October 24, 2017, 02:15:08 AM
Welcome, Guest. Please login or register.

"640 K ought to be enough for anybody." -- Bill Gates

Author Topic: [REQ] Automatic mac address filter bypass script  (Read 8273 times)

mm96631

  • Guest
Re: [REQ] Automatic mac address filter bypass script
« Reply #15 on: July 09, 2013, 11:41:19 AM »
 ;D Hurry up, so I can add it to the new OS

Offline TAPE

  • Top Hat Member Moderator
  • Elite
  • ********
  • Posts: 1249
  • Internets: +193/-0
Re: [REQ] Automatic mac address filter bypass script
« Reply #16 on: July 09, 2013, 11:51:10 AM »
LOL :D

Still a long way off from being complete I'm afraid.. but pretty sure I can get a decent command line variant made.
Just not sure what exactly I want included and how long it will take me ;)
Take all the advice you like and then tell everyone to **** off and do your own thing -- Gitsnik

Offline n1tr0g3n

  • Super Elite
  • ******
  • Posts: 4734
  • Internets: +63/-2
  • MCSA, MCP, MCTS, DCSE, CE/H, ACSP, N+,A+, CWSP
    • n1tr0g3n Information Security Blog
Re: [REQ] Automatic mac address filter bypass script
« Reply #17 on: July 09, 2013, 01:17:18 PM »
Damn TAPE that looks awesome! Your a beast at writing sweet looking scripts!
"It's mind over matter, If you don't have a mind then it doesn't matter

Youtube  Channnel
http://www.youtube.com/user/n1tr0g3n0x1d3
Twitter  https://twitter.com/n1tr0g3n_com
http://www.n1tr0g3n.com  
http://teamctfu.weebly.com/

Offline slyfox

  • Experienced
  • ***
  • Posts: 118
  • Internets: +10/-0
Re: [REQ] Automatic mac address filter bypass script
« Reply #18 on: July 09, 2013, 03:36:36 PM »
Tape, l'm just curious about some things in that image.

After you run 'airodump' the ESSID is 'CISCO-LINKSYS'.
When the MAC is changed the 'new' one has the ESSID - 'askey computer', which is chinese and a bit suspect....
Apparently if you use 'macchanger -A' you get a lot of chinese ESSID's or something equally suspicious.
l know the MACCHIATO macchanger helps to make the ESSID less fishy, so just wondering if you could do something like that. l suppose if we use a MAC addy from some network we've scanned it would look normal, and we wouldn't get blocked by the AP - not sure though.

Offline TAPE

  • Top Hat Member Moderator
  • Elite
  • ********
  • Posts: 1249
  • Internets: +193/-0
Re: [REQ] Automatic mac address filter bypass script
« Reply #19 on: July 09, 2013, 04:30:26 PM »
@Sly,

Think you are misunderstanding the output.
The ESSID is Cisco-Test

The other names are manufacturer names based on the OUI list.

What this part of the script is showing is spoofing an actual client MAC to allow bypassing of a mac filter.
Take all the advice you like and then tell everyone to **** off and do your own thing -- Gitsnik

Offline slyfox

  • Experienced
  • ***
  • Posts: 118
  • Internets: +10/-0
Re: [REQ] Automatic mac address filter bypass script
« Reply #20 on: July 09, 2013, 05:53:10 PM »
Yes Tape, l probably am misunderstanding something - l do that a lot lol. l didn't mean the ESSID [got that wrong]. lt was the new MAC l was refering too.
l just thought that it would be a dead giveaway that you are using MAC spoofing to any person or any software watching the MAC address list of the network [OUI list] - so this could then be used to deny you access to the network, if you see what l mean. l think the fact that it's a chinese manufacturer, for instance, would definitely indicate a 'spoofing attack' l think. a lot of the time, your device will appear to have a MAC address from uncommon manufacturers, by which an admin or AP tracking software or whatever, may still deduce that you are spoofing your MAC address. l was just hoping you could somehow put an OUI list of common manufacters names in there instead of relying on 'macchangers' chinese list [they have a lot of those for some reason lol.
But. l'm probably missing the point. Sorry for the distraction. l just prefer to be as invisible as possible.
« Last Edit: July 09, 2013, 05:58:18 PM by slyfox »

Offline TAPE

  • Top Hat Member Moderator
  • Elite
  • ********
  • Posts: 1249
  • Internets: +193/-0
Re: [REQ] Automatic mac address filter bypass script
« Reply #21 on: July 10, 2013, 02:35:33 AM »
Hey Sly, I get where you're coming from.

Of course if you know you only have Apple products and suddenly you see a Linksys MAC popping up on the network
it would definately be a dead giveaway.

The way MAC filtering works though is that you enter the ALLOWED MACs which can connect and all other mac addresses
will be denied access.
So to automate any process of getting your MAC spoofed to an allowed one, you have to first scan and get associated clients.
You can then spoof your MAC to one of the associated client's MAC, which is what the image of McFiB is showing.


What you are meaning is having a 'non-suspicious' MAC when you are spoofing your mac to a random one.
This is easily checked and accomplished by using macchanger's --list=Keyword option to get a list of 1st 3 sections
the desired vendor's/manufacturer's MAC.

So as an example lets change the MAC address of my Linksys to a non-suspicious Apple MAC ;)
Code: [Select]
ifconfig wlan0 down
macchanger -s wlan0
macchanger --list=Airport

Use first 3 sections in random mac to get the Manufacturer (Apple) details set and complete MAC with random junk.
Then you could use the '-e' switch to get a more realistic looking ending.
The -e switch does not change the first 3 sections of the MAC so that the vendor/manufacturer details stay the same.
Code: [Select]
macchanger -m 00:30:65:11:11:11 wlan0
macchanger -e wlan0




I will have this kind of thing included in McFiB in due course.
For the time being working on input / error checks  :\
Take all the advice you like and then tell everyone to **** off and do your own thing -- Gitsnik

Offline slyfox

  • Experienced
  • ***
  • Posts: 118
  • Internets: +10/-0
Re: [REQ] Automatic mac address filter bypass script
« Reply #22 on: July 10, 2013, 05:16:54 AM »
Thanks Tape, very nicely explained.

mm96631

  • Guest
Re: [REQ] Automatic mac address filter bypass script
« Reply #23 on: July 10, 2013, 05:32:55 AM »
Hey Tape, no biggie If not, but do you think you will possibly have this done within the next week?

If not everyone can add it on their own, but it looks awesome and would love to include it.

Offline TAPE

  • Top Hat Member Moderator
  • Elite
  • ********
  • Posts: 1249
  • Internets: +193/-0
Re: [REQ] Automatic mac address filter bypass script
« Reply #24 on: July 10, 2013, 06:15:15 AM »
I dont think so, but maybe.. ;)
Also, I am writing and testing this on Kali Linux.. there may be some tweaking necessary to get it to run on other distros..

In the meantime have done some work on input checks on the menu based input and tweaked it a little.
Looking pretty decent so far ;



Now would like to ask you guys for some advice on how you would consider the command line input looking right
and what options should be included.

At the moment I am considering ;

-i --- scan interface (so either mon0 or a monitor interface created from given interface such as wlan1)
-c --- channel to scan on
-s --- scan time in seconds
-m --- menu based input (as per above pic)
-e --- ESSID to search for and to spoof 1st found associated client MAC to your given interface to spoof
-b --- BSSID to search for and to spoof 1st found associated client MAC to your given interface to spoof
-I ---  Interface to spoof (for instance wlan1)


So basically thinking the command line input could be something like ;

Searching for essid to spoof a connected client's mac
Code: [Select]
./mcfib.sh -i mon0 -c 3 -s 25 -e Cisco-Test -I wlan0

or searching for a bssid to spoof a connected client's mac
Code: [Select]
./mcfib.sh -i mon0 -b 00:11:22:33:44:55 -I wlan0

or running the menu based input
Code: [Select]
./mcfib.sh -m

I have a boat load of ideas for options, but dont really want to overload it (yet.. lol)

Also, when requiring to start an interface (such as wlan0) to create a monitor interface, I have included "airmon-ng check kill".
This means an impact on networking, do you guys think that on quit the script should attempt to (re)start networking  ?
as this could possibly not be what is wanted, but could I suppose include a query on whether this is desired or not..


Any pointers / ideas ?
« Last Edit: July 10, 2013, 06:33:03 AM by TAPE »
Take all the advice you like and then tell everyone to **** off and do your own thing -- Gitsnik

Offline wget

  • Enthusiast
  • **
  • Posts: 53
  • Internets: +0/-1
Re: [REQ] Automatic mac address filter bypass script
« Reply #25 on: July 10, 2013, 02:47:16 PM »
Looks nice TAPE I doubt it will be useless if you do finish it and release it i'll be sure to do a video on it and credit you in the video im sure people who are lazy will find it useful or atleast some of us who dunno how to bash script.

Offline TAPE

  • Top Hat Member Moderator
  • Elite
  • ********
  • Posts: 1249
  • Internets: +193/-0
Re: [REQ] Automatic mac address filter bypass script
« Reply #26 on: July 10, 2013, 02:59:46 PM »
Thanks ;)

Made some progress on the command line input ;




Now waiting for you guys' suggestions :)

Take all the advice you like and then tell everyone to **** off and do your own thing -- Gitsnik

Offline slyfox

  • Experienced
  • ***
  • Posts: 118
  • Internets: +10/-0
Re: [REQ] Automatic mac address filter bypass script
« Reply #27 on: July 10, 2013, 05:45:56 PM »
Speaking as a lazy bastard, l know l'll find it useful lol.
lt looks good to go.

mm96631

  • Guest
Re: [REQ] Automatic mac address filter bypass script
« Reply #28 on: July 10, 2013, 05:49:35 PM »
Ive looked at this a couple of times now and I think you have nailed it Tape. I cant think of anything.

Offline tw33dyb14d

  • Professional
  • ****
  • Posts: 457
  • Internets: +1/-0
Re: [REQ] Automatic mac address filter bypass script
« Reply #29 on: July 10, 2013, 06:20:02 PM »
looks sweet cant wait for this one awesome work