airman_dopey Posted June 3, 2013 Share Posted June 3, 2013 (edited) EDIT 2: Version 1.2 of the script has been release. See post 16 for changes EDIT: Version 1.1 of the script has been release. See 3rd post for changes Hope this is the right section. Hey guys. I was researching Reaver attacks straight from the pineapple and I could not find anything I liked. I wanted something completely automated from the WPS button. Since I couldn't find one I wrote one and thought I'd share. This script attempts a WPS attack utilizing Reaver and the wifi pineapple Usage: ./reaver.sh [-b BSSID] [-d] [-e ESSID] [-f] [-h] [-i location] [-w time] [-o file] [-s] -b BSSID When scanning for networks this BSSID will be attacked regardless of both signal strength and if it was cracked before. (Note: When scanning networks if both ESSID and BSSID are listed the BSSID is used first) -d Debug mode: Prints extra information to help with debugging -e ESSID When scanning for networks this ESSID will be attacked regardless of both signal strength and if it was cracked before. (Note: When scanning networks if both ESSID and BSSID are listed the BSSID is used first) -f Force attack of closest network (override check of previously cracked networks) -h This screen -i Installs Reaver (if missing) and offers to integrate with WPS button. (Requires internet connection) -o file Sends copy of all output to file -s Overrides the minimum signal strength required -w delay wait "N" seconds before beginning attack (The help screen of the script) Basically here's how the script runs: Once you push the WPS button, It will start with phase 1 and blink the light once. During this phase karma will be stopped and the wireless card will be prepped for the attack. Once this is complete the WPS light will blink twice and phase 2 will start. This is where the pineapple will start scanning for networks using wash. First thing that happens is it checks the self-created "cracked.txt" for previously cracked networks and omits them from the scan (unless the -f argument is used). It then checks all the networks seen and, if an ESSID or BSSID was requested it will use that network if visible. If not seen it will attack the network with the strongest signal. Once the network is determined it will switch to phase 3 and the WPS light will blink 3 times. This is where the actual attack starts. Aireplay-ng will attempt to associate with the network and, if successful, Reaver will begin. Once Reaver completes the WPS light will light back up and the network will be saved in the cracked.txt file. If any errors happen throughout the script it will stall out and the WPS light will start flashing off and on. I have really tried to capture all possible errors, but since I cannot foresee all problems if you run into any problems please let me know and I will modify my script. Installation is extremely simple. Just SSH into your pineapple, and while in the "/root" directory (which is the default directory when you SSH in) run ONE of the following commands to install the script: To install Reaver: wget http://hax0rbl0x.googlecode.com/files/reaver.sh; chmod +x reaver.sh; ./reaver.sh -i Once that is installed, follow the post-installation instruction, or if you selected to modify the WPS button functionality, simply press the WPS button. I have tested this using just the Pineapple holiday bundle and it works like a charm. Not only that, but simply using the pineapple juice for power the pineapple was still going 14 hours later. I guess karma really eats up the battery. So just the pineapple juice should be sufficient for any attacks you are trying to accomplish. If for some reason you run out of juice prior to Reaver finishing the attack it will pick up where it left off. Hope you guys like it. Enjoy. Edited September 2, 2013 by airman_dopey Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.