Lots of fixes.
1. WEP attack gracefully handles ctrl+c 2. Very verbose (-vv) prints out commands and output 3. Doesn't fetch WPS info when attacking WEP
This commit is contained in:
derv82
@@ -122,7 +122,7 @@ class Aireplay(object):
|
|||||||
if attack_type == WEPAttackType.fakeauth:
|
if attack_type == WEPAttackType.fakeauth:
|
||||||
cmd.extend(['-1', '0']) # Fake auth, no delay
|
cmd.extend(['-1', '0']) # Fake auth, no delay
|
||||||
cmd.extend(['-a', target.bssid])
|
cmd.extend(['-a', target.bssid])
|
||||||
cmd.extend(['-T', '1']) # Make 1 attemp
|
cmd.extend(['-T', '3']) # Make 3 attempts
|
||||||
if target.essid_known:
|
if target.essid_known:
|
||||||
cmd.extend(['-e', target.essid])
|
cmd.extend(['-e', target.essid])
|
||||||
# Do not specify client MAC address,
|
# Do not specify client MAC address,
|
||||||
|
|||||||
@@ -13,7 +13,7 @@ class Airodump(object):
|
|||||||
|
|
||||||
def __init__(self, interface=None, channel=None, encryption=None,\
|
def __init__(self, interface=None, channel=None, encryption=None,\
|
||||||
wps=False, target_bssid=None, output_file_prefix='airodump',\
|
wps=False, target_bssid=None, output_file_prefix='airodump',\
|
||||||
ivs_only=False):
|
ivs_only=False, skip_wash=False):
|
||||||
'''
|
'''
|
||||||
Sets up airodump arguments, doesn't start process yet
|
Sets up airodump arguments, doesn't start process yet
|
||||||
'''
|
'''
|
||||||
@@ -39,6 +39,7 @@ class Airodump(object):
|
|||||||
self.target_bssid = target_bssid
|
self.target_bssid = target_bssid
|
||||||
self.output_file_prefix = output_file_prefix
|
self.output_file_prefix = output_file_prefix
|
||||||
self.ivs_only = ivs_only
|
self.ivs_only = ivs_only
|
||||||
|
self.skip_wash = skip_wash
|
||||||
|
|
||||||
|
|
||||||
def __enter__(self):
|
def __enter__(self):
|
||||||
@@ -133,6 +134,7 @@ class Airodump(object):
|
|||||||
targets = Airodump.get_targets_from_csv(csv_filename)
|
targets = Airodump.get_targets_from_csv(csv_filename)
|
||||||
|
|
||||||
# Check targets for WPS
|
# Check targets for WPS
|
||||||
|
if not self.skip_wash:
|
||||||
capfile = csv_filename[:-3] + 'cap'
|
capfile = csv_filename[:-3] + 'cap'
|
||||||
Wash.check_for_wps_and_update_targets(capfile, targets)
|
Wash.check_for_wps_and_update_targets(capfile, targets)
|
||||||
|
|
||||||
@@ -175,7 +177,11 @@ class Airodump(object):
|
|||||||
|
|
||||||
if hit_clients:
|
if hit_clients:
|
||||||
# The current row corresponds to a "Client" (computer)
|
# The current row corresponds to a "Client" (computer)
|
||||||
|
try:
|
||||||
client = Client(row)
|
client = Client(row)
|
||||||
|
except IndexError:
|
||||||
|
# Skip if we can't parse the client row
|
||||||
|
continue
|
||||||
|
|
||||||
if 'not associated' in client.bssid:
|
if 'not associated' in client.bssid:
|
||||||
# Ignore unassociated clients
|
# Ignore unassociated clients
|
||||||
|
|||||||
@@ -212,8 +212,8 @@ class Arguments(object):
|
|||||||
% Configuration.wps_timeout_threshold)
|
% Configuration.wps_timeout_threshold)
|
||||||
wps.add_argument('--ignore-ratelimit',
|
wps.add_argument('--ignore-ratelimit',
|
||||||
action='store_false',
|
action='store_false',
|
||||||
dest='wps_ignore_rate_limit',
|
dest='wps_skip_rate_limit',
|
||||||
help=Color.s('Continues attack if WPS is rate-limited (default: {G}off{W})'))
|
help=Color.s('Ignores attack if WPS is rate-limited (default: {G}on{W})'))
|
||||||
|
|
||||||
# Commands
|
# Commands
|
||||||
commands = parser.add_argument_group('COMMANDS')
|
commands = parser.add_argument_group('COMMANDS')
|
||||||
|
|||||||
@@ -29,10 +29,17 @@ class AttackWEP(Attack):
|
|||||||
Including airodump-ng starting, cracking, etc.
|
Including airodump-ng starting, cracking, etc.
|
||||||
Returns: True if attack is succesful, false otherwise
|
Returns: True if attack is succesful, false otherwise
|
||||||
'''
|
'''
|
||||||
# First, start Airodump process
|
|
||||||
|
aircrack = None # Aircrack process, not started yet
|
||||||
|
|
||||||
|
for (attack_index, attack_name) in enumerate(Configuration.wep_attacks):
|
||||||
|
# BIG try-catch to capture ctrl+c
|
||||||
|
try:
|
||||||
|
# Start Airodump process
|
||||||
with Airodump(channel=self.target.channel,
|
with Airodump(channel=self.target.channel,
|
||||||
target_bssid=self.target.bssid,
|
target_bssid=self.target.bssid,
|
||||||
ivs_only=True, # Only capture IVs packets
|
ivs_only=True, # Only capture IVs packets
|
||||||
|
skip_wash=True, # Don't check for WPS-compatibility
|
||||||
output_file_prefix='wep') as airodump:
|
output_file_prefix='wep') as airodump:
|
||||||
|
|
||||||
Color.clear_line()
|
Color.clear_line()
|
||||||
@@ -52,9 +59,6 @@ class AttackWEP(Attack):
|
|||||||
else:
|
else:
|
||||||
client_mac = airodump_target.clients[0].station
|
client_mac = airodump_target.clients[0].station
|
||||||
|
|
||||||
aircrack = None # Aircrack process, not started yet
|
|
||||||
|
|
||||||
for attack_name in Configuration.wep_attacks:
|
|
||||||
# Convert to WEPAttackType.
|
# Convert to WEPAttackType.
|
||||||
wep_attack_type = WEPAttackType(attack_name)
|
wep_attack_type = WEPAttackType(attack_name)
|
||||||
|
|
||||||
@@ -69,6 +73,7 @@ class AttackWEP(Attack):
|
|||||||
previous_ivs = 0
|
previous_ivs = 0
|
||||||
|
|
||||||
# Loop until attack completes.
|
# Loop until attack completes.
|
||||||
|
|
||||||
while True:
|
while True:
|
||||||
airodump_target = self.wait_for_target(airodump)
|
airodump_target = self.wait_for_target(airodump)
|
||||||
Color.p('\r{+} running {C}%s{W} WEP attack ({G}%d IVs{W}) '
|
Color.p('\r{+} running {C}%s{W} WEP attack ({G}%d IVs{W}) '
|
||||||
@@ -137,8 +142,8 @@ class AttackWEP(Attack):
|
|||||||
xor_file = Aireplay.get_xor()
|
xor_file = Aireplay.get_xor()
|
||||||
if not xor_file:
|
if not xor_file:
|
||||||
# If .xor is not there, the process failed.
|
# If .xor is not there, the process failed.
|
||||||
Color.pl('\n{!} {O}%s attack{R} did not generate' +
|
Color.pl('\n{!} {O}%s attack{R} did not generate' % attack_name +
|
||||||
' a .xor file{W}' % attack_name)
|
' a .xor file{W}')
|
||||||
# XXX: For debugging
|
# XXX: For debugging
|
||||||
Color.pl('\noutput:\n')
|
Color.pl('\noutput:\n')
|
||||||
Color.pl(aireplay.get_output())
|
Color.pl(aireplay.get_output())
|
||||||
@@ -192,12 +197,33 @@ class AttackWEP(Attack):
|
|||||||
time.sleep(1)
|
time.sleep(1)
|
||||||
continue
|
continue
|
||||||
# End of big while loop
|
# End of big while loop
|
||||||
# End of for-each-attack-type loop
|
|
||||||
# End of with-airodump
|
# End of with-airodump
|
||||||
|
except KeyboardInterrupt:
|
||||||
|
if not self.user_wants_to_continue(attack_index):
|
||||||
|
self.success = False
|
||||||
|
return self.success
|
||||||
|
# End of big try-catch
|
||||||
|
# End of for-each-attack-type loop
|
||||||
|
|
||||||
self.success = False
|
self.success = False
|
||||||
return self.success
|
return self.success
|
||||||
|
|
||||||
|
def user_wants_to_continue(self, attack_index):
|
||||||
|
''' Asks user if attacks should continue using remaining methods '''
|
||||||
|
Color.pl('\n{!} {O}interrupted{W}\n')
|
||||||
|
|
||||||
|
if attack_index + 1 >= len(Configuration.wep_attacks):
|
||||||
|
# No more WEP attacks to perform.
|
||||||
|
return False
|
||||||
|
|
||||||
|
attacks_remaining = Configuration.wep_attacks[attack_index + 1:]
|
||||||
|
Color.pl("{+} {G}%d{W} attacks remain ({C}%s{W})" % (len(attacks_remaining), ', '.join(attacks_remaining)))
|
||||||
|
prompt = Color.s('{+} type {G}c{W} to {G}continue{W}' +
|
||||||
|
' or {R}s{W} to {R}stop{W}: ')
|
||||||
|
if raw_input(prompt).lower().startswith('s'):
|
||||||
|
return False
|
||||||
|
else:
|
||||||
|
return True
|
||||||
|
|
||||||
def fake_auth(self):
|
def fake_auth(self):
|
||||||
'''
|
'''
|
||||||
|
|||||||
@@ -33,6 +33,7 @@ class AttackWPA(Attack):
|
|||||||
# First, start Airodump process
|
# First, start Airodump process
|
||||||
with Airodump(channel=self.target.channel,
|
with Airodump(channel=self.target.channel,
|
||||||
target_bssid=self.target.bssid,
|
target_bssid=self.target.bssid,
|
||||||
|
skip_wash=True,
|
||||||
output_file_prefix='wpa') as airodump:
|
output_file_prefix='wpa') as airodump:
|
||||||
|
|
||||||
Color.clear_line()
|
Color.clear_line()
|
||||||
|
|||||||
@@ -124,11 +124,8 @@ class AttackWPS(Attack):
|
|||||||
elif 'Detected AP rate limiting,' in stdout_last_line:
|
elif 'Detected AP rate limiting,' in stdout_last_line:
|
||||||
if Configuration.wps_skip_rate_limit:
|
if Configuration.wps_skip_rate_limit:
|
||||||
Color.pl('{R}failed: {O}hit WPS rate-limit{W}')
|
Color.pl('{R}failed: {O}hit WPS rate-limit{W}')
|
||||||
# TODO: Argument for --ignore-rate-limit
|
Color.pl('{!} {O}use {R}--skip-rate-limit{O} to ignore' +
|
||||||
'''
|
' this kind of failure in the future{W}')
|
||||||
Color.pl('{!} {O}use {R}--ignore-rate-limit{O} to ignore' +
|
|
||||||
' this kind of failure in the future')
|
|
||||||
'''
|
|
||||||
break
|
break
|
||||||
step = '({C}step -/8{W}) waiting for AP rate limit'
|
step = '({C}step -/8{W}) waiting for AP rate limit'
|
||||||
|
|
||||||
@@ -261,9 +258,11 @@ class AttackWPS(Attack):
|
|||||||
|
|
||||||
if 'Detected AP rate limiting' in out:
|
if 'Detected AP rate limiting' in out:
|
||||||
state = '{R}rate-limited{W}'
|
state = '{R}rate-limited{W}'
|
||||||
if not Configuration.wps_skip_rate_limit:
|
if Configuration.wps_skip_rate_limit:
|
||||||
Color.pl(state)
|
Color.pl(state)
|
||||||
Color.pl('{!} {R}hit rate limit, stopping{W}\n')
|
Color.pl('{!} {R}hit rate limit, stopping{W}\n')
|
||||||
|
Color.pl('{!} {O}use {R}--skip-rate-limit{O} to ignore' +
|
||||||
|
' this kind of failure in the future{W}')
|
||||||
break
|
break
|
||||||
|
|
||||||
if 'WARNING: Failed to associate with' in out:
|
if 'WARNING: Failed to associate with' in out:
|
||||||
|
|||||||
@@ -48,6 +48,14 @@ class Color(object):
|
|||||||
Color.p('%s\n' % text)
|
Color.p('%s\n' % text)
|
||||||
Color.last_sameline_length = 0
|
Color.last_sameline_length = 0
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def pe(text):
|
||||||
|
'''
|
||||||
|
Prints text using colored format with leading and trailing new line to STDERR.
|
||||||
|
'''
|
||||||
|
sys.stderr.write(Color.s('%s\n' % text))
|
||||||
|
Color.last_sameline_length = 0
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def s(text):
|
def s(text):
|
||||||
''' Returns colored string '''
|
''' Returns colored string '''
|
||||||
|
|||||||
@@ -193,7 +193,7 @@ class Configuration(object):
|
|||||||
if args.wps_timeout_threshold:
|
if args.wps_timeout_threshold:
|
||||||
Configuration.wps_timeout_threshold = args.wps_timeout_threshold
|
Configuration.wps_timeout_threshold = args.wps_timeout_threshold
|
||||||
Color.pl('{+} {C}option:{W} will stop WPS attack after {G}%d timeouts{W}' % args.wps_timeout_threshold)
|
Color.pl('{+} {C}option:{W} will stop WPS attack after {G}%d timeouts{W}' % args.wps_timeout_threshold)
|
||||||
if args.wps_ignore_rate_limit == False:
|
if args.wps_skip_rate_limit == False:
|
||||||
Configuration.wps_skip_rate_limit = False
|
Configuration.wps_skip_rate_limit = False
|
||||||
Color.pl('{+} {C}option:{W} will {G}continue{W} WPS attacks when rate-limited')
|
Color.pl('{+} {C}option:{W} will {G}continue{W} WPS attacks when rate-limited')
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,8 @@
|
|||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
|
|
||||||
|
from Configuration import Configuration
|
||||||
|
from Color import Color
|
||||||
|
|
||||||
from subprocess import Popen, call, PIPE
|
from subprocess import Popen, call, PIPE
|
||||||
import time
|
import time
|
||||||
|
|
||||||
@@ -20,20 +23,35 @@ class Process(object):
|
|||||||
'''
|
'''
|
||||||
if type(command) != str or ' ' in command or shell:
|
if type(command) != str or ' ' in command or shell:
|
||||||
shell = True
|
shell = True
|
||||||
|
if Configuration.verbose > 1:
|
||||||
|
Color.pe("\n {C}[?] {W} Executing (Shell): {B}%s{W}" % command)
|
||||||
else:
|
else:
|
||||||
shell = False
|
shell = False
|
||||||
|
if Configuration.verbose > 1:
|
||||||
|
Color.pe("\n {C}[?]{W} Executing: {B}%s{W}" % command)
|
||||||
|
|
||||||
pid = Popen(command, cwd=cwd, stdout=PIPE, stderr=PIPE, shell=shell)
|
pid = Popen(command, cwd=cwd, stdout=PIPE, stderr=PIPE, shell=shell)
|
||||||
pid.wait()
|
pid.wait()
|
||||||
return pid.communicate()
|
(stdout, stderr) = pid.communicate()
|
||||||
|
|
||||||
|
if Configuration.verbose > 1 and stdout.strip() != '':
|
||||||
|
Color.pe("{P} [stdout] %s{W}" % '\n [stdout] '.join(stdout.split('\n')))
|
||||||
|
if Configuration.verbose > 1 and stderr.strip() != '':
|
||||||
|
Color.pe("{P} [stderr] %s{W}" % '\n [stderr] '.join(stderr.split('\n')))
|
||||||
|
|
||||||
|
return (stdout, stderr)
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def exists(program):
|
def exists(program):
|
||||||
''' Checks if program is installed on this system '''
|
''' Checks if program is installed on this system '''
|
||||||
p = Process(['which', program])
|
p = Process(['which', program])
|
||||||
if p.stdout().strip() == '' and p.stderr().strip() == '':
|
stdout = p.stdout().strip()
|
||||||
return False
|
stderr = p.stderr().strip()
|
||||||
return True
|
|
||||||
|
|
||||||
|
if stdout == '' and err == '':
|
||||||
|
return False
|
||||||
|
|
||||||
|
return True
|
||||||
|
|
||||||
def __init__(self, command, devnull=False, stdout=PIPE, stderr=PIPE, cwd=None):
|
def __init__(self, command, devnull=False, stdout=PIPE, stderr=PIPE, cwd=None):
|
||||||
''' Starts executing command '''
|
''' Starts executing command '''
|
||||||
@@ -44,6 +62,9 @@ class Process(object):
|
|||||||
|
|
||||||
self.command = command
|
self.command = command
|
||||||
|
|
||||||
|
if Configuration.verbose > 1:
|
||||||
|
Color.pe("\n {C}[?] {W} Executing: {B}%s{W}" % ' '.join(command))
|
||||||
|
|
||||||
self.out = None
|
self.out = None
|
||||||
self.err = None
|
self.err = None
|
||||||
if devnull:
|
if devnull:
|
||||||
@@ -68,11 +89,15 @@ class Process(object):
|
|||||||
def stdout(self):
|
def stdout(self):
|
||||||
''' Waits for process to finish, returns stdout output '''
|
''' Waits for process to finish, returns stdout output '''
|
||||||
self.get_output()
|
self.get_output()
|
||||||
|
if Configuration.verbose > 1 and self.out.strip() != '':
|
||||||
|
Color.pe("{P} [stdout] %s{W}" % '\n [stdout] '.join(self.out.split('\n')))
|
||||||
return self.out
|
return self.out
|
||||||
|
|
||||||
def stderr(self):
|
def stderr(self):
|
||||||
''' Waits for process to finish, returns stderr output '''
|
''' Waits for process to finish, returns stderr output '''
|
||||||
self.get_output()
|
self.get_output()
|
||||||
|
if Configuration.verbose > 1 and self.err.strip() != '':
|
||||||
|
Color.pe("{P} [stderr] %s{W}" % '\n [stderr] '.join(self.err.split('\n')))
|
||||||
return self.err
|
return self.err
|
||||||
|
|
||||||
def get_output(self):
|
def get_output(self):
|
||||||
|
|||||||
@@ -93,6 +93,8 @@ class Scanner(object):
|
|||||||
|
|
||||||
if self.previous_target_count > 0:
|
if self.previous_target_count > 0:
|
||||||
# We need to "overwrite" the previous list of targets.
|
# We need to "overwrite" the previous list of targets.
|
||||||
|
if Configuration.verbose <= 1:
|
||||||
|
# Don't clear screen buffer in verbose mode.
|
||||||
if self.previous_target_count > len(self.targets) or \
|
if self.previous_target_count > len(self.targets) or \
|
||||||
Scanner.get_terminal_height() < self.previous_target_count + 3:
|
Scanner.get_terminal_height() < self.previous_target_count + 3:
|
||||||
# Either:
|
# Either:
|
||||||
|
|||||||
Reference in New Issue
Block a user