Pablo Guides

# Bully$ Pentest Course: Section 1 – Introduction to Bully$

## Overview of Bully$

Bully$ is a powerful tool designed for conducting penetration testing, specifically aimed at discovering and exploiting vulnerabilities in WPS (Wi-Fi Protected Setup) networks. It leverages the brute force technique to crack WPS pin codes, allowing an attacker (or ethical hacker) to gain unauthorized access to a wireless network. In this section, we will explore the installation and configuration of Bully$ on Kali Linux, along with practical usage scenarios and best practices in the realm of ethical hacking.

## 1. Installation and Configuration on Kali Linux

### 1.1 Prerequisites

Before installing Bully$, ensure that you have the following prerequisites:

– **Kali Linux**: Make sure you are using a recent version of Kali Linux. You can download the latest version from [Kali Linux Downloads](https://www.kali.org/downloads/).
– **Network adapter**: A wireless network adapter that supports packet injection. You can check compatibility with tools like airmon-ng.

### 1.2 Installing Dependencies

Bully$ requires several dependencies to function correctly. Open your terminal and run the following command to install these dependencies:

"`bash
sudo apt-get update
sudo apt-get install bully
"`

### 1.3 Verifying Installation

After installation, you can verify that Bully$ has been installed correctly by checking its version:

"`bash
bully -v
"`

You should see output indicating the installed version of Bully$.

### 1.4 Configuring Your Wireless Adapter

Before using Bully$, your wireless network adapter needs to be in monitor mode. To do this, follow these steps:

1. **Identify your network interface**:

"`bash
iwconfig
"`

2. **Put the network adapter into monitor mode**:

Replace `wlan0` with your wireless interface name.

"`bash
sudo airmon-ng start wlan0
"`

3. **Check the new interface**:

You will usually see a new interface named `wlan0mon`.

"`bash
iwconfig
"`

## 2. Step-by-Step Usage of Bully$

### 2.1 Basic Usage Commands

Bully$ can be executed with a few basic commands. Here’s the general syntax:

"`bash
bully -b [BSSID] -c [channel] -e [ESSID] -o [output file] -v wlan0mon
"`

– **-b**: BSSID of the target access point
– **-c**: Channel of the access point
– **-e**: ESSID (network name)
– **-o**: Output file to save results
– **-v**: Verbose output for more details

### 2.2 Real-World Use Case: Cracking WPS PIN

Let’s perform a practical example where we attempt to crack the WPS PIN of a vulnerable access point.

#### Step 1: Identify Target Access Point

Use `airodump-ng` to scan for nearby networks:

"`bash
sudo airodump-ng wlan0mon
"`

Identify the target network from the scan results and note down its BSSID, channel, and ESSID.

#### Step 2: Start Bully$

Run Bully$ using the parameters collected:

"`bash
bully -b 00:11:22:33:44:55 -c 6 -e MyNetwork -o results.txt wlan0mon
"`

### 2.3 Interpreting Results

Bully$ will start attempting to crack the WPS PIN. Once it finds the PIN, it will display it in the terminal and also save it to the specified output file.

You might see something like this in your terminal output:

"`
[+] WPS PIN: 12345670
"`

### 2.4 Additional Options

Bully$ comes with some additional options for fine-tuning the attack:

– **-t**: Set the timeout for attempts
– **-p**: Specify the number of threads to use

Example:

"`bash
bully -b 00:11:22:33:44:55 -c 6 -e MyNetwork -p 10 -o results.txt wlan0mon
"`

## 3. Technical Explanations

### 3.1 Understanding WPS Vulnerabilities

Wi-Fi Protected Setup (WPS) was designed to simplify the process of connecting devices to a secure wireless network. However, due to its inherent design flaws, it can be exploited through brute force attacks, making it vulnerable to unauthorized access.

### 3.2 How Bully$ Works

Bully$ works by exploiting these WPS vulnerabilities. It sends a series of brute force attempts to guess the WPS PIN. If the access point supports WPS and is configured with weak security settings, it can be breached in a matter of hours, depending on the complexity of the PIN.

### 3.3 External References

For more in-depth knowledge, consider the following resources:

– [Kali Linux Official Documentation](https://www.kali.org/docs/)
– [Wi-Fi Protected Setup (WPS) – Wikipedia](https://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup)
– [Understanding and Exploiting WPS Vulnerabilities](https://www.acs.com.hk/en/products/1010/acr38-smart-card-reader/)

## Conclusion

In this section, we have covered the installation and configuration of Bully$ on Kali Linux. We also walked through its usage in a real-world scenario of cracking a WPS PIN, highlighting the crucial aspects of ethical hacking and penetration testing with this potent tool.

In the next sections of this course, we will delve deeper into advanced techniques using Bully$ and explore additional tools and methodologies for comprehensive penetration testing.

—

Made by pablo rotem / פבלו רותם