soxrok2212 / pskracker Goto Github PK

View Code? Open in Web Editor NEW

381.0 49.0 104.0 35.36 MB

An all-in-one WPA/WPS toolkit

License: GNU General Public License v3.0

C 93.76% Makefile 1.73% Shell 4.51%

wpa wpa2 wps network-security wireless-network wireless-security

pskracker's Introduction

Overview

PSKracker is a collection of WPA/WPA2/WPS default algorithms/password generators/pingens written in C.

Requirements

C compiler

Setup

Download

git clone https://github.com/soxrok2212/pskracker

Build

cd pskracker
make

Install

sudo make install

Usage

Usage: pskracker <arguments>

Required Arguments:
	
	-t, --target	: Target model number

Optional Arguments:
	-b, --bssid	: BSSID of target
	-W, --wps	: Output possible WPS pin(s) only
	-G, --guest	: Output possible guest WPA key(s) only
	-s, --serial	: Serial number
	-f, --force	: Force full output
	-h, --help	: Display help/usage

Usage Example

pskracker -t <target> -s <serial number> -b <bssid>

More detailed usage examples and supported models can be found on the wiki.

Targeted Example

$ pskracker -t nvg599
  ...
  aaae7uas5wrj
  aaae7v3qrvbu
  ...

$ pskracker -t dpc3941 -b 112233445566
  PSK: 5756C3915966657704

Supported OS

PSKracker should compile on macOS and most Linux system.
It has been tested on macOS Monterey 12.4, Ubuntu 16, Ubuntu 18, Ubuntu 20, Ubuntu 22 and ArchLinux. Embedded systems and Windows are not supported, though may still work. PSKracker is intended to be run on true pentesting environments (Desktop/Workstation/Laptop). Some psk generators (not bruteforce) are still suitable for embedded systems, but I will not provide support due to the nature of the tool.

Some 32-bit systems (Raspberry Pi with Raspbian) do not support 128-bit integers that are currently used for the Arris NVG589 algorithm, and therefore are not supported by PSKracker at this time. You may have luck with a 64-bit OS running on a recent revision, but this has not been tested.

Acknowledgements

Thank you to rofl0r, wiire and datahead for my first C endeavors!
Thank you to AAnarchYY for research dedication and motivation.

Disclaimer

This project is intended for testing and securing your own networks or networks you have permission to audit. This is not intended to be used maliciously.

In publishing these documents and source code, I (and other developers/contributors) take no responsibility for your actions. What you do with everything in this repository, as well as any information online, is your responsibility. Use this repo wisely. In light of anything I may have failed to mention regarding laws to any country or civilized region, this does not grant the excuse to include the developers or contributors in any way in your legal statements or prosecutor. Thank you.

References

Xfinity Home Security Network Algorithm

ATT NVG589 and NVG599 Algorithm

Hashcat Forum (mrfancypants)

Belkin

CVE-2012-4366
nvram.c from GPL source code center

Altice-Optimum

pskracker's People

Contributors

Stargazers

Watchers

Forkers

gearhjunkie enovella ruiaraujo jdawg82 serversta jpaulmora rofl0r resistor4u initiate6 alimp5 winguru xintiaoxuanlv louman2000 jhartman087 metachron420 lokidagawd fuckup1337 fingerleakers kantorth tomhavasu01 qwak-adikt purpleninja225 strunz983 mfsherwin 4n6strider u53r55 ivan-silvio sandeepk17 sevcham maxwelldps curtiszimmerman hedestroyed celticfr0st huzaifarangwala jakev559 justindallen82 joemccarver m00tiny rdavydov xapathy pentestorgdeveloper eylar1234 inkinick reptarman420 jhon0941 redtop forkitallsec bitpang98 struk17 tehbear kimocoder lusioj zeny00u grantmc zddg carlyhellacool 220salamander ash1989 hamadahack5 turbozapekanka fowler82 5l1v3r1 an0nym0u5101 caaruiz r3d5ct3d bitwisebill mtagius marv21 lowermiddle fantas21 tok3n-git caralbgs83 mfurkanates dtmrc ukscone sokripon jeffedstrom mk-986123 freeroute neires realender xcaliburr101 powerpress c4rt3l jn2501 hartl3y94 zaph0db33bl3br0xxx qqzwc ninjacz f33rni excloudx6 noahclements ninjaprincessbitch kushysmla teutades happysmack blackalphamm

pskracker's Issues

locked wps

hello can you tell me how i can hack wps locked wifi?
plz help me
when im using VMR-MDK i have this error:
I did all that and it keep just saying at the last step:
[ ! ] Warning : Received timeout occurred
[ + ] Sending EAPOL start request

keyspace.md formatting is horrible

The keyspace.md formatting is quite awful. If anyone has some ideas to clean it up, that would be fantastic! Feel free to make a PR.

clarify usage in help

could you please include more concrete examples in the brief usage text? what does a "target" look like? should we include colons when giving the MAC addy?

Belkin algorithm not complete

There are some older Belkin devices that do not follow the same algorithm, though they do use known variants.

found a new word.

coffee

48cd6c7bcf59d27ab0d7f798055d2116:4cabf8252560:0071477d7d9f:SpectrumSetup-61:coffeeloyal571

This is a nice resource!

https://github.com/n0kovo/ssid-keyspace-table

inconsistent line breaks in /dicts/netgear

Did you intend for lines in /pskracker/dicts/netgear/adjective_large.txt to terminate in newlines? As far as I can tell, the other files end in \r\n.
EDIT: https://hashcat.net/forum/thread-6170-post-38094.html#pid38094

Add more keyspaces to the list

I can see MEO-xxxxxx listed, where x is 0123456789ABCDEF.
MEO was a television/net service launched by Portugal Telecom (PT), now owned by Altice. Thomson, Zyxel, Technicolor routers were some of the routers offered to users.
Routers with MAC address starting 00:06:91 (Altice Labs Fibergateway 2017), the keyspace is 0123456789abcdef 10 length.
Routers with MAC-address starting CC:19:A8 (Altice Fibergateway newer version), 9C:97:26 (Technicolor), E0:B9:E5 (Technicolor 789vac v2), ..., the keyspace is 0123456789ABCDEF 10 length.

NOS is a fusion between ZON (formely known as PT Multimedia - cable tv), Optimus (mobile internet and voice), Clix (adsl internet), and some more few small comunications companies. These companies's DNS names are still maintained as of today. Huawei mobile internet modems are usually offered to the clients.
NOS_Internet_xxxx where x is 0-9A-F. Routers starting with 70:8A:09 (Huawei B310) keyspace 0-9 8 length.
WiFi_xxxx where x is 0-9A-F. Routers starting with 3C:47:11 (Huawei B315) Keyspace is 0-9A-Z 11 length.

2WIREXXX Improvement

Hi there, great work. I just wanted to let you know about my 2WIREXXX bruteforce hack I made a while back. The passwords these 2wire routers generate have a flaw where they are to random. Meaning they don't repeat a number more then 3 or 4 times in a row. so you wont see 333, 777, 999 in any char position. I have came across a few where I have seen it happen but very rare. I have never see a number repeat 4 times. So I created a python script to filter out all of these passwords. I'm sure you can add an option so first you can filter out 3+ out filter out 4+ if the 3+ didn't work for cracking the password.

I suck at writing C or I would just do a pull request.

I haven't cracked 2WIREXXX lately so I don't have stats on my 2x 1080ti but when I was using my AMD 7950 I was able to do the entire ?d^10 keyspace in 24 hours. using my script I cut that down to 4 hours where I would typically find the password in 1 to 2 hours.

Anyways here is my repo: https://github.com/initiate6/2WIRE_BRUTEFORCE/blob/master/2wireBruteForce.py

Would be great to see you add it to your tool. Let me know if you have any questions.

File adjective.txt, terrrific --> terrific (typo)

Hello- Thanks tons for your work here. Please correct a small typo in file adjective.txt: terrrific should be terrific. Cheers.

Feasibility of alt wps pin attack

hello, I saw you your work in wps pentesting, so i would like to know from you if what is described here is feasible or if it has already been tried before ( i am aware only of the wps online bruteforce and pixie dust )
[url]https://pdfs.semanticscholar.org/14db/881399d414e4ea44db7e97d672241174c999.pdf[/url]
Its called "New attacks on Wi-Fi Protected Setup" if you can't access with that link.