More options when interrupting a WEP attack.
Options: Move to a specific attack, deauth & retry current attack, or skip the target.
This commit is contained in:
derv82
@@ -133,6 +133,7 @@ class Wifite(object):
|
|||||||
|
|
||||||
if attack.success:
|
if attack.success:
|
||||||
attack.crack_result.save()
|
attack.crack_result.save()
|
||||||
|
Color.pl("{+} Finished attacking {C}%d{W} target(s), exiting" % len(targets))
|
||||||
|
|
||||||
|
|
||||||
def print_banner(self):
|
def print_banner(self):
|
||||||
|
|||||||
@@ -4,7 +4,7 @@
|
|||||||
from Configuration import Configuration
|
from Configuration import Configuration
|
||||||
from Process import Process
|
from Process import Process
|
||||||
|
|
||||||
import os
|
import os, time
|
||||||
|
|
||||||
class WEPAttackType(object):
|
class WEPAttackType(object):
|
||||||
''' Enumeration of different WEP attack types '''
|
''' Enumeration of different WEP attack types '''
|
||||||
@@ -162,10 +162,9 @@ class Aireplay(object):
|
|||||||
cmd.extend(['-h', client_mac])
|
cmd.extend(['-h', client_mac])
|
||||||
|
|
||||||
elif attack_type == WEPAttackType.p0841:
|
elif attack_type == WEPAttackType.p0841:
|
||||||
cmd.append('--interactive')
|
cmd.append('--arpreplay')
|
||||||
cmd.extend(['-b', target.bssid])
|
cmd.extend(['-b', target.bssid])
|
||||||
cmd.extend(['-c', 'ff:ff:ff:ff:ff:ff'])
|
cmd.extend(['-c', 'ff:ff:ff:ff:ff:ff'])
|
||||||
cmd.extend(['-t', '1'])
|
|
||||||
cmd.extend(['-x', str(Configuration.wep_pps)])
|
cmd.extend(['-x', str(Configuration.wep_pps)])
|
||||||
cmd.extend(['-F']) # Automatically choose first packet
|
cmd.extend(['-F']) # Automatically choose first packet
|
||||||
cmd.extend(['-p', '0841'])
|
cmd.extend(['-p', '0841'])
|
||||||
@@ -228,6 +227,24 @@ class Aireplay(object):
|
|||||||
Color.pl('output:\n"%s"' % out)
|
Color.pl('output:\n"%s"' % out)
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def deauth(target_bssid, client_mac=None, num_deauths=1, timeout=2):
|
||||||
|
deauth_cmd = [
|
||||||
|
'aireplay-ng',
|
||||||
|
'-0', # Deauthentication
|
||||||
|
str(num_deauths),
|
||||||
|
'--ignore-negative-one',
|
||||||
|
'-a', target_bssid # Target AP
|
||||||
|
]
|
||||||
|
if client_mac is not None:
|
||||||
|
# Station-specific deauth
|
||||||
|
deauth_cmd.extend(['-c', client_mac])
|
||||||
|
deauth_cmd.append(Configuration.interface)
|
||||||
|
proc = Process(deauth_cmd)
|
||||||
|
while proc.poll() is None:
|
||||||
|
if proc.running_time() >= timeout:
|
||||||
|
proc.interrupt()
|
||||||
|
time.sleep(0.2)
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
t = WEPAttackType(4)
|
t = WEPAttackType(4)
|
||||||
|
|||||||
@@ -33,7 +33,9 @@ class AttackWEP(Attack):
|
|||||||
|
|
||||||
aircrack = None # Aircrack process, not started yet
|
aircrack = None # Aircrack process, not started yet
|
||||||
|
|
||||||
for (attack_index, attack_name) in enumerate(Configuration.wep_attacks):
|
attacks_remaining = list(Configuration.wep_attacks)
|
||||||
|
while len(attacks_remaining) > 0:
|
||||||
|
attack_name = attacks_remaining.pop(0)
|
||||||
# BIG try-catch to capture ctrl+c
|
# BIG try-catch to capture ctrl+c
|
||||||
try:
|
try:
|
||||||
# Start Airodump process
|
# Start Airodump process
|
||||||
@@ -189,7 +191,6 @@ class AttackWEP(Attack):
|
|||||||
Color.pl('\n{!} restarting {C}aireplay{W} after' +
|
Color.pl('\n{!} restarting {C}aireplay{W} after' +
|
||||||
' {C}%d{W} seconds of no new IVs'
|
' {C}%d{W} seconds of no new IVs'
|
||||||
% stale_seconds)
|
% stale_seconds)
|
||||||
Color.pl("\naireplay output:\n%s" % aireplay.get_output())
|
|
||||||
aireplay = Aireplay(self.target, \
|
aireplay = Aireplay(self.target, \
|
||||||
wep_attack_type, \
|
wep_attack_type, \
|
||||||
client_mac=client_mac, \
|
client_mac=client_mac, \
|
||||||
@@ -203,7 +204,10 @@ class AttackWEP(Attack):
|
|||||||
# End of big while loop
|
# End of big while loop
|
||||||
# End of with-airodump
|
# End of with-airodump
|
||||||
except KeyboardInterrupt:
|
except KeyboardInterrupt:
|
||||||
if not self.user_wants_to_continue(attack_index):
|
if len(attacks_remaining) == 0:
|
||||||
|
self.success = False
|
||||||
|
return self.success
|
||||||
|
if self.user_wants_to_stop(attack_name, attacks_remaining, airodump_target):
|
||||||
self.success = False
|
self.success = False
|
||||||
return self.success
|
return self.success
|
||||||
# End of big try-catch
|
# End of big try-catch
|
||||||
@@ -212,21 +216,57 @@ class AttackWEP(Attack):
|
|||||||
self.success = False
|
self.success = False
|
||||||
return self.success
|
return self.success
|
||||||
|
|
||||||
def user_wants_to_continue(self, attack_index):
|
def user_wants_to_stop(self, current_attack, attacks_remaining, target):
|
||||||
''' Asks user if attacks should continue using remaining methods '''
|
'''
|
||||||
Color.pl('\n{!} {O}interrupted{W}\n')
|
Ask user what attack to perform next (re-orders attacks_remaining, returns False),
|
||||||
|
or if we should stop attacking this target (returns True).
|
||||||
|
'''
|
||||||
|
target_name = target.essid if target.essid_known else target.bssid
|
||||||
|
|
||||||
if attack_index + 1 >= len(Configuration.wep_attacks):
|
Color.pl("\n\n{!} {O}Interrupted")
|
||||||
# No more WEP attacks to perform.
|
Color.pl("{+} {W}Next steps:")
|
||||||
return False
|
|
||||||
|
|
||||||
attacks_remaining = Configuration.wep_attacks[attack_index + 1:]
|
# Deauth clients & retry
|
||||||
Color.pl("{+} {G}%d{W} attacks remain ({C}%s{W})" % (len(attacks_remaining), ', '.join(attacks_remaining)))
|
attack_index = 1
|
||||||
prompt = Color.s('{+} type {G}c{W} to {G}continue{W} or {R}s{W} to {R}stop{W}: ')
|
Color.pl(" {G}1{W}: {O}Deauth clients{W} and {G}retry{W} {C}%s attack{W} against {G}%s{W}" % (current_attack, target_name))
|
||||||
if raw_input(prompt).lower().startswith('s'):
|
|
||||||
return False
|
# Move onto a different WEP attack
|
||||||
else:
|
for attack_name in attacks_remaining:
|
||||||
return True
|
attack_index += 1
|
||||||
|
Color.pl(" {G}%d{W}: Start new {C}%s attack{W} against {G}%s{W}" % (attack_index, attack_name, target_name))
|
||||||
|
|
||||||
|
# Stop attacking entirely
|
||||||
|
attack_index += 1
|
||||||
|
Color.pl(" {G}%d{W}: {R}Stop attacking, {O}Move onto next target{W}" % attack_index)
|
||||||
|
while True:
|
||||||
|
answer = raw_input(Color.s("{?} Select an option ({G}1-%d{W}): " % attack_index))
|
||||||
|
if not answer.isdigit() or int(answer) < 1 or int(answer) > attack_index:
|
||||||
|
Color.pl("{!} {R}Invalid input: {O}Must enter a number between {G}1-%d{W}" % attack_index)
|
||||||
|
continue
|
||||||
|
answer = int(answer)
|
||||||
|
break
|
||||||
|
|
||||||
|
if answer == 1:
|
||||||
|
# Deauth clients & retry
|
||||||
|
num_deauths = 1
|
||||||
|
Color.p("\r{+} {O}Deauthenticating *broadcast*{W} (all clients)...")
|
||||||
|
Aireplay.deauth(target.bssid)
|
||||||
|
for client in target.clients:
|
||||||
|
Color.clear_entire_line()
|
||||||
|
Color.p("\r{+} {O}Deauthenticating client {C}%s{W}..." % client.bssid)
|
||||||
|
Aireplay.deauth(target.bssid)
|
||||||
|
num_deauths += 1
|
||||||
|
Color.clear_entire_line()
|
||||||
|
Color.pl("\r{+} Sent {C}%d {O}deauths{W}" % num_deauths)
|
||||||
|
# Re-insert current attack to top of list of attacks remaining
|
||||||
|
attacks_remaining.insert(0, current_attack)
|
||||||
|
return False # Don't stop
|
||||||
|
elif answer == attack_index:
|
||||||
|
return True # Stop attacking
|
||||||
|
elif answer > 1:
|
||||||
|
# User selected specific attack: Re-order attacks based on desired next-step
|
||||||
|
attacks_remaining.insert(0, attacks_remaining.pop(answer-2))
|
||||||
|
return False # Don't stop
|
||||||
|
|
||||||
def fake_auth(self):
|
def fake_auth(self):
|
||||||
'''
|
'''
|
||||||
|
|||||||
Reference in New Issue
Block a user