Comments (19)
This includes Kali-Linux (including Rolling 2016.x).
from bully.
Great to know that Bully is back !
Thanks maestro... 😸
from bully.
I created a temporary new repository over my github: https://github.com/wiire/bully-vanilla/tree/openssl-1.1.
Before I merge everything here I need some help testing.
@kcdtv
You are the most valuable tester I know of.
from bully.
Yeah, @kcdtv is the best for this! I know him well 😄 . Anyway, here is my report:
Compiled and installed on Latest Kali Linux using libssl-dev (1.1). It compiles well.
Then using bully -V the version shown is v1.0-22. This is nice because at last there is no more compile errors on Kali. Anyway, this version has not implemented integration with pixiewps. @kcdtv told me you are the creator of pixiewps, so in first place hail! to you and thanks for your work. The version aanarchyy did was version 1.1 with pixiewps integrated. It could be nice to have a higher version (maybe 1.2 or whatever) with this wonderful changes you did and pixiewps integration!
@kcdtv and me (and others) are collaborating in a script called airgeddon. On that script bully is fully integrated and could be nice to have new versions there too. We use to control the bully version in order to determine if pixie-dust attacks can be integrated or not using bully.
On the other hand. It seems recently, aanarchyy bully 1.1 version was integrated (at last) on Kali repositories, it is show here: https://bugs.kali.org/view.php?id=3745 . It was proposed by one of our team. And of course this changes after finished will be proposed in the same way!
Good work!
from bully.
Thank you for helping. The plan is already to integrate the changes over this repo, however, before I do that, I need to know that everything works. Not only compiling but also "live" testing. It's important because I fused together sources from two different versions of wpa_supplicant. It seemed the most effective (or rather efficient) way.
I made all the changes on a clean repo because I was testing and still unsure what I needed to do to get it working. I chose to test over the vanilla version of Bully simply because I'm more familiar with it and if something doesn't work I know it's my fault and not someone else's (generally speaking, there are more non-vanilla versions) .
I want to clarify a couple of things though. At the time that aanarchyy was making his changes I had already a modified version of Bully which however I had not publicly released. It integrated pixiewps but was used to test other "theories" and speculations about new attacks or vulnerable devices. When this version came out I decided to not publish mine because really... it's practically the same (it does the same thing, using pixiewps).
That said I have no problem with maintaining this repository but I don't think I will make substantial changes to it. It's not my repository, the owner is MIA and if I were to port the changes I made to my own version, that would mean overwrite every change aanarchyy has made since the very beginning.
from bully.
Ok. Good to know. Let me some time and I'll test it, not only compilation what I already did.
I understand you prefer to do it on your own repo. Anyway, Can I ask you two things? in order to maintain coherence for the "bully integrators" (which we are):
- Bully version should be higher than 1.1. In that way our script can detect bully is able to do pixiewps integrated attacks without any change in our side (we are already detecting version and allowing bully-pixiewps integrated attack if version is 1.1 or higher).
- Can be the option for pixiewps integrated attack using "-d" argument in the same way than aanarchyy 1.1 version?
I'm not sure if that is too much to ask to you, but the point is if that two points are respected, we can work in airgeddon with any bully version without any change (old one, aanarchyy or your future version). I guess the original bully arguments will be in the same way and I'm only concerned about this. If finally these requests are not possible we'll need to launch different command lines depending of the version.
Thanks in advance, I'll be back to you with a report of using your bully version.
from bully.
I write this to help clarify since others have asked too:
I'm maintaining this repository, but I'm not going to make substantial changes.
If I'll ever feel like adding more stuff then I'll do it in a new repository (that I own and have full control over).
The repository I created over my git is called bully-vanilla because it's the original version of bully with all the commit history imported. No pixiewps, no other changes (rather than very small fixes if strictly needed).
Again, if I'll ever decide to make substantial changes I'll create a new repository (new name, new versioning etc.).
from bully.
from bully.
I did some tests. I tried to connect to an Access Point knowing previously the PIN. Is an AP I have for testing and sadly I must say I tried and didn't achieved the password using this version of bully.
I tried using two different interfaces (Ralink RT3070 and Atheros AR9271) on latest Kali Linux.
My command line was:
bully wlan0mon -b 00:00:00:00:00:00 -c 8 -L -F -B -v 3 -p 12345670
Of course replacing 00:00:00... by my real bssid and 12345670 by my real PIN. This is the log
[!] Bully v1.0-22 - WPS vulnerability assessment utility
[+] Switching interface 'wlan0mon' to channel '8'
[!] Starting pin specified, defaulting to sequential mode
[!] Using '00:00:00:00:00:00' for the source MAC address
[+] Datalink type set to '127', radiotap headers present
[+] Scanning for beacon from '00:00:00:00:00:00' on channel '8'
[+] Got beacon for 'mySSID' (00:00:00:00:00:00)
[+] Index of starting pin number is '12345670'
[+] Last State = 'NoAssoc' Next pin '12345670'
I deleted also the .bully dir before each test to avoid possible mismatching.
With the other bully versions and the same command line I used to get easily the password. Hope it helps!
from bully.
I realized I copied the wrong sources yesterday when testing (I compiled with 2.5 but uploaded 2.6, thinking I had solved everything).
It works flawlessly with 2.5.
In short, it's still broken.
The ideal solution would be to remove the dependency from OpenSSL entirely.
Thank you for testing.
from bully.
The dragon has been defeated!
It was easier than I thought...
from bully.
Nice, do you need compilation and testing now?
from bully.
Compiling only should suffice.
from bully.
Compiled without any problem on latest Kali. I tested twice. First as normal and then removig libssl-dev package before compiling. LGTM.
Not tested yet, only compilation.
from bully.
from bully.
Thanks. I'll merge the changes later.
I'll be on IRC.
from bully.
Got rid of OpenSSL entirely: 04185d7.
from bully.
I don't know if my late feedback of testing is useful now. Anyway, tested and it works. It got the password of my AP. Congratz!
from bully.
it's install and works very well thanks very good job
from bully.
Related Issues (20)
- Make error #10--Yet Another Make error HOT 9
- -l option doesn't work properly
- bully
- Null pin 0-day HOT 6
- new git release tag HOT 3
- Wps pin not found HOT 2
- The pin generator repeats the same pin HOT 5
- how to install on mac?? HOT 1
- install error
- Should use python3 for src/bully.py HOT 15
- It can`t make install in Termux HOT 2
- Tag a new release HOT 5
- new option: display time
- constant 'Assn' 'Auth' 'M2' 'M1' timeouts and ID 'NoAssoc' error HOT 1
- compaudit:103: permission denied: /dev/null /home/rtfm/.zshrc:84: permission denied: /dev/null HOT 1
- Problem while running the make command HOT 3
- Fixed channel issue on Qualcomm qcacld3.0 HOT 6
- Add windows support HOT 2
- Create option to disable association to AP
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bully.