5.5 KiB
Overview
OneShot performs Pixie Dust attack without having to switch to monitor mode.
Features
- Pixie Dust attack;
- integrated 3WiFi offline WPS PIN generator;
- online WPS bruteforce;
- Wi-Fi scanner with highlighting based on iw;
Requirements
- Python 3.6 and above;
- Wpa supplicant;
- Pixiewps;
- iw.
Setup
Debian/Ubuntu
Installing requirements
sudo apt install -y python3 wpasupplicant iw wget
Installing Pixiewps
Ubuntu 18.04 and above or Debian 10 and above
sudo apt install -y pixiewps
Other versions
sudo apt install -y build-essential unzip
wget https://github.com/wiire-a/pixiewps/archive/master.zip && unzip master.zip
cd pixiewps*/
make
sudo make install
Getting OneShot
cd ~
wget https://raw.githubusercontent.com/drygdryg/OneShot/master/oneshot.py
Optional: getting a list of vulnerable to pixie dust devices for highlighting in scan results:
wget https://raw.githubusercontent.com/drygdryg/OneShot/master/vulnwsc.txt
Arch Linux
Installing requirements
sudo pacman -S wpa_supplicant pixiewps wget python
Getting OneShot
wget https://raw.githubusercontent.com/drygdryg/OneShot/master/oneshot.py
Optional: getting a list of vulnerable to pixie dust devices for highlighting in scan results:
wget https://raw.githubusercontent.com/drygdryg/OneShot/master/vulnwsc.txt
Alpine Linux
It can also be used to run on Android devices using Linux Deploy
Installing requirements
Adding the testing repository:
sudo sh -c 'echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/repositories'
sudo apk add python3 wpa_supplicant pixiewps iw
Getting OneShot
sudo wget https://raw.githubusercontent.com/drygdryg/OneShot/master/oneshot.py
Optional: getting a list of vulnerable to pixie dust devices for highlighting in scan results:
sudo wget https://raw.githubusercontent.com/drygdryg/OneShot/master/vulnwsc.txt
Termux
Please note that root access is required.
Using installer
curl -sSf https://raw.githubusercontent.com/drygdryg/OneShot_Termux_installer/master/installer.sh | bash
Manually
Installing requirements
pkg install -y root-repo
pkg install -y git tsu python wpa-supplicant pixiewps iw openssl
Getting OneShot
git clone --depth 1 https://github.com/drygdryg/OneShot OneShot
Running
sudo python OneShot/oneshot.py -i wlan0 --iface-down -K
Usage
oneshot.py <arguments>
Required arguments:
-i, --interface=<wlan0> : Name of the interface to use
Optional arguments:
-b, --bssid=<mac> : BSSID of the target AP
-p, --pin=<wps pin> : Use the specified pin (arbitrary string or 4/8 digit pin)
-K, --pixie-dust : Run Pixie Dust attack
-B, --bruteforce : Run online bruteforce attack
--push-button-connect : Run WPS push button connection
Advanced arguments:
-d, --delay=<n> : Set the delay between pin attempts [0]
-w, --write : Write AP credentials to the file on success
-F, --pixie-force : Run Pixiewps with --force option (bruteforce full range)
-X, --show-pixie-cmd : Alway print Pixiewps command
--vuln-list=<filename> : Use custom file with vulnerable devices list ['vulnwsc.txt']
--iface-down : Down network interface when the work is finished
-l, --loop : Run in a loop
-r, --reverse-scan : Reverse order of networks in the list of networks. Useful on small displays
--mtk-wifi : Activate MediaTek Wi-Fi interface driver on startup and deactivate it on exit
(for internal Wi-Fi adapters implemented in MediaTek SoCs). Turn off Wi-Fi in the system settings before using this.
-v, --verbose : Verbose output
Usage examples
Start Pixie Dust attack on a specified BSSID:
sudo python3 oneshot.py -i wlan0 -b 00:90:4C:C1:AC:21 -K
Show avaliable networks and start Pixie Dust attack on a specified network:
sudo python3 oneshot.py -i wlan0 -K
Launch online WPS bruteforce with the specified first half of the PIN:
sudo python3 oneshot.py -i wlan0 -b 00:90:4C:C1:AC:21 -B -p 1234
Start WPS push button connection:s
sudo python3 oneshot.py -i wlan0 --pbc
Troubleshooting
"RTNETLINK answers: Operation not possible due to RF-kill"
Just run:
sudo rfkill unblock wifi
"Device or resource busy (-16)"
Try disabling Wi-Fi in the system settings and kill the Network manager. Alternatively, you can try running OneShot with --iface-down
argument.
The wlan0 interface disappears when Wi-Fi is disabled on Android devices with MediaTek SoC
Try running OneShot with the --mtk-wifi
flag to initialize Wi-Fi device driver.
Acknowledgements
Special Thanks
rofl0r
for initial implementation;Monohrom
for testing, help in catching bugs, some ideas;Wiire
for developing Pixiewps.