Results 1 to 9 of 9

Thread: Need help writing complex rules in Airdrop-ng.

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    79

    Default Need help writing complex rules in Airdrop-ng.

    Hi,

    I have been playing around with airdop-ng for a couple of days now, having fun disconnecting my other computers of my own network. I have written a couple simple rules such as disconnect any computer from any network or disconnect a specific computer form any network. Basically one rule. I have been trying to write more complex rules such as allow me to talk to all the AP's around but deny everyone else to talk to any AP's that are around, but I don't really understand how to do it. How do you guys go about writing more complex rules?

    I have been using =Tape='s guide for help.
    This is from his blog:
    "A more detailed rule file could be as follows ;

    #Allow rules
    a/00-11-22-33-44-55|55-44-33-22-11-00
    a/00-11-22-33-44-55|Linksys
    a/00-11-22-33-44-55|Intel
    #Deny rules
    d/00-11-22-33-44-55|Apple"

    but if i do something similar airdrop just gives me this error:
    Code:
    File "/usr/bin/airdrop-ng" , line 1056, in <module>
         Targeting.run()
    File "/usr/bin/airdrop-ng" , lien 817, in run
          self.targets = self.dataParse()
    File  "/usr/bin/airdrop-ng" , line 811, in dataParse
          return rMatch.ruleQue()
    File  "/usr/bin/airdrop-ng" , line 416, in ruleQue
          self.match() #call matching
    File  "/usr/bin/airdrop-ng" , line 499, in match
          self.channel = self.ClientApDB[1][self.bssid]["channel"]
    keyerror: none
    pureh@te said: Our goal is to be a fearsome pentest distro not a windows replacement OS where we are trying to convert the world to Linux.

  2. #2
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: Need help writing complex rules in Airdrop-ng.

    If I understand you correctly, you want your MAC to be able to talk to the APs, but done want
    anyone else to be able to talk to your AP ?

    If that is the case, then you should first make sure that you write an allow rule, then followed by deny rule.

    So make sure your ClientMAC is authorized to connect to any AP ;

    Code:
    a/any|ClientMAC
    And deny anything else to happen..
    Code:
    d/any|any
    d/any|any is a very blunt axe.. So even when just testing I would always put in your (test) router as the BSSID
    or else your neighbours may start having trouble..


    Is the above along the lines of what you were looking for ?

    As for the error message you are posting, not sure what is happening there..

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    79

    Default Re: Need help writing complex rules in Airdrop-ng.

    Yea I tried that and it gave me that error when I ran airdrop. How did you write that exactly, like this?

    Code:
    'a/any|ClientMAC' >>rules
    'd/any|any' >>rules
    pureh@te said: Our goal is to be a fearsome pentest distro not a windows replacement OS where we are trying to convert the world to Linux.

  4. #4
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: Need help writing complex rules in Airdrop-ng.

    If you have been able to use it OK in the past, then you know how to correctly put the commands in place,
    so sorry to say I am not sure where that error is coming from.

  5. #5
    Junior Member
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    79

    Default Re: Need help writing complex rules in Airdrop-ng.

    I haven't been able to use multiple rules successfully ever. And I only posted the error code because I thought it night give some insight to my multi rule problem.
    pureh@te said: Our goal is to be a fearsome pentest distro not a windows replacement OS where we are trying to convert the world to Linux.

  6. #6
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: Need help writing complex rules in Airdrop-ng.

    Multiple rules never working ??

    Strange, saw you were following what I had written and that all seemed to work for me.

    And of course you should always post error code when you can, perhaps someone else here
    can elaborate on the error.

  7. #7
    Junior Member
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    79

    Default Re: Need help writing complex rules in Airdrop-ng.

    Yeah strange if i figure out a solution i will post it.
    pureh@te said: Our goal is to be a fearsome pentest distro not a windows replacement OS where we are trying to convert the world to Linux.

  8. #8
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: Need help writing complex rules in Airdrop-ng.

    Well I have been doing some tests again on my network, and most seem to work OK except muiltiple allow rules, so to run
    down what I have done ;

    (interface placed in monitor mode first of course)

    >Start airodump filtered down to my network, write to output to a csv file
    Code:
    airodump-ng mon0 -c 8 --bssid 00:11:22:33:44:55  -w test --output-format csv
    Create a droprule file to get started;
    (I created this rule when already in the /pentest/wireless/airdrop-ng/ directory)
    Code:
    echo '#Deny Rules' > rules && echo 'd/00-11-22-33-44-55|any' >> rules
    When running this with airdrop-ng it effectively cut off all communication from all of my computers to my network;
    Code:
    ./airdrop-ng -i mon0 -t ~/test-01.csv -r rules -b -p

    Then I opened up the rules file and added an allow section to let my laptop & desktop join the network but block off the rest.
    Remember that the allow rules MUST be above the deny rules ! So my rules file looked like this ;
    Code:
    #Allow Rules
    a/00-11-22-33-44-55|00-01-02-03-04-05, 01-02-03-04-05-06
    
    #Deny Rules
    d/00-11-22-33-44-55|any
    (my blogpost, when mentioning about allowing linksys/Intel etc and denying apple, this needs updating after some testing as have noted that airdrop does not like multiple allow rules..)

    After testing I have found that airdrop does not like multiple lines for Allow rules.
    Having multiple Deny rules seems to work OK, but if trying 3 rules as follows ;
    Code:
    a/00-11-22-33-44-55|01-02-03-04-05-06
    a/00-11-22-33-44-55|linksys
    
    d/00-11-22-33-44-55|any
    airdrop ignores the 2nd rule.

    I have however not been able to replicate your error message !

    Perhaps the above will explain better why you cant achieve what you were thinking of.

  9. #9
    Junior Member
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    79

    Default Re: Need help writing complex rules in Airdrop-ng.

    Hmm i will try when this when i get home.
    pureh@te said: Our goal is to be a fearsome pentest distro not a windows replacement OS where we are trying to convert the world to Linux.

Similar Threads

  1. Writing Buffer Overflow Exploits using BackTrack
    By lupin in forum BackTrack Howtos
    Replies: 41
    Last Post: 04-01-2011, 08:49 PM
  2. Using non-persistent BT on USB and writing
    By huhwha in forum Beginners Forum
    Replies: 1
    Last Post: 03-03-2010, 09:13 PM
  3. Install Airdrop-ng
    By Archangel-Amael in forum BackTrack Howtos
    Replies: 6
    Last Post: 02-27-2010, 12:42 PM
  4. Airdrop-ng When Released
    By Mr-Protocol in forum Tool Requests
    Replies: 10
    Last Post: 02-18-2010, 02:49 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •