search

dhondta / dronesploit

Drone pentesting framework console
GNU General Public License v3.0
1.44k stars 244 forks source link

Cannot connect to target #22

Closed Haliva closed 3 years ago

Haliva commented 3 years ago

image

dhondta commented 3 years ago

Hi @Haliva You get this result because your only WiFi interface is still set to the monitor mode. You need to toggle it back to managed mode before connecting or you could simply use a WiFi dongle as a second interface. I will improve this by displaying a warning.

Haliva commented 3 years ago

Thank you. Even when I turn off the network card in monitor mode it still does not allow to connect to the drone ... Do you have any more ideas please for the source of the problem?

image

dhondta commented 3 years ago

Hi @Haliva The connect command relies on nmcli (as you can see here). Could you try the following command and post the result ?

# nmcli device wifi connect TELLO-Haliva password 1234
Haliva commented 3 years ago

Bad Command

image

dhondta commented 3 years ago

This is a Bash command. Please exit Dronesploit before running it...

Haliva commented 3 years ago

Command 1: a. $ dronesploit b. $ toggle wlan0 -> wlan0 set to monitor mode on wlan0mon c. $ targets -> I have ‘TELLO-Haliva’ ESSID without password d. $ password TELLO-Haliva 1234 e. $ targets -> I have ‘TELLO-Haliva’ ESSID with password ‘1234’ f. $ toggle wlan0mon -> wlan0mon set back to managed mode g. $ connect TELLO-Haliva -> ‘Connection to TELO-Haliva failed’

Command 2: a. $ Nmcli device wifi connect TELLO-Haliva password 1234 -> ‘Error: NetworkManager is not running’ b. $ Service NetworkManager start c. $ Nmcli device wifi list -> ‘TELLO-Haliva’ SSID d. $ Nmcli device wifi connect TELLO-Haliva password 1234 -> ‘Error: 802-11-wireless-security.psk: property is invalid.’ e. $ Nmcli device wifi connect TELLO-Haliva -> ‘Device 'wlan0' successfully activated with '8aaf7666-eae9-4399-a139-ed772481f2ae'.’ f. $ Nmcli device wifi list -> ‘TELLO-Haliva’ SSID In-Use (‘*’)

Command 3: a. I try to use $ use command/dji/tello/takeoff b. $ Run -> ‘TARGET must be defined’ c. $ targets -> I have ‘TELLO-Haliva’ ESSID with password ‘1234’

TELLO-Haliva.docx

dhondta commented 3 years ago

Hi @Haliva By default, my own Tello Drone has no password (while detecting the target, you should see in the table from the targets command that it is OPN as the "security" parameter (meaning that the AP is open, that is, with no security). So you should simply connect with no password instead of setting it to 1234. So, in your first trace (Command 1), if you skip step e, you should be able to connect to your drone.

Haliva commented 3 years ago

Well, it seems to be starting to show a sign of life :) I only manage to connect to TELLO after running the NetworkManager service outside the Dronesploit screen.

Command 1: a. $ dronesploit b. $ toggle wlan0 -> wlan0 set to monitor mode on wlan0mon c. $ targets -> I have ‘TELLO-Haliva’ ESSID without password d. $ toggle wlan0mon -> wlan0mon set back to managed mode e. $ connect TELLO-Haliva -> ‘Connection to TELO-Haliva failed’

Command 2: $ Service NetworkManager start

Command 3: $ connect TELLO-Haliva -> ‘Connected to TELLO-Haliva on wlan0’

image image image

dhondta commented 3 years ago

There could be a bug while handling toggling between WiFi modes. Could you please test after Command 1 step d if you see that the interface was set back to managed mode (e.g. with ìwconfig), please ? It's not that normal that you have to service NetworkManager start before it works...

Haliva commented 3 years ago

The interface was set back to managed mode. I must run "service NetworkManager start" before it work...

image image image image

Haliva commented 3 years ago

What is a default AP password from your command code? (Is not 12345678)

image

dhondta commented 3 years ago

Try show options 😁

Haliva commented 2 years ago

Hey, How are you friend? I would love to develop the research with you... Can I help with anything?

‫בתאריך יום ו׳, 23 באפר׳ 2021 ב-15:41 מאת ‪Alex‬‏ @.*** ‬‏>:‬

Closed #22 https://github.com/dhondta/dronesploit/issues/22.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/dhondta/dronesploit/issues/22#event-4636680866, or unsubscribe https://github.com/notifications/unsubscribe-auth/AS3F2R3OTBMPHTAHEBZTBVLTKFTI3ANCNFSM4XZG6IUQ .

dhondta commented 2 years ago

Hi @Haliva ! Of course, definitely !

The idea is to develop at three different layers :

So, if you have a drone you would like to get added to the framework :

  1. Check if the current machinery (the famous generic modules) is sufficient to handle your attack.
  2. If no brand or model-specific module exists for your use case, you need to develop it.
  3. Then you can make your specific modules and exploits.

Unfortunately, at this moment, I don't have time to write the developer documentation. Do not hesitate if you have any precise question.