Posts: 723
Threads: 85
Joined: Apr 2011
I am posting here in the hope that it will encourage an online friend of mine to join the forum and take the credit for a nice script he kindly made me and said I could share.
I would much rather he posted it here himself but he seems to be the modest type and so this is an effort to push him into it !
Posts: 6
Threads: 0
Joined: Nov 2011
Ok, ok, I'm here
And here is the script:
Code:
#Script_it, a simple script which simply tidy your .cap packets collection and prepare them for cracking with oclHashcat-Plus.
#Concept by Hash-IT
#Code by SmilingWolf
echo "Script_it, a simple script which simply tidy your .cap packets collection and prepare them for cracking with oclHashcat-Plus."
echo "You're free to redistribute this script anywhere you want, but keep the original credits. Thank You."
echo "Concept by Hash-IT"
echo "Code by SmilingWolf"
sleep 3
ls -lh A/*
mkdir -p B/OriginalCaps
cp A/* B/OriginalCaps/
echo "Deleting duplicated packets..."
mkdir B/UniqueCaps
md5sum B/OriginalCaps/* > /tmp/hashes_files.tmp
LIST=`md5sum B/OriginalCaps/* | cut -b -32 | sort | uniq`
for MD5 in $LIST
do
ULIST=`grep $MD5 /tmp/hashes_files.tmp | head -1 | cut -b 35-`
DLIST=`grep $MD5 /tmp/hashes_files.tmp | head -1 | cut -b 35- | cut -b 16-`
cp "$ULIST" "B/UniqueCaps/$DLIST"
done
echo "Done."
echo "Remaining packets:"
ls -lh B/UniqueCaps/*
mkdir B/CleanCaps
c=1
for f in B/UniqueCaps/*
do
l=`wpaclean /dev/null "$f" | tail -2 | head -1 | cut -b 23-`
if [ -e "B/CleanCaps/$l clean.cap" ];
then
if [ -e "B/CleanCaps/$l ($c) clean.cap" ];
then
c=$(( $c + 1 ))
else
wpaclean "B/CleanCaps/$l ($c) clean.cap" "$f"
fi
else
wpaclean "B/CleanCaps/$l clean.cap" "$f"
c=1
fi
done
ls -lh B/CleanCaps/*
mkdir B/HCcaps
for f in B/CleanCaps/*
do
n=`echo -n "$f" | cut -b 13- | sed s/\ clean\.cap//g`
aircrack-ng -J "B/HCcaps/$n" "$f"
done
ls -lh B/HCcaps/*
Any feedback of any kind is welcome
script_it.txt (Size: 1.49 KB / Downloads: 6)
Posts: 723
Threads: 85
Joined: Apr 2011
Hey SmilingWolf
I'm glad you signed up here and thanks for your script !
You asked for feedback and I have made some feature requests on the original thread.
Great work and thank you very much for sharing.
Posts: 6
Threads: 0
Joined: Nov 2011
11-15-2011, 06:22 PM
(This post was last modified: 11-15-2011, 10:48 PM by SmilingWolf.)
And here we go with a new version of the script
Code:
#Script_it, a simple script which simply tidy your .cap packets collection and prepare them for cracking with oclHashcat-Plus.
#Concept by Hash-IT
#Code by SmilingWolf
echo "Script_it, a simple script which simply tidy your .cap packets collection and prepare them for cracking with oclHashcat-Plus."
echo "You're free to redistribute this script anywhere you want, but keep the original credits. Thank You."
echo "Concept by Hash-IT"
echo "Code by SmilingWolf"
sleep 3
ls -lh A/*
mkdir -p B/OriginalCaps
cp A/* B/OriginalCaps/
echo "Deleting duplicated packets..."
mkdir B/UniqueCaps
md5sum B/OriginalCaps/* > /tmp/hashes_files.tmp
LIST=`md5sum B/OriginalCaps/* | cut -b -32 | sort | uniq`
for MD5 in $LIST
do
ULIST=`grep $MD5 /tmp/hashes_files.tmp | head -1 | cut -b 35-`
DLIST=`grep $MD5 /tmp/hashes_files.tmp | head -1 | cut -b 35- | cut -b 16-`
cp "$ULIST" "B/UniqueCaps/$DLIST"
done
rm /tmp/hashes_files.tmp
echo "Done."
echo "Remaining packets:"
ls -lh B/UniqueCaps/*
mkdir B/BadCaps
for f in B/UniqueCaps/*
do
l=`wpaclean /dev/null "$f" | wc -l`
if [ $l == 2 ];
then
NewPos=`echo -n "$f" | cut -b 14-`
echo "Bad capture file found!!! Moving it to B/BadCaps/$NewPos"
mv "$f" "B/BadCaps/$NewPos"
fi
done
mkdir B/ReallyUniqueCaps
for f in B/UniqueCaps/*
do
BSSID=`wpaclean /dev/null "$f" | cut -d' ' -f 2 | tail -2 | head -1`
echo "$BSSID $f">> /tmp/bssids_files.tmp
done
LIST=`cat /tmp/bssids_files.tmp | cut -b -17 | sort | uniq`
for BSSIDS in $LIST
do
ULIST=`grep $BSSIDS /tmp/bssids_files.tmp | head -1 | cut -b 19-`
DLIST=`grep $BSSIDS /tmp/bssids_files.tmp | head -1 | cut -b 19- | cut -b 14-`
cp "$ULIST" "B/ReallyUniqueCaps/$DLIST"
done
rm /tmp/bssids_files.tmp
mkdir B/CleanCaps
c=1
for f in B/ReallyUniqueCaps/*
do
l=`wpaclean /dev/null "$f" | tail -2 | head -1 | cut -b 23-`
if [ -e "B/CleanCaps/$l clean.cap" ];
then
if [ -e "B/CleanCaps/$l ($c) clean.cap" ];
then
c=$(( $c + 1 ))
else
wpaclean "B/CleanCaps/$l ($c) clean.cap" "$f"
fi
else
wpaclean "B/CleanCaps/$l clean.cap" "$f"
c=1
fi
done
ls -lh B/CleanCaps/*
mkdir B/HCcaps
for f in B/CleanCaps/*
do
n=`echo -n "$f" | cut -b 13- | sed s/\ clean\.cap//g`
aircrack-ng -J "B/HCcaps/$n" "$f"
done
ls -lh B/HCcaps/*
Now the packets are first MD5 checked, putted in the UniqueCaps directory, sanity-checked and then BSSID checked and put in the ReallyUniqueCaps directory. Maybe the double check it's useless (now that we can compare the BSSIDs we don't need the MD5 check anymore), but I think I will keep that check anyway for practicality.
For anyone who's interested, the original thread was on
md5decrypter.co.uk
script_it.txt (Size: 2.24 KB / Downloads: 5)
Posts: 723
Threads: 85
Joined: Apr 2011
Thank you SmilingWolf !!
I had a little trouble with this one which I have reported to you.
Its looking very good though !
Posts: 6
Threads: 0
Joined: Nov 2011
Post updated, now it should work.
That was a silly bug I got rid after a second of testing, but for some reasons it was present in the version I posted... This is strange... maybe I pressed Ctrl+Z (which on Kate stands for "Undo") before posting...
By the way, I think this is ok now.
Posts: 5,185
Threads: 230
Joined: Apr 2010
@ Hash-IT : can you please update wpa/wpa2 wiki page and add some reference to this post?
Posts: 723
Threads: 85
Joined: Apr 2011
(11-16-2011, 12:29 PM)atom Wrote: @ Hash-IT : can you please update wpa/wpa2 wiki page and add some reference to this post?
I would love to, its a great script !
I think SmilingWolf indicated that he is still working on it, its probably going to be the most over the top script !! Ha ha !
Do you mind if I wait until its completely finished ? I just would rather people downloaded the fully finished version than all the ones in-between.
I'll do it now though if you would prefer.
Posts: 18
Threads: 4
Joined: Sep 2011
i'm interested in how aircrack detects if the capture has a valid handshake.. i've tested some .cap files and aircrack said they contain a valid handshake and elcomsoft's wireless security auditor said the files contain no data..
since i wasn't able to find the password for those cap files, i tend to say elcomsoft is right
Posts: 19
Threads: 1
Joined: Sep 2011
Check the last part of
this and
this post on pyrit blog. The state of handshake parser in aircrack-ng is still not improved much in this part.