alexandre/wifite2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added --nodeauths command, try to fix WEP replay attacks.

Browse Source 
Aireplay can optionally NOT store the process output (via `devnull=False`).
By-default, Aireplay attacks will not capture aireplay-ng output, to
avoid deadlock when overloading the OS buffer (see #21).
This commit is contained in:
derv82
2017-05-15 20:36:04 -04:00
parent a8d16d1b69
commit a226cdb9a1
8 changed files with 39 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
py/Aireplay.py
View File

@@ -53,7 +53,7 @@ class WEPAttackType(object):
class Aireplay(object): class Aireplay(object):
def __init__(self, target, attack_type, client_mac=None, replay_file=None): def __init__(self, target, attack_type, client_mac=None, replay_file=None, devnull=False):
''' '''
Starts aireplay process. Starts aireplay process.
Args: Args:
@@ -77,7 +77,7 @@ class Aireplay(object):
''' '''
self.pid = Process(cmd, self.pid = Process(cmd,
devnull=False, devnull=devnull,
cwd=Configuration.temp()) cwd=Configuration.temp())
def is_running(self): def is_running(self):
@@ -85,7 +85,7 @@ class Aireplay(object):
def stop(self): def stop(self):
''' Stops aireplay process ''' ''' Stops aireplay process '''
if self.pid and self.pid.poll() != None: if self.pid and self.pid.poll() == None:
self.pid.interrupt() self.pid.interrupt()
def get_output(self): def get_output(self):

21
py/Airodump.py
View File

@@ -146,7 +146,7 @@ class Airodump(object):
Wash.check_for_wps_and_update_targets(capfile, targets) Wash.check_for_wps_and_update_targets(capfile, targets)
# Filter targets based on encryption # Filter targets based on encryption
targets = Airodump.filter_targets(targets) targets = Airodump.filter_targets(targets, skip_wash=self.skip_wash)
# Sort by power # Sort by power
targets.sort(key=lambda x: x.power, reverse=True) targets.sort(key=lambda x: x.power, reverse=True)
@@ -224,19 +224,18 @@ class Airodump(object):
return targets return targets
@staticmethod @staticmethod
def filter_targets(targets): def filter_targets(targets, skip_wash=False):
''' Filters targets based on Configuration ''' ''' Filters targets based on Configuration '''
result = [] result = []
# Filter based on Encryption # Filter based on Encryption
for target in targets: for target in targets:
if 'WEP' in Configuration.encryption_filter and \ if 'WEP' in Configuration.encryption_filter and 'WEP' in target.encryption:
'WEP' in target.encryption:
result.append(target) result.append(target)
elif 'WPA' in Configuration.encryption_filter and \ elif 'WPA' in Configuration.encryption_filter and 'WPA' in target.encryption:
'WPA' in target.encryption:
result.append(target) result.append(target)
elif 'WPS' in Configuration.encryption_filter and \ elif 'WPS' in Configuration.encryption_filter and target.wps:
target.wps: result.append(target)
elif skip_wash:
result.append(target) result.append(target)
# Filter based on BSSID/ESSID # Filter based on BSSID/ESSID
@@ -259,7 +258,11 @@ class Airodump(object):
targets (APs) that have unknown ESSIDs (hidden router names). targets (APs) that have unknown ESSIDs (hidden router names).
''' '''
self.decloaking = False self.decloaking = False
# Only deauth if channel is fixed.
# Do not deauth if requested
if Configuration.no_deauth: return
# Do not deauth if channel is not fixed.
if self.channel is None: return if self.channel is None: return
# Reusable deauth command # Reusable deauth command

4
py/Arguments.py
View File

@@ -60,6 +60,10 @@ class Arguments(object):
default=0, default=0,
dest='verbose', dest='verbose',
help=Color.s('Verbose mode, prints more lines (default: {G}quiet{W})')) help=Color.s('Verbose mode, prints more lines (default: {G}quiet{W})'))
glob.add_argument('--nodeauths',
action='store_true',
dest='no_deauth',
help=Color.s('Do not deauthenticate clients *EVER* (default: {G}off{W})'))
# WEP # WEP
wep = parser.add_argument_group('WEP-RELATED') wep = parser.add_argument_group('WEP-RELATED')

15
py/AttackWEP.py
View File

@@ -68,6 +68,7 @@ class AttackWEP(Attack):
aireplay = Aireplay(self.target, \ aireplay = Aireplay(self.target, \
wep_attack_type, \ wep_attack_type, \
client_mac=client_mac, \ client_mac=client_mac, \
devnull=True,
replay_file=replay_file) replay_file=replay_file)
time_unchanged_ivs = time.time() # Timestamp when IVs last changed time_unchanged_ivs = time.time() # Timestamp when IVs last changed
@@ -146,9 +147,8 @@ class AttackWEP(Attack):
Color.pl('\n{!} {O}%s attack{R} did not generate' % attack_name + Color.pl('\n{!} {O}%s attack{R} did not generate' % attack_name +
' a .xor file{W}') ' a .xor file{W}')
# XXX: For debugging # XXX: For debugging
Color.pl('\noutput:\n') Color.pl('{?} {O}Command: {R}%s{W}' % aireplay.cmd)
Color.pl(aireplay.get_output()) Color.pl('{?} {O}Output:\n{R}%s{W}' % aireplay.get_output())
Color.pl('')
break break
# If .xor exists, run packetforge-ng to create .cap # If .xor exists, run packetforge-ng to create .cap
@@ -172,8 +172,8 @@ class AttackWEP(Attack):
break break
else: else:
Color.pl('\n{!} {O}aireplay-ng exited unexpectedly{W}') Color.pl('\n{!} {O}aireplay-ng exited unexpectedly{W}')
Color.pl('\naireplay.get_output():') Color.pl('{?} {O}Command: {R}%s{W}' % aireplay.cmd)
Color.pl(aireplay.get_output()) Color.pl('{?} {O}Output:\n%s{W}' % aireplay.get_output())
break # Continue to other attacks break # Continue to other attacks
# Check if IVs stopped flowing (same for > N seconds) # Check if IVs stopped flowing (same for > N seconds)
@@ -189,9 +189,12 @@ class AttackWEP(Attack):
Color.pl('\n{!} restarting {C}aireplay{W} after' + Color.pl('\n{!} restarting {C}aireplay{W} after' +
' {C}%d{W} seconds of no new IVs' ' {C}%d{W} seconds of no new IVs'
% stale_seconds) % stale_seconds)
Color.pl("\naireplay output:\n%s" % aireplay.get_output())
aireplay = Aireplay(self.target, \ aireplay = Aireplay(self.target, \
wep_attack_type, \ wep_attack_type, \
client_mac=client_mac) client_mac=client_mac, \
devnull=True,
replay_file=replay_file)
time_unchanged_ivs = time.time() time_unchanged_ivs = time.time()
previous_ivs = airodump_target.ivs previous_ivs = airodump_target.ivs

4
py/AttackWPA.py
View File

@@ -34,6 +34,7 @@ class AttackWPA(Attack):
# First, start Airodump process # First, start Airodump process
with Airodump(channel=self.target.channel, with Airodump(channel=self.target.channel,
target_bssid=self.target.bssid, target_bssid=self.target.bssid,
skip_wash=True,
output_file_prefix='wpa') as airodump: output_file_prefix='wpa') as airodump:
Color.clear_entire_line() Color.clear_entire_line()
@@ -216,7 +217,8 @@ class AttackWPA(Attack):
station_bssid - Client BSSID to deauth station_bssid - Client BSSID to deauth
Deauths 'broadcast' if no client is specified. Deauths 'broadcast' if no client is specified.
''' '''
# TODO: Print that we are deauthing and who we are deauthing! if Configuration.no_deauth: return
target_name = station_bssid target_name = station_bssid
if target_name == None: if target_name == None:
target_name = 'broadcast' target_name = 'broadcast'

4
py/AttackWPS.py
View File

@@ -77,7 +77,7 @@ class AttackWPS(Attack):
with Airodump(channel=self.target.channel, with Airodump(channel=self.target.channel,
target_bssid=self.target.bssid, target_bssid=self.target.bssid,
skip_wash=False, skip_wash=True,
output_file_prefix='pixie') as airodump: output_file_prefix='pixie') as airodump:
Color.clear_line() Color.clear_line()
@@ -214,7 +214,7 @@ class AttackWPS(Attack):
with Airodump(channel=self.target.channel, with Airodump(channel=self.target.channel,
target_bssid=self.target.bssid, target_bssid=self.target.bssid,
skip_wash=False, skip_wash=True,
output_file_prefix='wps') as airodump: output_file_prefix='wps') as airodump:
Color.clear_line() Color.clear_line()

3
py/Color.py
View File

@@ -21,7 +21,8 @@ class Color(object):
# Helper string replacements # Helper string replacements
replacements = { replacements = {
'{+}': ' {W}[{G}+{W}]', '{+}': ' {W}[{G}+{W}]',
'{!}': ' {O}[{R}!{O}]{W}' '{!}': ' {O}[{R}!{O}]{W}',
'{?}': ' {W}[{C}?{W}]'
} }
last_sameline_length = 0 last_sameline_length = 0

4
py/Configuration.py
View File

@@ -36,6 +36,7 @@ class Configuration(object):
Configuration.five_ghz = False # Scan 5Ghz channels Configuration.five_ghz = False # Scan 5Ghz channels
Configuration.pillage = False # "All" mode to attack everything Configuration.pillage = False # "All" mode to attack everything
Configuration.random_mac = False Configuration.random_mac = False
Configuration.no_deauth = False # Deauth hidden networks & WPA handshake targets
Configuration.encryption_filter = ['WEP', 'WPA', 'WPS'] Configuration.encryption_filter = ['WEP', 'WPA', 'WPS']
@@ -127,6 +128,9 @@ class Configuration(object):
if args.five_ghz == True: if args.five_ghz == True:
Configuration.five_ghz = True Configuration.five_ghz = True
Color.pl('{+} {C}option:{W} including {G}5Ghz networks{W} in scans') Color.pl('{+} {C}option:{W} including {G}5Ghz networks{W} in scans')
if args.no_deauth == True:
Configuration.no_deauth = True
Color.pl('{+} {C}option:{W} will {R}not{W} {O}deauth{W} clients during scans or captures')
if args.target_essid: if args.target_essid:
Configuration.target_essid = args.target_essid Configuration.target_essid = args.target_essid
Color.pl('{+} {C}option:{W} targeting ESSID {G}%s{W}' % args.target_essid) Color.pl('{+} {C}option:{W} targeting ESSID {G}%s{W}' % args.target_essid)