Gaining access to Wi-Fi networks can be crucial for various reasons, whether for testing security or connecting to a network when passwords are forgotten. If you're an advanced user with root permissions on your Android device, the Termux app paired with the FARHAN-Shot.py script provides a powerful way to accomplish this.
The FARHAN-Shot.py script is a versatile tool that allows users to exploit vulnerabilities in Wi-Fi networks, particularly those using WPS (Wi-Fi Protected Setup). This script supports several attacks, including the Pixie Dust attack, which is known for its effectiveness against certain routers.
Using the FARHAN-Shot.py script in Termux, you can potentially gain access to Wi-Fi networks by exploiting WPS vulnerabilities, provided you have the necessary permissions and knowledge.
This guide is intended for educational purposes only. Unauthorized access to networks is illegal and unethical.
Prerequisites
Root Permissions
Before diving into the FARHAN-Shot.py script, it's important to note that root permissions are required on your Android device. Without root access, the script will not function as intended, as it needs elevated privileges to interact with the network interface.
If your device is not rooted, don't worry. You can still follow along by installing Kali Nethunter, a mobile penetration testing platform, on your Android device.
Initial Setup
To prepare your device for running the FARHAN-Shot.py script, there are a few essential steps you need to take:
- Disable Wi-Fi: Ensure that your device's Wi-Fi is turned off. This prevents any interference with the network interface during the script's execution.
- Enable Hotspot: Turning on your device's hotspot is necessary for the script to function correctly. This step helps manage the network interface more effectively.
- Activate Location Services: Finally, make sure that Location Services are enabled on your device. Some network-related scripts require location access to function optimally.
Ensure all these settings are configured before proceeding with the script execution.
Understanding the FARHAN-Shot.py Script
Overview of the Script
The FARHAN-Shot.py script is a powerful tool designed for advanced users who want to test the security of Wi-Fi networks. It leverages vulnerabilities in WPS (Wi-Fi Protected Setup) protocols to gain access to networks that might otherwise be secure.
Key Features and Capabilities
The script offers a range of functionalities tailored to different scenarios, making it highly versatile. Some of the key features include:
- Pixie Dust Attack: A sophisticated attack that exploits vulnerabilities in the WPS protocol, particularly effective against older routers.
- Online Bruteforce Attack: This feature allows the script to perform a bruteforce attack on WPS pins, potentially cracking the Wi-Fi password.
- Custom Pin Usage: Users can specify a particular WPS pin or even a range of pins to target specific networks.
- WPS Push Button Connection: The script can initiate a connection using the WPS push button method, making it easier to gain access without needing a password.
The FARHAN-Shot.py script is designed to be user-friendly yet powerful, providing advanced users with a valuable tool for Wi-Fi security testing.
Understanding the FARHAN-Shot.py script's capabilities is essential for effectively using it to assess and improve Wi-Fi network security.
Script Usage and Required Arguments
Basic Command Structure
To effectively use the FARHAN-Shot.py script, you need to understand its command structure. The script is executed in Termux or Kali Linux using specific arguments that dictate how it interacts with the target network. The basic command structure is as follows:
python3 FARHAN-Shot.py <arguments>
Mandatory Argument: Interface Name
The most crucial argument that must be provided is the network interface name, typically wlan0 on most Android devices. The interface is specified using the -i or --interface option. This tells the script which network interface to use for the attack.
-i, --interface=<wlan0>
Always ensure that you have correctly identified your network interface before running the script.
Optional Arguments for Targeting Specific APs
Targeting a Specific BSSID
One of the script's powerful features is the ability to target a specific Access Point (AP) by its BSSID (Basic Service Set Identifier). This is particularly useful when you know the exact network you want to test. Use the -b or --bssid argument to specify the target BSSID:
-b, --bssid=<mac>
The BSSID is the unique identifier of the Wi-Fi network you are targeting, usually formatted as a MAC address (e.g., 00:90:4C:C1:AC:21).
Using a Specific WPS Pin
If you have a specific WPS pin you want to use, the script allows you to input it directly. This can be either an arbitrary string or a 4/8 digit pin. This is done using the -p or --pin argument:
-p, --pin=<wps pin>
Executing the Pixie Dust Attack
The Pixie Dust attack is one of the most effective methods against vulnerable routers. To initiate this attack, you can use the -K or --pixie-dust argument. This option allows the script to exploit specific WPS vulnerabilities:
-K, --pixie-dust
Launching an Online Bruteforce Attack
Another option is to perform an online bruteforce attack, which systematically tries different WPS pins until the correct one is found. This method is slower but can be effective against certain networks. The argument for this is -B or --bruteforce:
-B, --bruteforce
Initiating WPS Push Button Connection
If the target router supports WPS push button configuration, you can use the --push-button-connect argument to initiate a connection without needing to input a password:
--push-button-connect
These optional arguments provide flexibility, allowing you to target specific networks or choose the type of attack that best suits your needs.
Advanced Script Usage
Setting a Delay Between Pin Attempts
To avoid detection or reduce the load on the network, you might want to introduce a delay between pin attempts. This can be done using the -d or --delay argument. Specify the delay in seconds as follows:
-d, --delay=<n>
Setting a delay can help in avoiding being locked out from the network due to too many rapid attempts.
Saving AP Credentials
If the script successfully cracks the WPS pin and gains access to the network, you might want to save the network credentials for future use. The -w or --write argument allows you to save these credentials to a file:
-w, --write
Using Pixiewps with the Force Option
For more aggressive attacks, you can enable the force option in Pixiewps, which attempts a full range bruteforce attack. This is done using the -F or --pixie-force argument:
-F, --pixie-force
Displaying the Pixiewps Command
If you want to see the exact Pixiewps command being executed, you can use the -X or --show-pixie-cmd argument. This can be useful for understanding how the attack works or for debugging purposes:
-X, --show-pixie-cmd
Using a Custom Vulnerability List
For users with a list of known vulnerable devices, the script allows the use of a custom file with this information. This is done using the --vuln-list argument, where you can specify the filename:
--vuln-list=<filename>
Disabling the Network Interface After Completion
To ensure the network interface is properly reset after the script finishes its work, you can use the --iface-down argument. This will automatically disable the interface upon completion:
--iface-down
Running the Script in a Loop
For continuous attacks or testing, the script can be set to run in a loop using the -l or --loop argument. This makes it repeat its actions until manually stopped:
-l, --loop
Reversing the Scan Order
If you're working with a large list of networks and need to scan them in reverse order, use the -r or --reverse-scan argument. This can be helpful on devices with smaller displays:
-r, --reverse-scan
Activating MediaTek Wi-Fi Interface Driver
For devices with MediaTek SoCs, the script includes a special argument to activate and deactivate the MediaTek Wi-Fi interface driver during the script's operation. This is necessary for certain Android devices and is done using the --mtk-wifi argument:
--mtk-wifi
Enabling Verbose Output
For detailed output and to monitor the script's actions closely, you can enable verbose mode using the -v or --verbose argument. This will provide more detailed information during the script's execution:
-v, --verbose
These advanced arguments provide enhanced control over the FARHAN-Shot.py script, allowing for a more tailored and powerful approach to Wi-Fi security testing.
Troubleshooting Common Issues
Fixing "RTNETLINK Answers: Operation Not Possible Due to RF-Kill"
If you encounter the error message "RTNETLINK answers: Operation not possible due to RF-kill", it means the Wi-Fi interface has been soft-blocked, usually by a software switch. To resolve this issue, unblock the Wi-Fi using the following command:
sudo rfkill unblock wifi
Running this command should allow you to proceed with your Wi-Fi penetration testing without further issues.
Dealing with "Device or Resource Busy (-16)" Error
This error typically occurs when the Wi-Fi interface is still being used by another process, such as Network Manager. To fix this, disable Wi-Fi in your system settings and terminate any conflicting processes. Additionally, you can try running the script with the interface down option:
FARHAN-Shot2 --iface-down
Handling Disappearing wlan0 Interface on MediaTek SoC Devices
On certain Android devices with MediaTek SoCs, disabling Wi-Fi might cause the wlan0 interface to disappear. To prevent this, use the following command to manage the MediaTek Wi-Fi driver:
FARHAN-Shot2 --mtk-wifi
By activating the MediaTek Wi-Fi interface driver through the script, you can ensure the wlan0 interface remains active during your testing.
If you encounter any of these issues, use the provided commands to troubleshoot and continue your Wi-Fi penetration testing with FARHAN-Shot.py.
Usage Examples
Starting a Pixie Dust Attack
To initiate a Pixie Dust attack on a specific BSSID, use the following command. This attack is effective against vulnerable routers by exploiting weaknesses in the WPS protocol:
cd FARHAN-Shot && sudo python3 FARHAN-Shot.py -i wlan0 -b 00:90:4C:C1:AC:21 -K
Make sure to replace 00:90:4C:C1:AC:21 with the actual BSSID of the target network.
Showing Available Networks and Starting a Pixie Dust Attack
To view available networks and then start a Pixie Dust attack on the selected network, use the following command. This approach helps you identify networks before performing the attack:
cd FARHAN-Shot && sudo python3 FARHAN-Shot.py -i wlan0 -K
Launching an Online WPS Bruteforce Attack
If you want to perform an online bruteforce attack on a network with a known partial PIN, use this command. It will attempt to guess the remaining part of the WPS PIN:
cd FARHAN-Shot && sudo python3 FARHAN-Shot.py -i wlan0 -b 00:90:4C:C1:AC:21 -B -p 1234
Replace 00:90:4C:C1:AC:21 with the target BSSID and 1234 with the known part of the WPS PIN.
These examples illustrate common use cases for the FARHAN-Shot.py script, helping you apply the right commands for different scenarios.
Conclusion
The FARHAN-Shot.py script is a versatile tool for Wi-Fi penetration testing, offering a range of functionalities from executing Pixie Dust attacks to performing online bruteforce attacks. By understanding and effectively using the various arguments and options available, you can tailor your approach to meet specific testing needs.
Remember to follow the troubleshooting tips if you encounter any issues during your testing process. Proper usage and handling of the script can significantly enhance your Wi-Fi security testing efforts.
Always ensure that you have permission to test the networks you are working on to avoid legal consequences. This guide is intended for educational purposes only.
With the detailed instructions and examples provided, you are now equipped to use FARHAN-Shot.py effectively for your Wi-Fi penetration testing tasks.
FAQs
What is FARHAN-Shot.py used for?
FARHAN-Shot.py is a script used for Wi-Fi penetration testing. It allows you to perform various attacks on Wi-Fi networks, such as Pixie Dust attacks and online bruteforce attacks, to test the security of WPS implementations.
Do I need root permissions to use FARHAN-Shot.py?
Yes, FARHAN-Shot.py requires root permissions to access and manipulate network interfaces on your device. Ensure you have the necessary permissions before running the script. Or if your device is not rooted you need to install Kali NetHunter, then you can use FARHAN-Shot.py on unrooted device
How do I choose the right arguments for the script?
The choice of arguments depends on your specific testing needs. Use -i to specify the network interface, -b to target a specific BSSID, and -K to execute a Pixie Dust attack. Refer to the documentation for a full list of arguments and their functions.
What should I do if I encounter errors with the script?
Common errors and their solutions are outlined in the troubleshooting section of this guide. For example, use sudo rfkill unblock wifi for RF-kill errors and ensure Wi-Fi is disabled in system settings if you face device busy errors.