Sit back, relax, and automate your WPA pen-test workload with ohc-api.sh. (Also persistent handshake loot!)

[sailboatanon]

This simple bash script for the Hak Wifi Pineapple Mark VII features persistent handshake storage and automatically submits your handshakes to this wonderful service (onlinehashcrack.com)!

You will receive an email confirmation and upon completion! Sit back, relax, and automate your WPA pen-test workload with ohc-api.sh.

https://github.com/sailboat-anon/wifi-pineapple-mark-vii

install and use

 wget https://raw.githubusercontent.com/sailboat-anon/wifi-pineapple-mark-vii/main/scripts/ohc-api.sh
 nano ohc-api.sh
 (change the receiving email address, 'email=')
 chmod a+x ohc-api.sh
 ./ohc-api.sh 

 

You'll likely want to run this on a schedule (default: 5min)

export VISUAL=nano; crontab -e
*/5 * * * * /pineapple/ohc-api.sh

workflow:

• capture handshakes using mark vii
• handshakes are moved from /tmp to /root/loot/handshakes
• handshakes are sent to the onlinehashcrack.com api, user receives an email confirmation and upon completion
• (be sure to set the 'email' variable below to your email address)
• submitted handshakes in /root/loot/handshakes are renamed 'submitted-.cpab'

persistent handshake storage: /root/loot/handshakes

transaction logs: /root/loot/handshakes/logs

[Katash]

works great, thanks.

[Katash]

Installed 1.0.2 firmware and noticed scipt has been replaced with loot-and-scoot.sh but getting following errors when running it.

 

> Checking for unsubmitted handshakes
> Unsubmitted handshakes FOUND, uploading to api.onlinehashcrack.com
cp: can't stat '*.pcap': No such file or directory
curl: (26) Error
curl: (26) Error
curl: (26) Error
curl: (26) Error
Cleaning up...
mv: can't rename '/tmp/handshakes//tmp/handshakes/0C-F9-C0-08-04-F6_partial.pcap': No such file or directory
mv: can't rename '/root/loot/handshakes//tmp/handshakes/0C-F9-C0-08-04-F6_partial.pcap': No such file or directory
mv: can't rename '/tmp/handshakes//tmp/handshakes/88-F8-72-23-4D-55_partial.pcap': No such file or directory
mv: can't rename '/root/loot/handshakes//tmp/handshakes/88-F8-72-23-4D-55_partial.pcap': No such file or directory
Output:
> Submitted /tmp/handshakes/0C-F9-C0-08-04-F6_partial.pcap to onlinehashcrack.com
> Submitted /tmp/handshakes/0C-F9-C0-08-04-F6_partial.pcap to wpa-sec.stanev.org
> Submitted /tmp/handshakes/88-F8-72-23-4D-55_partial.pcap to onlinehashcrack.com
> Submitted /tmp/handshakes/88-F8-72-23-4D-55_partial.pcap to wpa-sec.stanev.org

 

[Katash]

Am I the only person with this issue?

[chrizree]

Looking at the errors you posted and checking the bash script, it's pretty obvious that it will throw errors. That bash script needs some adjustments to work properly. Just follow the errors and match them with the bash script and you'll see where it needs some changes.

[deathvegetable]

I'm using the 1.1.0 Beta and get this error:

./loot-n-scoot.sh: line 7: syntax error near unexpected token `newline'
./loot-n-scoot.sh: line 7: `<!DOCTYPE html>'

 

Any help would be greatly appreciated

[deathvegetable]

I still can't get this working but alternatively the pineapple-m7 already has a tool installed on it that is pretty close to the same thing--->besside-ng

Open up the webshell or ssh into the pineapple and just as an example type the following and hit enter:

besside-ng -vv wlan1mon

I'd say more but it may be off topic & I don't want to be fixated on besside-ng in this thread & I'll start a topic if there are none.

Thanks for reading

[Vivaldi]

On 3/29/2021 at 10:12 PM, Katash said:

Am I the only person with this issue?

No you are not! After a day of trial and error I finally figured it out. With the curl commands it submits "path/${line}" but the ${line} variable already contains the path. So therefor is basically submitting "PathPath/file".
So get rid of the path that is written out there.

Same goes for the mv section of the script.

After you have done that, try running the script again. It should work after that.