2

I have been trying to pen test my router with a variety of ways, long story short, it locks out indefinitely with pixie wps until I go to the router admin page and click unlock. I tried DDOS with MDK, but I think it is ignoring me.

I had the idea to MITM and use Amazon Cloud, but my calculation is that my password would take years because of it's relative complexity.

Finally I read about KRACK and watched the proof of concept video while reading the paper and got stuck in what I think is a syntax newbieness, i.e I understand how it works but I don't know how to properly code it. Would you all please be so kind to point me in some reference material, other than the official krack website and the links in it?

To be specific, I am working on the Andoird implementation. I know that I have to block the EAPOL msg 3 twice, send the two of them together to the client to reuse nonce 1. The problem is, how do I translate it into a bash script? That is, once I have MITM position, what would be the best command/algorithm to filter and pass the messages?

EDIT: It seems that there is a misunderstanding about my original post. What I mean is that I want to hack my own android device using the KRACK Attack on Kali Linux. To make it clearer, I am trying to make own attack script but I am not sure about the syntax/command to be used. Therefore I am asking for references/books about bash script that is relatable to reproducing the Krack Attack, i.e what I need is more scripting guidance rather than the algorithm of the Krack attack as I have read the original paper. Thank you guys!

scriptbaby
  • 17
  • 1
  • 4
  • 1
    What are you testing *for*? How would a MITM help? What's your *goal*? You first talk about bruteforcing the password, now you're talking about KRACK. Are the first 2 paragraphs not important? Are you only asking about how to program a KRACK attack? You want to know how to do this in bash, but then mention Android implementation. – schroeder Jan 29 '18 at 13:03
  • 2
    I just did a google search for "KRACK scripts" and got a lot of hits from Github. Did you look there? https://github.com/vanhoefm/krackattacks-scripts – schroeder Jan 29 '18 at 13:06
  • As for your edits, you are asking for programming help (off-topic) and references to external sources (off-topic). My comment above still applies: have you looked? Github has many options for you. – schroeder Feb 01 '18 at 10:42
  • Also, you are not "hacking" your phone. – schroeder Feb 01 '18 at 10:45
  • Hi Schroeder, thanks for the quick reply. the github states "Remember that our scripts are not attack scripts! " so my understanding is that while they are "Krack Attack" related, they are not "Krack Attack" Attack Script. They are "Krack Attack' Test Script. Since you said I am Off topic, should I post another question or what should I do? And yes, I am not hacking my phone, I am attacking the data communication between my phone and the wifi router. Please excuse me (again) for that. Thank you – scriptbaby Feb 01 '18 at 10:53
  • Have you looked at all the *other* KRACK projects on Github? – schroeder Feb 01 '18 at 11:02
  • I had a look at https://github.com/DavidBurkett/KRACK-Attack but it looks abandoned without meaningful progress. I have also looked at https://github.com/omaidf/KRACK-toolkit but when I clicked the "attack script", the content is just the "test script". In case I did not look properly, can you please point out which projects have an actual "attack script", not just in the folder/file name? – scriptbaby Feb 01 '18 at 11:17

1 Answers1

2

The book, Kali Linux Wireless Penetration Testing Beginner's Guide, 3rd Edition, covers the setup of the krackattacks-scripts tools.

Deps:

apt-get install libnl-3-dev libnl-genl-3-dev pkg-config libssl-dev net-tools git sysfsutils python-scapy python-pycryptodome

Make hostapd:

cd hostapd

cp defconfig .config

make -j2

Run the scripts. Identify which works for your hardware by reading the guides. Note that this may crash your system, especially if you are working from a guest VM:

cd ../krackattack

./disable-hwcrypto.sh

Modify the hostapd.conf file to your specifications. The default SSID is testnetwork with password abcdefgh.

Disable network manager

systemctl stop NetworkManager.service

systemctl disable NetworkManager.service

Finally, execute the Python scripts necessary

python krack-test-client.py

More information in the Vanhoef and Piessens paper, Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2.

schroeder
  • 123,438
  • 55
  • 284
  • 319
atdre
  • 18,885
  • 6
  • 58
  • 107
  • I have edited my original post, what I want is to hack my android device from Kali Linux. I understand the algorithm of the attack so perhaps what I need is more in guidance/tutorial about making a bash script. Thank you. – scriptbaby Feb 01 '18 at 10:36
  • and to clarify (again), I am attacking the communication data between my android phone and the wifi router using a computer that is running Kali Linux. – scriptbaby Feb 01 '18 at 10:55
  • http://www.mathyvanhoef.com/2018/06/unkrack-mitigating-future-wpa2.html – atdre Jun 08 '18 at 15:35
  • https://www.fragattacks.com – atdre May 11 '21 at 20:16