I'm trying to get Bully working but it keeps trying the same pin over and over again, has anyone else had the same problem and can anyone advise me how to fix the issue?.
I'm trying to get Bully working but it keeps trying the same pin over and over again, has anyone else had the same problem and can anyone advise me how to fix the issue?.
what's the syntax Bro?
It works out of the box for me(no special steps). I just enter simple syntax
orCode:bully monX -c XX -b XX:XX:XX:XX:XX:XX -v3
when specifying a certain first four pin number.Code:bully monX -c XX -b XX:XX:XX:XX:XX:XX -v3 -p XXXX
Hi there slim,
I've been trying out your script, I'm a big fan!
So far, I was able to capture my handshake and I noticed it auto converts to .hccap. I've seen here in the thread that there was an option to attack a handshake file from within the script. Has this been removed or am I using an old version? I went through the script and couldn't find any feature that relates.
Cheers
I think I removed the options from the version you're using, but I'll upload an updated version later today or tomorrow if all goes well.
FrankenScript2 Information.
=================
[1] Scan And Attack AP's:
-------------------------
Auto check/auto enable monitor mode function.
MAC address spoofing options.
Kill processes options (airmon-ng check kill).
Network scanners - wash & airodump-ng combined.
Sort displayed scan results by Signal Strength, Attack Method, or Orignally Displayed.
Default access point WEP/WPA passkey generators.
WEP Attacks - Aircrack Tools.
WPA/WPA2 Attacks - Aircrack Tools.
WPS Attacks - Reaver & Bully & Default WPS-Pin generators.
Recovered passkeys are saved in $HOME/FrankenScript2/Recovered-Passkeys.txt.
[2] Return To Scanned AP's:
---------------------------
Returns you to the last network scan.
[3] Attack Handshake.cap Files:
-------------------------------
[1] = Wordlist + Pyrit + Cowpatty (Non-Resumable).
Simple capture file presentation & selection.
Drag & drop a wordlist onto the screen, or manually input the path and file name.
Attack method - Two attacks are run at the same time (Same processing power but the chances of getting the passkey sooner are greater):
Attack 1 - Works through a wordlist from the beginning to the end.
Attack 2 - Works through a wordlist from the end to the beginning.
Recovered passkeys are saved in $HOME/FrankenScript2/Recovered-Passkeys.txt.
[2] = Passthrough Attack (Resumable).
Start a new attack option.
Easy capture file selection.
Configurable passkey's creation options.
Attack - Crunch Pyrit cowpatty.
Resume an attack.
Recovered passkeys are saved in $HOME/FrankenScript2/Recovered-Passkeys.txt.
[4] Script Launcher:
--------------------
Launch other scripts.
Scripts must be placed in the $HOME/FrankenScript2/Scripts folder.
Script file names can't contain any blank spaces or special characters.
[5] WiFi Adapter Override:
--------------------------
WiFi adapter selection, only available if multiple wifi adapters are present.
[6] System Mode Override:
-------------------------
Switch between "Networking Mode & Attack Mode".
[7] Recovered Passkey's:
------------------------
Displays all recovered passkeys.
Recovered passkey file: $HOME/FrankenScript2/Recovered-Passkeys.txt
[0] Exit FrankenScript2:
------------------------
Removes tempory files.
Disables attack mode and re-enables networking mode.
Exit the script.
Hello, I was very interested in using your script.
If you can not open it on my terminal. Only appears the message that "the file is binary and can not be opened" how do I open it?
I think it is because of the extension. "tar.gz" I can not open it.
give me an answer.
'm hanging on.
Sounds great slim, I'm looking forward to trying it out.
Have you considered putting the project on github?
You need to upack the tar.gz file
pmsl, do you really think it's good enough to put on github. lol
Here's the latest FrankenScript.
FrankenScript2: Updated 14/7/14
FrankenScript2_Updated-14-7-2014.tar.gz
http://mir.cr/0LY66HZC
[1] Scan And Attack AP's:
-------------------------
Auto check/auto enable monitor mode function.
MAC address spoofing options.
Kill processes options (airmon-ng check kill).
Network scanners - wash & airodump-ng combined.
Sort displayed scan results by Signal Strength, Attack Method, or Orignally Displayed.
Default access point WEP/WPA passkey generators.
WEP Attacks - Aircrack Tools.
WPA/WPA2 Attacks - Aircrack Tools.
WPS Attacks - Reaver & Bully & Default WPS-Pin generators.
Recovered passkeys are saved in $HOME/FrankenScript2/Recovered-Passkeys.txt.
[2] Return To Scanned AP's:
---------------------------
Returns you to the last network scan.
[3] Attack Handshake.cap Files:
-------------------------------
[1] = Wordlist + Pyrit + Cowpatty (Non-Resumable).
Simple capture file presentation & selection.
Drag & drop a wordlist onto the screen, or manually input the path and file name.
Attack method - Two attacks are run at the same time (Same processing power but the chances of getting the passkey sooner are greater):
Attack 1 - Works through a wordlist from the beginning to the end.
Attack 2 - Works through a wordlist from the end to the beginning.
Recovered passkeys are saved in $HOME/FrankenScript2/Recovered-Passkeys.txt.
[2] = Passthrough Attack (Resumable).
Start a new attack option.
Easy capture file selection.
Configurable passkey's creation options.
Attack - Crunch Pyrit cowpatty.
Resume an attack.
Recovered passkeys are saved in $HOME/FrankenScript2/Recovered-Passkeys.txt.
[4] Script Launcher:
--------------------
Launch other scripts.
Scripts must be placed in the $HOME/FrankenScript2/Scripts folder.
Script file names can't contain any blank spaces or special characters.
[5] WiFi Adapter Override:
--------------------------
WiFi adapter selection, only available if multiple wifi adapters are present.
[6] System Mode Override:
-------------------------
Switch between "Networking Mode & Attack Mode".
[7] Recovered Passkey's:
------------------------
Displays all recovered passkeys.
Recovered passkey file: $HOME/FrankenScript2/Recovered-Passkeys.txt
[0] Exit FrankenScript2:
------------------------
Removes tempory files.
Disables attack mode and re-enables networking mode.
Exit the script.
Good job slim!!
I'm messing with it now, and here are my observations..
Thank you!! It works.Quote:
[4] Script Launcher:
oh really? ;)Quote:
ATTACK METHOD - HANDSHAKE CAPTURE
#################################
NOTE: Wait for clients to be visable in airodump before entering option [2].
[1] = Deauthenticate all connected clients.
[2] = Deauthenticate a specific client.
[3] = Return To Scanned APs.
Please choose an option:
that's cool! Are those new options?Quote:
Scanned_APs
===========
30: ...
1: ...
[r] = Re-Scan
[e] = Sort By - ESSID (AP Name)
[s] = Sort By - Signal Strength
[a] = Sort By - Attack Method
[0] = Return To Main Menu
Please choose an option or input the number of a target:
I'm getting this message. That is most likely from my end. Will reinstall and check-in later.
Quote:
ATTACK METHOD - HANDSHAKE CAPTURE
#################################
NOTE: Wait for clients to be visable in airodump before entering option [2].
[1] = Deauthenticate all connected clients.
[2] = Deauthenticate a specific client.
[3] = Return To Scanned APs.
Please choose an option: xterm: cannot open /root/FrankenScript2/Temp_Working_Dirctory/Handshake_Check.txt: 17:File exists
EDIT:
removed FS2 from Home, re-downloaded it and re-installed and I get this message just before a wep attack:
but it proceeds with the attack normally(?)Quote:
Starting Fragment
xterm: cannot open /root/FrankenScript2/Temp_Working_Dirctory/Aireplay_Fragment_Check.txt: 17:File exists
on wpa also...
Quote:
ATTACK METHOD - HANDSHAKE CAPTURE
#################################
NOTE: Wait for clients to be visable in airodump before entering option [2].
[1] = Deauthenticate all connected clients.
[2] = Deauthenticate a specific client.
[3] = Return To Scanned APs.
Please choose an option: xterm: cannot open /root/FrankenScript2/Temp_Working_Dirctory/Handshake_Check.txt: 17:File exists
Can anyone else reproduce these messages/problems on their setup please?
Hey quest, did you happen to close the script with control + c and not exit using the option on the menu?
From what I read in the script, it cleans temp files on exit. That would explain your file exists error
These syntaxes in FS2 when starting Bully , are not getting me anywhere, and they crash Bully back to the attack options...
Option [1] = Bully & WPS Default Pin.
And option [2] = Bully Basic Attack.Quote:
Bully & WPS-Pin Attack Command:
bully mon0 -b 84:C9:B2:XX:XX:XX -c X -e Xxxxx -p 3333 -F -B -l 60 -v 3
Press [Enter] to launch the attack.
I've tried these commands directly in Bully to see what the problem was with these syntaxes and here is the return:Quote:
Bully Basic Attack Command:
bully mon0 -b 84:C9:B2:XX:XX:XX -c X -e Xxxxx -F -l 60 -v 3
Press [Enter] to launch the attack.
Quote:
root@kali:~# bully mon0 -b 84:C9:B2:XX:XX:XX -c X -e Xxxxx -p 3333 -F -B -l 60 -v 3
[!] Bully v1.0-22 - WPS vulnerability assessment utility
[+] Switching interface 'mon0' to channel '6'
[!] Starting pin specified, defaulting to sequential mode
[!] Using 'f2:af:63:61:fc:6b' for the source MAC address
[+] Datalink type set to '127', radiotap headers present
[+] Scanning for beacon from '84:c9:b2:0a:e1:22' on channel '6'
[X] Unable to get a beacon from the AP, possible causes are
[.] an invalid --bssid or -essid was provided,
[.] the access point isn't on channel '6',
[.] you aren't close enough to the access point.
root@kali:~#
Quote:
root@kali:~# bully mon0 -b 84:C9:B2:XX:XX:XX -c X -e Xxxxx -F -l 60 -v 3
[!] Bully v1.0-22 - WPS vulnerability assessment utility
[+] Switching interface 'mon0' to channel '6'
[!] Using 'f2:af:63:61:fc:6b' for the source MAC address
[+] Datalink type set to '127', radiotap headers present
[+] Scanning for beacon from '84:c9:b2:0a:e1:22' on channel '6'
[X] Unable to get a beacon from the AP, possible causes are
[.] an invalid --bssid or -essid was provided,
[.] the access point isn't on channel '6',
[.] you aren't close enough to the access point.
root@kali:~#
Now to confirm that it is possible to attack that same target with a simple syntax...
Quote:
root@kali:~# bully mon0 -c X -b 84:C9:B2:XX:XX:XX -v 3
[!] Bully v1.0-22 - WPS vulnerability assessment utility
[+] Switching interface 'mon0' to channel '6'
[!] Using 'f2:af:63:61:fc:6b' for the source MAC address
[+] Datalink type set to '127', radiotap headers present
[+] Scanning for beacon from '84:c9:b2:0a:e1:22' on channel '6'
[+] Got beacon for 'Xxxx wi-fi' (84:c9:b2:0a:e1:22)
[+] Loading randomized pins from '/root/.bully/pins'
[!] Restoring session from '/root/.bully/84c9b20ae122.run'
[+] Index of starting pin number is '0023000'
[+] Last State = 'NoAssoc' Next pin '71092997'
[+] Rx( M5 ) = 'Pin1Bad' Next pin '18102994'
[+] Rx( M5 ) = 'Pin1Bad' Next pin '24942997'
[+] Rx( M5 ) = 'Pin1Bad' Next pin '20102999'
[+] Rx( M5 ) = 'Pin1Bad' Next pin '07132995'
[+] Rx( M5 ) = 'Pin1Bad' Next pin '58762998'
[+] Rx( M5 ) = 'Pin1Bad' Next pin '38872990'
[+] Rx( M5 ) = 'Pin1Bad' Next pin '21282997'
[+] Rx( M5 ) = 'Pin1Bad' Next pin '98162994'
^C
Saved session to '/root/.bully/84c9b20ae122.run'
root@kali:~#
This is my error..
I select the first option to search after and then he opens the wash and displays the second screen.
I want to remember who are usuando a wireless card in my notebook for this.
http://uploaddeimagens.com.br/images...png?1405476429
http://uploaddeimagens.com.br/images...png?1405476536
Help me!
@ Quest,
The file error message is because a file didn't get deleted, I think I've solved the issue now.
I've only used bully a couple of times but those commands worked for me ok, I'll look into it but please can you post all the bully commands that work for you.
@ caiiostylle,
Try what staticn0de suggested, if that doesn't work then please post the error message in english so I can try to help you.
I'll post the updated version soon.
sure thing bro,
I'm not a Bully expert and I wish there was more feedback on that subject, but the few times I've used it, those below, worked great on any AP anywhere, anytime...
bully monX -c XX -b XX:XX:XX:XX:XX:XX -v 3
bully Interface -Chanel -BSSID -verbosity 3
bully monX -c XX -b XX:XX:XX:XX:XX:XX -v 3 -p XXXX
bully Interface -Chanel -BSSID -verbosity 3 -PIN
"easy does it" as they say :D
if you can get those fixed also ;)Quote:
ATTACK METHOD - HANDSHAKE CAPTURE
#################################
NOTE: Wait for clients to be visable in airodump before entering option [2].
[1] = Deauthenticate all connected clients.
[2] = Deauthenticate a specific client.
[3] = Return To Scanned APs.
Please choose an option: xterm: cannot open /root/FrankenScript2/Temp_Working_Dirctory/Handshake_Check.txt: 17:File exists
also, the way you have FS2 raped up in folders (root/Desktop/Untitled Folder/FrankenScript2) is not practical me thinks. It was better before. I could just decompress it Home.
The way the tar.gz is packaged. It is wrapped in many 'parent' folders before the FrankenScript2 folder.
So when I uncompress it I have a "root" folder, inside that a "Desktop" folder, inside that a "Untitled Folder" folder, then finally I get the "FrankenScript2" folder.
1,04*Mb (1*091*590)Quote:
FrankenScript2_Updated-14-7-2014.tar.gz\root\Desktop\Untitled Folder - TAR+GZIP archive, unpacked size 2*401*208 bytes
I used winrar4.0 and ark under Kali. I've DL the archive 3 times now with the same results. I doubt that I'm the only one getting that result.
My FrankenScript2 folder is indeed in my Home directory. I have that part figured out by now :p
Also...
it might just be me lucking out, but I'm not getting anywhere with that version of FS2, no matter what I try.
No handshakes. No wep success. Nada. Keeps sending out packets endlessly. It does associate, but that's the extent of it. I had all kinds of success with the previous version.
That might be on my end though(?)
I have the same thing with the unpack. A tar xvf lands the directory in an untitled folder on my desktop. It did not matter I had the archive and run the extract from my home folder.
The script itself works fine for me though. I am able to capture handshakes, use bully and reaver no problems. Haven't tripped a WEP attack yet.
I was also able to brute force with word list.
Have you considered adding support for cudahashcat? If not, I'll give it a crack on the weekend.
No major issues as of yet with the script. I had the same as quest where I didn't close the script correctly. I added a line to clear temp on load and that fixed it.
Realized unpack the file in the home folder, it creates a directory on my desktop that does not appear.
when I go to the root folder against the FS2 within the root folder. I try to open the file, I can open it using the 'bash' command. When I select the first option and I select my wireless network card, it opens a window 'wash' and the message appears.
xterm: connot open / root/FrankenScript2/Temp_Working_Directory/Wash_Network_Scan.txt: 2
slim, once you've uploaded the new version, I will write a howto for it, whether you like it or not.
xD
Here's the latest FrankenScript.
FrankenScript2: Updated 18/7/14
http://mir.cr/0QHRHOHT
Hi Slim,
Not a problem, just a comment. Publishing the script in a rar seems to have removed file permissions (the x flag has been cleared with 0644) and the rar file does not extract to it's own folder anymore.
yeah, slim, now the files are loose inside the archive. No FrankenScript2 folder!
I just read this whole thread today, then downloaded. Everyone knows already, but I'll say it anyway... Great Work!
Also, same here. I unrar-ed to find multiple scripts and whatnot floating around.
Thanks for letting me know guy's and sorry about that, I've just repacked it again and hopefully all should be good this time around.
FrankenScript2_Updated-19-7-2014.tar.gz
http://mir.cr/1UNMCFAJ
Just so your guys know, if you extract the archive with unrar x FrankenScript.rar is placed the files in folders. Still have to chmod the scripts through. Thanks for uploading as the tar.gz we all know and love!
Thanks slim!!
Here are my observations..
- Decompress normally in "FrankenScript2" folder.
- Starts normally with "cd /root/FrankenScript2 && ./FrankenScript2.sh"
-I like that!!!Quote:
[1] = Full iw-dev Scan
[2] = Wash WPS Network Scan.
[3] = Airodump Network Scan.
Please choose an option:
- Option 1 ([1] = Full iw-dev Scan) does not work for me. The return...
- Dude...Quote:
Scanned_APs
===========
################################################## ##########################
# [f] = Re-Scan - Full iw-dev Scan # [e] = Sort Scan By - ESSID #
# [w] = Re-Scan - Wash WPS Network Scan # [a] = Sort Scan By - Encryption #
# [d] = Re-Scan - Airodump Network Scan # [0] = Return To Main Menu #
# # [q] = Exit FrankenScript #
################################################## ##########################
Please choose an option or input the number of a target:
xDQuote:
ATTACK METHOD - HANDSHAKE CAPTURE
#################################
NOTE: Wait for clients to be visable in airodump before entering option [2].
[1] = Deauthenticate all connected clients.
[2] = Deauthenticate a specific client.
[0] = Return To Scanned APs.
[q] = Exit FrankenScript
Please choose an option:
Bully
- big improvements. All option working. But...
Quote:
[3] = Bully Custom Attack.
- Is it possible that FS2 messes with network manager? I loose my connection on wlan0. Anyone having the same?Quote:
Bully Current Attack Command:
bully mon0 -c 6 -b 84:C9:B2:0A:E1:22 3 <---I'm not going to tell ya what is missing here ..wink
Please input any additional Bully options:
Maybe I choose option 1 (killing all processes) but I don't think I did...
That's it for now. :)