Detect when AP has WPS Locked, show in target list
This commit is contained in:
derv82
@@ -54,7 +54,7 @@ class AttackAll(object):
|
||||
# WPA can have multiple attack vectors:
|
||||
|
||||
# WPS
|
||||
if target.wps:
|
||||
if target.wps != False:
|
||||
if Configuration.wps_pixie:
|
||||
attacks.append(AttackWPS(target, pixie_dust=True))
|
||||
if Configuration.wps_pin:
|
||||
|
||||
@@ -62,8 +62,8 @@ class AttackPMKID(Attack):
|
||||
Returns:
|
||||
True if handshake is captured. False otherwise.
|
||||
'''
|
||||
# Skip if user only wants to run PixieDust attack
|
||||
if Configuration.wps_only and self.target.wps:
|
||||
# Skip if user only wants to attack WPS targets
|
||||
if Configuration.wps_only and self.target.wps == False:
|
||||
Color.pl('\r{!} {O}Skipping PMKID attack on {R}%s{O} because {R}--wps-only{O} is set{W}' % self.target.essid)
|
||||
self.success = False
|
||||
return False
|
||||
|
||||
@@ -27,15 +27,17 @@ class AttackWPA(Attack):
|
||||
def run(self):
|
||||
'''Initiates full WPA handshake capture attack.'''
|
||||
|
||||
if Configuration.use_pmkid_only:
|
||||
self.success = False
|
||||
return False
|
||||
# Skip if user only wants to run PixieDust attack
|
||||
if Configuration.wps_only and self.target.wps:
|
||||
# Skip if target is not WPS
|
||||
if Configuration.wps_only and self.target.wps == False:
|
||||
Color.pl('\r{!} {O}Skipping WPA-Handshake attack on {R}%s{O} because {R}--wps-only{O} is set{W}' % self.target.essid)
|
||||
self.success = False
|
||||
return self.success
|
||||
|
||||
# Skip if user only wants to run PMKID attack
|
||||
if Configuration.use_pmkid_only:
|
||||
self.success = False
|
||||
return False
|
||||
|
||||
# Capture the handshake (or use an old one)
|
||||
handshake = self.capture_handshake()
|
||||
|
||||
|
||||
@@ -60,7 +60,8 @@ class Target(object):
|
||||
self.essid = None # '(%s)' % self.bssid
|
||||
self.essid_known = False
|
||||
|
||||
self.wps = None
|
||||
# False=No WPS, None=Locked WPS, True=Unlocked WPS
|
||||
self.wps = False
|
||||
|
||||
self.decloaked = False # If ESSID was hidden but we decloaked it.
|
||||
|
||||
@@ -136,9 +137,9 @@ class Target(object):
|
||||
if self.wps == True:
|
||||
wps = Color.s('{G} yes')
|
||||
elif self.wps == False:
|
||||
wps = Color.s('{R} no')
|
||||
else:
|
||||
wps = Color.s('{O} n/a')
|
||||
wps = Color.s('{O} no')
|
||||
elif self.wps is None:
|
||||
wps = Color.s('{R}lock')
|
||||
|
||||
clients = ' '
|
||||
if len(self.clients) > 0:
|
||||
|
||||
@@ -260,7 +260,7 @@ class Airodump(Dependency):
|
||||
result.append(target)
|
||||
elif 'WPA' in Configuration.encryption_filter and 'WPA' in target.encryption:
|
||||
result.append(target)
|
||||
elif 'WPS' in Configuration.encryption_filter and target.wps:
|
||||
elif 'WPS' in Configuration.encryption_filter and target.wps != False:
|
||||
result.append(target)
|
||||
elif skip_wps:
|
||||
result.append(target)
|
||||
|
||||
@@ -159,6 +159,7 @@ class Tshark(Dependency):
|
||||
capfile - .cap file from airodump containing packets
|
||||
targets - list of Targets from scan, to be updated
|
||||
'''
|
||||
from ..config import Configuration
|
||||
|
||||
if not Tshark.exists():
|
||||
raise ValueError('Cannot detect WPS networks: Tshark does not exist')
|
||||
@@ -183,24 +184,32 @@ class Tshark(Dependency):
|
||||
# Failure is acceptable
|
||||
return
|
||||
|
||||
bssids = set()
|
||||
wps_bssids = set()
|
||||
locked_bssids = set()
|
||||
for line in lines.split('\n'):
|
||||
if ',' not in line:
|
||||
continue
|
||||
bssid, locked = line.split(',')
|
||||
# Ignore if WPS is locked?
|
||||
if '1' not in locked:
|
||||
bssids.add(bssid.upper())
|
||||
wps_bssids.add(bssid.upper())
|
||||
else:
|
||||
locked_bssids.add(bssid.upper())
|
||||
|
||||
for t in targets:
|
||||
t.wps = t.bssid.upper() in bssids
|
||||
target_bssid = t.bssid.upper()
|
||||
if target_bssid in wps_bssids:
|
||||
t.wps = True
|
||||
elif target_bssid in locked_bssids:
|
||||
t.wps = None
|
||||
else:
|
||||
t.wps = False
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
test_file = './tests/files/contains_wps_network.cap'
|
||||
|
||||
target_bssid = 'A4:2B:8C:16:6B:3A'
|
||||
'''
|
||||
from ..model.target import Target
|
||||
fields = [
|
||||
'A4:2B:8C:16:6B:3A', # BSSID
|
||||
@@ -219,6 +228,5 @@ if __name__ == '__main__':
|
||||
|
||||
print('Target(BSSID={}).wps = {} (Expected: True)'.format(targets[0].bssid, targets[0].wps))
|
||||
assert targets[0].wps == True
|
||||
'''
|
||||
|
||||
print(Tshark.bssids_with_handshakes(test_file, bssid=target_bssid))
|
||||
|
||||
@@ -36,22 +36,31 @@ class Wash(Dependency):
|
||||
except:
|
||||
# Failure is acceptable
|
||||
return
|
||||
|
||||
|
||||
# Find all BSSIDs
|
||||
bssids = set()
|
||||
wps_bssids = set()
|
||||
locked_bssids = set()
|
||||
for line in lines.split('\n'):
|
||||
try:
|
||||
obj = json.loads(line)
|
||||
bssid = obj['bssid']
|
||||
locked = obj['wps_locked']
|
||||
if locked != True:
|
||||
bssids.add(bssid)
|
||||
wps_bssids.add(bssid)
|
||||
else:
|
||||
locked_bssids.add(bssid)
|
||||
except:
|
||||
pass
|
||||
|
||||
# Update targets
|
||||
for t in targets:
|
||||
t.wps = t.bssid.upper() in bssids
|
||||
target_bssid = t.bssid.upper()
|
||||
if target_bssid in wps_bssids:
|
||||
t.wps = True
|
||||
elif target_bssid in locked_bssids:
|
||||
t.wps = None
|
||||
else:
|
||||
t.wps = False
|
||||
|
||||
if __name__ == '__main__':
|
||||
test_file = './tests/files/contains_wps_network.cap'
|
||||
|
||||
@@ -88,7 +88,7 @@ class Scanner(object):
|
||||
return False # No specific target from user.
|
||||
|
||||
for target in self.targets:
|
||||
if Configuration.wps_only and target.wps != True:
|
||||
if Configuration.wps_only and target.wps == False:
|
||||
continue
|
||||
if bssid and target.bssid and bssid.lower() == target.bssid.lower():
|
||||
self.target = target
|
||||
|
||||
Reference in New Issue
Block a user