WPA Strip, Clean and Convert Script
#1
I am posting here in the hope that it will encourage an online friend of mine to join the forum and take the credit for a nice script he kindly made me and said I could share.

I would much rather he posted it here himself but he seems to be the modest type and so this is an effort to push him into it ! Smile



#2
Ok, ok, I'm here Smile

And here is the script:
Code:
#Script_it, a simple script which simply tidy your .cap packets collection and prepare them for cracking with oclHashcat-Plus.
#Concept by Hash-IT
#Code by SmilingWolf
echo "Script_it, a simple script which simply tidy your .cap packets collection and prepare them for cracking with oclHashcat-Plus."
echo "You're free to redistribute this script anywhere you want, but keep the original credits. Thank You."
echo "Concept by Hash-IT"
echo "Code by SmilingWolf"
sleep 3
ls -lh A/*
mkdir -p B/OriginalCaps
cp A/* B/OriginalCaps/
echo "Deleting duplicated packets..."
mkdir B/UniqueCaps
md5sum B/OriginalCaps/* > /tmp/hashes_files.tmp
LIST=`md5sum B/OriginalCaps/* | cut -b -32 | sort | uniq`
for MD5 in $LIST
  do
  ULIST=`grep $MD5 /tmp/hashes_files.tmp | head -1 | cut -b 35-`
  DLIST=`grep $MD5 /tmp/hashes_files.tmp | head -1 | cut -b 35- | cut -b 16-`
  cp "$ULIST" "B/UniqueCaps/$DLIST"
done
echo "Done."
echo "Remaining packets:"
ls -lh B/UniqueCaps/*
mkdir B/CleanCaps
c=1
for f in B/UniqueCaps/*
  do
  l=`wpaclean /dev/null "$f" | tail -2 | head -1 | cut -b 23-`
  if [ -e "B/CleanCaps/$l clean.cap" ];
    then
    if [ -e "B/CleanCaps/$l ($c) clean.cap" ];
      then
      c=$(( $c + 1 ))
      else
      wpaclean "B/CleanCaps/$l ($c) clean.cap" "$f"
    fi
    else
    wpaclean "B/CleanCaps/$l clean.cap" "$f"
    c=1
  fi
done
ls -lh B/CleanCaps/*
mkdir B/HCcaps
for f in B/CleanCaps/*
  do
  n=`echo -n "$f" | cut -b 13- | sed s/\ clean\.cap//g`
  aircrack-ng -J "B/HCcaps/$n" "$f"
done
ls -lh B/HCcaps/*

Any feedback of any kind is welcome Smile
.txt   script_it.txt (Size: 1.49 KB / Downloads: 6)
#3
Hey SmilingWolf

I'm glad you signed up here and thanks for your script ! Smile

You asked for feedback and I have made some feature requests on the original thread.

Great work and thank you very much for sharing.
#4
And here we go with a new version of the script Smile

Code:
#Script_it, a simple script which simply tidy your .cap packets collection and prepare them for cracking with oclHashcat-Plus.
#Concept by Hash-IT
#Code by SmilingWolf
echo "Script_it, a simple script which simply tidy your .cap packets collection and prepare them for cracking with oclHashcat-Plus."
echo "You're free to redistribute this script anywhere you want, but keep the original credits. Thank You."
echo "Concept by Hash-IT"
echo "Code by SmilingWolf"
sleep 3
ls -lh A/*
mkdir -p B/OriginalCaps
cp A/* B/OriginalCaps/
echo "Deleting duplicated packets..."
mkdir B/UniqueCaps
md5sum B/OriginalCaps/* > /tmp/hashes_files.tmp
LIST=`md5sum B/OriginalCaps/* | cut -b -32 | sort | uniq`
for MD5 in $LIST
  do
  ULIST=`grep $MD5 /tmp/hashes_files.tmp | head -1 | cut -b 35-`
  DLIST=`grep $MD5 /tmp/hashes_files.tmp | head -1 | cut -b 35- | cut -b 16-`
  cp "$ULIST" "B/UniqueCaps/$DLIST"
done
rm /tmp/hashes_files.tmp
echo "Done."
echo "Remaining packets:"
ls -lh B/UniqueCaps/*
mkdir B/BadCaps
for f in B/UniqueCaps/*
  do
  l=`wpaclean /dev/null "$f" | wc -l`
  if [ $l == 2 ];
    then
    NewPos=`echo -n "$f" | cut -b 14-`
    echo "Bad capture file found!!! Moving it to B/BadCaps/$NewPos"
    mv "$f" "B/BadCaps/$NewPos"
  fi  
done
mkdir B/ReallyUniqueCaps
for f in B/UniqueCaps/*
  do
  BSSID=`wpaclean /dev/null "$f" | cut -d' ' -f 2 | tail -2 | head -1`
  echo "$BSSID $f">> /tmp/bssids_files.tmp
done
LIST=`cat /tmp/bssids_files.tmp | cut -b -17 | sort | uniq`
for BSSIDS in $LIST
  do
  ULIST=`grep $BSSIDS /tmp/bssids_files.tmp | head -1 | cut -b 19-`
  DLIST=`grep $BSSIDS /tmp/bssids_files.tmp | head -1 | cut -b 19- | cut -b 14-`
  cp "$ULIST" "B/ReallyUniqueCaps/$DLIST"
done
rm /tmp/bssids_files.tmp
mkdir B/CleanCaps
c=1
for f in B/ReallyUniqueCaps/*
  do
  l=`wpaclean /dev/null "$f" | tail -2 | head -1 | cut -b 23-`
  if [ -e "B/CleanCaps/$l clean.cap" ];
    then
    if [ -e "B/CleanCaps/$l ($c) clean.cap" ];
      then
      c=$(( $c + 1 ))
      else
      wpaclean "B/CleanCaps/$l ($c) clean.cap" "$f"
    fi
    else
    wpaclean "B/CleanCaps/$l clean.cap" "$f"
    c=1
  fi
done
ls -lh B/CleanCaps/*
mkdir B/HCcaps
for f in B/CleanCaps/*
  do
  n=`echo -n "$f" | cut -b 13- | sed s/\ clean\.cap//g`
  aircrack-ng -J "B/HCcaps/$n" "$f"
done
ls -lh B/HCcaps/*

Now the packets are first MD5 checked, putted in the UniqueCaps directory, sanity-checked and then BSSID checked and put in the ReallyUniqueCaps directory. Maybe the double check it's useless (now that we can compare the BSSIDs we don't need the MD5 check anymore), but I think I will keep that check anyway for practicality.

For anyone who's interested, the original thread was on md5decrypter.co.uk

.txt   script_it.txt (Size: 2.24 KB / Downloads: 5)
#5
Thank you SmilingWolf !!

I had a little trouble with this one which I have reported to you.

Its looking very good though ! Smile
#6
Post updated, now it should work.

That was a silly bug I got rid after a second of testing, but for some reasons it was present in the version I posted... This is strange... maybe I pressed Ctrl+Z (which on Kate stands for "Undo") before posting...

By the way, I think this is ok now.
#7
@ Hash-IT : can you please update wpa/wpa2 wiki page and add some reference to this post?
#8
(11-16-2011, 12:29 PM)atom Wrote: @ Hash-IT : can you please update wpa/wpa2 wiki page and add some reference to this post?

I would love to, its a great script ! Smile

I think SmilingWolf indicated that he is still working on it, its probably going to be the most over the top script !! Ha ha !

Do you mind if I wait until its completely finished ? I just would rather people downloaded the fully finished version than all the ones in-between.

I'll do it now though if you would prefer.
#9
i'm interested in how aircrack detects if the capture has a valid handshake.. i've tested some .cap files and aircrack said they contain a valid handshake and elcomsoft's wireless security auditor said the files contain no data..

since i wasn't able to find the password for those cap files, i tend to say elcomsoft is right


#10
Check the last part of this and this post on pyrit blog. The state of handshake parser in aircrack-ng is still not improved much in this part.