- Chosen_AP_Line.txt
- Scanned_APs.txt
I choose to exit with [q] at the end. After an attack or after simply after scanning and choosing an AP.
Printable View
- Chosen_AP_Line.txt
- Scanned_APs.txt
I choose to exit with [q] at the end. After an attack or after simply after scanning and choosing an AP.
Scanned_APs.txt isn't meant to be deleted, but it does get overwritten each time you do a scan.
Chosen_AP_Line.txt I just didn't write a delete option for it, it doesn't effect anything as it get overwritten too.
Everything else excluding the Handshake_Cracking folder should get deleted.
Note:
Attack temp files won't be deleted while running two or more of the same attacks at the same time, the files will remain until the attacks have finished.
I certainly do! made one to automatically install cudahashcat because I'm impatient and didn't want to wait for the latest release to appear in the repo.
I'm going to install everything in the /usr/share folder and have /usr/bin links so users can call frankenscript with the 'frankenscript' command in bash. The catch is, you are normally using /root/ (or $USER, I have not checked.) and you will need to replace instances of $USER or /root/ with /usr/share/frankenscript/
1. make a folder with name based on the release (i'll assume its in your home directory)
2. Make some folders for the scripts that will let frankenscipt be called with the bash command 'frankenscript' and somewhere to install the software.Code:cd ~
mkdir frankenscript_3.0-1
3. Make the script to launch frankenscript from bashCode:mkdir frankenscript_3.0-1
mkdir -p ./usr/bin/
mkdir -p ./usr/share/frakenscript
4. Make it executableCode:cd ./usr/bin/
cat <<EOF > frankenscript
#!/bin/bash
cd /usr/share/frankenscript/ && ./FS3.sh "$@"
EOF
5. Put frankenscript in it's new homeCode:chmod +x frankenscript
For this version, you will need to fix the script flags (add +x, but I'm sure you know how to do that)Code:cd ../share/frankenscript/
unrar -x FS3*.rar
rm FS3*.rar
mv FS3/* .
6. Move back to the parent folder (frankenscript_3.0-1) and make the metadata files
7. Update the metadata file (this is altered each time you make changes)Code:cd ../../../
mkdir DEBIAN
cd DEBIAN
8. Build the debCode:cat <<EOF > control
Package: frankenscript
Version: 3.0-1
Section: base
Priority: optional
Depends:
Maintainer: Slim <[email protected]>
Description: This script allows holistic wireless penetration testing
for kali linux
systems
EOF
9. It can now be installed withCode:cd ../../
dpkg-deb --build frankenscript_3.0-1
10. Or removed with the following (note the name is the name set in the /DEBIAN/control field 'package' Package: frankenscriptCode:dpkg -i frankenscript_3.0-1.deb
Code:dpkg -r frankenscript
Good stuff!
i do not want to muddy the water at this point, but, let's put some thought into this.
- me thinks it would easier to invoke FS with 'franken' only, and also, as it will no longer be considered as a simple script as it was before.
It's like calling Wifite, 'wifitescript'.
thoughts?
@ staticn0de
I've managed to successfully pack FrankenScript into an installable .deb file. :-)
Many thanks for your help mate.
I've had a quick look into hashcat but couldn't get it working using a mask file.
If anyone could help I'd be most greatful.
This worked:
hashcat -m 2500 -a 3 XXXXX.hccap ?d?d?d?d?d?d?d?d
This didn't work:
hashcat -m 2500 -a 3 XXXXX.hccap Default.hcmask
Here's the output:
Code:Initializing hashcat v0.47 by atom with 8 threads and 32mb segment-size...
Added hashes from file XXXXX.hccap: 1 (1 salts)
Activating quick-digest mode for single-hash with salt
NOTE: press enter for status-screen
Input.Mode: Mask (D) [1]
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Input.Mode: Mask (De) [2]
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Input.Mode: Mask (Def) [3]
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Input.Mode: Mask (Defa) [4]
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Input.Mode: Mask (Defau) [5]
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Input.Mode: Mask (Defaul) [6]
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Input.Mode: Mask (Default) [7]
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Input.Mode: Mask (Default.) [8]
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Input.Mode: Mask (Default.h) [9]
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Input.Mode: Mask (Default.hc) [10]
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Input.Mode: Mask (Default.hcm) [11]
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Input.Mode: Mask (Default.hcma) [12]
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Input.Mode: Mask (Default.hcmas) [13]
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Input.Mode: Mask (Default.hcmask) [14]
Index.....: 0/1 (segment), 1 (words), 0 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: - plains, - words
Progress..: 1/1 (100.00%)
Running...: --:--:--:--
Estimated.: --:--:--:--
Started: Sat Oct 4 23:26:04 2014
Stopped: Sat Oct 4 23:26:04 2014
Edit: you're using hashcat, not ocl/cuda?
Hey Slim,
below are two syntax I'm using. The .hccap and .hcmask files being in FrankenScript2/wildHashcat/
?l?u?d,?u?l,?2?l?l?l?1?1?1?1 = min8 max8 | 1 uppercase and lowercase | 3 lowercases | 4 all characters no symbols
8=1Capandlower-3lower-4allnosymbols.hcmaskCode:cd /usr/share/cudahashcat/ && ./cudaHashcat64.bin -w 3 -t 10 -m 2500 /root/FrankenScript2/wildHashcat/capture.hccap -a 3 /root/FrankenScript2/wildHashcat/8=1Capandlower-3lower-4allnosymbols.hcmask
content of that .hcmask
Code:?l?u?d,?u?l,?2?l?l?l?1?1?1?1
sammange
Cabo2012
bali35dC
?l?u?d,?d?d?d?d?1?1?1?1 = min8 max8 | 4 numbers |*4 all characters no symbols
8=4numbers-4allnosymbols.hcmaskCode:cd /usr/share/cudahashcat/ && ./cudaHashcat64.bin -w 3 -m 2500 /root/FrankenScript2/wildHashcat/capture.hccap -a 3 /root/FrankenScript2/wildHashcat/8=4numbers-4allnosymbols.hcmask
content of that .hcmask
Code:?l?u?d,?d?d?d?d?1?1?1?1
87654321
1221JP69
1975Jack
if I may suggest, sub-contract that portion to staticn0de.
Rap it up, then staticn0de can ship it right back at you with oclHashcat implemented.
Of course I can help.
What do you want to see? This is what i am guessing.
Maybe a menu option (can be burried in the hascat menu) that lets the user select if they use hashcat, oclhashcat or cudahashcat. Depending on the option they select, it can set an option in a file (perhaps /etc/franken.conf) that will make frankeknscript no longer prompt for what they are using. Another menu option will let the user change their selection.
I can make it check it hashcat / oclhashcat is installed and if it isn't ask if the user wants it.
cudahashcat is harder as it's not in the repo. It can link back to my deb I made, otherwise the user will need to download and manually install it.
my friend to the rescue!
I would not deal with installation of ocl/cuda at all. FS is not a software installation program. Don't go there. Plus as you've mentioned, it's a little too tricky. Let the user deal with that separately.
for the menu, yes,
hashcat
oclhashcat
cudahashcat
after selection maybe
convert .cap into .hccap?
then
select the length of the password:user input 8 9 10 ??
Let's see what you come up with....
do we want to cover the whole hashes spectrum, or stay within WPA/2 only? Would be nice to cover every possibility but that's alot of work...
http://hashcat.net/wiki/doku.php?id=oclhashcatQuote:
* Generic hash types:
0 = MD5
10 = md5($pass.$salt)
20 = md5($salt.$pass)
30 = md5(unicode($pass).$salt)
40 = md5($salt.unicode($pass))
snip
2500 = WPA/WPA2
snip
8900 = scrypt
9000 = Password Safe v2
9100 = Lotus Notes/Domino 8
* Specific hash types:
11 = Joomla < 2.5.18
12 = PostgreSQL
snip
3711 = Mediawiki B type
62XY = TrueCrypt 5.0+
snip
staticn0de,
Here are the .hcmask I'm using (descriptive name of the file and content of that file). I do believe that it would be a good starting point for any user. FS, however, should be able to go into the wildHashcat folder and bring up any .hcmask file it finds.
8=1Capandlower-3lower-4allnosymbols.hcmask
8=4numbers-4allnosymbols.hcmaskCode:?l?u?d,?u?l,?2?l?l?l?1?1?1?1
9=1Capandlower-4lower-4allnosymbols.hcmaskCode:?l?u?d,?d?d?d?d?1?1?1?1
9=5numbers-4allnosymbols.hcmaskCode:?l?u?d,?u?l,?2?l?l?l?l?1?1?1?1
10=1Capandlower-5lower-4allnosymbols.hcmaskCode:?l?u?d,?d?d?d?d?d?1?1?1?1
10=6numbers-4allnosymbols.hcmaskCode:?l?u?d,?u?l,?2?l?l?l?l?l?1?1?1?1
Code:?l?u?d,?d?d?d?d?d?d?1?1?1?1
Slim,
Quote:
The captured handshake is bad, the file will be deleted.
[1] = Retry attack.
[q] = Exit attack.
Please choose an option?:
can anyone else reproduce this?
really?
- I've not had 1 good handshake with FS3
- That never happened, not once, with previous versions
completely mystified and skeptic here :confused:
what about that?..
Quote:
[1] = Basic Set Amount (Is set to send 4 deauth-requests).
[2] = Custom Amount (Input an amount of deauth-requests to send).
[q] = Clean & Exit Script.
Please choose an option: 2
Quote:
Input the amount of deauthetication requests to send: 8
Invalid destination MAC address.
"aireplay-ng --help" for help.
Invalid destination MAC address.
"aireplay-ng --help" for help.
Checking for a handshake every 7 seconds...
Invalid destination MAC address.
"aireplay-ng --help" for help.
Checking for a handshake every 7 seconds...
something is outa wack =( not getting anywhere with handshakes.
actually, 1 or 2 has the same result...
Quote:
##############################################
# [1] = Deauthenticate all connected clients #
# [2] = Deauthenticate a specific client #
##############################################
# [s] = Return To Scanned AP's #
# [m] = Return To Main Menu #
# [q] = Clean & Exit Script #
##############################################
Quote:
Chosen Target:
Fibertel WiFiXXX 20:25:64:XX:XX:XX Signal-44.dBm WPA2_WPA_AES-CCM_TKIP Channel-11
Please choose an option: 1
Quote:
[1] = Basic Set Amount (Is set to send 4 deauth-requests).
[2] = Custom Amount (Input an amount of deauth-requests to send).
[q] = Clean & Exit Script.
Please choose an option: 1
Quote:
The captured handshake is bad, the file will be deleted.
[1] = Retry attack.
[q] = Exit attack.
Please choose an option?
Thanks for looking into it :)
@ Quest
Try this one.
http://mir.cr/UK5C8P1J
@ staticn0de
Here you go, can you only edit the Attack_Capture_Files.sh file please.
I've created the menu options and such, could you fill in the rest please.
http://mir.cr/UK5C8P1J
I would but...
Quote:
root@kali:~# dpkg -i FrankenScript_v3.1.deb
dpkg: error processing FrankenScript_v3.1.deb (--install):
package architecture (i386) does not match system (amd64)
Errors were encountered while processing:
FrankenScript_v3.1.deb
root@kali:~#
nice! :cool: but now... how do you start the **** thing?Quote:
root@kali:~# dpkg -i FrankenScript_v3.1.deb
Selecting previously unselected package fs3.
(Reading database ... 372400 files and directories currently installed.)
Unpacking fs3 (from FrankenScript_v3.1.deb) ...
Setting up fs3 (3.1) ...
root@kali:~#
Quote:
root@kali:~# fs3
bash: fs3: command not found
root@kali:~# franken
bash: franken: command not found
root@kali:~# frankenscript
bash: frankenscript: command not found
This repackage should work for everyone.
http://mir.cr/1V6BDGMX
You start FrankenScript by typing fs3.sh
Thank you DL niowwwwwww
What's the correct syntax to remove the previously installed .deb?
I think that repack was bad too, I just re-editted the repack download link with the new repack.
Download it again from the editted link.
confirmed. I've reinstalled my kali image, and this is what I got
DL the second new .deb nowQuote:
root@kali:~# dpkg -i FrankenScript_v3.1_0.deb
dpkg: error processing FrankenScript_v3.1_0.deb (--install):
package architecture (any) does not match system (amd64)
Errors were encountered while processing:
FrankenScript_v3.1_0.deb
- packaging check
- permissions check
- scans check
same problem for creating a .cap
Quote:
##############################################
# [1] = Deauthenticate all connected clients #
# [2] = Deauthenticate a specific client #
##############################################
# [s] = Return To Scanned AP's #
# [m] = Return To Main Menu #
# [q] = Clean & Exit Script #
##############################################
Chosen Target:
Telecentro 8C:04:FF:XX:XX:XX Signal-72.dBm WPA2_AES-CCM_TKIP Channel-6
Please choose an option: 2
Quote:
[1] = Choose A Visable Client To Deauthenticate.
[2] = Input A Client To Deauthenticate.
[q] = Clean & Exit Script.
Please choose an option: 1
Quote:
Connected Clients:
1: 40:6F:2A:62:FD:7F
2: 44:6D:57:A4:FA:38
3: 7C:E9:D3:82:2F:92
4: 44:33:4C:BD:27:49
NOTE: Press the Enter button to refresh the client list.
[q] = Clean & Exit Script.
Input the number of a client or choose an option: 2
Quote:
[1] = Basic Set Amount (Is set to send 4 deauth-requests).
[2] = Custom Amount (Input an amount of deauth-requests to send).
[q] = Clean & Exit Script.
Please choose an option: 2
Quote:
Input the amount of deauthetication requests to send: 8
i don't understand this as I never had problems with hanshakes and creating a .cap with FSQuote:
The captured handshake is bad, the file will be deleted.
[1] = Retry attack.
[q] = Exit attack.
Please choose an option?:
same with [1] = Deauthenticate all connected clients
Quote:
[1] = Basic Set Amount (Is set to send 4 deauth-requests).
[2] = Custom Amount (Input an amount of deauth-requests to send).
[q] = Clean & Exit Script.
Please choose an option: 1
The captured handshake is bad, the file will be deleted.
[1] = Retry attack.
[q] = Exit attack.
Please choose an option?:
but Slim, I never had such problems.
I'm absolute 0/100. I could not have a handshake with FS3 to save my life.
can anyone confirm this?
I just rechecked and noticed I'm having big issues too.
It only seems to happen with some APs/Networks, I could capture a handshake from a certain AP earlier but can't capture from the same AP now.
It's strange cause I didn't change anything since the last time I captured a good handshake.
I'll continue to try and resolve the issue asap.
@ staticn0de
Hope you have better luck than I'm having, stupid thing is getting the better of me. LOL
just glad that i didn't have to check-in to the local mental hospital.
All part of R&D :D Had the same happened to me numerous time, where things would work, then, they would not.
Whatever, I'm really thankful for the time you two put in to this. THANKS
:cool:
Hey guys,
First problem, when I run a wash scan I was getting smashed with
[!] Found packet with bad FCS, skipping...
[!] Found packet with bad FCS, skipping...
[!] Found packet with bad FCS, skipping...
[!] Found packet with bad FCS, skipping...
[!] Found packet with bad FCS, skipping...
[!] Found packet with bad FCS, skipping...
[!] Found packet with bad FCS, skipping...
Changed line 575 of FS3.sh to xterm -geometry 111x23+0+350 -l -lf $HOME/FS3/Temp_Working_Dirctory/Wash_Network_Scan.txt -e wash -i $monX -C &
and it was fixed.
I can capture handshakes again, not sure if I solved the problem or if I'm just getting lucky. LOL
Try the following:
Open Deauthenticate_all_clients.sh and edit line number 448
From this:
kill $Kill_Airodump_All_Clients
To this:
sleep 5
kill $Kill_Airodump_All_Clients
sleep 5
Then open Deauthenticate_a_specific_client.sh and edit line number 518
From this:
kill $Kill_Airodump_Specific_Client
To this:
sleep 5
kill $Kill_Airodump_Specific_Client
sleep 5
Please let me know if it solves the problem.
have not tried it, will wait for the next .deb, but that sounds about right to give the process more time to execute. It was way too quick or missing a step(?)
Can you reverse engineer the last FS2(the one in the first post) Slim? Everything was fine for cap handshakes with that version.