-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathboxon.sh
228 lines (210 loc) · 10.9 KB
/
boxon.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
#! /bin/bash
version=1.1
# boxon.sh est un script bash qui détecte les réseaux WiFi qui furent vulnérables à un attaque WPS avec un PIN vide (valeur "null").
# Pour plus d'info sur cette brèche de sécurité critique allez à http://www.crack-wifi.com/forum/topic-12166-0day-crack-box-sfr-nb6v-en-deux-secondes-par-pin-null.html
# This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
# You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
# Contact author: [email protected]
# Copyright (C) 2017 kcdtv @ www.crack-wifi.com
# Global variables:
# - Colours
nocolour="\033[0;37m"
orange="\033[38;5;202m"
red="\033[1;31m"
yellow="\033[1;33m"
white="\033[1;37m"
purpple="\033[0;35m"
# Functions
Screen()
{
echo -e "$purpple
▄▄▄▄· ▐▄• ▄ ▐ ▄
▐█ ▀█▪▪ █▌█▌▪▪ •█▌▐█
▐█▀▀█▄ ▄█▀▄ ·██· ▄█▀▄ ▐█▐▐▌
██▄▪▐█▐█▌.▐▌▪▐█·█▌▐█▌.▐▌██▐█▌
·▀▀▀▀ ▀█▄▀▪•▀▀ ▀▀ ▀█▄▀▪▀▀ █▪
$nocolour
Copyleft (C) 2017 kcdtv @ www.crack-wifi.com"
}
Goodbye()
{
rm /tmp/interfaces /tmp/iwdev /tmp/scan /tmp/translog /tmp/log 2>/dev/null
Screen
exit 0
}
## Regular scan (perfect if you want to check quickly and precisly if your PA is vulnerable)
Regularscan()
{
wash -i $iface -j $ac >> /tmp/scan &
washPID=$!
for (( i=0; ;i+=4 ))
do
clear
echo -e "$orange▐█$purpple Temps de scan: $orange$i$white secondes. Les réseaux en$orange orange$white purraient être vulnérables
$orange▐█$purpple Pressez$white <$purpple CTRL$white +$purpple C$white > pour arrêter le scanneur$nocolour
bssid Canal RSSI essid modèle (si vulnérable)"
while read line
do
bssid=$( echo $line | awk -F '"' '{ print $4}')
essid=$( echo $line | awk -F '"' '{ print $8}')
channel=$(echo 0$( echo $line | awk -F '"' '{ print $11}' | awk '{ print $2}' | tr -d ',' )| rev | cut -c 1-2 | rev)
rssi=$( echo $line | awk -F '"' '{ print $13}' | cut -c4-6 )
vulnerable=$( echo $line | grep -o -E 'NB4-SER-r2|NB4-FXC-r1|NB4-FXC-r2|NB6V-FXC-r0|NB6V-FX-r1|NB6V-FX-r2|NB6V2-FXC-r0|NB6V-SER-r0|SagemcomFast3965|CBV38Z4EN|ZXHN H108N|ZXHN H298N' | uniq )
if [ -n "$vulnerable" ];
then
echo -e " $orange $bssid $white$channel $rssi $orange$essid $vulnerable$nocolour"
else
echo -e " $white $bssid $channel $rssi $essid$nocolour"
fi
done < /tmp/scan
sleep 3
done
kill $washPID
}
########################### SCRIPT STARTS HERE ##############################################
echo -e "$purpple
▄▄▄▄· ▐▄• ▄ ▐ ▄
▐█ ▀█▪▪ █▌█▌▪▪ •█▌▐█
▐█▀▀█▄ ▄█▀▄ ·██· ▄█▀▄ ▐█▐▐▌
██▄▪▐█▐█▌.▐▌▪▐█·█▌▐█▌.▐▌██▐█▌
·▀▀▀▀ ▀█▄▀▪•▀▀ ▀▀ ▀█▄▀▪▀▀ █▪
_ , $white , $purpple _ _ _ __ $white , -
[|)etecteur$white de reseaux$purpple \/\/i[|-i$white vulnerables a une attaque
$purpple _ _ _ _ $white $purpple _ () _ $white
$purpple \/\/||)(( $white avec un$purpple ||)[][|\|$white null
$purpple L| ))$white $purpple L| $white
$nocolour modèles affectés par la faille WPS PIN NULL:
$white NB4-SER-r2$purpple NB4-FXC-r2$nocolour réseaux:$white NEUF-XXXX
$purpple NB4-FXC-r1$white NB6V-SER-r0$purpple NB6V-FXC-r0$nocolour/$white-r1$nocolour/$purpple-r2)$nocolour réseaux:$white SFR-XXXX
$white SagemcomFast3965_LB2.8$nocolour réseaux:$purpple Livebox-XXXX
$purpple CBV38Z4EN$nocolour (Castlenet) réseaux:$white Numéricable
$nocolour
Copyleft (C) 2017 kcdtv @ www.crack-wifi.com"
echo -e "$purpple▐█$white Vérification privilèges$nocolour"
whoami | grep root || { echo -e "$red▐█ Erreur$nocolour - Absence de privilèges d'administrateur. Veuillez lancer le script en utilisant$yellow sudo$nocolour ou$yellow su$nocolour.
$red▐█ Exit.$nocolour"; exit 1; }
echo -e "$purpple▐█$white Vérification reaver$nocolour"
which reaver || { echo -e "$red▐█ Erreur$nocolour -$yellow Reaver$nocolour n'est pas installé. Installez $yellow Reaver v1.6.1$nocolour (ou version supèrieure) en allant à:$white https://github.com/t6x/reaver-wps-fork-t6x$nocolour
$red▐█ Exit.$nocolour"; exit 1; }
reaver &>> /tmp/versionreaver
grep "Reaver v1.6." /tmp/versionreaver || { echo -e "$red▐█ Erreur$nocolour - Vous devez actualiser reaver. Installez $yellow Reaver v1.6.1$nocolour (ou version supèrieure) en allant à:$white https://github.com/t6x/reaver-wps-fork-t6x$nocolour
$red▐█ Exit.$nocolour"; exit 1; }
rm /tmp/versionreaver
echo -e "$purpple▐█$white Vérification wash$nocolour"
which wash || { echo -e "$red▐█ Erreur$nocolour -$yellow Wash$nocolour n'est pas installé. Installez $yellow Reaver v1.6.1$nocolour (ou version supèrieure) en allant à:$white https://github.com/t6x/reaver-wps-fork-t6x$nocolour
$red▐█ Exit.$nocolour"; exit 1; }
wash &>> /tmp/versionwash
grep "Wash v1.6." /tmp/versionwash || { echo -e "$red▐█ Erreur$nocolour - Vous devez actualiser wash. Installez $yellow Reaver v1.6.1$nocolour (ou version supèrieure) en allant à:$white https://github.com/t6x/reaver-wps-fork-t6x$nocolour
$red▐█ Exit.$nocolour"; exit 1; }
rm /tmp/versionwash
airmon-ng | grep phy &>> /tmp/interfaces
if [ ! -s /tmp/interfaces ];
then
echo -e "$red▐█ Erreur$nocolour - Aucune interface wifi compatible mode moniteur n'est détectée.
$red▐█ Exit.$nocolour"
fi
if [ "$(grep -c phy /tmp/interfaces)" == 1 ];
then
wlan=$( awk '{ print $2 }' /tmp/interfaces )
echo -e "$purpple▐█$white Une seule interface WiFi est détectée et a été selectionnée: $orange$wlan$nocolour"
else
echo -e "$purpple▐█$white Plusieurs interfaces wifi disponibles. Choisissez.$nocolour"
while [ -z "$wlan" ];
do
echo -e "
Num Interface Driver Chipset"
nl < /tmp/interfaces
echo ""
echo -e "$purpple▐█$white Interface:$orange"
read -r -n 1 -ep " " number
wlan=$(awk '{ print $2 }' /tmp/interfaces | sed "$number!d" 2>/dev/null )
if [ -z "$wlan" ];
then
echo -e "$red▐█ Erreur$nocolour -$white Numéro interface incorrect ($orange$number$white).$nocolour"
else
echo -e "$purpple▐█$white Interface $orange$wlan$white selectionnée$nocolour"
fi
done
fi
iw dev &>> /tmp/iwdev
if [ -n "$( grep -A 4 '\'"$wlan"'\b' /tmp/iwdev | grep monitor)" ];
then
iface="$wlan"
else
echo -e "$purpple▐█$white Activation mode moniteur$nocolour"
driver=$( grep '\'"$wlan"'\b' /tmp/interfaces | awk '{ print $3 }' )
if [[ "$driver" == "8812au" || "$driver" == "8814au" ]];
then
airmon-ng check kill
ip link set $wlan down
iwconfig $wlan mode monitor
ip link set $wlan up
iface="$wlan"
else
airmon-ng start $wlan
phy=$( grep $wlan /tmp/interfaces | awk '{ print $1 }' | cut -c 4 )
iface=$( iw dev | grep -A 1 "phy#$phy" | tail -n 1 | awk '{ print $2 }')
fi
fi
phy=$( airmon-ng | grep '\'"$iface"'\b' | awk '{ print $1 }' )
aband=$( iw phy $phy info | grep -o "5200 MHz" )
until [[ $choice == 4 ]];
do
Screen
echo -e " $white _ _
$white //\/\enu
$purpple ▐█$yellow 1$white Scan Générique b/g/n (2,4GHz)$nocolour
$purpple ▐█$yellow 2$white Scan Générique a/ac (5GHz)$nocolour
$purpple ▐█$yellow 3$white Garder un log des sessions effectuées
$purpple ▐█$red 4$white Sortir
$purpple ▐█$white Choix:$orange"
read -r -n 1 -ep " " choice
echo -e "$nocolour"
unset -v ac
case $choice in
1 )
trap 'break' SIGINT
rm /tmp/scan
Regularscan
cat /tmp/scan >> /tmp/log
trap - SIGINT
;;
2 )
if [[ -n "$aband" ]];
then
ac="-5"
trap 'break' SIGINT
rm /tmp/scan
Regularscan
cat /tmp/scan >> /tmp/log
trap - SIGINT
else
echo -e "$red▐█ Erreur$nocolour - L'interface choisie n'est pas compatible avec la bande 5Ghz."
fi
;;
3 )
while read line
do
if [ -n "$( echo line | grep -E 'NB4-SER|NB4-FXC|NB6V-FXC|NB6V-SER|SagemcomFast3965|ZXHN H108N|ZXHN H298N|ZXHN H218N|CBV38Z4EN' )" ];
then
echo "$line" >> /tmp/translog
else
mac=$( echo $line | awk -F '"' '{ print $4}')
ssid=$( echo $line | awk -F '"' '{ print $8}')
canal=$(echo 0$( echo $line | awk -F '"' '{ print $11}' | awk '{ print $2}' | tr -d ',' )| rev | cut -c 1-2 | rev)
echo "$mac $canal $ssid" >> /tmp/translog
fi
done < /tmp/log
uniq /tmp/translog >> ~/boxon$( date | awk '{print $3$2$6$4}' | tr -d ':' ).log
echo -e "$purpple▐█$white Log sessions sauvegardé dans le fichier:$yellow /root/boxon$( date | awk '{print $3$2$6$4}' | tr -d ':' ).log$nocolour"
;;
4 )
Goodbye
;;
* )
echo -e "$red▐█ Erreur$nocolour: Option invalide"
;;
esac
done
exit 0