Page 4 of 10 FirstFirst 12345678910 LastLast
Results 151 to 200 of 493

Thread: FrankenScript by Slim76 - It Attacks Access Points and .pcap files

  1. #151
    Join Date
    2014-Jul
    Location
    Salvador
    Posts
    6
    Quote Originally Posted by slim76 View Post
    Most grateful for your feedback and glad to hear it all works for you.
    I was thinking about adding cudahashcat but I always seem to get side tracked by something else, I'll probably add it when I've got bully working properly.
    Realized unpack the file in the home folder, it creates a directory on my desktop that does not appear.

    when I go to the root folder against the FS2 within the root folder. I try to open the file, I can open it using the 'bash' command. When I select the first option and I select my wireless network card, it opens a window 'wash' and the message appears.

    xterm: connot open / root/FrankenScript2/Temp_Working_Directory/Wash_Network_Scan.txt: 2

  2. #152
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    slim, once you've uploaded the new version, I will write a howto for it, whether you like it or not.

    xD
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  3. #153
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by Quest View Post
    slim, once you've uploaded the new version, I will write a howto for it, whether you like it or not.

    xD
    Ok kool, I've decided to make some more changes to FrankenScript2 so the upload will be a little delayed.

  4. #154
    Join Date
    2013-Oct
    Posts
    321
    Here's the latest FrankenScript.
    FrankenScript2: Updated 18/7/14

    http://mir.cr/0QHRHOHT

  5. #155
    Join Date
    2014-Apr
    Location
    Down Under
    Posts
    315
    Hi Slim,

    Not a problem, just a comment. Publishing the script in a rar seems to have removed file permissions (the x flag has been cleared with 0644) and the rar file does not extract to it's own folder anymore.

  6. #156
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    yeah, slim, now the files are loose inside the archive. No FrankenScript2 folder!
    Last edited by Quest; 2014-07-18 at 22:18.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  7. #157
    Join Date
    2014-Jul
    Posts
    9
    I just read this whole thread today, then downloaded. Everyone knows already, but I'll say it anyway... Great Work!

    Also, same here. I unrar-ed to find multiple scripts and whatnot floating around.

  8. #158
    Join Date
    2013-Oct
    Posts
    321
    Thanks for letting me know guy's and sorry about that, I've just repacked it again and hopefully all should be good this time around.

    FrankenScript2_Updated-19-7-2014.tar.gz
    http://mir.cr/1UNMCFAJ

  9. #159
    Join Date
    2014-Apr
    Location
    Down Under
    Posts
    315
    Just so your guys know, if you extract the archive with unrar x FrankenScript.rar is placed the files in folders. Still have to chmod the scripts through. Thanks for uploading as the tar.gz we all know and love!

  10. #160
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    Thanks slim!!

    Here are my observations..

    - Decompress normally in "FrankenScript2" folder.

    - Starts normally with "cd /root/FrankenScript2 && ./FrankenScript2.sh"

    -
    [1] = Full iw-dev Scan
    [2] = Wash WPS Network Scan.
    [3] = Airodump Network Scan.
    Please choose an option:
    I like that!!!



    - Option 1 ([1] = Full iw-dev Scan) does not work for me. The return...
    Scanned_APs
    ===========



    ################################################## ##########################
    # [f] = Re-Scan - Full iw-dev Scan # [e] = Sort Scan By - ESSID #
    # [w] = Re-Scan - Wash WPS Network Scan # [a] = Sort Scan By - Encryption #
    # [d] = Re-Scan - Airodump Network Scan # [0] = Return To Main Menu #
    # # [q] = Exit FrankenScript #
    ################################################## ##########################

    Please choose an option or input the number of a target:
    - Dude...
    ATTACK METHOD - HANDSHAKE CAPTURE
    #################################

    NOTE: Wait for clients to be visable in airodump before entering option [2].

    [1] = Deauthenticate all connected clients.
    [2] = Deauthenticate a specific client.
    [0] = Return To Scanned APs.
    [q] = Exit FrankenScript
    Please choose an option:
    xD



    Bully

    - big improvements. All option working. But...

    [3] = Bully Custom Attack.
    Bully Current Attack Command:
    bully mon0 -c 6 -b 84:C9:B2:0A:E1:22 3 <---I'm not going to tell ya what is missing here ..wink

    Please input any additional Bully options:
    - Is it possible that FS2 messes with network manager? I loose my connection on wlan0. Anyone having the same?
    Maybe I choose option 1 (killing all processes) but I don't think I did...



    That's it for now.
    Last edited by Quest; 2014-07-19 at 02:56.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  11. #161
    Join Date
    2013-Oct
    Posts
    321
    @ Quest,

    Try this:
    1) Close FrankenScript using the [q] option, then close the terminal window.
    2) Restart FrankenScript and select option [1] from the main menu, then choose option "[1] = airmon-ng check kill".
    3) Choose any mac address option and then retry the "[1] = Full iw-dev Scan" again.

    I've fixed the custom bully attack options, I've also added some more return to options and fixed an issue with the handshake capture attack.
    I'll probably upload it within the next few days.
    Last edited by slim76; 2014-07-19 at 04:08.

  12. #162
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    I would of answered you sooner but, I did exactly as above and as a result..

    Scanned_APs
    ===========



    ################################################## ##########################
    # [f] = Re-Scan - Full iw-dev Scan # [e] = Sort Scan By - ESSID #
    # [w] = Re-Scan - Wash WPS Network Scan # [a] = Sort Scan By - Encryption #
    # [d] = Re-Scan - Airodump Network Scan # [0] = Return To Main Menu #
    # # [q] = Exit FrankenScript #
    ################################################## ##########################

    Please choose an option or input the number of a target:
    so it's the same as before, but option 1 ("[1] = airmon-ng check kill") has killed my network manager so I had to reboot my computer, thank you very much..

    R&D..
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  13. #163
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by Quest View Post
    I would of answered you sooner but, I did exactly as above and as a result..



    so it's the same as before, but option 1 ("[1] = airmon-ng check kill") has killed my network manager so I had to reboot my computer, thank you very much..

    R&D..
    It was mean't to kill network manager, and you didn't need to restart your computer. LOL
    Network manager would have been restarted if you used the [q] option or if you re-enabled networking mode using option [6] from the main menu. LOL

    What does R&D.. mean?.
    Last edited by slim76; 2014-07-19 at 06:27.

  14. #164
    Join Date
    2014-Jul
    Posts
    9
    Research and Development

  15. #165
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    a little more testing...



    exiting with [q] does restart the network manager! That's what I did before with a different result!? Weird.




    [1] = Full iw-dev Scan, still not working for me. But [2] = Wash WPS Network Scan. and [3] = Airodump Network Scan. both work.

    # [f] = Re-Scan - Full iw-dev Scan, does not scan, but only shows previously scanned Airodump networks.




    something strange happens when i use FS2, and surf(even after FS2 is closed with q). I cannot connect to web sites, even if the network manager shows that I'm still connected, or sometimes it kills wlan0, and I have to shut down/restart network manager for my wifi adapter(wlan0) to be visible again. I never use the same wifi adapter to surf and pen test. I always separate things. So wlan0 is connected on the web and wlan1 is testing. It happens when I start FS2. It happens everytime time.






    Handshakes

    Checking for a captured handshake in 5 seconds...
    ERROR: could not insert 'nvidia': No such device
    Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
    This code is distributed under the GNU General Public License v3+

    Parsing file '/root/FrankenScript2/Temp_Working_Dirctory/psk-01.cap' (1/1)...
    Parsed 37 packets (37 802.11-packets), got 2 AP(s)

    #1: AccessPoint a4:...



    New pcap-file '/root/FrankenScript2/Temp_Working_Dirctory/Stripped.cap' written (22 out of 37 packets)
    ERROR: could not insert 'nvidia': No such device

    Valid handshake detected, XXXXX.cap will be coppied to FrankenScript2/Captured_Handshakes

    Press [Enter] to continue.



    [3] Attack Handshake Files

    does not show me the .cap file captured above, and it is there in /root/FrankenScript2/Captured_Handshakes




    Please input the number of your chosen capture file:
    ./FrankenScript2.sh: line 2381: /root/FrankenScript2/Temp_Working_Dirctory/Handshake_Cracking/Handshake_File.txt: No such file or directory
    cat: /root/FrankenScript2/Temp_Working_Dirctory/Handshake_Cracking/Chosen_capture_file.txt: No such file or directory

    Drag and drop the wordlist onto this screen:


    Drag and drop the wordlist onto this screen: '/root/FrankenScript2/Captured_Handshakes/MARIA.cap'

    NOTE: If the passkey is found there will be a long wait before the xterm windows close automatically.
    Recovered passkeys will be stored in /root/FrankenScript2/Recovered-Passkeys.txt

    Press [Enter] to continue.


    Then 2 windows open saying the same thing, wich I could not copy paste.

    ERROR: could not insert 'nvidia': No such device
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  16. #166
    Join Date
    2013-Oct
    Posts
    321
    To fix the capture files not being displayed issue do the following:
    Browse to root/FrankenScript/Temp_Working_Dirctory, then rename the folder inside the Temp_Working_Dirctory to Handshake_Cracking.


    In regards to the iw dev scan issue and the browsing while using FrankenScript issue:

    1) Network Manager and other processes can sometimes cause issue's while using the aircrack tools, so these processes sometimes need to be killed berfore attempting an attack.

    FrankenScript has kill processes options:
    a) airmon-check-kill = Automatically kills all troublesome processes Network Manager included (So no browsing the internet while Attack Mode is enabled).
    b) Proceed without killing any processes = Can cause issue's while trying to perform some attacks.
    Last edited by slim76; 2014-07-21 at 11:17.

  17. #167
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    Hi Slim,

    I will try that.

    You have a feedback in the Howto that I started https://forums.kali.org/showthread.p...5619#post35619 form Defaultzero

    I will start a Problems/Solutions collection in the first post, so you won't have to answer the same questions all the time.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  18. #168
    Join Date
    2014-Mar
    Posts
    50
    I really like your script. However, I read somewhere this will reboot locked routers with MDK3. I can't find an option for that. Is it supported?

  19. #169
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by RChadwick View Post
    I really like your script. However, I read somewhere this will reboot locked routers with MDK3. I can't find an option for that. Is it supported?
    It did have that feature but it doesn't anymore.

    I'm not sure if you're pentesting your own private network or trying to gain access to someone elses network, or if its work related but heres a little advise.
    Don't try to reset any access points if stealth is an issue, using the access point reset attacks will seriously increase the chance of getting caught.

  20. #170
    Join Date
    2014-Mar
    Posts
    50
    No, just Pen testing. Just curious, but why was that feature removed? Most routers I test nowadays can't be cracked without resetting the router.

  21. #171
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by RChadwick View Post
    No, just Pen testing. Just curious, but why was that feature removed? Most routers I test nowadays can't be cracked without resetting the router.
    I'll probably add it to FrankenScript again at some point.

  22. #172
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    RChadwick, since FS has the option to start other scripts, you can add ReVdk3 in the 'scripts' folder.

    https://forums.kali.org/showthread.p...struction-Mode

    Quote Originally Posted by soxrok2212 View Post
    Atrophy is a basic program that uses MDK3 to attempt to reboot routers (helpful when trying to unlock WPS.) The program uses Authentication flood, Michael Integrity Check failure, beacon flood, and deauthentication (a few others too depending on your configuration.)

    ReVdk3 is a similar program to Atrophy, but it uses a different approach to attack an access point. It uses EAPOL start and stop attacks to attempt to reboot the router.

    Frankenscript 2 is a full blown program that offers a wide range of tools to attack access points. You can find more info here.
    I have no idea how it works though.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  23. #173
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    for the empty Temp_Working_Dirctory folder problem...

    Deferences between versions upon exiting:

    FrankenScript2-10-06-2014.tar.gz
    [ ok ] Starting network connection manager: NetworkManager already started.

    Cleaned Temp Folder
    root@kali:~/FrankenScript2#

    FrankenScript2_Updated-19-7-2014.tar.gz
    [ ok ] Starting network connection manager: NetworkManager already started.
    root@kali:~/FrankenScript2#
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  24. #174
    Join Date
    2014-Oct
    Posts
    9
    Hi slim76 and Quest;

    First thanks for the .deb and the hardwork. I am new and learning cracking as a hobby.

    I managed to obtain a valid WPA handshake from my home router, however I am unable to crack it using:

    # [2] = Attack using hashcat
    # [3] = Attack using oclhashcat
    # [4] = Attack using cudahashcat

    I keep getting errors the following errors when trying to crack it.

    Please input the number of your chosen capture file: 1
    cp: cannot overwrite non-directory `/usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking' with directory `/usr/share/FS3/Captured_Handshakes/FIBREOP879'
    cp: cannot stat `/usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking/FIBREOP879/AP_Name.txt': Not a directory
    cat: /usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking/AP_Name.txt: Not a directory
    cp: accessing `/usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking/': Not a directory
    /usr/share/FS3/Scripts/Attack_Capture_Files.sh: line 45: /usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking//Capture_File.txt: Not a directory
    cat: /usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking/AP_Name.txt: Not a directory
    cat: /usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking//Capture_File.txt: Not a directory
    cat: /usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking//essid.txt: Not a directory
    cat: /usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking//bssid.txt: Not a directory
    /usr/share/FS3/Scripts/Attack_Capture_Files.sh: line 151: Edit: command not found
    grep: /usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking//Wordlist_Attack.txt: Not a directory

    I installed the latest version and read the entire thread to configure it properly, however I cannot crack the capture.

    Any ideas?

    Thanks in advance.

  25. #175
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    Hi jar!

    You got me completely mystified... What do you mean by
    # [2] = Attack using hashcat
    # [3] = Attack using oclhashcat
    # [4] = Attack using cudahashcat


    ocl/cuda/Hashcat are not in FS yet. Are you a time traveler?

    Posting in an old thread about something that will happen in the future? Am i slowly loosing my mind here?
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  26. #176
    Join Date
    2014-Oct
    Posts
    9
    Hi Quest,

    I am using fs3.sh/.deb from post #1 from slim76. When I choose the option to Attack Handshake Capture Files, I am presented with the above options and I attached a image. I just searched the code and there is no reference to ocl/cuda/Hashcat. So it's merely options that will be implemented in the future, hence why I am getting the errors.

    Is there a newer post/site regarding fs3?

    Thanks again,

    jar

    Screen Shot 2014-11-10 at 9.48.53 AM.png

  27. #177
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    lol, i see these options now...

    You got FS3 from the new thread https://forums.kali.org/showthread.p...-frankenScript

    Then this thread was unlocked and moved here from "Kali Linux General Use" forum.

    Then you posted in this thread about ghost options that I had not idea about.

    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  28. #178
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by jar View Post
    Hi slim76 and Quest;

    First thanks for the .deb and the hardwork. I am new and learning cracking as a hobby.

    I managed to obtain a valid WPA handshake from my home router, however I am unable to crack it using:

    # [2] = Attack using hashcat
    # [3] = Attack using oclhashcat
    # [4] = Attack using cudahashcat

    I keep getting errors the following errors when trying to crack it.

    Please input the number of your chosen capture file: 1
    cp: cannot overwrite non-directory `/usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking' with directory `/usr/share/FS3/Captured_Handshakes/FIBREOP879'
    cp: cannot stat `/usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking/FIBREOP879/AP_Name.txt': Not a directory
    cat: /usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking/AP_Name.txt: Not a directory
    cp: accessing `/usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking/': Not a directory
    /usr/share/FS3/Scripts/Attack_Capture_Files.sh: line 45: /usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking//Capture_File.txt: Not a directory
    cat: /usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking/AP_Name.txt: Not a directory
    cat: /usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking//Capture_File.txt: Not a directory
    cat: /usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking//essid.txt: Not a directory
    cat: /usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking//bssid.txt: Not a directory
    /usr/share/FS3/Scripts/Attack_Capture_Files.sh: line 151: Edit: command not found
    grep: /usr/share/FS3/Temp_Working_Dirctory/Handshake_Cracking//Wordlist_Attack.txt: Not a directory

    I installed the latest version and read the entire thread to configure it properly, however I cannot crack the capture.

    Any ideas?

    Thanks in advance.
    Sorry but those options dont work yet, I only put them there because staticn0de said he would write the attacks for those options.
    I think I might have to write the attacks by myself, but my Nvidia card has just died and I don't know when I'll be getting another cuda supported card. :-(

  29. #179
    Join Date
    2013-Oct
    Posts
    321
    If there's anyone from north london that has any spare cuda supported cards that they dont want it would be most helpful. LOL

  30. #180
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    I think staticn0de is busy.

    Yes, I thought your rig face planted! My Jedi skills are improving

    That sucks.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  31. #181
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by Quest View Post
    I think staticn0de is busy.

    Yes, I thought your rig face planted! My Jedi skills are improving

    That sucks.
    I knew the card had problems before I set it up, it did work intermittently for a while but now it has died completely. lol

  32. #182
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    used video cards are easy to get. Most gamers have 2 or 3

    Check your local ads/web market.

    Actually if you can play it by ear, I can test.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  33. #183
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by Quest View Post
    used video cards are easy to get. Most gamers have 2 or 3

    Check your local ads/web market.

    Actually if you can play it by ear, I can test.
    I think you doing the testing for me might be the only option.
    I can't really afford to buy another card at the moment as I have health issue's and I'm not currently working, plus its nearly christmas and I need every penny I can get. :-(

  34. #184
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    yes and jar can test also for cuda/Hashcat, since he's one step ahead of me to find special options

    We need a volunteer that has ATi/stream to test ocl/Hashcat though.

    For your health issues, I've been listening to independent researchers for years. I might have a trick or two for ya ...
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  35. #185
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by Quest View Post
    yes and jar can test also for cuda/Hashcat, since he's one step ahead of me to find special options

    We need a volunteer that has ATi/stream to test ocl/Hashcat though.

    For your health issues, I've been listening to independent researchers for years. I might have a trick or two for ya ...
    Let me get cuda/Hashcat sorted first lol, then I'll move on to ocl/Hashcat.

    I'm still alive so my health issue's are not that bad anymore lol, anyway lets keep to the topic or we might cause problems with the thread ;-).
    Cheers anyway matey.

  36. #186
    Join Date
    2013-Oct
    Posts
    321
    Here's the latest FrankenScript.

    FrankenScript_Portable.26.April.2015.tar.gz
    https://www.mirrorcreator.com/files/...5.tar.gz_links

  37. #187
    Join Date
    2015-Mar
    Posts
    127
    Had trouble downloading it. The first biggest link lead to FrankenScript_Portable.26.April.2015.tar.gz.exe.
    Kali tried to load wine when I double clicked it.
    I should have known im looking for a *.sh file

    Anyway finally found a link to FrankenScript_Portable.26.April.2015.tar.gz, that worked. Nice touch to add the necessary programs with the download. Well implemented script. Luv the layout and approach.
    Last edited by nuroo; 2015-04-26 at 19:00.

  38. #188
    Join Date
    2015-Mar
    Posts
    127
    I may be doing something wrong. This is what happened:

    Code:
    MAC address for wlan2:
    Permanent MAC: xxxxxxxxxx (xxxxxxxxx, xxxxx.)
    Current   MAC: xxxxxxxxx:c5:fc:f9 (unknown)
    
    MAC address for mon0:
    Permanent MAC: xxxxxxxxxx (xxxxxxxxx, xxxxx.)
    Current   MAC: xxxxxxxxx:c5:fc:f9 (unknown)
    
    Target Details: "HAR0000000" 00:00:00:7D:B6:D0
    
    Possible WPS Pins: 82388003 57952154 82109011 65949474
    
    [1] = Reaver.t6x + Pixiewps (Fixed Arguments)
    [2] = Reaver + Pin Generators (Fixed Arguments)
    [3] = Reaver (Fixed Arguments)
    [4] = Reaver + Pin Generators (Custom Arguments)
    [5] = Custom Attack
    [p] = Proceed To Attack The Next Target
    
    Please choose an option:
    Picked 2
    Code:
    Reaver v1.4 WiFi Protected Setup Attack Tool
    Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
    
    [+] Switching mon0 to channel 6
    [+] Waiting for beacon from 00:00:00:7D:B6:D0
    [+] Associated with 00:00:00:7D:B6:D0 (ESSID: We hear you 0000000000)
    [+] Trying pin 82109011
    [+] Sending EAPOL START request
    [+] Received identity request
    [+] Sending identity response
    [P] E-Nonce: 77:58:36:c7:b0:f2:74:ee:23:21:f2:5e:a5:b1:b4:46
    [P] PKE: 2f:5c:5b:e6:52:8d:63:09:e0:d3:20:0d:8f:e8:70:c5:a6:06:25:d9:15:bc:2f:63:6c:11:29:f4:28:e6:7d:8d:e8:f7:f0:d8:0a:96:f6:1e:ea:fd:b1:7b:05:a2:ff:eb:e7:5d:cd:05:c1:5d:5c:0f:2c:86:1b:76:d0:97:9d:f1:b2:bc:30:49:05:bb:77:8c:ff:d1:89:5b:3f:9c:71:a1:40:1b:7a:9a:69:87:fc:34:5a:9f:2c:48:9f:97:f3:e4:8c:c2:91:9f:a9:c5:3d:75:8a:28:ab:a4:51:76:6d:a3:e7:33:bc:8f:2e:9b:30:64:fe:9c:e1:e0:d8:f4:ac:48:88:e7:34:e7:87:f7:8d:ca:b6:18:b1:28:8e:20:8a:d7:77:9d:4b:05:e7:29:e4:06:0c:b8:81:af:8a:cc:11:be:72:be:ba:ee:1a:f5:58:eb:d4:ee:5b:52:e4:9a:7e:91:ce:7f:49:2f:46:9e:c3:86:bf:5c:75:34:1a:1b:74:f9
    [P] WPS Manufacturer: Cisco
    [P] WPS Model Number: 123456
    [+] Received M1 message
    [P] AuthKey: 9c:fa:0e:5c:e6:81:9f:8c:16:22:da:d9:38:4c:b1:8a:cd:62:b6:39:c7:5f:6f:dd:70:56:38:bd:99:dc:38:9d
    [+] Sending M2 message
    [P] E-Hash1: 1e:6d:d4:e6:57:03:57:05:a0:7a:73:7c:14:21:91:ea:a1:94:7f:d1:81:12:7e:3c:6e:cc:6f:4f:c7:a1:aa:56
    [P] E-Hash2: 16:90:6b:e9:8b:ca:d8:c6:83:f1:34:fe:92:46:84:1b:35:c4:08:bb:39:a4:21:2c:c0:c5:1d:b2:97:9a:03:3c
    [+] Received M3 message
    Script (reaver) displays different essid when attacking target on the (attack screen)........
    Thru me off for a sec.

  39. #189
    Join Date
    2013-Oct
    Posts
    321
    @ nuroo

    I'm not sure what the problem is at the moment, but i'll look into it asap.
    Is "[2] = Reaver + Pin Generators (Fixed Arguments)" the only one that has that problem?, or does the essid change on other attack options too?.

  40. #190
    Join Date
    2015-Mar
    Posts
    127
    I'll check and report back, that was the first attacks i've tried. Already attacked the easy targets. Looking to your script to go after hard targets that are wps locked and have rate limiting and such.
    Last edited by nuroo; 2015-04-26 at 19:11.

  41. #191
    Join Date
    2013-Oct
    Posts
    321
    Ok kool, you can use the custom wps attack option if you want to use advanced arguments.
    I won't be adding any mdk3 router reset options as I think it causes too many problems.

  42. #192
    Join Date
    2013-Oct
    Posts
    321
    @ nuroo

    I looked through FrankenScript and tested it several times but couldn't reproduce the issue you had, I'm guessing it might be a reaver problem or maybe a problem with your kali installation.

    @ everyone

    Has anyone else had the same issue as nuroo?.
    Has anyone used the same settings as nuroo but didn't have an issue?.

    Please leave some feedback. :-)

  43. #193
    Join Date
    2015-Mar
    Posts
    127
    I'll try on another computer, different usb wifi card. i am a noob its entirely possible my error.
    Last edited by nuroo; 2015-04-27 at 03:24.

  44. #194
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    Hey! I've been giving it a spin and here are some observations..

    1. overall I think it's a great FS release. Packaging is good and the new 'portable' installation is great! Download was horrific, though it IS FrankenScript after all. lol

    2. you are killing me with these confirmations..
    Multiple wlan devices were detected:

    1: wlan0 Intel 2230 iwlwifi - [phy0]
    2: wlan1 Atheros AR9271 ath9k - [phy1]

    Input the number of the device you want to use: 2

    You've chosen to use wlan1, is this correct? y/n:
    One monitor mode interface was detected:

    1: mon0 Atheros AR9271 ath9k - [phy1]

    [1-99] = Selects An Interface
    [c] = Creates A New Monitor Interface
    Input your choice: 1

    You've chosen to use mon0, is this correct? y/n:
    we are not launching a rocket into space here Slim. Just doin network vulnerability assessments

    3. I did not notice what nuroo has reported, though I had some weird stuff happened on a certain AP..
    ############################## Scan Results ##############################

    1: WPS Locked ESSID BSSID RSSI Version Channel
    2: TelecenXXX-XXXX ---------------------------------------------------------------------------------------------------------------
    3: ValenXXXX XX:XX:XX:XX:XX:XX 00.dBm WPS-Locked-Yes Channel-2
    4: MARTXX_Network XX:XX:XX:XX:XX:XX 00.dBm WPS-Locked-No Channel-6
    5: SkynetCisXXXX XX:XX:XX:XX:XX:XX 00.dBm WPS-Locked-No Channel-9


    ################################################## ########################
    # [1-99] = Select A Target # [i] = iw dev scan (WPS WPA/WPA2 WEP) #
    # [p] = Proceed To Attacks # [w] = wash scan (WPS) #
    # [d] = Delete A Target # [a] = airodump-ng scan (WPA/WPA2 WEP) #
    # [m] = Return To The Main Menu # #
    ################################################## ########################

    Please choose an option:
    4. Where is Bully??

    [1] = Reaver.t6x + Pixiewps (Fixed Arguments)
    [2] = Reaver + Pin Generators (Fixed Arguments)
    [3] = Reaver (Fixed Arguments)
    [4] = Reaver + Pin Generators (Custom Arguments)
    [5] = Custom Attack
    [p] = Proceed To Attack The Next Target

    Please choose an option:
    5. 2 and 5 are the same.

    Reaver Versions.
    ################

    1: reaver.fork.rev8.64bit
    2: reaver.kali.installed.64bit
    3: reaver.t6x.rev51.64bit
    4: reaver.v1.3.64bit
    5: reaver.v1.4.64bit

    Please choose a version of reaver to use:
    6. why is the -p argument there by default?

    Attack Arguments:
    reaver.fork.rev8.64bit -i mon0 -c 2 -b XX:XX:XX:XX:XX:XX <CustomArgumentsHere> -p -vv

    Please input reaver arguments: -vv



    Chosen Attack Arguments:
    reaver.fork.rev8.64bit -i mon0 -c 2 -b XX:XX:XX:XX:XX:XX -vv -p

    Are the chosen arguments correct? y/n:
    Last edited by Quest; 2015-04-27 at 17:32.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  45. #195
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by Quest View Post
    Hey! I've been giving it a spin and here are some observations..

    1. overall I think it's a great FS release. Packaging is good and the new 'portable' installation is great! Download was horrific, though it IS FrankenScript after all. lol

    2. you are killing me with these confirmations..


    we are not launching a rocket into space here Slim. Just doin network vulnerability assessments

    3. I did not notice what nuroo has reported, though I had some weird stuff happened on a certain AP..


    4. Where is Bully??



    5. 2 and 5 are the same.



    6. why is the -p argument there by default?
    1) All the adverts and that stupid .exe **** is nothing to do with me or FrankenScript, most people know FrankenScript is a bash script and not an exe file. LOL

    2) C'mon man you only have to confirm them once, dont keep going back to the main menu and you wont have confirm them anymore. LOL
    I like it that way cause I use multiple wifi adapters and I often keep choosing the wrong one.

    3) Are you saying some of the access point details were missing?.

    4) I left Bully out cause it only worked for me once, I might add it again at some point.

    5) Hasn't the kali version of reaver been modified?, reaver.v1.4 is unmodified.

    6) Its there cause its a fixed argument attack, its mean't to help to avoid lockouts or something like that.
    If the -P argument is an issue for you, you can use the custom options, that's why the custom option is there. LOL

  46. #196
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    1) still an horrific and traumatizing experience. I'm still shaken.

    2) I like it that way cause I use multiple wifi adapters and I often keep choosing the wrong one.
    Well, not exactly our problem is it? We (consumers) demand that you (monster creator) take the **** thing out! It's redundant for us Professionals that can actually select the right dongle the first time. Petition pending.

    3) just on this access point, there was no info what so ever, and when choosing that particular AP, FS went right back to the Scan Results. Don't take any actions though, that's a very strange AP. Just thought I'd report it anyway.

    4) Bring it back asap. Bully is a very nice alternative. No reason to can it.

    5) hmm don't know. Anyways it is not causing any prbs, and if they ever change the reaver version from 1.4 to something else, then we'll still have 1.4 separately, so leave it like that. I didn't say anything.

    6) oki, but I think the user can type -p Just saying.

    Anyways luv that version!
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  47. #197
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by Quest View Post
    1) still an horrific and traumatizing experience. I'm still shaken.

    2) I like it that way cause I use multiple wifi adapters and I often keep choosing the wrong one.
    Well, not exactly our problem is it? We (consumers) demand that you (monster creator) take the **** thing out! It's redundant for us Professionals that can actually select the right dongle the first time. Petition pending.

    3) just on this access point, there was no info what so ever, and when choosing that particular AP, FS went right back to the Scan Results. Don't take any actions though, that's a very strange AP. Just thought I'd report it anyway.

    4) Bring it back asap. Bully is a very nice alternative. No reason to can it.

    5) hmm don't know. Anyways it is not causing any prbs, and if they ever change the reaver version from 1.4 to something else, then we'll still have 1.4 separately, so leave it like that. I didn't say anything.

    6) oki, but I think the user can type -p Just saying.

    Anyways luv that version!
    Ok I'll take out the confirmation options for the interfaces selection, and I'll try and add Bully again at some point.
    The whole point of the fixed options is to avoid typing and remembering commands, if you can remember the commands and you want to use different commands then the custom option might be better suited to your needs.

    I think the issue regarding the missing acess point details is due to the wash scan.
    Does the issue happen all the time?.
    Does it only happen on the first line?.

  48. #198
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    2) I was thinking that maybe a simple 'go back' option might solve it for all...

    Multiple wlan devices were detected:

    1: wlan0 Intel 2230 iwlwifi - [phy0]
    2: wlan1 Atheros AR9271 ath9k - [phy1]
    One monitor mode interface was detected:

    1: mon0 Atheros AR9271 ath9k - [phy1]
    2: go back
    3)
    Does the issue happen all the time?. Yes
    Does it only happen on the first line?. No


    7. not too crazy about the new handshake routine. It was better before, where I could choose the number of Deauth packets. Plus now I don't see what is going on when I start the Deauth process.

    Deauthentication Options:

    [1] = Deauthenticate All Connected Clients
    [2] = Deauthenticate A Specific Client
    [3] = Procced To Attack The Next Target

    Please choose an option:
    then..
    Validate Handshake Options:

    [1] = Cowpatty Handshake Validation
    [2] = Pyrit Handshake Validation
    [3] = Proceed Without Validating

    Please choose an option:
    but no results are shown.

    It was better before, at least I could tell what was the problem. Now is it because of a bad handshake or no handshake at all ?? No clue.



    Thanks for implementing [Ctrl]+[c]. Things are faster now and operations alot more instinctive. Cheers!
    Last edited by Quest; 2015-04-28 at 11:29.
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  49. #199
    Join Date
    2013-Aug
    Location
    lost in space
    Posts
    580
    8. I tried [1] = Reaver.t6x + Pixiewps (Fixed Arguments) and I won't go into details as I never had much luck with that new attack, but reaver goes into a endless loop with no way of terminating that process. When I [Ctrl]+[c] it, reaver starts all over again. I have to shut down that window to end it, and restart FS.

    For the rest of the Pixiewps functionality, I will leave it to someone that actually knows about it to give you feedback
    Kali Linux USB Installation using LinuxLive USB Creator
    Howto Install HDD Kali on a USB Key
    Clean your laptop fan | basic knowledge

  50. #200
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by Quest View Post
    8. I tried [1] = Reaver.t6x + Pixiewps (Fixed Arguments) and I won't go into details as I never had much luck with that new attack, but reaver goes into a endless loop with no way of terminating that process. When I [Ctrl]+[c] it, reaver starts all over again. I have to shut down that window to end it, and restart FS.

    For the rest of the Pixiewps functionality, I will leave it to someone that actually knows about it to give you feedback
    That's whats meant to happen.
    Reaver is meant to loop through all the pixie arguments until it has either got the pin or until all the pixie arguments have been tried, it should then return back to the wps attack menu.
    I've already added options to quite the attack in the next version.

    Regarding the handshake.
    You should see in the airodump-ng window if you've captured a handshake or not, and you should only get the Validate Handshake Options if you've captured a handshake.
    If you don't get a handshake you'll be taken back to the deauth option menu.

    This is what you should see if you get a handshake:

    "Validate Handshake Options:

    [1] = Cowpatty Handshake Validation
    [2] = Pyrit Handshake Validation
    [3] = Proceed Without Validating

    Please choose an option: "

    If you validate the handshake and its good you'll be presented with something like:

    "Handshake capture file will be coppied to Directory/Captures/AP-Name

    Press [Enter] to continue."

    If the handshake is bad you'll be taken back to the deauth option menu.

    Regarding the missing access point details.
    I think the problem might be something to do with how I split and merged the scan results, I think I might have to rewrite the wash scan function AGAIN.
    Last edited by slim76; 2015-04-28 at 13:08.

Similar Threads

  1. Howto frankenScript
    By Quest in forum How-To Archive
    Replies: 255
    Last Post: 2016-02-09, 23:37
  2. Kali 2.0 on a USB, trying to access files from Windows 10 OS
    By Justa5uvus in forum General Archive
    Replies: 1
    Last Post: 2016-01-28, 11:41
  3. Any other programs to create evil twin/rogue access points?
    By Dark Terror in forum General Archive
    Replies: 1
    Last Post: 2015-05-11, 02:08
  4. WPA PSK Key in pcap/cap files?
    By Kalinoob in forum General Archive
    Replies: 1
    Last Post: 2014-01-06, 15:39
  5. ferret makes huge .pcap files
    By 3t3st3r in forum General Archive
    Replies: 2
    Last Post: 2013-05-19, 19:22

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •