How to Use the Command 'bully' (with examples)

The ‘bully’ command-line tool is a powerful utility primarily used for brute-forcing the WPS (Wi-Fi Protected Setup) pins of wireless access points. It assists penetration testers and network administrators in evaluating the security of Wi-Fi networks. Before deploying ‘bully,’ users must first gather necessary information using ‘airmon-ng’ and ‘airodump-ng.’ These tools help identify the target wireless network’s characteristics such as the MAC address and the channel it operates on. ‘Bully’ then uses this information to attempt accessing the network by brute-forcing the WPS pin.

Use Case 1: Crack the Password

Code:

bully --bssid "mac" --channel "channel" --bruteforce "interface"

Motivation:

Cracking the password of a wireless network is a crucial step in understanding and strengthening its security. By using ‘bully’ in a controlled and legal environment, network administrators can assess the vulnerability of their networks to unauthorized access. Performing such tests enables them to implement necessary measures to secure their networks, such as disabling WPS if found to be vulnerable. As attackers might exploit weak points in WPS security, having foreknowledge and assurance of network robustness is vital.

Explanation of the Arguments:

• --bssid "mac": This argument specifies the MAC address of the target wireless access point. The MAC (Media Access Control) address serves as a unique identifier for the device. It is crucial to target the correct network device during the brute-force attack. This information is typically gathered beforehand using ‘airodump-ng.’

• --channel "channel": Here, ‘channel’ refers to the frequency channel on which the target wireless access point is operating. Wi-Fi networks can operate on various channels, and specifying the correct one ensures that communication and attempts to access are directed appropriately. This channel information is also collected by ‘airodump-ng’ during the initial scanning process.

• --bruteforce "interface": The network interface to be used for the brute-force attempt is specified here. This is the wireless card’s interface name that has been put into monitor mode using ‘airmon-ng.’ This interface will be actively engaged in the brute-force process, making attempts based on the WPS vulnerability.

Example Output:

Bully v1.0-22 - WPS vulnerability assessment utility
[+] Starting brute force against MAC: aa:bb:cc:dd:ee:ff on channel 6
[+] Trying pin 12345670
[ ]...
[+] WPS pin: 12345678
[+] WPA PSK: example_password
[*] Brute force attack completed successfully.

Use Case 2: Display Help

Code:

bully --help

Motivation:

Displaying the help information for ‘bully’ is important for both beginners and experienced users. It provides an overview of available commands, arguments, and usage options, essentially serving as a reference manual that guides the user in employing ‘bully’ effectively. Understanding the options allows users to better customize their usage for specific scenarios, ensuring they apply the right parameters for their network testing requirements.

Explanation of the Arguments:

• --help: This argument displays detailed help information. It lists all available options, commands, and their descriptions. By using this flag, users gain comprehensive insight into how to operate ‘bully’ efficiently and access additional resources or options that they might not be familiar with.

Example Output:

Usage: bully [options] <interface>
-h, --help            Display this help and exit
-b, --bssid <mac>     Target BSSID (MAC address)
-c, --channel <chan>  Set the channel for listening
-w, --bruteforce      Initiate WPS pin brute-force
...

Conclusion:

The ‘bully’ tool, when used responsibly and appropriately within legal boundaries, can play a crucial role in assessing and enhancing the security of Wi-Fi networks. By exploring the functionalities shown in these examples — from executing a brute-force attack to simply seeking guidance through the help option — users can leverage ‘bully’ to ensure their networks aren’t susceptible to potential breaches. Ultimately, understanding and employing such tools in a controlled fashion allows for preemptive security measures, mitigating any vulnerabilities that might otherwise be exploited by malicious entities.