--crack option should run cracking programs, show status, and save cracked keys

derv82 / wifite2

Rewrite of the popular wireless network auditor, "wifite"

GNU General Public License v2.0

6.45k stars 1.32k forks source link

--crack option should run cracking programs, show status, and save cracked keys #25

Closed derv82 closed 6 years ago

derv82 commented 7 years ago

Follow up from #15

E.g. how the automated WPA Handshake cracking works:

Runs aircrack-ng with necessary arguments
Watches output of aircrack-ng, prints status, percentage, etc. in a single line
Detects when password is cracked,stores it, shows to user.

The --crack option is just okay now that it prints the commands that should be run.

But:

User-running-commands will not update the cracked.txt database
The output of each cracking program is unique/different, and not easily parsed (see: john's output).
Wifite should make things easier, like cracking a handshake with a wordlist.

derv82 commented 7 years ago

Note: there's still the problem of creating a .hccapx file needed by hashcat.

Maybe Wifite could:

Look for cap2hccapx.bin in the user's directory? (Yeck)
Automatically upload the .cap file, "convert", and download the hccapx file using hashcat's website: https://hashcat.net/cap2hccapx/ (Doesn't work if user is offline).
git pull <hashcat-utils> && cd src && make && ./cap2hccapx ... (Worst. Idea. Ever.)

derv82 commented 7 years ago

Parsing output of aicrack-ng was easy using Wifite's Process module. See AttackWPA#crack_handshake

I assume parsing the output of other programs is equally feasible.

wifiuk commented 7 years ago

When you decide what you are doing to do in regards to the above, let me know and i can test it for you, if you want.

derv82 commented 7 years ago

Alright this isn't as easy as I thought.

pyrit doesn't output it's status very frequently (if at all?). It's like once every few minutes. Not very useful, and not really worth-it for parsing.
I can't get hashcat to work on my VM to save my life. I tried the steps in this stackexchange answer but still nothing.
john... does anyone actually use john to crack WPA handshakes? I feel like hashcat is 100% the way to go for GPU-based cracking, otherwise aircrack-ng would be fine for CPU-based cracking.

I am inclined to keep the --crack behavior as-is for now (showing commands to execute). I'll look into auto-generating the .hccapx file by making a web request to hashcat.net, but that's about as far as I'd go...

derv82 commented 6 years ago

I'll look into auto-generating the .hccapx file by making a web request to hashcat.net, but that's about as far as I'd go...

Kali has the binary to generate a hccapx file: /usr/lib/hashcat-utils/cap2hccapx.bin

Updated --crack output to include this command if it's found on the system; otherwise suggests going to the website to generate the hccapx file.

https://github.com/derv82/wifite2/blob/9661da51e0500dfa1b92be77069841d09f6f6a84/py/CrackHandshake.py#L70-L78

derv82 commented 6 years ago

I'm pretty happy with how --crack works now; showing different commands to crack a handshake, and allowing the user to select one & copy/paste into a terminal.

I don't see a lot of benefit in running these commands within Wifite, parsing the (unstable) output of the programs, etc. And this will break when programs change their output!