Fix error on PMKID capturing due hcxdumptool different params for new…

…er versions using bpf filters
v1s1t0r1sh3r3 · Jun 17, 2023 · ef71d96 · ef71d96
1 parent 0ed1632
commit ef71d96
Show file tree

Hide file tree

Showing 4 changed files with 69 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,6 @@
 ### 11.21
  - Fixed bug parsing cracked PIN on WPS reaver Pixie Dust attack for newer reaver versions
+ - Fixed error on PMKID capturing due hcxdumptool different params for newer versions using bpf filters
 
 ### 11.20
  - Improvements and fixes on "DoS pursuit mode"

diff --git a/airgeddon.sh b/airgeddon.sh
@@ -71,6 +71,7 @@ optional_tools_names=(
 						"hcxpcapngtool"
 						"hcxdumptool"
 						"tshark"
+						"tcpdump"
 					)
 
 update_tools=("curl")
@@ -122,6 +123,7 @@ declare -A possible_package_names=(
 									[${optional_tools_names[23]}]="hcxtools" #hcxpcapngtool
 									[${optional_tools_names[24]}]="hcxdumptool" #hcxdumptool
 									[${optional_tools_names[25]}]="tshark / wireshark-cli / wireshark" #tshark
+									[${optional_tools_names[26]}]="tcpdump" #tcpdump
 									[${update_tools[0]}]="curl" #curl
 								)
 
@@ -153,6 +155,7 @@ alternative_rc_file_name="airgeddonrc"
 language_strings_file="language_strings.sh"
 broadcast_mac="FF:FF:FF:FF:FF:FF"
 minimum_hcxdumptool_filterap_version="6.0.0"
+minimum_hcxdumptool_bpf_version="6.3.0"
 
 #5Ghz vars
 ghz="Ghz"
@@ -12101,7 +12104,21 @@ function handshake_pmkid_tools_menu() {
 			if contains_element "${handshake_option}" "${forbidden_options[@]}"; then
 				forbidden_menu_option
 			else
-				capture_pmkid_handshake "pmkid"
+				get_hcxdumptool_version
+				if compare_floats_greater_or_equal "${hcxdumptool_version}" "${minimum_hcxdumptool_bpf_version}"; then
+					if hash tcpdump 2> /dev/null; then
+						echo
+						language_strings "${language}" 716 "yellow"
+						echo
+						capture_pmkid_handshake "pmkid"
+					else
+						echo
+						language_strings "${language}" 715 "red"
+						language_strings "${language}" 115 "read"
+					fi
+				else
+					capture_pmkid_handshake "pmkid"
+				fi
 			fi
 		;;
 		6)
@@ -12382,7 +12399,6 @@ function capture_pmkid_handshake() {
 	if [ "${1}" = "handshake" ]; then
 		dos_handshake_menu
 	else
-		get_hcxdumptool_version
 		launch_pmkid_capture
 	fi
 }
@@ -12973,25 +12989,39 @@ function launch_pmkid_capture() {
 	debug_print
 
 	ask_timeout "capture_pmkid"
-	rm -rf "${tmpdir}target.txt" > /dev/null 2>&1
-	echo "${bssid//:}" > "${tmpdir}target.txt"
 
 	echo
 	language_strings "${language}" 671 "yellow"
 	language_strings "${language}" 115 "read"
 	echo
 	language_strings "${language}" 325 "blue"
 
-	if compare_floats_greater_or_equal "${hcxdumptool_version}" "${minimum_hcxdumptool_filterap_version}"; then
-		hcxdumptool_filter="--filterlist_ap="
+	rm -rf "${tmpdir}pmkid"* > /dev/null 2>&1
+
+	if compare_floats_greater_or_equal "${hcxdumptool_version}" "${minimum_hcxdumptool_bpf_version}"; then
+
+		tcpdump -i "${interface}" wlan addr1 "${bssid}" or wlan addr2 "${bssid}" or wlan addr3 "${bssid}" -ddd > "${tmpdir}pmkid.bpf"
+
+		if [ "${interfaces_band_info['main_wifi_interface','5Ghz_allowed']}" -eq 0 ]; then
+			hcxdumptool_band_modifier="b"
+		else
+			hcxdumptool_band_modifier="a"
+		fi
+
+		hcxdumptool_parameters="-c ${channel}${hcxdumptool_band_modifier} -F --rds=1 --bpf=${tmpdir}pmkid.bpf -w ${tmpdir}pmkid.pcapng"
+	elif compare_floats_greater_or_equal "${hcxdumptool_version}" "${minimum_hcxdumptool_filterap_version}"; then
+		rm -rf "${tmpdir}target.txt" > /dev/null 2>&1
+		echo "${bssid//:}" > "${tmpdir}target.txt"
+		hcxdumptool_parameters="--enable_status=1 --filterlist_ap=${tmpdir}target.txt --filtermode=2 -o ${tmpdir}pmkid.pcapng"
 	else
-		hcxdumptool_filter="--filterlist="
+		rm -rf "${tmpdir}target.txt" > /dev/null 2>&1
+		echo "${bssid//:}" > "${tmpdir}target.txt"
+		hcxdumptool_parameters="--enable_status=1 --filterlist=${tmpdir}target.txt --filtermode=2 -o ${tmpdir}pmkid.pcapng"
 	fi
 
-	rm -rf "${tmpdir}pmkid"* > /dev/null 2>&1
 	recalculate_windows_sizes
-	manage_output "+j -sb -rightbar -bg \"#000000\" -fg \"#FFC0CB\" -geometry ${g1_topright_window} -T \"Capturing PMKID\"" "timeout -s SIGTERM ${timeout_capture_pmkid} hcxdumptool -i ${interface} --enable_status=1 ${hcxdumptool_filter}${tmpdir}target.txt --filtermode=2 -o ${tmpdir}pmkid.pcapng" "Capturing PMKID" "active"
-	wait_for_process "timeout -s SIGTERM ${timeout_capture_pmkid} hcxdumptool -i ${interface} --enable_status=1 ${hcxdumptool_filter}${tmpdir}target.txt --filtermode=2 -o ${tmpdir}pmkid.pcapng" "Capturing PMKID"
+	manage_output "+j -sb -rightbar -bg \"#000000\" -fg \"#FFC0CB\" -geometry ${g1_topright_window} -T \"Capturing PMKID\"" "timeout -s SIGTERM ${timeout_capture_pmkid} hcxdumptool -i ${interface} ${hcxdumptool_parameters}" "Capturing PMKID" "active"
+	wait_for_process "timeout -s SIGTERM ${timeout_capture_pmkid} hcxdumptool -i ${interface} ${hcxdumptool_parameters}" "Capturing PMKID"
 
 	if hcxpcapngtool -o "${tmpdir}${standardpmkid_filename}" "${tmpdir}pmkid.pcapng" | grep -Eq "PMKID(\(s\))? written" 2> /dev/null; then
 		pmkidpath="${default_save_path}"

diff --git a/language_strings.sh b/language_strings.sh
@@ -10257,6 +10257,32 @@ function initialize_language_strings() {
 	arr["GERMAN",714]="Für die BSSID des Ziel-AP wurde kein Anbieter erkannt. Die standardmäßige Captive-Portal-Vorlage wird verwendet"
 	arr["TURKISH",714]="Hedef AP'nin BSSID'si için satıcı bulunamadı. Varsayılan sabit portal şablonu kullanılacak"
 	arr["ARABIC",714]="لنقطة الوصول المستهدفة. سيتم استخدام قالب البوابة المقيدة الافتراضي BSSID لم يتم اكتشاف أي مورد لـ"
+
+	arr["ENGLISH",715]="Error. Your hcxdumptool version is (v\${hcxdumptool_version}) and from version \${minimum_hcxdumptool_bpf_version}, capturing a PMKID additionally requires the tcpdump tool which is currently not installed on your system. Install it and try this attack again by relaunching airgeddon"
+	arr["SPANISH",715]="Error. Tu versión de hcxdumptool es (v\${hcxdumptool_version}) y a partir de la versión \${minimum_hcxdumptool_bpf_version}, para capturar un PMKID además se necesita la herramienta tcpdump que actualmente no se encuentra en tu sistema. Instálala y vuelve a intentar este ataque relanzando airgeddon"
+	arr["FRENCH",715]="\${pending_of_translation} Erreur. Votre version de hcxdumptool est (v\${hcxdumptool_version}) et à partir de la version \${minimum_hcxdumptool_bpf_version}, la capture d'un PMKID nécessite en outre l'outil tcpdump qui n'est actuellement pas sur votre système. Installez-le et retentez cette attaque en relançant airgeddon"
+	arr["CATALAN",715]="\${pending_of_translation} Error. La teva versió de hcxdumptool és (v\${hcxdumptool_version}) ia partir de la versió \${minimum_hcxdumptool_bpf_version}, per capturar un PMKID a més es necessita l'eina tcpdump que actualment no es troba al sistema. Instal·la-la i torna a intentar aquest atac rellançant airgeddon"
+	arr["PORTUGUESE",715]="\${pending_of_translation} Erro. Sua versão hcxdumptool é (v\${hcxdumptool_version}) e a partir da versão \${minimum_hcxdumptool_bpf_version}, a captura de um PMKID requer adicionalmente a ferramenta tcpdump que não está atualmente em seu sistema. Instale-o e tente este ataque novamente reiniciando o airgeddon"
+	arr["RUSSIAN",715]="\${pending_of_translation} Ошибка. Ваша версия hcxdumptool (v\${hcxdumptool_version}) и, начиная с версии \${minimum_hcxdumptool_bpf_version}, для захвата PMKID дополнительно требуется инструмент tcpdump, которого в настоящее время нет в вашей системе. Установите его и повторите эту атаку, перезапустив airgeddon."
+	arr["GREEK",715]="\${pending_of_translation} Λάθος. Η έκδοσή σας hcxdumptool είναι (v\${hcxdumptool_version}) και από την έκδοση \${minimum_hcxdumptool_bpf_version}, η λήψη ενός PMKID απαιτεί επιπλέον το εργαλείο tcpdump το οποίο δεν υπάρχει αυτήν τη στιγμή στο σύστημά σας. Εγκαταστήστε το και δοκιμάστε ξανά αυτήν την επίθεση επανεκκινώντας το airgeddon"
+	arr["ITALIAN",715]="\${pending_of_translation} Errore. La tua versione di hcxdumptool è (v\${hcxdumptool_version}) e a partire dalla versione \${minimum_hcxdumptool_bpf_version}, l'acquisizione di un PMKID richiede anche lo strumento tcpdump che attualmente non è sul tuo sistema. Installalo e riprova questo attacco rilanciando airgeddon"
+	arr["POLISH",715]="\${pending_of_translation} Błąd. Twoja wersja hcxdumptool to (v\${hcxdumptool_version}), a od wersji \${minimum_hcxdumptool_bpf_version} przechwytywanie PMKID dodatkowo wymaga narzędzia tcpdump, którego obecnie nie ma w twoim systemie. Zainstaluj go i spróbuj ponownie tego ataku, ponownie uruchamiając airgeddon"
+	arr["GERMAN",715]="\${pending_of_translation} Fehler. Ihre hcxdumptool-Version ist (v\${hcxdumptool_version}) und ab Version \${minimum_hcxdumptool_bpf_version} ist zum Erfassen eines PMKID zusätzlich das Tool tcpdump erforderlich, das sich derzeit nicht auf Ihrem System befindet. Installieren Sie es und versuchen Sie diesen Angriff erneut, indem Sie airgeddon neu starten"
+	arr["TURKISH",715]="\${pending_of_translation} Hata. hcxdumptool sürümünüz (v\${hcxdumptool_version})'dir ve \${minimum_hcxdumptool_bpf_version} sürümünden itibaren, bir PMKID'yi yakalamak ek olarak şu anda sisteminizde olmayan tcpdump aracını gerektirir. Yükleyin ve airgeddon'u yeniden başlatarak bu saldırıyı tekrar deneyin"
+	arr["ARABIC",715]="\${pending_of_translation} خطأ. إصدار hcxdumptool الخاص بك هو (v\${hcxdumptool_version} *) واعتبارًا من الإصدار \${minimum_hcxdumptool_bpf_version} ، يتطلب التقاط PMKID أيضًا أداة tcpdump التي ليست موجودة حاليًا على نظامك. قم بتثبيته وحاول هذا الهجوم مرة أخرى عن طريق إعادة تشغيل airgeddon"
+
+	arr["ENGLISH",716]="You have the tcpdump tool installed, therefore your system can perform the PMKID capture attack with versions of hcxdumptool later than 6.3.0 (currently your hcxdumptool version is \${hcxdumptool_version})"
+	arr["SPANISH",716]="Tienes instalada la herramienta tcpdump, por lo que tu sistema puede realizar el ataque de captura PMKID con versiones de hcxdumptool posteriores a la 6.3.0 (actualmente tu versión de hcxdumptool es la \${hcxdumptool_version})"
+	arr["FRENCH",716]="\${pending_of_translation} L'outil tcpdump est installé, votre système peut donc effectuer l'attaque de capture PMKID avec des versions de hcxdumptool ultérieures à 6.3.0 (actuellement, votre version de hcxdumptool est \${hcxdumptool_version})"
+	arr["CATALAN",716]="\${pending_of_translation} Teniu instal·lada l'eina tcpdump, per tant, el vostre sistema pot realitzar l'atac de captura PMKID amb versions d'hcxdumptool posteriors a la 6.3.0 (actualment la vostra versió de hcxdumptool és \${hcxdumptool_version})"
+	arr["PORTUGUESE",716]="\${pending_of_translation} Você tem a ferramenta tcpdump instalada, portanto seu sistema pode executar o ataque de captura PMKID com versões do hcxdumptool posteriores a 6.3.0 (atualmente sua versão do hcxdumptool é \${hcxdumptool_version})"
+	arr["RUSSIAN",716]="\${pending_of_translation} У вас установлен инструмент tcpdump, поэтому ваша система может выполнять атаку захвата PMKID с версиями hcxdumptool более поздними, чем 6.3.0 (в настоящее время ваша версия hcxdumptool — \${hcxdumptool_version})"
+	arr["GREEK",716]="\${pending_of_translation} Έχετε εγκατεστημένο το εργαλείο tcpdump, επομένως το σύστημά σας μπορεί να εκτελέσει την επίθεση καταγραφής PMKID με εκδόσεις του hcxdumptool μεταγενέστερες της 6.3.0 (επί του παρόντος η έκδοση hcxdumptool είναι \${hcxdumptool_version})"
+	arr["ITALIAN",716]="\${pending_of_translation} Hai lo strumento tcpdump installato, quindi il tuo sistema può eseguire l'attacco di cattura PMKID con versioni di hcxdumptool successive alla 6.3.0 (attualmente la tua versione di hcxdumptool è \${hcxdumptool_version})"
+	arr["POLISH",716]="\${pending_of_translation} Masz zainstalowane narzędzie tcpdump, więc twój system może przeprowadzić atak przechwytujący PMKID z wersjami hcxdumptool nowszymi niż 6.3.0 (obecnie twoja wersja hcxdumptool to \${hcxdumptool_version})"
+	arr["GERMAN",716]="\${pending_of_translation} Sie haben das tcpdump-Tool installiert, daher kann Ihr System den PMKID-Capture-Angriff mit Versionen von hcxdumptool nach 6.3.0 durchführen (derzeit ist Ihre hcxdumptool-Version \${hcxdumptool_version})"
+	arr["TURKISH",716]="\${pending_of_translation} tcpdump aracını yüklediniz, bu nedenle sisteminiz 6.3.0'dan sonraki hcxdumptool sürümleriyle PMKID yakalama saldırısını gerçekleştirebilir (şu anda hcxdumptool sürümünüz \${hcxdumptool_version})"
+	arr["ARABIC",716]="\${pending_of_translation} لديك أداة tcpdump مثبتة ، وبالتالي يمكن لنظامك تنفيذ هجوم التقاط PMKID بإصدارات من hcxdumptool أحدث من 6.3.0 (حاليًا إصدار hcxdumptool هو \${hcxdumptool_version})"
 }
 
 #Expand escaped variables in language strings with their actual values

diff --git a/plugins/missing_dependencies.sh b/plugins/missing_dependencies.sh
@@ -71,6 +71,7 @@ function commands_to_packages() {
 			commands_to_packages_correspondence["loginctl"]="systemd"
 			commands_to_packages_correspondence["xset"]="x11-xserver-utils"
 			commands_to_packages_correspondence["curl"]="curl"
+			commands_to_packages_correspondence["tcpdump"]="tcpdump"
 		;;
 		"BlackArch")
 			commands_to_packages_correspondence["hcxpcapngtool"]="hcxtools"
@@ -120,6 +121,7 @@ function commands_to_packages() {
 			commands_to_packages_correspondence["loginctl"]="systemd"
 			commands_to_packages_correspondence["xset"]="xorg-xset"
 			commands_to_packages_correspondence["curl"]="curl"
+			commands_to_packages_correspondence["tcpdump"]="tcpdump"
 		;;
 	esac