#!/usr/bin/sh # FairuzaUS - Configuration / Recon / Exploit tool for FairuzaWRT # By: The Hacker Pimps! # This script is for use with both FuxorWRT and FairuzaWRT firmware # running on a Linksys WRT54GS # # Use this application and firmware at your own risk! # If you have any questions view the readme file # If you still have questions or issues that do not relate to you being a # total tard, then send email to the hacker pimps: fairuzawrt@hackerpimps.com # Also, feel free to email with comments. We hope to hear from you soon. echo "########################################################" echo "# Fairuza Upskirt - Config / Recon / Exploit #" echo "# for FuxorWRT and FairuzaWRT #" echo "# By: The Hacker Pimps www.hackerpimps.com #" echo "# Version 0.2 fairuzawrt@hackerpimps.com #" echo "########################################################" while true; do echo -e "\033[1mWhat would you like me to do?\033[0m" echo -e "\033[1mWRT Configuration\033[0m" echo -e "\033[1m1) Enable/Disable SSID Broadcasting\033[0m \033[1m2) Change SSID\033[0m" echo -e "\033[1m3) Change Wireless Channel\033[0m \033[1m4) Turn WEP On/Off\033[0m" echo -e "\033[1m5) Add WEP Key\033[0m \033[1m6) Reboot Access Point\033[0m" echo "" echo -e "\033[1mRecon and Attack\033[0m" echo -e "\033[1m7) Set A Target Host\033[0m \033[1m8) Set A Target Net\033[0m" echo -e "\033[1m9) Ping Sweep\033[0m \033[1m10) Port Scan a Single Host\033[0m" echo -e "\033[1m11) Recon NetBIOS Information\033[0m \033[1m12) Port Scan Network Range\033[0m" echo -e "\033[1m13) Launch Kismet Drone\033[0m \033[1m14) Launch Fairuza FakeAP\033[0m" echo -e "\033[1m15) Dump Weak IVs for WEP Cracking\033[0m \033[1m16) Crack WEP Key\033[0m" echo -e "\033[1m17) Mount NFS Share\033[0m \033[1m18) Display Connected Hosts\033[0m" echo -e "\033[1m19) Mount A Windows Share\033[0m \033[1m20) List Available Exploits\033[0m" echo -e "\033[1m99) Exit\033[0m" echo "Please choose a menu option" read opt case $opt in 1) echo "Enable/Disable SSID Broadcasting" echo -e "Choose 0 =\033[1m'ON'\033[0m 1 = \033[1m'OFF'\033[0m or \033[1m'Enter'\033[0m to go back to main menu" read onoff if [ -n "$onoff" ] ; then if [ $onoff -eq 0 ] then nvram set wl0_closed=0 ; nvram commit echo ""; echo -e "SSID Broadcasting is now \033[1mON\033[0m"; echo "" elif [ $onoff -eq 1 ] then nvram set wl0_closed=1 ; nvram commit echo ""; echo -e "SSID Broadcasting is now \033[1mOFF\033[0m"; echo "" else echo ""; echo -e "\033[1mWARNING!!\033[0m You did not choose a proper value. No changes made."; echo "" fi else echo "You did not enter a value. No changes made."; echo "" fi; ;; 2) echo ""; echo -e "Enter the new SSID Value. Press \033[1m'Enter'\033[0m to go back to main menu" read ssid if [ -n "$ssid" ] ; then nvram set wl0_ssid=$ssid ; nvram commit echo $ssid is your new SSID; echo "" else echo ""; echo "You did not enter a value. No changes made."; echo "" fi; ;; 3) echo ""; echo -e "Change Your wireless channel. Enter channel a number \033[1m1 - 11\033[0m." echo -e "Press\033[1m'Enter'\033[0m to go back to main menu"; echo "" read channel if [ -n "$channel" ] ; then if [ $channel -ge 1 ] && [ $channel -le 11 ] then nvram set wl0_channel=$channel ; nvram commit echo "$channel is your new channel" echo "" else echo -e "\033[1mWARNING!!\033[0m $channel is not valid input. No changes made."; echo "" fi else echo ""; echo "You did not enter a value. No changes made"; echo "" fi; ;; 4) echo ""; echo -e "To turn WEP off press \033[1m'0'\033[0m to turn it on press \033[1m'1'\033[0m." echo -e "Press \033[1m'Enter'\033[0m to go back to main menu"; echo "" read wepstat if [ -n "$wepstat" ] ; then if [ $wepstat -eq 0 ] then nvram set wl0_wep=disabled ; nvram commit echo "WEP is now Disabled"; echo "" elif [ $wepstat -eq 1 ] then nvram set wl0_wep=enabled ; nvram commit echo "WEP is now Enabled"; echo "" else echo -e "\033[1mWARNING!!\033[0m $wepstat is not a valid input. No changes made."; echo "" fi else echo ""; echo "You did not enter a value. No changes made"; echo "" fi; ;; 5) echo -e "Add WEP key. Choose which WEP key \033[1m1-4\033[0m then specify the key."; echo "" echo "Wep key bit values '64' and '128' are auto determined" echo "by the number of characters used in the key" echo "For 64bit use 5/10 For 128 use 13/26" echo -e "Press \033[1m'Enter'\033[0m to go back to main menu" read wepkey if [ -n "$wepkey" ] ; then if [ $wepkey -eq 1 ] then echo "Enter the new value for the first WEP key" read keyval if [ -n "$keyval" ] ; then nvram set vl0_key1=$keyval ; nvram commit echo "$keyval is your new 1st WEP key" else echo "You did not enter a value. No changes made"; echo "" fi elif [ $wepkey -eq 2 ] then echo "Enter the new value for the second WEP key" read keyval if [ -n "$keyval" ] ; then nvram set vl0_key2=$keyval ; nvram commit echo "$keyval is your new 2nd WEP key" else echo "You did not enter a value. No changes made"; echo "" fi elif [ $wepkey -eq 3 ] then echo "Enter the new value for the third WEP key" read keyval if [ -n "$keyval" ] ; then nvram set vl0_key3=$keyval ; nvram commit echo "$keyval is your new 3rd WEP key" else echo "You did not enter a value. No changes made"; echo "" fi elif [ $wepkey -eq 4 ] then echo "Enter the new value for the fourth WEP key" read keyval if [ -n "$keyval" ] ; then nvram set vl0_key4=$keyval ; nvram commit echo "$keyval is your new 4th WEP key" else echo "You did not enter a value. No changes made"; echo "" fi else echo "WARNING !! $wepkey is not valid input. Choose a number 1 though 4" echo "No changes made"; echo "" fi else echo "You did not enter a value. No changes made"; echo "" fi; ;; 6) echo "Rebooting Access Point" reboot; ;; 7) echo "Set a target host. The syntax is simple. example: 192.168.1.5" read snglhost if [ -n "$snglhost" ] ; then echo "You have set the single host with value $snglhost" else echo "You have not set a value" fi; ;; 8) echo "Set a target network. The syntax is: 192.168.1.1-254" read tgtnet if [ -n "$tgtnet" ] ; then echo "You have set the target network: $tgtnet" else echo "You have not set a value" fi; ;; 9) echo ""; echo "Perform a ping sweep of a subnet" if [ -n "$tgtnet" ] ; then nmap -sP $tgtnet else echo ""; echo "You did not set a target network. I will do nothing"; echo "" fi; ;; 10) echo ""; echo "Port Scan a single host " if [ -n "$snglhost" ] ; then nmap $snglhost else echo ""; echo "You did not enter a value. I will do nothing"; echo "" fi; ;; 11) echo ""; echo "Recon of NetBIOS information for target network" echo "Should I be verbose? 1=Yes 2=No" read verbstat if [ -n "$tgtnet" ] ; then if [ $verbstat -eq 1 ] ; then nbtscan -v -s : $tgtnet echo "" elif [ $verbstat -eq 2 ] ; then nbtscan -r $tgtnet echo "" else echo "You didn't enter the right value you silly goose" fi else echo "You didn't specify a target network. I will do nothing" fi; ;; 12) echo ""; echo "Port Scan a target network" if [ -n $tgtnet ] ; then nmap -O $tgtnet else echo "You didn't specify a target network" fi; ;; 13) echo ""; echo "Wireless Scan" echo -e "Launching Kismet Drone" echo "" if [ -f "/usr/sbin/kismet_drone" ] ; then kismet_drone else echo ""; echo "Kismet-drone not found. Perhaps you need to 'ipkg install' something?"; echo "" fi; ;; 14) echo ""; echo "Sorry, Launching Fairuza FakeAP is not available yet" echo "" ;; 15) echo ""; echo "Dump Weak IVs" echo -e "Specify an output file name and location" read ivLocName echo "" if [ -n "$ivLocName" ] && [ -f "/usr/sbin/airodump"] ; then wl monitor 1 airodump eth1 $ivLocName else echo ""; echo "You did not enter a value for output location or perhaps" echo ""; echo" you need to 'ipkg install' Aircrack?"; echo "" fi; ;; 16) echo ""; echo "Crack WEP. Make sure you have the file with the Weak IVs mounted" echo -e "Specify a fudge factor" read ffactor echo "" echo -e "Specify the location of the file containing the Weak IVs" read ivLoc echo "" if [ -n "$ffactor" ] && [ -f "/usr/sbin/aircrack"] && [ -n "ivLoc"] ; then aircrack $ffactor -f $ivLoc else echo ""; echo "You did not enter a value for the IV location or perhaps" echo ""; echo" you need to 'ipkg install' something?"; echo "" fi; ;; 17) echo ""; echo "Enter the IP address of the NFS server" read nfsserv echo "Enter the mount point for the share, make sure this exists." echo "Example: example: /etc/mnt" read mntpoint if [ -n "$nfsserv" ] && [ -n "mntpoint" ] ; then mount -t nfs $nfsserv:$mntpoint else echo "You did not enter a location or mountpoint. I will do nothing" fi; ;; 18) echo ""; echo "The following hosts have been issued an IP by the WRT" cat /tmp/dhcp.leases echo ""; ;; 19) echo ""; echo "Specify UNC of location. Example: //192.168.0.1/e" read winmntloc echo "Specify a valid mount location. Example: /mnt/win" echo "Make sure this resource exists!" read localmnt echo "Specify a valid username for this resource" read winusername if [ -n "$winmntloc" ] && [ -n "$localmnt" ] && [ -n "$winusername" ] ; then mount.cifs $winmntloc $localmnt -o user=$winusername echo "Your resource has been mounted" else echo "You did not specify something properly. Try again" fi; ;; 20) echo ""; echo "1) asn1-wrt 2) blaster-wrt 3) ms05039_sploit 4) smbnuke-wrt 5) upnp-wrt 6) winmsg-wrt 7) wins-wrt" echo "To run one of these exploits exit this application and type the name as it appears above. They are located" echo "in /usr/bin There will be support for running them from this application in the future" echo ""; ;; 99) exit ;; *) echo ""; echo "$opt is not a valid option" ;; esac done