends you say LOL, dude you're about the only person that's bothered to reply and help. LOL
Well friends or no friends I'm not bothered lol, I'll add it for you cause you were good enough to help me by leaving feedback. :-)

slim76
2015-05-08, 22:45
I don't mind the work really, I actually enjoy it. :-)
Make alot of friends you say LOL, dude you're about the only person that's bothered to reply and help. LOL
Well friends or no friends I'm not bothered lol, I'll add it for you cause you were good enough to help me by leaving feedback. :-)
I'll probably need your help when I add the script launcher and options and such. :-)

I don't know what happend with this post, I was editing the previous post (At least I thought I was) but it created this post??, guess it must have been my error, sorry.

Quest
2015-05-08, 23:00
double posting? I never do that myself :rolleyes:

That internal Aircrack-ng implementation will also have the quality of making FS time proof. There are alot of changes on the horizon and to take these steps now will prevent future redundant re-writing of what was. All the work is nice, if you enjoy it, but focusing on improvements is even more rewarding and is where the progress is at. Cheers monster maker, and yes, lets roll :cool:

Quest
2015-05-09, 15:27
EDIT:

So what is a good older Aircrack-ng version to add in FS in addition to the more recent one?

I reinstalled Kali 1.0.7 because I know that everything was fine then. It runs Aircack-ng 1.2 beta3


root@kali:~# aircrack-ng

Aircrack-ng 1.2 beta3 - (C) 2006-2013 Thomas d'Otreppe
http://www.aircrack-ng.org
http://ftp.debian.org/debian/pool/main/a/aircrack-ng/ > aircrack-ng_1.2-0~beta3.orig.tar.gz


The latest Aircrack-ng is here http://www.aircrack-ng.org/ > Sources


Do we all agree on the old version of Aircrack-ng to be added with FS?

slim76
2015-05-09, 23:54
EDIT:

So what is a good older Aircrack-ng version to add in FS in addition to the more recent one?

I reinstalled Kali 1.0.7 because I know that everything was fine then. It runs Aircack-ng 1.2 beta3


http://ftp.debian.org/debian/pool/main/a/aircrack-ng/ > aircrack-ng_1.2-0~beta3.orig.tar.gz


The latest Aircrack-ng is here http://www.aircrack-ng.org/ > Sources


Do we all agree on the old version of Aircrack-ng to be added with FS?

I'm rewriting most of FrankenScript again, if all goes well it should contain the following:

svn version of aircrack and aircrack-ng-1.2-rc1 (Installed in FrankenScript), and whatever version the person has installed in kali.
airmon-ng (monX) and airmon-zc (wlanXmon), both will be installed to FrankenScript, I might do it so the user can choose which one to use.
Bully, pixiewps, reaver-1.3, reaver-1.4, reaver-wps-fork-read-only, reaver-wps-fork-t6x, all will be installed to FrankenScript.
DLink.py, easybox_wps.py, WPSpin.py, WPSPIN1.5_wps.pin.generator, all pingens will be installed to FrankenScript.
Dependencies required for building reaver and other required tools, .deb files will already be in the FrankenScript package so no need to download them.
Scan results will be displayed in white, but if the passkey for the network has previously been recovered the result will be displayed in red.
FrankenScript will be able to attack wep, wpa/wpa2, and wps enabled access points.
And as requested it should contain a script launcher and options for checking handshakes in capture files.

I think i've covered most of it lol, and things could change too. lol

Quest
2015-05-10, 00:30
sounds like an excellent plan :cool:

I'm experimenting with airmon-ng, because it is the 'problem', not the rest. So if I replace the new airmon-ng with the old one...

So instead of the whole aircrack-ng-1.2-rc1, all that is really needed is the old airmon-ng included with FS. Though I'm not sure hows that going to work. So the original idea of including Aircrack-ng with FS might be the easiest and the best solution. So don't change your plan. I will report back.


EDIT:

Ok, doing an update on a Kali live usb is not doable, so I cannot test the above. They wait too long to come out with an updated version, making the updates download and install 3hrs long. Let me know if you want me to test anything.

Quest
2015-05-10, 13:35
just trowing ingredients in the pot.

There might be discrepancies between installations when running certain programs. Some installations are updated running the new -ng, others that are not updated running the old -ng.

If FS runs its own -ng internally for everything it does, that will prevent such discrepancies.

Then maybe it's possible to copy and rename the old airmon-ng, to airmon-ngRC1 into that same directory, so that there will be two. One airmon-ng and one airmon-ngRC1

Everything that needs mon0 will use airmon-ngRC1

The rest will use the new airmon-ng

slim76
2015-05-10, 20:55
just trowing ingredients in the pot.

There might be discrepancies between installations when running certain programs. Some installations are updated running the new -ng, others that are not updated running the old -ng.

If FS runs its own -ng internally for everything it does, that will prevent such discrepancies.

Then maybe it's possible to copy and rename the old airmon-ng, to airmon-ngRC1 into that same directory, so that there will be two. One airmon-ng and one airmon-ngRC1

Everything that needs mon0 will use airmon-ngRC1

The rest will use the new airmon-ng

Lol, I did already say FrankenScript will be able to use both versions of airmon, and that it will use the old and new aircrack tool and such. Lol

Quest
2015-05-10, 21:36
and do you think that two (2) Aircrack-ng are necessary? All that is needed is 2 airmon. Correct?

slim76
2015-05-10, 23:08
and do you think that two (2) Aircrack-ng are necessary? All that is needed is 2 airmon. Correct?

Actually, I think only the old version of airmon is all thats needed. ;-)
I'll probably still add both versions of airmon and two versions of some of the aircrack tools too. LOL
I think its nice to have the choice as well as simplicity. ;-)

Quest
2015-05-10, 23:45
Actually, I think only the old version of airmon is all thats needed. ;-) that's the potential problem with all this. Anjelina has Kali 1.1.0a. Raquel also has the same version but updated, and therefore they both run different version of Aircrack-ng, thus two different airmon. If anything pertaining to FS is run outside of FrankenscriptPortable, then it will work for some, not for others. Moreover, if they makes changes upstream (like -ng RC3), then stuff' not gonna work. See the problem there?


I'll probably still add both versions of airmon and two versions of some of the aircrack tools too. LOL
I think its nice to have the choice as well as simplicity. ;-)agreed :)

slim76
2015-05-11, 08:19
that's the potential problem with all this. Anjelina has Kali 1.1.0a. Raquel also has the same version but updated, and therefore they both run different version of Aircrack-ng, thus two different airmon. If anything pertaining to FS is run outside of FrankenscriptPortable, then it will work for some, not for others. Moreover, if they makes changes upstream (like -ng RC3), then stuff' not gonna work. See the problem there?

agreed :)

Trust me it will work ok, I'm testing it on two different setups while I'm writing it.

Quest
2015-05-11, 13:45
looks like you will have more 'testers' than usual with that new version :D

Let me know when would be a good time for you to review the colors. Nothing wrong with them, just thought that certain key colors should be keep for situation awareness. Positive | Negative | Warning

Quest
2015-05-11, 15:23
585 oh I see it now. Better late than never :rolleyes:


Hey guys when i go to try an attack,it tells me this.

/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 504: /root/FrankenScript_Portable/Reaver/: Is a directory


also when it says "input the ammount of deauth requests to be sent" i press any number and enter and it dont do anything it keeps flashing and not sending any deauths at all,dont know why? any help would be appreciated :)

Slim, on a fresh K1.1.0a i386 Live USB, I get the same as memasonman.

Reaver.t6x + Pixiewps Fixed Attack Arguments:
-i mon0 -c 6 -b 00:23:69:XX:XX:XX -a -P -K 1 -vv
/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 464: /root/FrankenScript_Portable/Reaver/: Is a directory

The reavers are not in the Reaver folder for some reason. When starting FS, it detects that the reavers are not there and 'installs' them again, everytime it is launched, yet they never make it in the Reaver folder (see pic).



reaver.fork.t6x is missing, it will be reinstalled now.

checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for pcap_open_live in -lpcap... no
error: pcap library not found!
make: *** No targets specified and no makefile found. Stop.
cp: cannot stat `reaver': No such file or directory

slim76
2015-05-11, 20:55
looks like you will have more 'testers' than usual with that new version :D

Let me know when would be a good time for you to review the colors. Nothing wrong with them, just thought that certain key colors should be keep for situation awareness. Positive | Negative | Warning

That's a good idea, but I've tried that already. lol
I've noticed that some of the colours don't show to good on some laptop screens and some tv's, I found the colours I use now are the most visable.
I'm straining my eyes right now just looking at the yellow warning. LOL

OsBinHD
2015-05-16, 11:36
so how to use them now? last version was install deb and run fs3... before was .sh script...so how now run them? extracted trying to run them out:

fu3king@T3ype:~$ '/home/fu3king/FrankenScript.sh'
/home/fu3king/FrankenScript.sh: line 28: airmon-ng: command not found
No usable WiFi devices were found, please fix the issue before running FrankenScript again.

Press [Enter] to exit FrankenScript.

slim76
2015-05-19, 09:55
so how to use them now? last version was install deb and run fs3... before was .sh script...so how now run them? extracted trying to run them out:

fu3king@T3ype:~$ '/home/fu3king/FrankenScript.sh'
/home/fu3king/FrankenScript.sh: line 28: airmon-ng: command not found
No usable WiFi devices were found, please fix the issue before running FrankenScript again.

Press [Enter] to exit FrankenScript.

It sounds like you've updated aircrack and are using airmon-zc.
The version of FrankenScript you're using doesn't work with airmon-zc.
I'm currently rewriting FrankenScript, airmon-ng & airmon-zc & airodump (New version) are supported, I just have to rewrite the attacks now and i'll upload it when finished.

jar
2015-05-29, 08:57
slim76,

Sorry I been away for sometime, I initially ran the earlier versions and was interested in cuda/Hashcat with FS. I dropped off the bandwagon because my Mother was ill and eventually passed away this past November. But I am back to learning Kali, regaining focus and I have FS in my sights again.

I am running Kali 1.1.0 and have the latest FrankenScript_Portable.3rd.May.2015.tar.gz extracted in root.

However like Quest I am also getting the following errors:


root@kali:~/FrankenScript# ./FrankenScript.sh

reaver.fork is missing, it will be reinstalled now.

checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for pcap_open_live in -lpcap... no
error: pcap library not found!
make: *** No targets specified and no makefile found. Stop.
cp: cannot stat `reaver': No such file or directory

reaver.fork.t6x is missing, it will be reinstalled now.

checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for pcap_open_live in -lpcap... no
error: pcap library not found!
make: *** No targets specified and no makefile found. Stop.
cp: cannot stat `reaver': No such file or directory

reaver v1.3 is missing, it will be reinstalled now.

checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for pcap_open_live in -lpcap... no
error: pcap library not found!
make: *** No targets specified and no makefile found. Stop.
cp: cannot stat `reaver': No such file or directory

reaver v1.4 is missing, it will be reinstalled now.

checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for pcap_open_live in -lpcap... no
error: pcap library not found!
make: *** No targets specified and no makefile found. Stop.
cp: cannot stat `reaver': No such file or directory


Any suggestions on how to solve this?

I am going to install reaver-wps-fork from t6x, Pixiewps and a few other new tools later this morning.

jar

Quest
2015-05-29, 15:12
Hi jar!

“Don't cry because it's over, smile because it happened.”

― Dr. Seuss


Best thing to do is wait for the next FS, but If you really want to test that latest FS, then do it on a unupdated kali 1.1.0 / a. It won't work on the updated kali version (aircrack-ng RC1 vs aircrack-ng RC2).

I think that the reaver problem might be because of the dependencies? Try to install them first.


apt-get install libsqlite3-dev && apt-get install libpcap0.8-dev

jar
2015-05-31, 04:49
Hi jar!

“Don't cry because it's over, smile because it happened.”

― Dr. Seuss


Best thing to do is wait for the next FS, but If you really want to test that latest FS, then do it on a unupdated kali 1.1.0 / a. It won't work on the updated kali version (aircrack-ng RC1 vs aircrack-ng RC2).

I think that the reaver problem might be because of the dependencies? Try to install them first.


apt-get install libsqlite3-dev && apt-get install libpcap0.8-dev

Nice quote! Thanks.

Shortly after I made the post and I realized what was happening and corrected the issue given the error message:


error: pcap library not found! .

Now I have a problem with:


No usable WiFi devices were found, please fix the issue before running FrankenScript again.

Press [Enter] to exit FrankenScript.

The problem appears to with the sed commands & the latest version of Kali/Aircrack (Goodbye mon0, hello wlan0mon!). So I don't really want to wait for the new version of FS so I am tinkering with the FS and slowly dissecting it. Whats the worst that can happen :confused:

slim76
2015-05-31, 10:19
@ jar

I'm sorry for your loss mate.

There were to many problems with the previous versions of FrankenScript so currently rewriting it.
I have a lot going on at the moment and haven't had much time to write the script.
I've already rewritten most of FrankenScript, I just need to finish writing the attacks again and then the new version of FrankenScript will be finished.
I'm going to be very busy for the next few weeks so I cant say when it will be fininshed, sorry.

Quest
2015-06-08, 14:36
http://adaywithtape.blogspot.com/

"Basically I thought it would be cool to have some form of alert system based on mobiles so I could keep track of the coming and goings around the house."

Quest
2015-08-12, 23:37
*knocks on door* ready to roll bro? :p

trying to unconfuse myself with the new 2.0 interface here. I'll be running the i386 version on a clean, unmodified, sterilized, exorcised, normal Persistent LiveUSB.

theoctavist
2015-08-29, 03:01
Nice quote! Thanks.

Shortly after I made the post and I realized what was happening and corrected the issue given the error message:


error: pcap library not found! .

Now I have a problem with:


No usable WiFi devices were found, please fix the issue before running FrankenScript again.

Press [Enter] to exit FrankenScript.

The problem appears to with the sed commands & the latest version of Kali/Aircrack (Goodbye mon0, hello wlan0mon!). So I don't really want to wait for the new version of FS so I am tinkering with the FS and slowly dissecting it. Whats the worst that can happen :confused:

im having this problem too(not with FS but with the new reaver fork). ..I Dont know how to correct it

Quest
2015-08-29, 14:55
your problem is dependencies? Looks at post 345 above. If not here is the correct thread to ask for support only if you are using t6_x reaver version.
https://forums.kali.org/showthread.php?25123-Reaver-modfication-for-Pixie-Dust-Attack

Soxrok also explains that you need to install dependencies, here
https://forums.kali.org/showthread.php?24286-WPS-Pixie-Dust-Attack-%28Offline-WPS-Attack%29

fruchttiger00x0
2015-08-30, 12:28
"No useable... " you won't fix this with dependencies cause script is looking for the old mon0,1,2 etc. monitor. I guess there is more trouble ahead but i can fix it (what do you say slim?). Option number 2 is that you wget http://download.aircrack-ng.org/aircrack-ng-1.2-rc1.tar.gz and take the old airmon-ng out of the script folder. Make a backup
cp /usr/sbin/airmon-ng /usr/sbin/airmonnew-ng
and copy the old one to /usr/sbin/airmon-ng

Quest
2015-09-26, 16:23
fruchttiger, if you have made a modified version that works with KL2, feel free to share with the rest of us =] Hopefully Slim will defibrillate FS, eventually..

fruchttiger00x0
2015-09-26, 21:17
Sry i thought somebody would give feedback just in time. Or Slim as the creator may know some show stopper which makes it pretty useless to waste more time with it. But why not, lets give it a try :) After taking some hours of sleep i'll start code reviewing and give feedback

slim76
2015-09-29, 18:56
Sorry i've been really busy lately, I've stiil been working on FrankenScript though.
I've been rewriting FrankenScript for kali2.0, I'm hoping to have it finished and ready for uploading soon.

Quest
2015-09-29, 20:21
I was just about to call you an ambulance.

:cool:

slim76
2015-09-29, 22:19
I was just about to call you an ambulance.

:cool:

LOL, that reminds me of the old paddy and murphy joke. lol
Paddy and Murphy was walking down the street when paddy fell down a man-hole,
Murphy shouts down to paddy are you ok, paddy replies no I'm not can you please call me an ambulance,
Murphy replies ok you are an ambulance you are an ambulance. lol

Quest
2015-09-29, 22:27
yeah I'm sure some on the forum here will understand it that way xD

Good to see you back ambulance! How's Frank doin?

slim76
2015-09-29, 23:46
yeah I'm sure some on the forum here will understand it that way xD

Good to see you back ambulance! How's Frank doin?

It's been a total headache, I've had to rewrite most of it AGAIN. ;-(
I don't use airmon-ng to enable monitor mode anymore, so now multiple monitor modes can be created and internet access is still possible too. ;-)

Quest
2015-09-30, 14:10
Yes, that, thanks!!

I'm really hoping that you will make FS run its own internal aircrack-ng independently also. I hate to have my toys broken when they make changes upstream. The last FS lasted what, two weeks? Imagine where it would be now. I can.

Cheers :)

slim76
2015-10-01, 22:23
Yes, that, thanks!!

I'm really hoping that you will make FS run its own internal aircrack-ng independently also. I hate to have my toys broken when they make changes upstream. The last FS lasted what, two weeks? Imagine where it would be now. I can.

Cheers :)

I done that with an older version of FrankenScript and still had problems and needed to change things, I might see what I can do after I've completed this version for kali2.0.

Quest
2015-10-02, 00:27
Thanks for considering it. The redundancy of having 2 of the same programs is the only way to make FS time proof. That would also prevent you from experiencing 'groundhog days' http://www.imdb.com/title/tt0107048/ Personally I would include everything that FS uses. I do not trust anything they do upstream.

On a different note, do not hesitate to upload/post beta versions so we can start testing the latest monster :cool:

slim76
2015-10-02, 22:16
Thanks for considering it. The redundancy of having 2 of the same programs is the only way to make FS time proof. That would also prevent you from experiencing 'groundhog days' http://www.imdb.com/title/tt0107048/ Personally I would include everything that FS uses. I do not trust anything they do upstream.

On a different note, do not hesitate to upload/post beta versions so we can start testing the latest monster :cool:

I hope to have something for you to test very soon ;-), I just need to rewrite the attacks again then FrankenScript will be ready for testing.
I've added the script launcher again as you requested some time ago. LOL

Quest
2015-10-02, 22:52
scrip launcher will use aircrack-ng RC1 (mon0) ?

slim76
2015-10-03, 10:39
scrip launcher will use aircrack-ng RC1 (mon0) ?

Script launcher allows you to select a script and launch it with or without arguments, it can also create monitor mode interfaces (eg: mon1, mon2 and so on).

slim76
2015-10-03, 10:42
Script launcher allows you to select a script and launch it with or without arguments, it can also create monitor mode interfaces (eg: mon1, mon2 and so on).
Script launcher doesn't create a mon0 interface, interfaces start from mon1.

Quest
2015-10-03, 15:42
so the scripts that haven't been updated to the new Aircrack-ng RC2 (wlan1mon) will work?

That's the idea when I re-requested script launcher, was to make the defunct scripts work again in post #322 https://forums.kali.org/showthread.php?19913-FrankenScript-by-Slim76-It-Attacks-Access-Points-and-pcap-files&p=45168&viewfull=1#post45168

slim76
2015-10-04, 01:10
so the scripts that haven't been updated to the new Aircrack-ng RC2 (wlan1mon) will work?

That's the idea when I re-requested script launcher, was to make the defunct scripts work again in post #322 https://forums.kali.org/showthread.php?19913-FrankenScript-by-Slim76-It-Attacks-Access-Points-and-pcap-files&p=45168&viewfull=1#post45168

If the script only accepts that exact format then the answer would be no, I could change it if its a problem?.

I made a mistake in my earlier post, mon1 should be wlan0mon1.
FrankenScript creates the names for the monitor mode interfaces by taking the WiFi interface name (eg: wlan0) and then adding monX to the end of the WiFi device name.

Heres an example:
If you used wlan0 to create 5 monitor mode interfaces the interfaces would be named.
wlan0mon1
wlan0mon2
wlan0mon3
wlan0mon4
wlan0mon5

Quest
2015-10-04, 01:45
not a problem at all, it would be however a neat feature to resurrect older scrips that worked well with Aircrack-ng RC1 :)

So anyways let'see what you come up with in the next release!

slim76
2015-10-05, 11:24
not a problem at all, it would be however a neat feature to resurrect older scrips that worked well with Aircrack-ng RC1 :)

So anyways let'see what you come up with in the next release!

Whats the problem with older scripts and Aircrack-ng RC1?.

OptimisticTort
2015-10-05, 11:35
Whats the problem with older scripts and Aircrack-ng RC1?.

Hi slim76,

I'm very new to Linux but from my fickle understanding, the new Aircrack-ng calls the monitor device wlan0mon, instead of mon0.

So I'm guessing, older scripts look for instances of monX instead of looking for wlanXmonX.

For example, I tried to use ReVdK3-r1.sh last night running the latest version of Kali Live Persistence.

When asked to enter my monitor device (or words to that effect) it was looking for wlanX, and when I tried entering wlan0, wlan1 or wlan0mon, it kept stating no device could be found.

Going to give your script a go now. Thanks for your effort in creating it.

Regards,
OT

Quest
2015-10-05, 13:42
It's a mon0 vs wlan0mon issue where some scripts use the old monitor mode interface of RC1.

slim76
2015-10-05, 15:22
It's a mon0 vs wlan0mon issue where some scripts use the old monitor mode interface of RC1.

So you're saying the scripts that interact with aircrack will only work if the monitor interface is named mon0?.

Quest
2015-10-05, 15:36
Yes. Whether it's only scripts that put the card in monitor mode or all of them is not clear. I stop using Kali shortly after RC2 was introduced. I've read many complaints about scripts not working with RC2. Ignore it if it's not an issue.

OptimisticTort
2015-10-05, 15:51
Hi,

Are there any versions of Kali Linux live that the current version works with?

Thanks in advance,
OT

slim76
2015-10-05, 19:39
Yes. Whether it's only scripts that put the card in monitor mode or all of them is not clear. I stop using Kali shortly after RC2 was introduced. I've read many complaints about scripts not working with RC2. Ignore it if it's not an issue.

If the old scripts enable monitor mode then you could simply swap the new airmon-ng with the old airmon-ng, or you could edit the old script to work with the new version of airmon-ng.

Heres a test version of FrankenScript:
This test version is incomplete at this time, the wep and wps attacks are not yet setup.

wmctrl needs to be installed for FrankenScript to function properly.
I've included a check function to check that wmctrl is installed, if its not installed then FrrankenScript will install it from the archives folder.

Download Link:
----------------------
http://multimirrorupload.com/ib14gyvsj2aa/Test-FrankenSript-Kali2.0.tar.gz

Quest
2015-10-05, 19:40
Dling nioooowwwww

:cool:

EDIT1: here is the direct DL link gawd damnit
http://www97.zippyshare.com/d/UaT5eHQz/3622/Test-FrankenSript-Kali2.0.tar.gz

Quest
2015-10-05, 20:08
I'm totally lost with this horrible kali 2 interface. How do you install FS and how do you start it?

slim76
2015-10-05, 20:18
I'm totally lost with this horrible kali 2 interface. How do you install FS and how do you start it?

Kali2.0 isn't that bad dude.
FrankenScript doesn't need to be installed.
Login as root, or open a root terminal if you're logged in as a normal restricted user.

1) Unpack the FrankenScript archive.
2) Look in the unpacked FrankenScript folder for FrankenScript.sh, then drag FrankenScript.sh onto the terminal and press the enter button to start FrankenScript.

Simples :-)

Quest
2015-10-05, 20:22
Oh works now. That is what I did but it opens the script in notpad or something. I'm hating this kali.



wmctrl is required but doesn't appear to be installed in Kali.

[1] = Install wmctrl
[q] = Exit FrankenScript

Please choose an option: 1
Selecting previously unselected package wmctrl.
(Reading database ... 323492 files and directories currently installed.)
Preparing to unpack .../wmctrl_1.07-7_i386.deb ...
Unpacking wmctrl (1.07-7) ...
Setting up wmctrl (1.07-7) ...
Processing triggers for man-db (2.7.0.2-5) ... :cool:



########### Main Menu ###########
# #
# [1] = Network Attacks #
# [2] = View Recovered Passkeys #
# [3] = Script Launcher #
# [q] = Exit FrankenScript #
# #
#################################

Please choose an option:
weeeee Hi Frank!!!! long time no see =]

Quest
2015-10-05, 20:35
quick observation:

Tryed on 3 diferent wep APs, doesn't work.


Target list is empty, returning to Scan Results.


slim76
2015-10-05, 20:35
Oh works now. That is what I did but it opens the script in notpad or something. I'm hating this kali.


:cool:


weeeee Hi Frank!!!! long time no see =]

I don't know why the menu is messed up, it was ok on the two machines I tested it on.

slim76
2015-10-05, 20:36
quick observation:

Tryed on 3 diferent wep APs, doesn't work.


Target list is empty, returning to Scan Results.
[3;J


I already said the wep and wps attacks isn't setup yet.

Quest
2015-10-05, 20:53
I don't know why the menu is messed up, it was ok on the two machines I tested it on.

It's fine here also. There are some problems with the menus, and I wish to show you a pic, but I cannot do graphics on this horrible kali 2.


Detected WiFi Interfaces:

1: wlan0 iwlwifi Intel
2: wlan1 ath9k_htc Atheros

#################################
# #
# [1-2] = Select An Interface To Use # <----- problem here where the text seems too long for the 'box'
# [m] = Return To The Main Menu #
# [q] = Exit FrankenScript #
# #
#################################

Please input an option:



wait got it now. *geezz not having fun here if it was not clear*

916

slim76
2015-10-06, 12:00
It's fine here also. There are some problems with the menus, and I wish to show you a pic, but I cannot do graphics on this horrible kali 2.



wait got it now. *geezz not having fun here if it was not clear*

916

Is that the only menu that is out of alignment or is there more?.

Quest
2015-10-06, 14:46
actually it's the only one.

I saw others but it was the same as in the pic, when lauching a scipt.

917

Edit: good job so far Slim :) I really like the [i] (info) option when scaning.

I might have to reinstall on a USB 3.0
KL2 is so slow on a normal USB it's unworkable.

slim76
2015-10-06, 15:59
actually it's the only one.

I saw others but it was the same as in the pic, when lauching a scipt.

917

Edit: good job so far Slim :) I really like the [i] (info) option when scaning.

I might have to reinstall on a USB 3.0
KL2 is so slow on a normal USB it's unworkable.

It's good to hear you like it and that its working ok.

Quest
2015-10-06, 16:06
if you can make it a 'portable' install like before, and bring back all the reavers and bully, that would be a good start me thinks.

Script launcher works.

slim76
2015-10-06, 22:40
if you can make it a 'portable' install like before, and bring back all the reavers and bully, that would be a good start me thinks.

Script launcher works.

Blimey dude you don't want much do ya!. LOL

You do know that the so-called portable setup wasn't really that portable lol, for it to work you still needed to have the tools installed to kali as well as FrankenScript.
I'm not sure if the portable setup would still work ok with all the updates to kali and the apps, but I guess time will tell.

Quest
2015-10-06, 23:51
the way it installed (decompressed) itself was brilliant. I would really like to see that packaging back even if it is not 'portable'.

slim76
2015-10-07, 11:30
the way it installed (decompressed) itself was brilliant. I would really like to see that packaging back even if it is not 'portable'.

There isn't anything in FrankenScript that needs to be compressed or decompressed, but that will probably change at some point.

jar
2015-10-07, 19:50
I hate these f******* ******* ******** ******* links. I have over a TB of Dropbox storage and can add you guys as Users, then you can upload and change the script as much as you want without any ********** spam *** pop-ups. These zippyshare multimirror upload links make me sick.


Dling nioooowwwww

:cool:

EDIT1: here is the direct DL link gawd damnit
http://www97.zippyshare.com/d/UaT5eHQz/3622/Test-FrankenSript-Kali2.0.tar.gz


Edit:
Swearing

Quest
2015-10-07, 20:35
yup had to try about 7 times before it gave the right link. We told Slim numerous times, but he persist wanting to use it, so sanely I give up, and just post the direct DL link.


I see that even the direct link trick is not working anymore! :(

Jar, upload it to your account and post the DL link please. I will do the same so we always have many DL sources for others that want to DL it without punching their screen.

Test-FrankenSript-Kali2.0.tar.gz
File size: 58.6 KB
Uploaded: 2015-10-07 16:06:27
http://www.mediafire.com/download/qux2lt3cni5qznh/Test-FrankenSript-Kali2.0.tar.gz

voila.

jar
2015-10-07, 22:30
yup had to try about 7 times before it gave the right link. We told Slim numerous times, but he persist wanting to use it, so sanely I give up, and just post the direct DL link.


I see that even the direct link trick is not working anymore! :(

Jar, upload it to your account and post the DL link please. I will do the same so we always have many DL sources for others that want to DL it without punching their screen.

Test-FrankenSript-Kali2.0.tar.gz
File size: 58.6 KB
Uploaded: 2015-10-07 16:06:27
http://www.mediafire.com/download/qux2lt3cni5qznh/Test-FrankenSript-Kali2.0.tar.gz

voila.

FrankenScript V2
https://www.dropbox.com/s/1whikauw9967p41/Test-FrankenSript-Kali2.0.tar.gz?dl=0


Test-FrankenSript-Kali2.0.tar.gz
File size: 58.6 KB
Uploaded: 2015-10-07 16:06:27

Remember if you break it you own it.......

Quest
2015-10-07, 23:04
there we go. Can't stop progress :p

Slim, here is an opening for the first post..



FrankenScript, is designed to facilitate wireless network auditing under Linux on WEP and WPA/2 protected access points (APs) by liberating the user from the tedious task of building elaborated command lines, as some of these attacks can be quite complex, saving the Operator time, minimizing inputs and errors. FrankenScript offers a wide spectrum of solutions to attack APs.

Test-FrankenSript-Kali2.0.tar.gz
File size: 58.6 KB
Uploaded: 2015-10-07 16:06:27

http://www.mediafire.com/download/qux2lt3cni5qznh/Test-FrankenSript-Kali2.0.tar.gz

https://www.dropbox.com/s/1whikauw9967p41/Test-FrankenSript-Kali2.0.tar.gz?dl=0

slim76
2015-10-08, 00:16
there we go. Can't stop progress :p

Slim, here is an opening for the first post..



FrankenScript, is designed to facilitate wireless network auditing under Linux on WEP and WPA/2 protected access points (APs) by liberating the user from the tedious task of building elaborated command lines, as some of these attacks can be quite complex, saving the Operator time, minimizing inputs and errors. FrankenScript offers a wide spectrum of solutions to attack APs.

Cheers matey I'll add it to the front page if I ever manage to get FrankenScript fully up and running.
It looks like I might have to change the monitor mode setup AGAIN as I can't get reaver to work, airodump-ng works ok with the current monitor mode setup but reaver doesn't like it for some reason. :-(
I have a bad feeling that the only way to solve the issue might be to use airmon-ng check kill and lose internet access while performing the attacks, I'll only do that if all else fails.
I'm going to have a play with the old airmon and see how that goes.

Quest
2015-10-08, 00:42
yep I believe you. All that because you are working with a dud. KL2.

If FS can restore Internet connection after the attacks, that would be somewhat acceptable, but really, ***.

Cheers buddy. We all know what is going on... ;)

soxrok2212
2015-10-08, 03:16
Y'all may wanna check this out also :D https://forums.kali.org/showthread.php?27091-Solve-arimon-ng-issues-by-a-simple-modfication-of-NetworkManager-conf

Quest
2015-10-08, 03:57
:cool: Words of wisdom from above!

I've seen it before but dare not propose it, but seems like kcdtv is on to something there..

slim76
2015-10-08, 10:44
Y'all may wanna check this out also :D https://forums.kali.org/showthread.php?27091-Solve-arimon-ng-issues-by-a-simple-modfication-of-NetworkManager-conf

I've already blacklisted the interfaces by adding them to /etc/network/interfaces.

The only problem I'm having at the moment is reaver keeps giving me the failed to associate error message, the strange thing is airodump-ng works fine.
I'm sure I'll solve the issue soon, I just need a clear head so I can focus properly.

soxrok2212
2015-10-08, 13:42
I've already blacklisted the interfaces by adding them to /etc/network/interfaces.

The only problem I'm having at the moment is reaver keeps giving me the failed to associate error message, the strange thing is airodump-ng works fine.
I'm sure I'll solve the issue soon, I just need a clear head so I can focus properly.

Have you tried multiple targets? Or do you get the same timeout for all of them? Does Reaver work if you try from the command line?

slim76
2015-10-08, 15:45
Have you tried multiple targets? Or do you get the same timeout for all of them? Does Reaver work if you try from the command line?

Yeah I tried it with multiple targets and I get the same error with all of them, its the same problem when using the command line.
I did have this issue before but I cant remember what caused it and how I solved it. ;-( LOL

Update:
With the interfaces blacklisted in /etc/network/interfaces and in /etc/NetworkManager/NetworkManager.conf the following happens.

1) If I use airmon-ng check kill and don't change the mac address for the monitor interface reaver works fine.
2) If I change the mac address for the monitor interface or restart network manager reaver fails to associate.

Quest
2015-10-10, 00:50
You will need to tell Reaver about the new MAC address with the argument '-m' maybe?
reaver -i wlan1mon -b e1:g4:d3:8s:35:g2 -vv -m 00:01:02:03:04:05

soxrok2212
2015-10-10, 00:52
Hmmm, you are using Kali 2.0 I assume?

Quest
2015-10-10, 00:57
yes me and Slim are using 2.0

soxrok2212
2015-10-10, 01:01
Man, makes me really wanna go back to Backtrack 5 when everything worked :/

Quest
2015-10-10, 01:18
They should have come out with an 'ultimate' Kali 1.1.1 before all these changes. I wish I'd kept the image of my updated 1.1.0a. Now I can't update it even if I reinstall it, or install the SDR metapackage. There is no going back. We must plow trough and make it work.

soxrok2212
2015-10-10, 01:19
I may still have a Kali 1.1.0 ISO on my backup drive... 64-bit I think. Theres just too much incompatibility between a lot of the networking tools now.

Quest
2015-10-10, 01:30
I have the 1.1.0a ISO (aircrack-ng RC1, mon0), but we can't update (that might be good?) or the metapackages https://www.kali.org/news/kali-linux-metapackages/ won't work probly.

slim76
2015-10-11, 16:41
You will need to tell Reaver about the new MAC address with the argument '-m' maybe?
reaver -i wlan1mon -b e1:g4:d3:8s:35:g2 -vv -m 00:01:02:03:04:05

Cheers mate I completely overlooked that.
I used the above commands and added -A to them, then used aireplay-ng to associate.
That solved the association issue but the attack still failed for some reason.

Quest
2015-10-11, 19:28
Could you post all the syntax that you used?

Quest
2015-10-12, 22:40
Slim just thinking. Would you consider continuing dev under KL1.1.0a ? That KL2 thingy is abit ridiculous if you ask me, and everything worked well under 1.1.0. I'm all for progress, but when said 'progress' constitute turning everything on its head, that's when I stop playing. Anyways, still have KL2 on a USB, should you want me to test under that horrible POS, but will use mainly FrankenScript_Portable.3rd.May.2015.tar.gz and having alot of fun with it =]

Cheers bro!

slim76
2015-10-15, 22:49
Slim just thinking. Would you consider continuing dev under KL1.1.0a ? That KL2 thingy is abit ridiculous if you ask me, and everything worked well under 1.1.0. I'm all for progress, but when said 'progress' constitute turning everything on its head, that's when I stop playing. Anyways, still have KL2 on a USB, should you want me to test under that horrible POS, but will use mainly FrankenScript_Portable.3rd.May.2015.tar.gz and having alot of fun with it =]

Cheers bro!

Ok now i'll admit kali 2.0 sucks BIG TIME, there's way to many issues with it.

1)) The system keeps randomly locking up.
2) I lose internet access if any usb devices are plugged in, I have to unplug all USB devices and the WiFi device and then plug the WiFi device back in to regain network access.
3) Wired connection doesn't re-connect if I kill and restart network-manager.
4) Network-Manager keeps randomly disabling my WiFi device and keeps putting it in Aeroplane Mode??. LOL
5) Reaver doesn't associate if I change mac addresses.
6) Data transfer to any USB device is very slow, all my other OS's transfer data much faster than my kali-2.0-64bit OS.
7) Programs are slow at opening, eg: vlc takes about 8 seconds to open (only for the first time after every system startup).

I've given up on trying to get FrankenScript working on kali-2.0, I'm going to wait for the next kali release and then try again.
I think I might delete my kali-2.0 install and go back to the previous version, if I go back to the previous version of kali I'll continue working on the previous version of FrankenScript.

Quest
2015-10-15, 23:53
Like you, I'll be waiting for the next KL, and I'm gonna wish the Dev team to step their game up a notch, starting with the User Interface. Give us a true, PC, Technician's graphical interface to work with.

Again no later than today...

https://forums.kali.org/showthread.php?26550-Kali-2-0-good-or-bad&p=51450&viewfull=1#post51450

Hi, Just installed 2.0, so far all the tools I've had a quick look at run fine, but the UI is ****** horrible, everything take three times a long to do now. If it's not broke, don't fix it until it i!

Before that, it took me forever to understand what that guy was on about...
https://forums.kali.org/showthread.php?26367-Kali-Linux-2-0-your-review&p=47601&viewfull=1#post47601

i mean kali 1.x== linux
kali 2.x== windows 8
and i gess kali 3.x== windows 10:o:)He was so right.

So I'm with you, and not liking at all where this is going. Absent another distro, let's roll with KL1.1.0a

fruchttiger00x0
2015-10-16, 10:55
Hey guys, could you please try this command?

nmcli general show

I already tried it at my root ds but i have no access to a kali shell for some hours^^

btw.. nmcli is for controlling the i-make-my-own-thing network m.

Quest
2015-10-16, 15:45
I don't understand what you want us to try

The command in KL2
nmcli general show

returns

root@kali:~# nmcli general show
Usage: nmcli general { COMMAND | help }

COMMAND := { status | hostname | permissions | logging }

status

hostname [<hostname>]

permissions

logging [level <log level>] [domains <log domains>]

Error: 'general' command 'show' is not valid.
root@kali:~#

fruchttiger00x0
2015-10-16, 19:15
sry, as i said i just test it on non kali webserver

here we go

nmcli general permissions

give me some minutes, so i can find a suitable docu

edit: thats nice: https://www.hogarthuk.com/?q=node/8
so i hope you get what i mean. the nm is not that hard to configure. just take the **** automatism down. or did i missed something larger?

Quest
2015-10-17, 00:50
"Why you shouldn't hate and disable NetworkManager anymore"
Anything that start with that will get my attention. Looks interesting and if anyone can fix/improve that horrible networkmanager that I hate, would certainly be appreciated by all and help Slim in the process.

when/if that fixed, we could move on to try and fix that horrible UI that I also hate because it was created for tablets and phones, not for PCs.

slim76
2015-10-17, 10:46
I was going to give up on trying to get FrankenScript working on kali-2.0 but I changed my mind. LOL
I've solved all the network-manager issues a while ago, the problem I was having was trying to get reaver to associate after changing mac addresses.
I've solved the reaver not associating issue now too, so it looks like all might be good now. :-)

Quest
2015-10-17, 13:30
gr8 m8! It would be nice to move forward. Let me know

slim76
2015-10-20, 11:19
NOTE:
This version is for Kali-2.0.
The WEP attacks don't work yet, I'll fix them later.

Download Link:
http://multimirrorupload.com/twxyvqcckh3t/FrankenScript-Kali20.tar.gz

Please leave feedback.

Quest
2015-10-20, 11:47
FrankenScript-Kali20.tar.gz
File size: 86.5 KB
Uploaded: 2015-10-20 06:42:59
http://www.mediafire.com/download/cd6vgc8rj2071dc/FrankenScript-Kali20.tar.gz

Quest
2015-10-20, 17:43
Everything seems to work just fine, except the handshakes that I had no luck with today. Thank you.



- bring back reavers. 1.3, 1.4, and Bully.

- it would more efficient to have the scan results, last to first, instead of first to last. That would avoid scrolling up to see the first results, then scroll back down to enter a target number. = Faster operation.

- I pasted a previously cap hanshake in the /root/FrankenScript-Kali20/Captures/ , but when selecting the [v] = Validate Captured Handshake option, it automatically attack the last chosen target.

slim76
2015-10-20, 20:01
Everything seems to work just fine, except the handshakes that I had no luck with today. Thank you.

- I pasted a previously cap hanshake in the /root/FrankenScript-Kali20/Captures/ , but when selecting the [v] = Validate Captured Handshake option, it automatically attack the last chosen target.

The validate handshake error is obvious don't you think. Lol
The validate option will only check a handshake that has just been captured, it doesn't check the capture files in the capture folder.

jar
2015-10-23, 01:09
Here's a Dropbox link as well:

https://www.dropbox.com/sh/7ampibg2mhg1nsd/AAD9TLyU-7XmArq1KTPoFXv0a?dl=0


FrankenScript-Kali20.tar.gz
File size: 86.5 KB
Uploaded: 2015-10-20 06:42:59
http://www.mediafire.com/download/cd6vgc8rj2071dc/FrankenScript-Kali20.tar.gz

Quest
2015-10-25, 22:24
^ ")


What's cooking monster maker?

slim76
2015-10-26, 11:40
^ ")


What's cooking monster maker?

Not much matey, I'm currently trying to add another function to FrankenScript. ;-)
So how are you getting on with the new version of FrankenScript?, any problems with it?.

Quest
2015-10-26, 12:17
I'm not using KL much, but like I've mentioned everything seems to work just fine, with the exception of the handshakes.

1. I did not know that I had to choose [s] to save a handshake. Now that I do, I find that a little unusual if you ask me.

2. Then when saving a handshake, the option [v] still automatically attack the last target instead of verifying it.

So I'm not understanding these two points.

On the positive, it is now possible to cap and save different handshakes from the same AP!! That's progress from previous version. Thanks :) On a side note, the last FS was DLd 20 times from my mediafire, and unrelated to FS, something tells me that there will be changes with the networkmanager(?) solely based upon incompatibility with aircrack-ng, and the confusion and dissatisfaction it generates.

So what's the new function??

fruchttiger00x0
2015-11-09, 22:32
Hey Slim, hey Quest

is it okay for pushing it to git? reason: i need some repos for putting this sweet tool to some postinstall scripting.

ok, actually i already prepared this under my profile so I hope you don't want to punish me for stealing your work :D
of course i will delete the repo if you want so, promise

https://github.com/fruchttiger00x0/FrankenScript

But if you like it then of course your commits will be highly welcome :)

Quest
2015-11-09, 22:49
it's about time that this project has a Github if you ask me, but let's wait for Slim input on the matter because it is his creation and I have nothing to do with it except complain about everything [insert evil laugh] ;)

Off topic but not by miles, imo, things are somewhat volatile, and I would wait for further dev before investing energy into it. FS was working just fine before they turned everything on its head, and we may not have seen the end of it.

fruchttiger00x0
2015-11-10, 01:00
Sure, we wait for slim
btw i took you to the creds ;)

Quest
2015-11-10, 01:53
you **** right! It's about time I get credits for my invaluable contribution!

loll

ravenwest
2015-11-11, 08:23
Hello.
I'm using FrankenScript for Kali2. My question is:
Does it include - 1) EAPOL Flood Attack; 2) Authentication Flood Attack ?
I haven't found it in the menu.

nexusnexus
2015-11-14, 11:34
Seems to work great on my Kali 2, Would it work if i install in on my Nexus 7 running nethunter?

Pippin
2015-11-14, 18:24
The -C switch in wash ignores FCS errors and IMHO should always be included as I always get them as I imagine others do.

slim76
2015-11-14, 20:50
@ fruchttiger00x0:
I don't mind you puttting it on github, but can you change the name slightly to include something to say that it has been modified by your self.

@ Quest:
Sorry for the late reply mate, To answer your earlier question I've been adding an automated attack feature. :-)

@ ravenwest:
I took those attack options out of FrankenScript a long time ago, sorry.

@ nexusnexus:
I do not use nethunter so I'm not sure, but I would guess it would work providing nethunter contained the same tools as kali-2.0.

@ Pippin:
The wash scan already uses the -C argument, it has used it since the start of FrankenScript.

Sorry if I missed anyone, and a big thank you to everyone.

I've nearly finished the interactive and automated wpa attacks, I'll upload the new version of FrankenScript soon for testing, if it is all good then I'll continue with the wep and wps attacks.

nexusnexus
2015-11-15, 00:41
Looking forward to the updates :-)

soxrok2212
2015-11-15, 19:48
Dang, almost 2 years and this project is still going strong! I remember when you first posted about it. Keep up the good work!

slim76
2015-11-16, 22:30
Dang, almost 2 years and this project is still going strong! I remember when you first posted about it. Keep up the good work!

Yeah I'm like a dog with a bone. (I can't let it go) LOL

Cheers for the support matey.

Quest
2015-11-22, 13:14
well you better hold on to your bone. Aircrack-ng 1.2 RC 3
https://bugs.kali.org/view.php?id=2862



...
Airmon-ng: Improved handling of non-monitor interfaces.
Airmon-ng: Fixed error when running 'check kill'.
...

slim76
2015-11-22, 14:15
well you better hold on to your bone. Aircrack-ng 1.2 RC 3
https://bugs.kali.org/view.php?id=2862

It shouldn't cause any problems for FrankenScript hopefully. LOL
I'll be uploading a nearly completed version of FrankenScript within the next few days, maybe sooner.

ravenwest
2015-11-22, 15:18
@ fruchttiger00x0:
I don't mind you puttting it on github, but can you change the name slightly to include something to say that it has been modified by your self.

@ Quest:
Sorry for the late reply mate, To answer your earlier question I've been adding an automated attack feature. :-)

@ ravenwest:
I took those attack options out of FrankenScript a long time ago, sorry.

@ nexusnexus:
I do not use nethunter so I'm not sure, but I would guess it would work providing nethunter contained the same tools as kali-2.0.

@ Pippin:
The wash scan already uses the -C argument, it has used it since the start of FrankenScript.

Sorry if I missed anyone, and a big thank you to everyone.

I've nearly finished the interactive and automated wpa attacks, I'll upload the new version of FrankenScript soon for testing, if it is all good then I'll continue with the wep and wps attacks.

So now this script can't bypass "Warning:detected AP rate limiting" error?

slim76
2015-11-22, 23:54
So now this script can't bypass "Warning:detected AP rate limiting" error?

I think the attack is too disruptive and too noticeable so I left it out of FrankenScript.
If you want to still use that attack method I'd suggest you download or create a script, then you could use the script via FrankenScript's built-in Script Launcher.

Quest
2015-11-23, 01:25
This might be an acceptable solution for locked APs, though I've never tried it. Here is a re-post...

https://forums.kali.org/showthread.php?23290-Implement-new-WPS-Pixie-Dust-Attack-into-Reaver&p=40956&viewfull=1#post40956

from the included help file..

...

The breakthrough came when MTeams turned their attention to WPS locked routers. It was soon discovered that a small number of WPS pins could be collected from some routers which wash and reaver reported as locked. Presumably no one was spending time attacking locked routers. After more testing, it was found that if these same WPS locked routers were subjected to short bursts of a mdk3 combination simultaneously, usually a mixture of DDOS and EAPOL, then the router would allow further pins to be harvested. In these cases the router did not reset, the WPS locking mechanism remained in place and sometimes the router changed channels. But what was important here was that more WPS pins could be collected. These routers would eventually stop providing pins, BUT if subjected to another dose of mdk3, the router would supply another batch of pins.

...



Maybe mmusket33 can shine on this?

slim76
2015-11-23, 01:36
This might be an acceptable solution for locked APs, though I've never tried it. Here is a re-post...

https://forums.kali.org/showthread.php?23290-Implement-new-WPS-Pixie-Dust-Attack-into-Reaver&p=40956&viewfull=1#post40956

from the included help file..



Maybe mmusket33 can shine on this?

I saw that some time ago, I think it's the same commands as the router reset method.
If I'm right then the only difference is that you still continue to try pins instead of giving up on the attack.
I could be very wrong on that cause I didn't read everything, I only had a quick browse through the info.

I've got some testing that needs doing soon if you're up for it?.

Quest
2015-11-23, 01:41
yes and mmusket33 never confirmed when I asked if that method does not reboot the AP. Then that thread was closed. Was always curious about that attack.

If it does not reboot the AP, then it's certainly interesting.

slim76
2015-11-23, 02:04
yes and mmusket33 never confirmed when I asked if that method does not reboot the AP. Then that thread was closed. Was always curious about that attack.

If it does not reboot the AP, then it's certainly interesting.

Like I said I could be wrong.
I think he was saying that some AP's that don't reset and lockup might still allow for more pins to be tried if you re-run the commands.
Oh and I think it does reset some AP's.

Quest
2015-11-23, 02:13
it's possible that I'm not reading this correctly. That would explain that he did not confirm about the AP not rebooting and the subsequent locking of that thread.

Quest
2015-11-23, 04:17
...
I've got some testing that needs doing soon if you're up for it?.

Testing my fav application under linux?..

I would like to install RC3 and try to run the present FS with it before anything else. If they brake my toys again I'm gonna be in a really bad mood. So yeah bring it on, but KL2.0.1 is scheduled for early December, and I don't see the point in having another version that will last two weeks.

Cheers!!


EDIT:

Can't install RC3, because when using the command line apt-get install, it's telling me that I already have the latest version, same for the package manager, and when trying to install manually, I'm missing dependencies, and those to are nowhere to be found or will lead to unreliable results (like the last time I installed RC2 for tests) making any test null and void. So waiting for the repos to update themselves so I can install and test.

slim76
2015-11-25, 17:01
Testing my fav application under linux?..

I would like to install RC3 and try to run the present FS with it before anything else. If they brake my toys again I'm gonna be in a really bad mood. So yeah bring it on, but KL2.0.1 is scheduled for early December, and I don't see the point in having another version that will last two weeks.

Cheers!!


EDIT:

Can't install RC3, because when using the command line apt-get install, it's telling me that I already have the latest version, same for the package manager, and when trying to install manually, I'm missing dependencies, and those to are nowhere to be found or will lead to unreliable results (like the last time I installed RC2 for tests) making any test null and void. So waiting for the repos to update themselves so I can install and test.

You might want to try again, I upgraded to aircrack RC3 and haven't noticed any issues as yet.

mw3demo
2015-11-25, 18:06
Can't install RC3, because when using the command line apt-get install, it's telling me that I already have the latest version, same for the package manager, and when trying to install manually, I'm missing dependencies, and those to are nowhere to be found or will lead to unreliable results (like the last time I installed RC2 for tests) making any test null and void. So waiting for the repos to update themselves so I can install and test.

Hey Quest,

rc3 is in the repos, I havent updated yet, so still on rc2. Did you
apt-get update && apt-get upgrade && apt-get dist-upgrade?


[root:~]# apt-cache policy aircrack-ng
aircrack-ng:
Installed: 1:1.2-0~rc2-0kali5
Candidate: 1:1.2-0~rc3-0kali1
Version table:
1:1.2-0~rc3-0kali1 0
500 http://http.kali.org/kali/ sana/main amd64 Packages
*** 1:1.2-0~rc2-0kali5 0
100 /var/lib/dpkg/status


Give the following a try to see what package you are on, and what is in the repos:
apt-get update
apt-cache policy aircrack-ng

For more info regarding a package and dependencies, use apt-cache show <package>. In this case with aircrack-ng:


[root:~]# apt-cache show aircrack-ng
Package: aircrack-ng
Version: 1:1.2-0~rc3-0kali1
Architecture: amd64
Maintainer: Carlos Alberto Lopez Perez <clopez@igalia.com>
Installed-Size: 3927
Depends: iw, wireless-tools, ethtool, usbutils, libc6 (>= 2.15), libgcrypt20 (>= 1.6.1), libnl-3-200 (>= 3.2.7), libnl-genl-3-200 (>= 3.2.7), libpcap0.8 (>= 0.9.8), libpcre3 (>= 1:8.35), libsqlite3-0 (>= 3.5.9), zlib1g (>= 1:1.1.4)
Recommends: ieee-data
Homepage: http://www.aircrack-ng.org/
Priority: optional
Section: net
Filename: pool/main/a/aircrack-ng/aircrack-ng_1.2-0~rc3-0kali1_amd64.deb
Size: 2682032
SHA256: 351541bab8b88d04598e6cb99eea35d5aac794f2c729b0a58a fb4110f123487f
SHA1: d6484e5d739995dcb6ef516cc6d9ee6d835bb0d8
MD5sum: 293f2143a0670f557a6594b2399fe2c1
Description: wireless WEP/WPA cracking utilities
aircrack-ng is an 802.11a/b/g WEP/WPA cracking program that can recover a
40-bit, 104-bit, 256-bit or 512-bit WEP key once enough encrypted packets
have been gathered. Also it can attack WPA1/2 networks with some advanced
methods or simply by brute force.
.
It implements the standard FMS attack along with some optimizations,
thus making the attack much faster compared to other WEP cracking tools.
It can also fully use a multiprocessor system to its full power in order
to speed up the cracking process.
.
aircrack-ng is a fork of aircrack, as that project has been stopped by
the upstream maintainer.
Description-md5: 9659071ca811e6a5bba38a9345409ece

Package: aircrack-ng
Status: install ok installed
Priority: optional
Section: net
Installed-Size: 1725
Maintainer: Carlos Alberto Lopez Perez <clopez@igalia.com>
Architecture: amd64
Version: 1:1.2-0~rc2-0kali5
Depends: iw, wireless-tools, ethtool, libc6 (>= 2.15), libgcrypt20 (>= 1.6.1), libnl-3-200 (>= 3.2.7), libnl-genl-3-200 (>= 3.2.7), libpcap0.8 (>= 0.9.8), libpcre3 (>= 1:8.35), libsqlite3-0 (>= 3.5.9), zlib1g (>= 1:1.1.4)
Recommends: ieee-data
Description: wireless WEP/WPA cracking utilities
aircrack-ng is an 802.11a/b/g WEP/WPA cracking program that can recover a
40-bit, 104-bit, 256-bit or 512-bit WEP key once enough encrypted packets
have been gathered. Also it can attack WPA1/2 networks with some advanced
methods or simply by brute force.
.
It implements the standard FMS attack along with some optimizations,
thus making the attack much faster compared to other WEP cracking tools.
It can also fully use a multiprocessor system to its full power in order
to speed up the cracking process.
.
aircrack-ng is a fork of aircrack, as that project has been stopped by
the upstream maintainer.
Description-md5: 9659071ca811e6a5bba38a9345409ece
Homepage: http://www.aircrack-ng.org/

Quest
2015-11-25, 18:07
It's ok now. Crash helped me out in the Kali General Use section, to install the **** thing, because after 24hrs of reading and trying different things I was about ready to blow a gasket...

Now that I got it installed, I beg to differ, and think something might be outta wack > FS/RC3 .

I will do more test with 3 different KL installations and comeback with a more comprehensive explanation, but for now I can tell you that when choosing an AP that is Pixie vulnerable and attacking it with the Pixie attack, the next time that the same AP is chosen, FS automatically attacks it with the Handshake, without any other attack possibility.

Moreover the scan results are somewhat messed up, but only for that AP, where instead of showing signal strength, it says "OPEN", which it is not.

Don't unbolt it yet until confirmation from someone else. I would hate to go onto another ghost hunt ;)

slim76
2015-11-25, 18:19
It's ok now. Crash helped me out in the Kali General Use section, to install the **** thing, because after 24hrs of reading and trying different things I was about ready to blow a gasket...

Now that I got it installed, I beg to differ, and think something might be outta wack > FS/RC3 .

I will do more test with 3 different KL installations and comeback with a more comprehensive explanation, but for now I can tell you that when choosing an AP that is Pixie vulnerable and attacking it with the Pixie attack, the next time that the same AP is chosen, FS automatically attacks it with the Handshake, without any other attack possibility.

Moreover the scan results are somewhat messed up, but only for that AP, where instead of showing signal strength, it says "OPEN", which it is not.

Don't unbolt it yet until confirmation from someone else. I would hate to go onto another ghost hunt ;)

Don't waste your time testing the last test version, try the new test version that I'll be uploading later tonight. :-)

Quest
2015-11-25, 19:04
Great!

Just for the record, after rebooting, everything was fine and the "problems" in post 452 above were not there anymore.

Forgot to exorcise that USB key I suppose. Glad that everything seems to work just fine and that this project can move forward, finally.

Quest
2015-11-25, 19:36
Hey just saw your post mw3demo,

That post delay is always throwing us off, but basically you are correct and thanks for the help!! I did not want to "apt-get update && apt-get upgrade && apt-get dist-upgrade" because the last time I tried that on a USB 2.0 it took forever. So I was a little nervous about that and tried to install some other way. Never got used to that repo / apt-get thingny, and probly never will, I prefer to DL packages where I can see what Im getting instead of working blind, but that is another story.

Welcome to the kitchen! =)

mw3demo
2015-11-25, 22:38
Well, that's a relief! I was starting to question my own sanity/memory regarding if I made the post or not, good to know. Glad you got everything working in the end, and thanks for the welcome. :)

Quest
2015-11-26, 13:26
Stick around for more 'WTH?' moments :) Though you are linux-wise and that will prevent you from being completely mystified like some are here :o Speaking of numnuts, I have "apt-cache policy" and "apt-cache show" copied in my notes now. Hopefully I will remember to use them next time ;)

@Slim standby for new/improved tools. A new Pixie from wiire on the way, and a new Reaver from t6_x, I would imagine. Interesting script from mmusket33 that I haven't tried also...
"Varmacscan2-0 an automatic multi-target reaver attack tool released"

slim76
2015-11-26, 21:26
FrankenScript For Kali-2.0 (Test Version) Updated 26/11/2015

Download Links:
http://multimirrorupload.com/iopj1184hfee/FS_Kali20.tar.gz

Notes:
This version doesn't have the WEP attacks setup yet, sorry.
I've added automated attack options.
Internet can be used while performing network attacks, Internet access would only be available during the automated attacks only.
FrankenScript works with aircrack-RC3.

Quest
2015-11-26, 21:36
FS_Kali20.tar.gz
File size: 44.49 KB
Uploaded: 2015-11-26 15:35:39

http://www.mediafire.com/download/swqr9bq82br1rrl/FS_Kali20.tar.gz

slim76
2015-11-26, 21:42
FS_Kali20.tar.gz
File size: 44.49 KB
Uploaded: 2015-11-26 15:35:39

http://www.mediafire.com/download/swqr9bq82br1rrl/FS_Kali20.tar.gz

You're getting quicker!!. lol
See it's not that much hassle to work out what to click on. PMSL

Quest
2015-11-26, 21:55
Slim, had to try 12 times / 3 different servers before it gave it to me. Some links flatly don't work others give a .exe. You as the uploader have a completely different experience than other I guaranty you. Erase your cookies and reboot your router to have a different IP, so you can pass as someone else, and you will see what a nightmare that place is. I'm not making this up.

PMSL ?.. what's that? is it contagious??

Oh I see! Well you won't once you really see what is going on that site. Try from another location/computer. If you can DL it within 6 tries I give you a brand new coconut.

slim76
2015-11-26, 23:07
Slim, had to try 12 times / 3 different servers before it gave it to me. Some links flatly don't work others give a .exe. You as the uploader have a completely different experience than other I guaranty you. Erase your cookies and reboot your router to have a different IP, so you can pass as someone else, and you will see what a nightmare that place is. I'm not making this up.

PMSL ?.. what's that? is it contagious??

Oh I see! Well you won't once you really see what is going on that site. Try from another location/computer. If you can DL it within 6 tries I give you a brand new coconut.

I tried from another computer and still managed to download it first time ;-), I downloaded it from RGhost.
Now where's my me coconut dude!!, I've not had cocnut for years. ;-( lol

You said something about pixiewps and reaver being updated, any idea what changes have or are being made to them?.

Quest
2015-11-26, 23:58
Yes, wiire is working on implementing "some features"
https://forums.kali.org/showthread.php?25018-Pixiewps-wps-pixie-dust-attack-tool&p=53012&viewfull=1#post53012
Then I suppose that t6_x will update reaver from that.

If you did not record the whole event of you DL it in one try from a different computer/line, then it didn't happen. The good news is that you can go buy yourself as many coconuts as you want. Did you know that Alzheimer's disease can be cured with coconuts?



Back on topic. I gave the last FS a spin and I hate it. I'm not a fan of automation, or a program deciding things for me as you may know.

- Make WPS attacks available after a Airodump scan (like it was). Now it goes into Hanshake mode automatically even if the target has WPS enebled.

- A more complete set of options to spoof the MAc (like it was). Now there is no option at all.

- Remove any automations (like it was). Let the user decide.

mw3demo
2015-11-27, 01:30
I think slim focused most of his time to implement the automation, telling him to flat out remove it sounds a lil' harsh. Why not have both? Let the user decide and move the automation to a seperate command like "auto". Will give it a test tomorrow, many thanks.

Quest
2015-11-27, 01:52
Nothing good will ever come out of automation for FS. Just use the auto-correct function in MS-Word as an example... If it was onboard a drone bound for a distant planet then yes, maybe I could see some uses for that, now I don't.

Let me re-state and add to this subject. Remove it and kill it with fire (nukes would work also).

slim76
2015-11-27, 05:53
Nothing good will ever come out of automation for FS. Just use the auto-correct function in MS-Word as an example... If it was onboard a drone bound for a distant planet then yes, maybe I could see some uses for that, now I don't.

Let me re-state and add to this subject. Remove it and kill it with fire (nukes would work also).

Blimey, are you ever happy with anything!!.
Use the interactive attack mode if you do want to use the automated attack option, problem solved. LOL
The automated attacks are here to stay, sorry.
You do have a point about mac changing though, I do plan do change it so the user can input any mac address they like.

slim76
2015-11-27, 05:59
I think slim focused most of his time to implement the automation, telling him to flat out remove it sounds a lil' harsh. Why not have both? Let the user decide and move the automation to a seperate command like "auto". Will give it a test tomorrow, many thanks.

It does contain both options already, I think Quest is having a blonde moment. LOL

nexusnexus
2015-11-27, 11:04
Seems to be working fine on my laptop, grabbed a virgin handshake very quickly :-)

Quest
2015-11-27, 13:09
It does contain both options already, I think Quest is having a blonde moment. LOL or I can spot a bad design a mile away. Bring it back the way it was before it got broken by upstream changes. Even the "interactive mode" is largely automated, stating with the spoof, and then deciding which attack to use following the scan type, Airodump - Wash. That's making all kinds of assumptions on the users and how they will decide to use it. So yeah mw3demo, "Let the user decide"!


FrankenScript, is a script designed to facilitate wireless network auditing under Linux on WEP and WPA/2 protected access points(APs) by liberating the user from the tedious task of building elaborated command lines, as some of these attacks can be quite complex, saving the Operator time and minimizing user input and errors.
Remove human error from the equation, not the human.

slim76
2015-11-27, 13:59
or I can spot a bad design a mile away. Bring it back the way it was before it got broken by upstream changes. Even the "interactive mode" is largely automated, stating with the spoof, and then deciding which attack to use following the scan type, Airodump - Wash. That's making all kinds of assumptions on the users and how they will decide to use it. So yeah mw3demo, "Let the user decide"!


Remove human error from the equation, not the human.

Dude you're contradicting yourself and not making sense. LOL

FrankenScript is meant to be largely automated, its largely automated so the user can avoid having to remember and type so many commands into the command line.
If it wasn't largely automated the user would have to remember and type many commands into the command line, this is where humans make errors.

I didn't make assumptions regarding selecting attacks, the attack options are based on the access points encryption or WPS status.
There isn't any point putting WPS attack options in the menu if the access point doesn't have WPS enabled.
It's the same with the WEP attacks, there isn't any point putting WEP attack options in the menu if the access point isn't WEP enabled.
And it's the same for WPA/WPA2 enabled access points that don't have WPS or do not support WEP encryption.
I'd also like to point out that you can also perform a handshake capture from the WPS attack menu.

slim76
2015-11-27, 14:02
Seems to be working fine on my laptop, grabbed a virgin handshake very quickly :-)

Happy to hear it's working ok for you mate, many thanks for the feedback.

Quest
2015-11-27, 15:01
Hey if all you want to hear is ppl reporting positives, then let me apologize(not really) for my more 'profound' and ideological feedback.


Dude you're contradicting yourself and not making sense. LOL
Either that or your missing the subtlety of thought.



FrankenScript is meant to be largely automated, its largely automated so the user can avoid having to remember and type so many commands into the command line. If it wasn't largely automated the user would have to remember and type many commands into the command line, this is where humans make errors.
There is a big difference between automation and assisting the user. FS already do most of the work by monitoring, spoofing, giving the user the correct BSSID and chanel, and some other routines that I could not be bothered with. The rest are choices based upon signal strength, model, intuition, experience and preferences, APs being on a case to case basis. Automation in any form removes those abilities. So naturally I object and roll on the floor.



I didn't make assumptions regarding selecting attacks, the attack options are based on the access points encryption or WPS status.
There isn't any point putting WPS attack options in the menu if the access point doesn't have WPS enabled.
It's the same with the WEP attacks, there isn't any point putting WEP attack options in the menu if the access point isn't WEP enabled.
And it's the same for WPA/WPA2 enabled access points that don't have WPS or do not support WEP encryption.
I'd also like to point out that you can also perform a handshake capture from the WPS attack menu.

Great! I have this AP that is Pixie vulnerable and after an Airodump scan, selecting that AP it automatically went into Handshake mode.

slim76
2015-11-27, 15:17
Hey if all you want to hear is ppl reporting positives, then let me apologize(not really) for my more 'profound' and ideological feedback.


Either that or your missing the subtlety of thought.


There is a big difference between automation and assisting the user. FS already do most of the work by monitoring, spoofing, giving the user the correct BSSID and chanel, and some other routines that I could not be bothered with. The rest are choices based upon signal strength, model, intuition, experience and preferences, APs being on a case to case basis. Automation in any form removes those abilities. So naturally I object and roll on the floor.



Great! I have this AP that is Pixie vulnerable and after an Airodump scan, selecting that AP it automatically went into Handshake mode.

I don't just want positive feedback, I welcome all feedback.
Yes the automated attack option is meant to do that.
You're free to use the command line or you could edit the script if it offends you that badly.

Quest
2015-11-27, 15:21
nah that's your department. Mine being the complaints department.

Anyways not here to argue, just want good software.

soxrok2212
2015-11-27, 20:49
I'm gunna agree with Quest. I rarely ever use automation (though I'm sure a lot of people do) but for the more advanced users looking to save a little time but still have control over what is happening, I'd agree to have a 'n00b' fully automated mode, and a 'l33t' advanced mode where the user has control over what happens.

slim76
2015-11-27, 23:42
I'm gunna agree with Quest. I rarely ever use automation (though I'm sure a lot of people do) but for the more advanced users looking to save a little time but still have control over what is happening, I'd agree to have a 'n00b' fully automated mode, and a 'l33t' advanced mode where the user has control over what happens.

Am I missing something??, there is two modes.

There is an interactive mode and the user can choose options, its the same attacks and options that has always been in FrankenScript so I'm confused as to why its suddenly become an issue.

The automated mode is new and doesn't allow the user to select options, if it allowed the user to select options it then wouldn't be an automated mode.

I really don't see what the problem is, if you dont like the automated attacks then use the original attacks and options (its not rocket science lol).

If I'm misunderstanding things then please explain more clearly.

slim76
2015-11-27, 23:48
NOTE:
I'm not going to strip things out of FrankenScript just because a couple of people don't think they'll use something, I actually find the automated attacks useful.
If you don't like something then don't use it, thats the whole point of having options.

I've tried my best to make FrankenScript useful to as many people as possible, but all I get in return is moaning.
From now on any changes to FrankenScript will be for my own benefit and not others, I'm not going to waste my time if its not appreciated.

Quest
2015-11-28, 00:02
here let me simplify things for you..

Now FrankenScript features two modes:

[1] Cretin mode
[2] Full idiot mode

How's that?

Speaking of "stripping out" things, what about bringing it back to what it was?.. as in many user options, not two modes designed for retarded 12 year olds LOL

slim76
2015-11-28, 00:08
here let me simplify things for you..

Now FrankenScript features two modes:

[1] Cretin mode
[2] Full idiot mode

How's that?

Speaking of "stripping out" things, what about bringing it back to what it was?.. as in many user options, not two modes designed for retarded 12 year olds LOL

Last time I'm going to say this.
The so-called [1] Cretin mode as you call it is the same mode as you've used in previous version FrankenScript, but now suddenly you have issues with it.

soxrok2212
2015-11-28, 00:43
Am I missing something??, there is two modes.

There is an interactive mode and the user can choose options, its the same attacks and options that has always been in FrankenScript so I'm confused as to why its suddenly become an issue.

The automated mode is new and doesn't allow the user to select options, if it allowed the user to select options it then wouldn't be an automated mode.

I really don't see what the problem is, if you dont like the automated attacks then use the original attacks and options (its not rocket science lol).

If I'm misunderstanding things then please explain more clearly.

Ah, I hadn't actually tried it, I've just been reading the comments and from what I understood it was aimed more at complete automation. Good that there are two modes then!

nexusnexus
2015-11-28, 00:53
Cant believe people can moan at somebody who spends their spare time on something that help others,
I for one am very happy just to get the chance to try the scripts that are available on these forums and hope they carry on creating them and sharing them.
Create your own scripts for Kali if Slims are not what you want.

Quest
2015-11-28, 01:03
it's called feedback nexusnexus, and that is what Slim came here for ;)

slim76
2015-11-28, 01:08
Cant believe people can moan at somebody who spends their spare time on something that help others,
I for one am very happy just to get the chance to try the scripts that are available on these forums and hope they carry on creating them and sharing them.
Create your own scripts for Kali if Slims are not what you want.

Cheers for the support mate, it's good to know you appreciate peoples efforts.

slim76
2015-11-28, 01:10
it's called feedback nexusnexus, and that is what Slim came here for ;)

I did ask for feedback, but I didn't ask for constant moaning.

Can we drop this now and move on please.

Quest
2015-11-28, 01:13
yup, Aye aye, sir! (watching an old series, Voyage to the bottom of the sea at the moment).

fruchttiger00x0
2015-11-30, 14:47
It takes just half an hour only to extract that archiv on my nexus nethunter xD
Is it some kind of interleaved or so?^^
But anyway, should i push it to git? Or maybe give you wright access?

edit: forget the part with the damaged archiv, my wget skills surprise me with html **** dressed in a .bz file ;)

slim76
2015-11-30, 19:56
It takes just half an hour only to extract that archiv on my nexus nethunter xD
Is it some kind of interleaved or so?^^
But anyway, should i push it to git? Or maybe give you wright access?

edit: forget the part with the damaged archiv, my wget skills surprise me with html **** dressed in a .bz file ;)

I used linux Archive-Manager without changing its settings to create the archive, It only takes a few seconds to unpack the archive on my desktop and laptop.

fruchttiger00x0
2015-12-01, 08:14
do not worry about, everything is fine. as i said i tried to wget the file from that hoster it pulls just a stupid FS_Kali20.tar.gz.html ^^
i was at work and behind a proxy. nethunter is my only choise. proxy is blocking all one-click hoster
btw. what do you think about a nethunter port. all dependencies are fullfield i guess. package for wmctrl is available. Only thing should be the preload. But looking at the nethunter repo, i would guess ist just a little adjustment. Just look at the wifite preload
https://github.com/offensive-security/kali-nethunter/blob/7912b7dc73751829b7be538c0ee4a3b551a5a8c5/flash/system/xbin/start-wifite

What do ya think, possible?

XanaRaquel
2016-01-11, 23:54
Hi,

got this error while doing the Automated attacks:


Attempting to deauthenticate client 00:AE:FA:XX:XX:XX...

18:40:38 Waiting for beacon frame (BSSID: 08:76:FF:XX:XX:XX) on channel -1
18:40:39 Sending 64 directed DeAuth. STMAC: [00:AE:FA:XX:XX:XX] [24|80 ACKs]
18:40:40 Sending 64 directed DeAuth. STMAC: [00:AE:FA:XX:XX:XX] [16|56 ACKs]
18:40:40 Sending 64 directed DeAuth. STMAC: [00:AE:FA:XX:XX:XX] [ 3|43 ACKs]
18:40:41 Sending 64 directed DeAuth. STMAC: [00:AE:FA:XX:XX:XX] [ 0|54 ACKs]

Checking for a handshake, this could take upto 30 seconds...

Attempting cowpatty handshake validation...
Cowpatty reported the handshake was valid.
Saving the handshake capture file to /root/Desktop/FrankenScript/Captures/XXX/00:AE:FA:XX:XX:XX_Mon-Jan-11-18:40:46-EST-2016_CowpattyChecked.cap.

Attempting pyrit handshake validation...
Traceback (most recent call last):
File "/usr/bin/pyrit", line 6, in <module>
pyrit_cli.Pyrit_CLI().initFromArgv()
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 115, in initFromArgv
func(self, **options)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 163, in new_f
f(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 447, in analyze
parser = self._getParser(capturefile)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 179, in _getParser
parser.parse_pcapdevice(dev)
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 600, in parse_pcapdevice
for pckt in reader:
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 500, in next
pckt = self.read()
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 488, in read
r = _cpyrit_cpu.PcapDevice.read(self)
IOError: libpcap-error while reading: truncated dump file; tried to read 16 captured bytes, only got 11
Pyrit reported the handshake was invalid.
Re-attempting pyrit handshake validation...
Traceback (most recent call last):
File "/usr/bin/pyrit", line 6, in <module>
pyrit_cli.Pyrit_CLI().initFromArgv()
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 115, in initFromArgv
func(self, **options)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 163, in new_f
f(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 447, in analyze
parser = self._getParser(capturefile)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 179, in _getParser
parser.parse_pcapdevice(dev)
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 600, in parse_pcapdevice
for pckt in reader:
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 500, in next
pckt = self.read()
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 488, in read
r = _cpyrit_cpu.PcapDevice.read(self)
IOError: libpcap-error while reading: truncated dump file; tried to read 16 captured bytes, only got 11
Pyrit reported the handshake was invalid.

Re-attempting to capture a handshake between access point XXX and client 00:AE:FA:XX:XX:XX...
Checking if the access point Thomson was detected
by airodump-ng, this could take upto 20 seconds...

Is it a problem with FS or Pyrit?

slim76
2016-01-12, 20:11
Hi,

got this error while doing the Automated attacks:


Attempting to deauthenticate client 00:AE:FA:XX:XX:XX...

18:40:38 Waiting for beacon frame (BSSID: 08:76:FF:XX:XX:XX) on channel -1
18:40:39 Sending 64 directed DeAuth. STMAC: [00:AE:FA:XX:XX:XX] [24|80 ACKs]
18:40:40 Sending 64 directed DeAuth. STMAC: [00:AE:FA:XX:XX:XX] [16|56 ACKs]
18:40:40 Sending 64 directed DeAuth. STMAC: [00:AE:FA:XX:XX:XX] [ 3|43 ACKs]
18:40:41 Sending 64 directed DeAuth. STMAC: [00:AE:FA:XX:XX:XX] [ 0|54 ACKs]

Checking for a handshake, this could take upto 30 seconds...

Attempting cowpatty handshake validation...
Cowpatty reported the handshake was valid.
Saving the handshake capture file to /root/Desktop/FrankenScript/Captures/XXX/00:AE:FA:XX:XX:XX_Mon-Jan-11-18:40:46-EST-2016_CowpattyChecked.cap.

Attempting pyrit handshake validation...
Traceback (most recent call last):
File "/usr/bin/pyrit", line 6, in <module>
pyrit_cli.Pyrit_CLI().initFromArgv()
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 115, in initFromArgv
func(self, **options)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 163, in new_f
f(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 447, in analyze
parser = self._getParser(capturefile)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 179, in _getParser
parser.parse_pcapdevice(dev)
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 600, in parse_pcapdevice
for pckt in reader:
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 500, in next
pckt = self.read()
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 488, in read
r = _cpyrit_cpu.PcapDevice.read(self)
IOError: libpcap-error while reading: truncated dump file; tried to read 16 captured bytes, only got 11
Pyrit reported the handshake was invalid.
Re-attempting pyrit handshake validation...
Traceback (most recent call last):
File "/usr/bin/pyrit", line 6, in <module>
pyrit_cli.Pyrit_CLI().initFromArgv()
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 115, in initFromArgv
func(self, **options)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 163, in new_f
f(*args, **kwds)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 447, in analyze
parser = self._getParser(capturefile)
File "/usr/lib/python2.7/dist-packages/pyrit_cli.py", line 179, in _getParser
parser.parse_pcapdevice(dev)
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 600, in parse_pcapdevice
for pckt in reader:
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 500, in next
pckt = self.read()
File "/usr/lib/python2.7/dist-packages/cpyrit/pckttools.py", line 488, in read
r = _cpyrit_cpu.PcapDevice.read(self)
IOError: libpcap-error while reading: truncated dump file; tried to read 16 captured bytes, only got 11
Pyrit reported the handshake was invalid.

Re-attempting to capture a handshake between access point XXX and client 00:AE:FA:XX:XX:XX...
Checking if the access point Thomson was detected
by airodump-ng, this could take upto 20 seconds...

Is it a problem with FS or Pyrit?

I believe the problem has something to do with pyrit and maybe the captured handshake.

XanaRaquel
2016-01-13, 01:43
I believe the problem has something to do with pyrit and maybe the captured handshake.
Ok, thanks. It's possible then to skip the WPA attack part of the automated mode and just do the "WPS magic"?

sud0
2016-10-18, 17:37
thanks for sharing and taking the time to make this. Very good job

Andow
2016-10-27, 05:30
Hello, I have read this whole 50 pages of thread. This sounds pretty promising and I plan on downloading and trying it out on my wps enabled router. I have a few questions before I get started.

Is there a specific Kali distro and FS that goes together for best results? I have an older Kali on my thumbdrive but am dling the newest kali2016.2 right meow.

I wish to either attempt to attack my wps or brute force the wpa2 psk. On the brute force attack is there a way to easily have it try only a certain length, numerical password? Since I know the router psk is numerical and how many digits already.

Thanks a lot for all the time spent on this and any help appreciated. I'm not a Linux expert but learn quickly. However as it stands I've only used aircrack to get passed wep and never wps or wpa2.