WEPBuster 1.0
This small utility was written for Information Security Professionals to aid in conducting Wireless Security Assessment. The program executes various utilities included in the aircrack-ng suite, a set of tools for auditing wireless networks, in order to obtain the WEP encryption key of
a wireless access point. aircrack-ng can be obtained from http://www.aircrack-ng.org
Features:
WEPBuster Cracks all access points within the range in one go!!
Supports:
- Mac address filtering bypass (via mac spoofing)
- Auto reveal hidden SSID
- Client-less Access Point injection
- Shared Key Authentication
- WEP Decloacking (future version)
- whitelist (crack only APs included in the list)
- blacklist (do not crack AP if it's included in the list)
USAGE:
WEPBuster_1.0"> perl wepbuster [1 | 6 | 11] (or any combination, space separated)
perl wepbuster (sort | connect) [HOST | IP] Defaults to: gateway)
Typically, one would invoke the program without any arguments. Doing this will set the mode to 'crack' and will try to crack all wep-enabled access points within the range on each of those 3 non-overlapping channels(1,6,11)
Given an argument of numbers (1, 6, or 11 only), mode will be set to 'crack' and will crack all APs on that particular channel/s specified.
If passed with a 'sort' argument, followed by an optional IP address or a hostname, the program will try to sort the list of cracked access points (obtained after running 'crack' mode) in the order of decreasing ping round trip time to the gateway or to the IP address or hostname specified.
If passed with a 'connect' argument, followed by an optional IP address or a hostname, the program will try to connect to each access point included in the list of cracked access points.
The program exits once connection is made to an access point and verified, e.g, if it can successfully ping the gateway or the IP address or hostname specified.
RECOMMENDED MODIFICATIONS (aircrack-ng):
The following modifications to the source and header file of the two aircrack-ng utilities (aircrack-ng, airodump-ng), are not required but will make the decryption of WEP key more accurate (in terms of number of IVs needed in order to obtain the key.
1.) Instead of 5000, change PTW_TRY_STEP to 100 to make cracking more accurate (in terms of number of IVs needed to crack the key) Look for this line below in "aircrack-ng.h"
PTW_TRY_STEP #5000
2.) The script relies heavily on reading and parsing the .csv file output of airodump-ng. As such, instead of airodump-ng waiting for 20 seconds before writing the .csv text output, it is recommended that you make it 2 seconds.
If not changing this line below, you should set $airodumpwait to at least more than 20 to avoid getting errors. A value of 23 should be safe. Look for this line below in "airodump-ng.c"
if( time( NULL ) - tt1 >= 20)
REQUIRED PERL MODULES:
The only module used in this script is the module "Term::ReadKey". This module is used when the 'Enter' key is pressed, e.g, if the user wants to skip injecting into a particular Access Point.
This module can be obtained from "http://search.cpan.org".
A typical installation procedure of any perl module consists of the following steps:
perl Makefile.PL
make install
On Debian systems, this can be installed using apt-get e.g:
"apt-get install libterm-readkey-perl"
REQUIRED APPLICATION:
macchanger (http://www.alobbs.com/macchanger)
This tool is used for spoofing the macaddress when the AP is using mac address filtering.
TESTING PLATFORM:
During the development, this program was tested inside an Ubuntu Linux installation, using Alfa AWUS036H with R8187 driver. The access points tested were Aztech DSL605EW and Linksys WAG54G2
WARNINGS:
Other linux platforms, were not tested. The wireless card mentioned above is the only card that was used, others are not guaranteed to work without making any changes. I don't have all the necessary hardwares to test.
I'm leaving this work to the community. Please contribute so that everyone can benefit. =)
WHERE TO GET IT?
Please visit the project page at http://code.google.com/p/wepbuster/ where you can download the script, and find the link to the video demo.
FINAL THOUGHTS:
This is the first program I have provided to the opensource community.
I hope you'll find it useful. Donations are welcome if you do =). Send them to my paypal account: markjayson.alvarez_AT_gmail.com
Please use this program in a good way and remember: "Morality works best when chosen not when mandated" - Larry Wall