marweninfo / wifite

Automatically exported from code.google.com/p/wifite
GNU General Public License v2.0
0 stars 0 forks source link

Program crashes when dealing with hidden SSID's #2

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. trying to do anything with hidden SSIDs, WEP & WPA.

What version of the product are you using? On what operating system?

BT4

Remove hidden SSID AP from list

Original issue reported on code.google.com by ian.pa...@gmail.com on 23 Sep 2010 at 6:37

GoogleCodeExporter commented 9 years ago
What do hidden SSIDs look like? Are they blank ("") or do they say something 
else ("<hidden>")? Could you copy/paste the output?

Sorry, I don't have any hidden SSIDs where I am.

Original comment by der...@gmail.com on 23 Sep 2010 at 9:40

GoogleCodeExporter commented 9 years ago
Empty strings "".

18. ""                                  (28dB  WPA) *CLIENT*

Original comment by ian.pa...@gmail.com on 23 Sep 2010 at 10:01

GoogleCodeExporter commented 9 years ago
I think I was able to fix this bug in revision 17. I have no way of testing 
this, so please let me know if hidden SSIDs still appear.

Original comment by der...@gmail.com on 23 Sep 2010 at 10:10

GoogleCodeExporter commented 9 years ago
I'll test it tomorrow and let you know.

Original comment by ian.pa...@gmail.com on 23 Sep 2010 at 10:19

GoogleCodeExporter commented 9 years ago
It's still including the hidden SSIDs in the attack. No change.

Original comment by ian.pa...@gmail.com on 24 Sep 2010 at 8:44

GoogleCodeExporter commented 9 years ago
WEP ATTACK

[+] attacking ""...
[0:09:56] attempting fake-authentication (attempt 3/3)
[0:09:55] fake authentication unsuccessful :(
[0:09:55] exiting attack...

----------------------------------------------------------------

WPA ATTACK

[+] attacking ""...
[0:01:00] starting wpa handshake capture
[0:00:54] sent 3 deauth packets;
Traceback (most recent call last):
  File "./wifite.py", line 2749, in <module>
    main() # launch the main method
  File "./wifite.py", line 712, in main
    attack(x - 1) # subtract one because arrays start at 0
  File "./wifite.py", line 1436, in attack
    attack_wpa(index)
  File "./wifite.py", line 2225, in attack_wpa
    proc_crack = subprocess.Popen(crack, stdout=subprocess.PIPE, stderr=open(os.devnull, 'w'), shell=True)
  File "/usr/lib/python2.5/subprocess.py", line 594, in __init__
    errread, errwrite)
  File "/usr/lib/python2.5/subprocess.py", line 1153, in _execute_child
    raise child_exception
TypeError: execv() arg 2 must contain only strings

----------------------------------------------------------------

Original comment by ian.pa...@gmail.com on 24 Sep 2010 at 9:12

GoogleCodeExporter commented 9 years ago
It would be great if the program could try to deauth a client if it's on a 
hidden AP to try and uncloack the SSID before quiting out.

Original comment by ian.pa...@gmail.com on 24 Sep 2010 at 9:17

GoogleCodeExporter commented 9 years ago
Sorry.  I did not know that airodump-ng outputs a null character for hidden 
SSIDs (one nullchar for each letter of the hidden network).

SSIDs are required for cracking WPA (it is needed to check for a proper 
handshake), so I will have Wifite remove hidden networks from the targets list.

This was (hopefully) fixed in revision 20.

I will look into deauthing clients when hidden networks are found, but this may 
be a bit too advanced for me.  Don't hold your breath.

Original comment by der...@gmail.com on 24 Sep 2010 at 9:24

GoogleCodeExporter commented 9 years ago
Cool, that's sorted hidden networks showing for now.

Good luck with the uncloaking of SSIDs :), it would make a great feature to an 
already awesome tool!

Original comment by ian.pa...@gmail.com on 24 Sep 2010 at 9:36

GoogleCodeExporter commented 9 years ago
I think i got it... I whipped up a ghetto deauther, but it works (for me).

It only attempts to deauth if it's on a fixed channel (because deauthing while 
channel-hopping is useless).
And it only deauths if it finds another client.

Let me know if you think it should deauth the entire router (not just the 
client).

Also, should it not print out when it tries deauthing? Mine prints like 10 
lines in a row before it's able to grab the SSID...

Updated in revision 21

Original comment by der...@gmail.com on 24 Sep 2010 at 9:47

GoogleCodeExporter commented 9 years ago
I think that just deauthing a client is enough. I'll setup something here to 
test fully on the weekend.

Original comment by ian.pa...@gmail.com on 24 Sep 2010 at 11:15

GoogleCodeExporter commented 9 years ago
I'd hoped to be able to test this out more today, but as I'm away and the AP 
here does not support hidden SSID (?!) I can't. I'll be back at my place on 
Monday and I'll setup an OpenWRT AP with 1 hidden WEP and 1 hidden WPA.

Original comment by ian.pa...@gmail.com on 25 Sep 2010 at 7:48

GoogleCodeExporter commented 9 years ago
Thanks for testing.  I tested it here and it worked, so I think it will work 
for you, but I'll leave the issue Open until I get a confirmation.

Original comment by der...@gmail.com on 25 Sep 2010 at 7:59

GoogleCodeExporter commented 9 years ago

Original comment by der...@gmail.com on 28 Sep 2010 at 6:40