like this one appeared sometime this morning https://forums.kali.org/showthread.p...ll=1#post44766
like this one appeared sometime this morning https://forums.kali.org/showthread.p...ll=1#post44766
yes he's got another post after that one. I still don't understand his problem. Sounds like he did not install correctly?
masonman, Did you install FS by decompressing the archive in Home > double click on FrankenScript.sh > Run in the terminal ?
hmm strange.Quote:
ok when i pick
1] = Reaver.t6x + Pixiewps (Fixed Arguments)
it brings me to a list
[1] = Try Arguments(-a -P -K 1,2,3 -vv) Then (-a -K 1,2,3 -vv)
[2] = Try -a P -K 1 -vv (Ralink Chipset)
[3] = Try -a P -K 2 -vv (Broadcom Chipset)
[4] = Try -a P -K 3 -vv (Realtek Chipset)
[5] = Try -a K 1 -vv (Ralink Chipset)
[6] = Try -a K 2 -vv (Broadcom Chipset)
[7] = Try -a K 3 -vv (Realtek Chipset)
[8] = Try -a W 1 -vv (Belkin)
[9] = Try -a W 2 -vv (D-Link)
[r] = Return To The Main WPS Attack Menu
[p] = Proceed To Attack The Next Target, Or Quit WPS Attacks
all of these that i try from 1 to 9 gives me this
/root/FrankenScript_Portable/Scripts/attack_wps.sh: line 603: /root/FrankenScript_Portable/Reaver/: Is a directory
i have my folder in Home and everything else works but this.??
@ masonman
Use this test version and then post what the line under WPS Check Point 1 says, please.
http://www13.zippyshare.com/v/UtDGd1gJ/file.html
@ Quest
Can you test this version too please. :-)
there are no check points, and the deauth packets option still don't work. Other than that I don't see anything.
[1] = Try Arguments(-a -P -K 1,2,3 -vv) Then (-a -K 1,2,3 -vv), works here. Though cannot really test as I never had luck with the whole pixie thing, and therefore cannot compare, and confirm that it is working. nuroo might be able to.
hi slim76, yes i tried your test one,and i cant get even the scans to show,
@Quest yes i extracted the tar file into my home folder,and then opened it up in terminal,everything works except what i posted above bud.weird.
i tried your test one ,it showed me my scans now, it didnt before,but its the same result as the other frankenscript i used,im just registered here so my posts takes a long time to get to you ,i understand :)
I just checked the deauth options and found the problem, i did fix it but I uploaded the wrong version.
I'm scrapping the test version and sticking to just one version from now on.
I hope to have everything fixed by tonight, I've added some other functions/options and will upload it once its finished.
pixiewps 1.1 https://forums.kali.org/showthread.p...ll=1#post44817
and a reaver-wps-fork-t6x https://github.com/t6x/reaver-wps-fork-t6x
Heres the latest version.
FrankenScript_Portable.3rd.May.2015.tar.gz:
http://www12.zippyshare.com/v/0tnn263D/file.html
I plan to make some changes to the attacks next. :-)
1. The handshake works, thank you =]
2. If I capture more than 1 handshake from different clients connected to the same AP, the latest handshake crushes the previous one? So it's not possible to capture more than 1 handshake per AP? Keep the MAC of the client rather than the name of the AP for the cap file name maybe? Or XXXXX.cap, XXXXX2.cap, XXXX3.cap? Or separate folders?
3. It's easy to loose a handshake by mistake if choosing [2] = Pyrit Handshake Validation > [1] = Check For A Good Handshake, because 90% of the time it wont pass that check and the handshake will be evaporated. So it would be better to keep the validation in a separate process because...
4. The validation process should be available on the main menu from the start. The user should be able to verify any cap file at anytime.
Cheers!Quote:
############# Main Menu ##############
#
# [1] = Scans & Attacks
# [2] = View Recovered Passkeys
# [3] = Handshake Validation
# [4] = Update Backup Archives
# [5] = Reinstall FrankenScript Apps
#
# [q] = Exit FrankenScript
#
######################################
Please choose an option: 3
I see your point about not being able to target and store multiple handshakes, I'll look into capturing and storing multiple handshakes soon.
Regarding the Pyrit handshake check,:
The pyrit handshake check you mention only checks for a good handshake, so you need a good handshake to pass the check.
(try getting closer to the access poin If you're getting bad handshakes)
The other pyrit handshake check option might be the option you want, it checks for a good or workable handshake, or can you use the cowpatty check.
For the reason above I won't be changing the pyrit option.
Putting a handshake validation option on the main menu doesn't make sense to me.
FrankenScript offers the option to validate the handshake after one has been captured, doing it this way saves the user time as they wouldn't need to scan for a target again or setup their system to perform another capture.
FrankenScript only captures and stores the handshakes, it doesn't offer an option to crack them yet.
So why would you want to skip the original check?, and why would you want to check it later?.
For experiments purposes. Especially considering that if I run a check at the end of the routine it will not save that cap file.
it's good that the routine offers the choice to verify the .cap file, or not. But for some, verifying a .cap is a separate process, especially is you add .cap files from a different source and would like to check them. Then it is not possible to run a cap file check with FS, as that option is not there.
have you seen that post Slim..
https://forums.kali.org/showthread.p...ll=1#post44838
FrankenScript doesn't directly interact with pixiewps, t6x's reaver mod does that job and does it nicely too. :-)
FrankenScript only interacts with t6x's reaver mod, so hopefully t6x will add something for the -f into his version of reaver.
FrankenScript will only deal with things its processed by its self, so if you captured a handshake using other means FrankenScript wont check it.
Why wouldn't you just use FrankenScript to capture the handshake in the first place, what situation would involve capturing a handshake using other means and then needing FrankenScript to check it?.
I might want to use different means of capping then regroup all .cap in one place and/or want to verify those .cap at a later time. More options = better.
https://forums.kali.org/showthread.p...ll=1#post43900
I luv information gathering, if you could bring FS to scan like above as an option, for each AP, after a normal wash, that would be cool.Quote:
wash -i mon0 -g -c 2
XX:XX:XX:XX:XX:XX| 1|-68|1.0|No |AAA| D-Link| DIR-615
XX:XX:XX:XX:XX:XX| 1|-58|1.0|No |CCC| ASUSTeK Computer Inc.| RT-N56U
Also, the new Airodump totally rocks. If you could extract Airodump from the Aircrack-ng suite, and make it work with FS..
https://forums.kali.org/showthread.p...ll=1#post44149
wow major turn of events here.. https://bugs.kali.org/view.php?id=2219&nbn=2#bugnotes
https://www.kali.org/penetration-tes...ck-ng-updates/Quote:
Aircrack-ng v1.2 RC2 Update
Aircrack-ng is the de facto penetration tool suite – essential for any wireless penetration tests or assessments. In this latest Aircrack-ng release, amongst the normal bug fixes and code improvements there has been a significant change to airmon-ng, the tool used to put wireless cards into monitor mode. Other new and notable features are that airtun-ng is now able to decrypt WPA as well as several new airodump-ng flags, such as – -wps and – -uptime.
In reaver 1.5.2, only -K1 is necessary. reaver now automatically does -K2,3.............
no need to have your script execute -K1,2,3 >>> just -K1Code:-K --pixie-dust=<number> [1] Run pixiewps with PKE, PKR, E-Hash1, E-Hash2 and E-Nonce (Ralink, Broadcom, Realtek)
In reaver 1.5.2 the -W1 and -W2 options are only for specific brands (belkin and dlink?). In my opinion the possible pins should not be displayed unless user attacking those brands, otherwise confusing.
As of reaver 1.5.2, user still must notice if new pixiewps 1.1 thinks router may be vulnerable to -f option, then try it manually. So that response should showed to user.
##############
If the user decides he wants a spoof/random mac address, does your script also pass the -m option to reaver
ie:
reaver -i mon0 -b 00:11:22:33:44:55:66 -m 11:00:11:00:11:00 -vv -S -N -K1
also in aireplay, the -h option:
aireplay-ng -1 6000 -o 1 -q 10 -e teddy -a 00:11:22:33:44:55:66 -h 11:00:11:00:11:00 mon0
I recommend for mac filtering routers. Reaver will still pass the real mac if above -m not used......
yes Slim will have to re-write everything again I suppose. All good though, and better now than later. I worry abit about massive confusion until K1.1.1 comes out, as some will not see the same things and have different results. Though we inadvertently provided Slim with a practice run with that Wash Scan Results 50 posts episode.
Thanks for the feedback. Did you have any luck with that FS pixie attack? Can you confirm that it works?
Actually I did not. I got some association errors, from reaver. Against routers that were in range, and just attacked with command line. Could have been my fault. I will double check my process.
Curious to why Frankenstein insist on installing reaver and pixie---- i had latest versions already!! Plus no confirmation to install, Slim luv confirmation?
oh it does not install them, just decompress them in the FrankenScript_Portable. It does not change anything, but avoids the user from installing them if not installed.
Ok thanks for checking that for me because I don't have a pixie vulnerable AP, and therefore cannot really test that attack. Cheers!!
Oh ok That is brilliant idea. Save user from having to have preinstalled. And insure script has helper apps it needs. +A
Now when script ask if I want to update archive, ill know it only means it's archive copies.
@ Quest
I'm currently rewriting the wpa attack script, I think you might be happy with this next one if all goes to plan. LOL
I was enjoying that latest version of FS. The new Aircrack-ng, kinda put the brakes on my fun level. The two not being compatible. Still it's for the best, and I'm sure you will bring the creature, also known as Frank, back from the dead,.. again!
RIP mon0. You will be missed :)
Not at my computer at the moment. Can Frankenscript declock hide access points using client macs that may be connected during its scanning?
Older version of wifite, by Brian pow on github does it well. I was surprised by how many "hidden routers" it found.
Killer feature, what u guys think......lol adding extra work
oh yes, and that falls right in the information gathering category, so naturally I'm all for it.
I've got FrankenScript working with the new airmon-ng, but I'm having trouble capturing the wps info from the new airodump-ng.
When I manage to solve the airodump issue I'll upload the new version of FrankenScript. :-)
I receive an error: No usable WiFi devices were found, please fix the issue before running FrankenScript again. Is this talked about earlier in the threads? If not, what should i do?
I'm experimenting with salt, garlic and besside-ng. What makes it interesting other than being a nasty little monster, is that it come with its own .cap file cleaning "Crawler"http://www.aircrack-ng.org/doku.php?id=besside-ngQuote:
besside-ng-crawler <SearchDir> <CapFileOut>
It's not included in the Aircrack-ng 1.2 though. Have to download Aircrack-ng SVN version.
EDIT: meh it doesn't seem to do anything right.
Greet news that FrankenScript supports new aircrack because as u know, Kali officially upgraded its aricrack-ng to the newest version.
@slim
using wash maybe alot easier to parse, especially with -P option. It was intended for use by programmers, scriptwriters, embedded systems, etc., (also great on my netbook)
> wash -i mon0 -P -c1
Code:00:00:00:00:70:2A| 1|-58|1.0|No |marg000000
00:00:00:00:AA:70| 1|-53|1.0|No |TG100000
00:00:00:00:15:00| 1|-58|1.0|No |TG10000
00:00:00:00:B4:7E| 1|-47|1.0|No |Leaf 0000000
00:00:00:00:AF:20| 1|-58|1.0|No |DG00000
00:00:00:00:93:CA| 1|-55|1.0|No |702
00:00:00:00:76:90| 1|-52|1.0|No |DG100000
Hey Slim!
he probably updated his Kali installation. That's what I'm getting also.
you know what.. I've been thinking that it might be better for Frank to have its own Aircrack-ng, and run everything internally, independently. Otherwise it will be a huge mess until K1.1.1 comes out, or even way after it has.
That message up there from smittyrock_1, you will get alot of the same.