r00kie-kr00kie: PoC exploit for the CVE-2019-15126 kr00k vulnerability

Apr 3, 2020

r00kie-kr00kie is a PoC exploit for the CVE-2019-15126 kr00k vulnerability.

This project is intended for educational purposes only and cannot be used for law violations or personal gain. The author of this project is not responsible for any possible harm caused by the materials.

Requirements

To use these scripts, you will need a WiFi card supporting the active monitor mode with frame injection. We recommend the Atheros AR9280 chip (IEEE 802.11n) we used to develop and test the code. We have tested this PoC on Kali Linux

Installation

# clone main repo
git clone https://github.com/hexway/r00kie-kr00kie.git && cd ./r00kie-kr00kie
# install dependencies
sudo pip3 install -r requirements.txt

How to use

Script: r00kie-kr00kie.py

This is the main exploit file that implements the kr00k attack

->~:python3 r00kie-kr00kie.py -h

usage: r00kie-kr00kie.py [-h] [-i INTERFACE] [-l CHANNEL] [-b BSSID]
                         [-c CLIENT] [-n DEAUTH_NUMBER] [-d DEAUTH_DELAY]
                         [-p PCAP_PATH_READ] [-r PCAP_PATH_RESULT] [-q]

PoC of CVE-2019-15126 kr00k vulnerability

optional arguments:
  -h, --help            show this help message and exit
  -i INTERFACE, --interface INTERFACE
                        Set wireless interface name for listen packets
  -l CHANNEL, --channel CHANNEL
                        Set channel for wireless interface (default: 1)
  -b BSSID, --bssid BSSID
                        Set WiFi AP BSSID (example: "01:23:45:67:89:0a")
  -c CLIENT, --client....

Author

Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023