Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pwnagotchi captures handshakes of APs on the main.whitelist and deauths clients from them #13

Closed
spitfire opened this issue Jan 17, 2024 · 18 comments
Closed

Pwnagotchi captures handshakes of APs on the main.whitelist and deauths clients from them #13

spitfire opened this issue Jan 17, 2024 · 18 comments
Assignees
@jayofelony
Labels
bug Something isn't working

Comments

@spitfire
Copy link

Describe the bug
Despite putting my Access Points (both their SSIDs and BSSIDs) in /etc/pwnagotchi/config.toml main.whitelist section they are being reconed by Pwnagotchi - their handshakes are being captured, and the clients are being deauthenticated from them.

To Reproduce
Steps to reproduce the behavior:

  1. put your SSIDs and BSSIDs in
main.whitelist = [
 "i01",
 "a2:a2:f4:c2:ed:30",
]

(I have many more, this is just one AP cut out.)
2. (re)start Pwnagotchi in AUTO mode with AI enabled
3. watch your logs

Expected behavior
Pwnagotchi ignores said stations - does not capture handshakes or perform any kind of attacks, especially deauths.

Screenshots

[2024-01-17 09:09:40,584] [WARNING] !!! captured new handshake on channel 6, -77 dBm: <redacted> () -> i01 [a2:a2:f4:c2:ed:30 ()] !!!

[2023-06-18 17:12:53,987] [INFO] deauthing <redacted> () from <hidden> (aa:a2:f4:c2:ed:30 ) on channel 6, -68 dBm ...

Environment (please complete the following information):

  • Pwnagotchi version: 2.7.0 (from this repo) and 2.6.4 (from pwnagotchi-torch) (that I haven't re-imaged yet)
  • OS version: whichever was supplied with the above distributions from you
  • Type of hardware: Pi Zero 2 and Pi 3A
  • Any additional hardware used: none
@spitfire spitfire added the bug Something isn't working label Jan 17, 2024
@jayofelony
Copy link
Owner

Does it save the handshakes in /root/handshakes or are they removed?

@spitfire
Copy link
Author

they are being saved and they're not empty. aircrack plugin even verifies them as valid.

@jayofelony jayofelony self-assigned this Jan 17, 2024
@jayofelony
Copy link
Owner

I am looking into the issue.

@jayofelony
Copy link
Owner

You need to add both hostname AND mac address of the device you want to whitelist.

@spitfire
Copy link
Author

You need to add both hostname AND mac address of the device you want to whitelist.

by hostname do you mean SSID (like"i01" here) and by MAC you mean BSSID ("a2:a2:f4:c2:ed:30") ? I already have them on my whitelist.

@jayofelony
Copy link
Owner

Yes, that MAC is of the accesspoint you named i01?

@spitfire
Copy link
Author

Yes, that MAC is of the accesspoint you named i01?

yes it is. Actually since I have 3 access points each working in 2.4 and 5 Ghz spectrum I had to add 6 BSSIDs (MAC addresses) for each SSID ;)

@jayofelony
Copy link
Owner

Well that should prevent it from getting deauthed, unless you made a type somewhere ofcourse

@spitfire
Copy link
Author

Well that should prevent it from getting deauthed, unless you made a type somewhere ofcourse

I didn't. I've copied both the MAC and name from the logs, performed search on each and found a match in config file.

@jayofelony
Copy link
Owner

How recent was that match?

@spitfire
Copy link
Author

Yesterday and today, both after I updated and applied config. time was not synced, so the date stamp is wrong on one

@jayofelony
Copy link
Owner

Just as a confirmation, you did run pwnkill or rebooted/restarted pwnagotchi after applying it to config?

@spitfire
Copy link
Author

Yes, like I said I've updated and applied (restarted pwnagotchi service) it.

@jayofelony
Copy link
Owner

Than I don't know, there is no issue on the code itself.

@jayofelony
Copy link
Owner

jayofelony commented Jan 17, 2024
edited
Loading

image
I will add an extra elif statement for good measure to skip any hostname/mac in whitelist

If you want you can add it yourself to /usr/local/lib/python3.11/dist-packages/pwnagotchi/agent.py

Released 2.7.1 with this fix, made it not check the last 2 characters of the MAC because in my private 3 accesspoints they differ from the given MAC address of the device itself somehow.

@spitfire
Copy link
Author

image I will add an extra elif statement for good measure to skip any hostname/mac in whitelist

If you want you can add it yourself to /usr/local/lib/python3.11/dist-packages/pwnagotchi/agent.py

Released 2.7.1 with this fix, made it not check the last 2 characters of the MAC because in my private 3 accesspoints they differ from the given MAC address of the device itself somehow.

they do for me as well, that's why I've added all the variants I've noticed [3 APS * 2 frequencies (2,4 and 5gHz) * 4 SSIDs] :)
Are the MAC addresses in config case-sensitive (I see in the code you've added you're lowercasing them, and I've been converting them to lowercase myself)?

@jayofelony
Copy link
Owner

Yeah always converted them to lowercase

@spitfire
Copy link
Author

It is still happening on both of the devices I'm playing around at home. Maybe there is something else wrong with my config - can I contact you somewhere else, as I don't want to post if publicly?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jayofelony jayofelony

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@spitfire @jayofelony