airman_dopey Posted June 3, 2013 Share Posted June 3, 2013 (edited) EDIT 2: Version 1.2 of the script has been release. See post 16 for changes EDIT: Version 1.1 of the script has been release. See 3rd post for changes Hope this is the right section. Hey guys. I was researching Reaver attacks straight from the pineapple and I could not find anything I liked. I wanted something completely automated from the WPS button. Since I couldn't find one I wrote one and thought I'd share. This script attempts a WPS attack utilizing Reaver and the wifi pineapple Usage: ./reaver.sh [-b BSSID] [-d] [-e ESSID] [-f] [-h] [-i location] [-w time] [-o file] [-s] -b BSSID When scanning for networks this BSSID will be attacked regardless of both signal strength and if it was cracked before. (Note: When scanning networks if both ESSID and BSSID are listed the BSSID is used first) -d Debug mode: Prints extra information to help with debugging -e ESSID When scanning for networks this ESSID will be attacked regardless of both signal strength and if it was cracked before. (Note: When scanning networks if both ESSID and BSSID are listed the BSSID is used first) -f Force attack of closest network (override check of previously cracked networks) -h This screen -i Installs Reaver (if missing) and offers to integrate with WPS button. (Requires internet connection) -o file Sends copy of all output to file -s Overrides the minimum signal strength required -w delay wait "N" seconds before beginning attack (The help screen of the script) Basically here's how the script runs: Once you push the WPS button, It will start with phase 1 and blink the light once. During this phase karma will be stopped and the wireless card will be prepped for the attack. Once this is complete the WPS light will blink twice and phase 2 will start. This is where the pineapple will start scanning for networks using wash. First thing that happens is it checks the self-created "cracked.txt" for previously cracked networks and omits them from the scan (unless the -f argument is used). It then checks all the networks seen and, if an ESSID or BSSID was requested it will use that network if visible. If not seen it will attack the network with the strongest signal. Once the network is determined it will switch to phase 3 and the WPS light will blink 3 times. This is where the actual attack starts. Aireplay-ng will attempt to associate with the network and, if successful, Reaver will begin. Once Reaver completes the WPS light will light back up and the network will be saved in the cracked.txt file. If any errors happen throughout the script it will stall out and the WPS light will start flashing off and on. I have really tried to capture all possible errors, but since I cannot foresee all problems if you run into any problems please let me know and I will modify my script. Installation is extremely simple. Just SSH into your pineapple, and while in the "/root" directory (which is the default directory when you SSH in) run ONE of the following commands to install the script: To install Reaver: wget http://hax0rbl0x.googlecode.com/files/reaver.sh; chmod +x reaver.sh; ./reaver.sh -i Once that is installed, follow the post-installation instruction, or if you selected to modify the WPS button functionality, simply press the WPS button. I have tested this using just the Pineapple holiday bundle and it works like a charm. Not only that, but simply using the pineapple juice for power the pineapple was still going 14 hours later. I guess karma really eats up the battery. So just the pineapple juice should be sufficient for any attacks you are trying to accomplish. If for some reason you run out of juice prior to Reaver finishing the attack it will pick up where it left off. Hope you guys like it. Enjoy. Edited September 2, 2013 by airman_dopey Quote Link to comment Share on other sites More sharing options...
demonjester Posted June 3, 2013 Share Posted June 3, 2013 Since mine is different target each time I just use the mac address make shell script hold the wps button and leave. This is pretty cool regardless though. Quote Link to comment Share on other sites More sharing options...
airman_dopey Posted July 4, 2013 Author Share Posted July 4, 2013 (edited) Updated to version 1.1. Change log is as follows: - Fixed bug where installing to USB would fail - Added Aireplay-ng and Reaver monitoring. This allows the script to ensure everything is running properly and, if either program fails, causes the script to relaunch the suspect program up to the threshold set in the beginning of the script (currently set to 3) - Added signal checking to discard network if signal strength is below -81 as shown by Wash - Added flag to bypass minimum signal strength check - Added output flag to send a copy of all output to file - Added ability to have second press of WPS button close script gracefully (This function requires the WPS button script to be rewritten by running the install portion of the script). - Added steadily blinking light to signify script is waiting "N" seconds prior to starting attack - Added sanity checks to verify Reaver and Aireplay-ng are installed prior to running - Fixed numerous bugs relating to the overall function of the script If you are upgrading from an older version please make sure you run the install again and overwrite the WPS button script to add the button-cancel function of the script Thank you all who have tried this script. I hope it is useful. Edited July 4, 2013 by airman_dopey Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted July 4, 2013 Share Posted July 4, 2013 Could I suggest you turning this into an infusion? I think it would work out pretty well! Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
ou812 Posted August 19, 2013 Share Posted August 19, 2013 Any plans to release this for the 3.0.0 firmware? Quote Link to comment Share on other sites More sharing options...
airman_dopey Posted August 20, 2013 Author Share Posted August 20, 2013 Yes. Started a new job and haven't had the time to dig in. Also have a MITM addon to it that will start sniffing creds when it cracks the network. Just need to update for 3.0 and polish it. Quote Link to comment Share on other sites More sharing options...
ou812 Posted August 23, 2013 Share Posted August 23, 2013 Looking forward to it. Quote Link to comment Share on other sites More sharing options...
buggz Posted August 26, 2013 Share Posted August 26, 2013 Hello, I am curious about the 3.0 change requirements? For a shell script? Are there any needed? Or are you commenting on the GUI parts? I'm a new owner of a MkIV 3.0 Pineapple, and still testing things out. Yes. Started a new job and haven't had the time to dig in. Also have a MITM addon to it that will start sniffing creds when it cracks the network. Just need to update for 3.0 and polish it. Any plans to release this for the 3.0.0 firmware? Quote Link to comment Share on other sites More sharing options...
airman_dopey Posted August 26, 2013 Author Share Posted August 26, 2013 I don't expect much to change. There should be a warning message that comes up as I coded the last version of the firmware in there. To remove that message just change the version number to match the current version. I should be able to have all the new code ready this weekend Quote Link to comment Share on other sites More sharing options...
buggz Posted August 26, 2013 Share Posted August 26, 2013 (edited) Ahh, I only perused the code, really didn't look hard at it. I will look at it again tonight, thanks! Okay, I see the part w/ the version check, no big deal, just a warning. reaver.sh:3:#reaver.sh version 1.1reaver.sh:1069:elif [[ `cat /pineapple/includes/fwversion` != "2.8.1" ]]; thenreaver.sh:1070: FWver=`cat /pineapple/includes/fwversion`reaver.sh:1071: echo "Warning! This script has been tested on FW version 2.8.1"reaver.sh:1072: echo "Your current version is $FWver" I am going to test it tonight. Thanks! Edited August 26, 2013 by buggz Quote Link to comment Share on other sites More sharing options...
buggz Posted August 27, 2013 Share Posted August 27, 2013 My brief play: - there isn't an aireplay-ng on my Pineapple, nor is there one at http://cloud.wifipineapple.com/packages - there isn't a wash on my Pineapple, nor is there one at http://cloud.wifipineapple.com/packages Itried reaver manually, I had errors, I will have to post my error message saves in a later post, they are on another machine. Quote Link to comment Share on other sites More sharing options...
airman_dopey Posted August 27, 2013 Author Share Posted August 27, 2013 Aireplay was installed stock on 2.8.1. That may have changed. I'll check it out. Wash is a part of the reaver install. Quote Link to comment Share on other sites More sharing options...
buggz Posted August 28, 2013 Share Posted August 28, 2013 (edited) ifconfig wlan0 up; airmon-ng start wlan0 airodump-ng mon0 and find your bssid of the station to test reaver -i mon0 -b XX:XX:XX:XX:XX:XX0 -vv root@Pineapple:~# reaver -i mon1 -b XX:XX:XX:XX:XX:XX -vv Reaver v1.4 WiFi Protected Setup Attack Tool Copyright © 2011, Tactical Network Solutions, Craig Heffner reaver: can't resolve symbol 'pcap_open_live' in lib 'reaver'. Edited August 28, 2013 by buggz Quote Link to comment Share on other sites More sharing options...
airman_dopey Posted August 28, 2013 Author Share Posted August 28, 2013 So I finally had a chance to upgrade to 3.0.0 and with a fresh install of Reaver I am not getting those errors. Try reinstalling Reaver/firmware and see if that resolves your issue. As for the script itself a couple of tweaks are needed to make it work properly but the core of it is still functional. I hope to release all the new code this weekend. Quote Link to comment Share on other sites More sharing options...
say.what Posted August 30, 2013 Share Posted August 30, 2013 So I finally had a chance to upgrade to 3.0.0 and with a fresh install of Reaver I am not getting those errors. Try reinstalling Reaver/firmware and see if that resolves your issue. As for the script itself a couple of tweaks are needed to make it work properly but the core of it is still functional. I hope to release all the new code this weekend. I'm encouraging you from here!!! Can't you hear me?!?!?!? ;D ...&& don't give up!!! ;) Quote Link to comment Share on other sites More sharing options...
airman_dopey Posted September 2, 2013 Author Share Posted September 2, 2013 (edited) Hey guys, Version 1.2 is finally released. If you upgrade to this version you will need to be running fw 3.0.0 as code needed to be changed to make it work properly. Also the install process has changed. You no longer need to specify where you want Reaver installed; it will determine the location within the script. Just type "./reaver.sh -i" to install (after downloading the new version of course). Please let me know what you guys think. I will be releasing the cred harvesting add-on in a few days. I need to polish it up. - Updated code to run on FW 3.0.0 (WPS Button install, fw version check) - Removed the ability to cancel the code by pressing the WPS button again (needed to be removed for the add-on) - Added ability to blacklist certain ESSID/BSSIDs. If you create "/root/blacklist.txt" and add in the format "ESSID BSSID" (no spaces in ESSID) then it will bypass those networks - Modified install process to choose location within the script Edited September 2, 2013 by airman_dopey Quote Link to comment Share on other sites More sharing options...
dutchdog Posted September 4, 2013 Share Posted September 4, 2013 Can we have 1 post with links and install instructions for 3.0 Any chance this is coming in downloadable infusion? Would be nice if you can specify there network to attack. Quote Link to comment Share on other sites More sharing options...
airman_dopey Posted September 4, 2013 Author Share Posted September 4, 2013 (edited) I edited the first post with installation instructions. That is how you install on 3.0.0. As for the infusion part, I do not know php and have too much going on right now to learn it ATM. If someone else wants to help tackle it I'm all for it, but I mostly did this as a side project. I didn't expect much demand for it Edited September 4, 2013 by airman_dopey Quote Link to comment Share on other sites More sharing options...
m40295 Posted November 19, 2013 Share Posted November 19, 2013 (edited) i would love to run this one a dip swich for the mkv 1.0.3 can the wps button code be stripped ? ./reaver.sh: line 96: /sys/class/leds/alfa:blue:wps/trigger: No such file or directory./reaver.sh: line 92: /sys/class/leds/alfa:blue:wps/trigger: No such file or directory./reaver.sh: line 96: /sys/class/leds/alfa:blue:wps/trigger: No such file or directory./reaver.sh: line 92: /sys/class/leds/alfa:blue:wps/trigger: No such file or directory Edited November 19, 2013 by m40295 Quote Link to comment Share on other sites More sharing options...
numericaldigitaldroned Posted July 23, 2014 Share Posted July 23, 2014 Hey, I've been having an issue where I'll be running reaver on an access point and go to bed and the next day it had gotten up to around 55% finished and stalled, but every time I go to start it again it seems to want to start all over again on the PINs. ...I see the history file but I wasn't sure of a correct method to ensure the reaver module is checking all of the past history logs to eliminate all known PIN guesses from its lists before starting all over again. Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.