search

evilsocket / pwnagotchi

(⌐■_■) - Deep Reinforcement Learning instrumenting bettercap for WiFi pwning.
https://pwnagotchi.ai/
Other
7.8k stars 1.16k forks source link

download and save cracked passwords from wpa-sec on interval #651

Closed xenDE closed 5 years ago

xenDE commented 5 years ago

it would be nice if cracked passwords from wpa-secwill be downloaded automaticly and stored in handshakes dir as .pcap.cracked in plaintext - like the quickdic plugin does.

so, extend the wpa-sec plugin with downoad+proccess the cracked pasword list.

steps:

download of the passwordlist:

GET https://wpa-sec.stanev.org/?api&dl=1
with Cookie | key=3e47******************6535c

process the download: https://github.com/xenDE/pwnagotchi-tools/blob/master/wpa-sec.founds.insert.py

dadav commented 5 years ago

You want to use the file to display it on the map, right?^^

xenDE commented 5 years ago

yes. I already show the passwords in .pcap.cracked created from quickdic plugin.

dadav commented 5 years ago

Sounds nice, i will add it^^

dadav commented 5 years ago

Added this: https://github.com/dadav/pwnagotchi/tree/feature/wpa-sec-download

but need to test ^^

dadav commented 5 years ago

I'd like to keep it raw and let other plugins parse it for themself

xenDE commented 5 years ago

looks good, but it downloads only if it has a new handshake for upload.

I need to think about "other plugins parse it for themself" - not sure what's the best way.

the potfile is only usable for extract password - implement the parser at every plugin that wants to have the password is not a good way IMHO.

xenDE commented 5 years ago

is working. only a log message i miss

dadav commented 5 years ago

looks good, but it downloads only if it has a new handshake for upload.

I need to think about "other plugins parse it for themself" - not sure what's the best way.

the potfile is only usable for extract password - implement the parser at every plugin that wants to have the password is not a good way IMHO.

well, its one for-loop and not really a complex parsing because the data is only seperated by ":"^^

for line in file:
  bssid,stamac,ssid,pw = line.split(":")

Will fix the "Only download on new handshake"

Edit:// Fixed it and added a log message. Now it checks every hour. We could add a functions "get_cracked" and return an array of tuples with the read passwords..

dadav commented 5 years ago

Derek close

agent932 commented 5 years ago

Would there be a way to add the cracked networks to the ignore list so the pwnagotchi stops trying to get new handshakes?

itsdarklikehell commented 4 years ago

Would there be a way to add the cracked networks to the ignore list so the pwnagotchi stops trying to get new handshakes?

I second this!☝️

agent932 commented 4 years ago

👍

jacopotediosi commented 4 years ago

Onlinehashcrack (starting from PR #821) saves cracked passwords into .pcap.cracked files (one for each password), allowing them to be usable with the webgpsmap plugin. It would be nice if wpa-sec did the same (?) In my opinion, save a unique potfile isn't a great solution.

jacopotediosi commented 4 months ago

Just made the PR #1248 to save wpasec cracked password into individual .pcap.cracked password as discussed above