It shouldn't cause any problems for FrankenScript hopefully. LOL
I'll be uploading a nearly completed version of FrankenScript within the next few days, maybe sooner.
This might be an acceptable solution for locked APs, though I've never tried it. Here is a re-post...
https://forums.kali.org/showthread.p...ll=1#post40956
from the included help file..
Quote:
...
The breakthrough came when MTeams turned their attention to WPS locked routers. It was soon discovered that a small number of WPS pins could be collected from some routers which wash and reaver reported as locked. Presumably no one was spending time attacking locked routers. After more testing, it was found that if these same WPS locked routers were subjected to short bursts of a mdk3 combination simultaneously, usually a mixture of DDOS and EAPOL, then the router would allow further pins to be harvested. In these cases the router did not reset, the WPS locking mechanism remained in place and sometimes the router changed channels. But what was important here was that more WPS pins could be collected. These routers would eventually stop providing pins, BUT if subjected to another dose of mdk3, the router would supply another batch of pins.
...
Maybe mmusket33 can shine on this?
I saw that some time ago, I think it's the same commands as the router reset method.
If I'm right then the only difference is that you still continue to try pins instead of giving up on the attack.
I could be very wrong on that cause I didn't read everything, I only had a quick browse through the info.
I've got some testing that needs doing soon if you're up for it?.
yes and mmusket33 never confirmed when I asked if that method does not reboot the AP. Then that thread was closed. Was always curious about that attack.
If it does not reboot the AP, then it's certainly interesting.
it's possible that I'm not reading this correctly. That would explain that he did not confirm about the AP not rebooting and the subsequent locking of that thread.
Testing my fav application under linux?..
I would like to install RC3 and try to run the present FS with it before anything else. If they brake my toys again I'm gonna be in a really bad mood. So yeah bring it on, but KL2.0.1 is scheduled for early December, and I don't see the point in having another version that will last two weeks.
Cheers!!
EDIT:
Can't install RC3, because when using the command line apt-get install, it's telling me that I already have the latest version, same for the package manager, and when trying to install manually, I'm missing dependencies, and those to are nowhere to be found or will lead to unreliable results (like the last time I installed RC2 for tests) making any test null and void. So waiting for the repos to update themselves so I can install and test.
Hey Quest,
rc3 is in the repos, I havent updated yet, so still on rc2. Did you?Code:apt-get update && apt-get upgrade && apt-get dist-upgrade
Give the following a try to see what package you are on, and what is in the repos:Code:[root:~]# apt-cache policy aircrack-ng
aircrack-ng:
Installed: 1:1.2-0~rc2-0kali5
Candidate: 1:1.2-0~rc3-0kali1
Version table:
1:1.2-0~rc3-0kali1 0
500 http://http.kali.org/kali/ sana/main amd64 Packages
*** 1:1.2-0~rc2-0kali5 0
100 /var/lib/dpkg/status
For more info regarding a package and dependencies, use apt-cache show <package>. In this case with aircrack-ng:Code:apt-get update
apt-cache policy aircrack-ng
Code:[root:~]# apt-cache show aircrack-ng
Package: aircrack-ng
Version: 1:1.2-0~rc3-0kali1
Architecture: amd64
Maintainer: Carlos Alberto Lopez Perez <[email protected]>
Installed-Size: 3927
Depends: iw, wireless-tools, ethtool, usbutils, libc6 (>= 2.15), libgcrypt20 (>= 1.6.1), libnl-3-200 (>= 3.2.7), libnl-genl-3-200 (>= 3.2.7), libpcap0.8 (>= 0.9.8), libpcre3 (>= 1:8.35), libsqlite3-0 (>= 3.5.9), zlib1g (>= 1:1.1.4)
Recommends: ieee-data
Homepage: http://www.aircrack-ng.org/
Priority: optional
Section: net
Filename: pool/main/a/aircrack-ng/aircrack-ng_1.2-0~rc3-0kali1_amd64.deb
Size: 2682032
SHA256: 351541bab8b88d04598e6cb99eea35d5aac794f2c729b0a58afb4110f123487f
SHA1: d6484e5d739995dcb6ef516cc6d9ee6d835bb0d8
MD5sum: 293f2143a0670f557a6594b2399fe2c1
Description: wireless WEP/WPA cracking utilities
aircrack-ng is an 802.11a/b/g WEP/WPA cracking program that can recover a
40-bit, 104-bit, 256-bit or 512-bit WEP key once enough encrypted packets
have been gathered. Also it can attack WPA1/2 networks with some advanced
methods or simply by brute force.
.
It implements the standard FMS attack along with some optimizations,
thus making the attack much faster compared to other WEP cracking tools.
It can also fully use a multiprocessor system to its full power in order
to speed up the cracking process.
.
aircrack-ng is a fork of aircrack, as that project has been stopped by
the upstream maintainer.
Description-md5: 9659071ca811e6a5bba38a9345409ece
Package: aircrack-ng
Status: install ok installed
Priority: optional
Section: net
Installed-Size: 1725
Maintainer: Carlos Alberto Lopez Perez <[email protected]>
Architecture: amd64
Version: 1:1.2-0~rc2-0kali5
Depends: iw, wireless-tools, ethtool, libc6 (>= 2.15), libgcrypt20 (>= 1.6.1), libnl-3-200 (>= 3.2.7), libnl-genl-3-200 (>= 3.2.7), libpcap0.8 (>= 0.9.8), libpcre3 (>= 1:8.35), libsqlite3-0 (>= 3.5.9), zlib1g (>= 1:1.1.4)
Recommends: ieee-data
Description: wireless WEP/WPA cracking utilities
aircrack-ng is an 802.11a/b/g WEP/WPA cracking program that can recover a
40-bit, 104-bit, 256-bit or 512-bit WEP key once enough encrypted packets
have been gathered. Also it can attack WPA1/2 networks with some advanced
methods or simply by brute force.
.
It implements the standard FMS attack along with some optimizations,
thus making the attack much faster compared to other WEP cracking tools.
It can also fully use a multiprocessor system to its full power in order
to speed up the cracking process.
.
aircrack-ng is a fork of aircrack, as that project has been stopped by
the upstream maintainer.
Description-md5: 9659071ca811e6a5bba38a9345409ece
Homepage: http://www.aircrack-ng.org/
It's ok now. Crash helped me out in the Kali General Use section, to install the **** thing, because after 24hrs of reading and trying different things I was about ready to blow a gasket...
Now that I got it installed, I beg to differ, and think something might be outta wack > FS/RC3 .
I will do more test with 3 different KL installations and comeback with a more comprehensive explanation, but for now I can tell you that when choosing an AP that is Pixie vulnerable and attacking it with the Pixie attack, the next time that the same AP is chosen, FS automatically attacks it with the Handshake, without any other attack possibility.
Moreover the scan results are somewhat messed up, but only for that AP, where instead of showing signal strength, it says "OPEN", which it is not.
Don't unbolt it yet until confirmation from someone else. I would hate to go onto another ghost hunt ;)
Great!
Just for the record, after rebooting, everything was fine and the "problems" in post 452 above were not there anymore.
Forgot to exorcise that USB key I suppose. Glad that everything seems to work just fine and that this project can move forward, finally.
Hey just saw your post mw3demo,
That post delay is always throwing us off, but basically you are correct and thanks for the help!! I did not want to "apt-get update && apt-get upgrade && apt-get dist-upgrade" because the last time I tried that on a USB 2.0 it took forever. So I was a little nervous about that and tried to install some other way. Never got used to that repo / apt-get thingny, and probly never will, I prefer to DL packages where I can see what Im getting instead of working blind, but that is another story.
Welcome to the kitchen! =)
Well, that's a relief! I was starting to question my own sanity/memory regarding if I made the post or not, good to know. Glad you got everything working in the end, and thanks for the welcome. :)
Stick around for more 'WTH?' moments :) Though you are linux-wise and that will prevent you from being completely mystified like some are here :o Speaking of numnuts, I have "apt-cache policy" and "apt-cache show" copied in my notes now. Hopefully I will remember to use them next time ;)
@Slim standby for new/improved tools. A new Pixie from wiire on the way, and a new Reaver from t6_x, I would imagine. Interesting script from mmusket33 that I haven't tried also...
"Varmacscan2-0 an automatic multi-target reaver attack tool released"
FrankenScript For Kali-2.0 (Test Version) Updated 26/11/2015
Download Links:
http://multimirrorupload.com/iopj118..._Kali20.tar.gz
Notes:
This version doesn't have the WEP attacks setup yet, sorry.
I've added automated attack options.
Internet can be used while performing network attacks, Internet access would only be available during the automated attacks only.
FrankenScript works with aircrack-RC3.
FS_Kali20.tar.gz
File size: 44.49 KB
Uploaded: 2015-11-26 15:35:39
http://www.mediafire.com/download/sw..._Kali20.tar.gz
Slim, had to try 12 times / 3 different servers before it gave it to me. Some links flatly don't work others give a .exe. You as the uploader have a completely different experience than other I guaranty you. Erase your cookies and reboot your router to have a different IP, so you can pass as someone else, and you will see what a nightmare that place is. I'm not making this up.
PMSL ?.. what's that? is it contagious??
Oh I see! Well you won't once you really see what is going on that site. Try from another location/computer. If you can DL it within 6 tries I give you a brand new coconut.
I tried from another computer and still managed to download it first time ;-), I downloaded it from RGhost.
Now where's my me coconut dude!!, I've not had cocnut for years. ;-( lol
You said something about pixiewps and reaver being updated, any idea what changes have or are being made to them?.
Yes, wiire is working on implementing "some features"
https://forums.kali.org/showthread.p...ll=1#post53012
Then I suppose that t6_x will update reaver from that.
If you did not record the whole event of you DL it in one try from a different computer/line, then it didn't happen. The good news is that you can go buy yourself as many coconuts as you want. Did you know that Alzheimer's disease can be cured with coconuts?
Back on topic. I gave the last FS a spin and I hate it. I'm not a fan of automation, or a program deciding things for me as you may know.
- Make WPS attacks available after a Airodump scan (like it was). Now it goes into Hanshake mode automatically even if the target has WPS enebled.
- A more complete set of options to spoof the MAc (like it was). Now there is no option at all.
- Remove any automations (like it was). Let the user decide.
I think slim focused most of his time to implement the automation, telling him to flat out remove it sounds a lil' harsh. Why not have both? Let the user decide and move the automation to a seperate command like "auto". Will give it a test tomorrow, many thanks.
Nothing good will ever come out of automation for FS. Just use the auto-correct function in MS-Word as an example... If it was onboard a drone bound for a distant planet then yes, maybe I could see some uses for that, now I don't.
Let me re-state and add to this subject. Remove it and kill it with fire (nukes would work also).
Blimey, are you ever happy with anything!!.
Use the interactive attack mode if you do want to use the automated attack option, problem solved. LOL
The automated attacks are here to stay, sorry.
You do have a point about mac changing though, I do plan do change it so the user can input any mac address they like.
Seems to be working fine on my laptop, grabbed a virgin handshake very quickly :-)
or I can spot a bad design a mile away. Bring it back the way it was before it got broken by upstream changes. Even the "interactive mode" is largely automated, stating with the spoof, and then deciding which attack to use following the scan type, Airodump - Wash. That's making all kinds of assumptions on the users and how they will decide to use it. So yeah mw3demo, "Let the user decide"!
Remove human error from the equation, not the human.Quote:
FrankenScript, is a script designed to facilitate wireless network auditing under Linux on WEP and WPA/2 protected access points(APs) by liberating the user from the tedious task of building elaborated command lines, as some of these attacks can be quite complex, saving the Operator time and minimizing user input and errors.
Dude you're contradicting yourself and not making sense. LOL
FrankenScript is meant to be largely automated, its largely automated so the user can avoid having to remember and type so many commands into the command line.
If it wasn't largely automated the user would have to remember and type many commands into the command line, this is where humans make errors.
I didn't make assumptions regarding selecting attacks, the attack options are based on the access points encryption or WPS status.
There isn't any point putting WPS attack options in the menu if the access point doesn't have WPS enabled.
It's the same with the WEP attacks, there isn't any point putting WEP attack options in the menu if the access point isn't WEP enabled.
And it's the same for WPA/WPA2 enabled access points that don't have WPS or do not support WEP encryption.
I'd also like to point out that you can also perform a handshake capture from the WPS attack menu.
Hey if all you want to hear is ppl reporting positives, then let me apologize(not really) for my more 'profound' and ideological feedback.
Either that or your missing the subtlety of thought.
There is a big difference between automation and assisting the user. FS already do most of the work by monitoring, spoofing, giving the user the correct BSSID and chanel, and some other routines that I could not be bothered with. The rest are choices based upon signal strength, model, intuition, experience and preferences, APs being on a case to case basis. Automation in any form removes those abilities. So naturally I object and roll on the floor.
Great! I have this AP that is Pixie vulnerable and after an Airodump scan, selecting that AP it automatically went into Handshake mode.
nah that's your department. Mine being the complaints department.
Anyways not here to argue, just want good software.
I'm gunna agree with Quest. I rarely ever use automation (though I'm sure a lot of people do) but for the more advanced users looking to save a little time but still have control over what is happening, I'd agree to have a 'n00b' fully automated mode, and a 'l33t' advanced mode where the user has control over what happens.
Am I missing something??, there is two modes.
There is an interactive mode and the user can choose options, its the same attacks and options that has always been in FrankenScript so I'm confused as to why its suddenly become an issue.
The automated mode is new and doesn't allow the user to select options, if it allowed the user to select options it then wouldn't be an automated mode.
I really don't see what the problem is, if you dont like the automated attacks then use the original attacks and options (its not rocket science lol).
If I'm misunderstanding things then please explain more clearly.
NOTE:
I'm not going to strip things out of FrankenScript just because a couple of people don't think they'll use something, I actually find the automated attacks useful.
If you don't like something then don't use it, thats the whole point of having options.
I've tried my best to make FrankenScript useful to as many people as possible, but all I get in return is moaning.
From now on any changes to FrankenScript will be for my own benefit and not others, I'm not going to waste my time if its not appreciated.
here let me simplify things for you..
Now FrankenScript features two modes:
[1] Cretin mode
[2] Full idiot mode
How's that?
Speaking of "stripping out" things, what about bringing it back to what it was?.. as in many user options, not two modes designed for retarded 12 year olds LOL