Results 1 to 18 of 18

Thread: handshaker.sh - Automated wardriving with Android GPS tagging!

  1. #1
    Join Date
    2013-Aug
    Posts
    12

    Post handshaker.sh - Automated wardriving with Android GPS tagging!

    Hi Everyone,
    Just a quick contribution to your awesome collection of tools,

    HandShaker uses the aircrack-ng set of tools to automatically detect, deauth, capture and crack WPA/2 EAOPL handshakes:

    Download Latest Version

    HandShaker - Detect, deauth, capture and crack WPA/2 handshakes

    Code:
    	Usage: 	handshaker <Method> <Options>
    	
    	Method:
    		-a - Autobot or Wardriving mode
    		-e - Search for AP by partial unique ESSID
    		-l - Scan for APs and present a target list
    		-c - Crack handshake from pcap
    		
    	Options:
    		-i  - Wireless Interface card
    		-i2 - Second wireless card (better capture rate)
    		-b  - Use Evil twin AP to capture handshakes
    		-w  - Wordlist to use for cracking
    		-d  - Deauth this many times for each AP (default 3)
    		-p  - Only attack clients above this power level
    		-o  - Save handshakes to custom directory
    		-g  - Use android GPS to record AP location
    		-t  - Timeout to wait for GPS at startup (default 2)
    		-s  - Silent
    		-h  - This help
    			
    	Examples: 
    		 handshaker -a -i wlan0 -d 5			   ~ Autobot mode on wlan0 and deauth 5 times.
    		 handshaker -e Hub3-F -w wordlist.txt	 	   ~ Find AP like 'Hub3-F' and crack with wordlist.
    		 handshaker -l -o out/dir			   ~ List all APs and save handshakes to out/dir.
    		 handshaker -c handshake.cap -w wordlist.txt       ~ Crack handshake.cap with wordlist.

  2. #2
    Join Date
    2013-May
    Location
    indonesia
    Posts
    20
    nice automotion bro.. two thumb for you

  3. #3
    Join Date
    2013-Mar
    Posts
    75
    Nice on thanks

  4. #4
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Awesome! Can you post your install instructions? Thanks and I'll be certain to try this out with my Alfa!

  5. #5
    Join Date
    2013-Aug
    Posts
    12
    Sure you can type:

    git clone https://github.com/d4rkcat/HandShaker
    cd HandShaker
    make install

    then you can run it anywhere with: handshaker

    The script also works really well with two alpha cards give it a try

  6. #6
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Awesome! Thank you. Installing now...

  7. #7
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Question, does the Evil Twin method run the mysql and apache server automatically?

  8. #8
    Join Date
    2013-Aug
    Posts
    12
    Quote Originally Posted by soxrok2212 View Post
    Question, does the Evil Twin method run the mysql and apache server automatically?
    Actually this evil twin attack is only for getting handshakes, and it is restricted to APs that have only one encryption (TKIP or CCMP).

    APs that use mixed CCMP/TKIP encryption are not suitable to this attack, the script will actually check for you and fall back to the default attack if the AP is mixed.

  9. #9
    Join Date
    2013-Jul
    Location
    United States
    Posts
    520
    Quote Originally Posted by d4rkcat View Post
    Actually this evil twin attack is only for getting handshakes, and it is restricted to APs that have only one encryption (TKIP or CCMP).

    APs that use mixed CCMP/TKIP encryption are not suitable to this attack, the script will actually check for you and fall back to the default attack if the AP is mixed.
    Oh so it's not like the fake verizon webpage that saves it to a mysql database?

  10. #10
    Join Date
    2013-Aug
    Posts
    12
    Quote Originally Posted by soxrok2212 View Post
    Oh so it's not like the fake verizon webpage that saves it to a mysql database?
    For that attack we must get the target to connect to an unencrypted Twin AP. This is much more difficult as the client will not automatically connect to us. Only by the target clicking "connect to this insecure AP" will we get our client connected.

    There is a a great script called PwnStar by Vulpi for this kind of attack: https://github.com/SilverFoxx/PwnSTAR-dev

  11. #11
    Join Date
    2015-Oct
    Posts
    27
    When I try to run it from my Kali Rolling (Virtualbox), i got this:

    Code:
    [*] Started wlan0 monitor on enable
    [*] ERROR: wlan0 card could not be started! 
    
    [ ok ] Starting networking (via systemctl): networking.service.[*] All monitor devices have been shut down, Goodbye...
    root@Mandalor:~/HandShaker# airmon-ng
    
    PHY	Interface	Driver		Chipset
    
    phy0	wlan0mon	rt2800usb	Ralink Technology, Corp. RT2870/RT3070
    Any help? Thanks

  12. #12
    Join Date
    2016-Feb
    Posts
    19
    Me, too. Kali Rolling, not virtual box.
    [*] Started wlan1 monitor on enable
    [*] ERROR: wlan1 card could not be started!
    [*] Monitor wlan1mon: removed.

    [ ok ] Starting networking (via systemctl): networking.service.[*] All monitor devices have been shut down, Goodbye...

    root@kali:/usr/local/src/HandShaker# airmon-ng

    PHY Interface Driver Chipset

    phy0 wlan0 ath9k Qualcomm Atheros AR5418 Wireless Network Adapter [AR5008E 802.11(a)bgn] (PCI-Express) (rev 01)
    phy1 wlan1mon ath9k_htc Atheros Communications, Inc. AR9271 802.11n
    Last edited by freeroute; 2016-03-18 at 00:04.

  13. #13
    Join Date
    2016-Feb
    Posts
    6
    Quote Originally Posted by boba.fett View Post
    When I try to run it from my Kali Rolling (Virtualbox), i got this:

    Code:
    [*] Started wlan0 monitor on enable
    [*] ERROR: wlan0 card could not be started! 
    
    [ ok ] Starting networking (via systemctl): networking.service.[*] All monitor devices have been shut down, Goodbye...
    root@Mandalor:~/HandShaker# airmon-ng
    
    PHY	Interface	Driver		Chipset
    
    phy0	wlan0mon	rt2800usb	Ralink Technology, Corp. RT2870/RT3070
    Any help? Thanks
    Look how old this thread is: 2013-08-29, 07:34 PM

    It might not even work anymore.

  14. #14
    Join Date
    2013-Sep
    Posts
    264
    For curiosity i had a look and there is definitely something fishy in this script, i think it cannot handle properly airmon-ng
    No time to check too much... alternatively you can use handshaker form coeman76... i guess the name is catchy and both scripts are called the same..
    https://www.wifi-libre.com/img/membe...shakerV1_1.zip
    I updated it to be able to work with latest version of airmon-ng
    if you want to check information-changelog etc... https://www.wifi-libre.com/topic-154...-coeman76.html BUT it is in spanish.
    if i have time i will look a bit more to check. but i doubt i wil have time for that... and if the author itself does not maintain it.. I think the best is to let it go and try something else...

  15. #15
    Join Date
    2013-Mar
    Location
    milano
    Posts
    301
    Quote Originally Posted by kcdtv View Post
    For curiosity i had a look and there is definitely something fishy in this script, i think it cannot handle properly airmon-ng
    No time to check too much... alternatively you can use handshaker form coeman76... i guess the name is catchy and both scripts are called the same..
    https://www.wifi-libre.com/img/membe...shakerV1_1.zip
    I updated it to be able to work with latest version of airmon-ng
    if you want to check information-changelog etc... https://www.wifi-libre.com/topic-154...-coeman76.html BUT it is in spanish.
    if i have time i will look a bit more to check. but i doubt i wil have time for that... and if the author itself does not maintain it.. I think the best is to let it go and try something else...
    hi kcdtv :-)
    thanks for share!!!i'm testing now on 2016.1 release.....working PERFECT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!
    thanks again!!!!
    I'm a g0at

  16. #16
    Join Date
    2013-Sep
    Posts
    264
    It is a pretty nice scripts... It has some minor bugs, like it switches the color in your shell when you close it and some little stuffs like that. The author stopped to develop it and i just changed the function to have it "compatible" with the latest aircrack-ng version.
    It has some imperfections but overall it does the job very smoothly and it is very efficient with the combo attack " airebase-ng + mdk3" or "airebase-ng + aireplay-ng "
    Glad that you like it.

  17. #17
    Join Date
    2015-Jul
    Posts
    32
    There seems to be something wrong with the script.. it doesn't seem to realize it started monitor mode on my card and then it doesn't properly stop it either:
    $ airmon-ng
    phy0 wlan0 rtl8723be Realtek Semiconductor Co., Ltd. RTL8723BE PCIe Wireless Network Adapter
    phy63 wlan3 ath9k_htc Atheros Communications, Inc. AR9271 802.11n

    root@atreyu:~# handshaker -a -i wlan0
    NNNNDND88O~~~~~~~~~~~~~~~~~~=~~==~~===~=========== ==+====+==++==++:ZOOO?8D8O.OOO
    DNDDDDD8DDD8O=~~~~~~~~~~~~~~~~~~~~=~~~~~~========= ==========?+..Z,
    NND88D8NDDDDO888Z~~~~~~~~~~~~~~~~~~~~~~~==~~=~~==~ =======,,Z8DD8D8DNNND8ZOONNND?
    MND8NNNDDN8DD8O8O8OZ~~~~~~~~~~~~~~~~~~7Z0I?+====~~ ~===?,,:8DZOO+IDNNNDDDI+77+~7
    NNDMNNNDDNNDNNNNN8D8OZ~~~~~~~~:~~~~7$:::~~~=~:++++ +++I?7::~?DND8+ONNNNND888DN8DZ
    NNNNMNMDNNNMDNNDDNDD.....::~~:~=IZ=++?+=?I?I+~~=+? ??77:~I8OZ8D?~.:=888DZZN
    NNMNMNNNNMDN8NNDNDD....:===~~7=~==++==+II770+=::7I +II?7Z:~+N7Z~,
    MNNNMNMNNNDNMDNDND,:..,=+++?+III?+==~+7O27514ONNI? +~~7+?I7~:=?788Z8Z...
    MNNNNNNNDNNNNNDNN~,,,,+++II7275147?+==+8Z?7+?I?I27 5147::+8~..?N8D$+88O8D~O
    NMMMNDNNNNDNNNNN,,:,,+??I77I77?I?I8OZZII+?IIII+??I ??II???O8:~+ZZDND.7O?MN?
    NNNNNNNNDNDMNDN,,,,,++?IIII7III8OOZZIIII??7$+?+?I? I+?Z7,::~.:MNNOO8MO8D
    NMMNNNNNNNNMNMN::.,+++II777I7ODOOOZI27514OZZ??II=? II???+++??+?::::=NDO,~Z.O
    NNNNNNNNNNNNNNMM,,,,,,:I77DOZZ0++??I?????++++::::: :8ND+Z8DDZ:Z?Z+?~
    DNNNNNNNNNNNNMM,,,,,,,,,,?ZO8OI?NMD88Z7??7IIIII?I+ +=:,::::::ODOIIZ==I~~~~~~
    ,,8NNNNDNDNNNN~,,,,,,,,,,,8OOZII?II=:~:?+,7=,,,,:, ::::~+7I:::::~:~~~
    ,,,,,8NNMNNDN,,,,,,,,,,,,:?~+?88D27514IIDD88+,~8?~ :=:~,,,,,,,,,,,,:::::::::::~::~
    ,,,,,,,,8DND,,,,,,,,,,,,,,=~,,,I8Z?DO8D=~:~=7+=~,, ,,,,,,,,,,,,,,::::::::::::
    ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,?I?8OZ77ZO=I?==~~~ ,,,,,,,,,,,,,,,,,,,,,:::::::::
    ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,?8OO+=~=~~~.,, ,,,,,,,,,,,,,,,,,,,,::::::::
    ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,..,.,+II?.=~,,,,, ,,,,,,,,,,,,,,,,,,,,,,,,,,:,::
    _ _ _ _____ _ _
    | | | | | | / ____|| | | |
    | |__| | __ _ _ __ __| || (___ | |__ __ _ | | __ ___ _ __
    | __ | / _ || _ \ / _ | \___ \ | _ \ / _ || |/ // _ \| __|
    | | | || (_| || | | || (_| | ____) || | | || (_| || <| __/| |
    |_| |_| \__ _||_| |_| \__ _||_____/ |_| |_| \__ _||_|\_\___| |_|

    By d4rkcat..


    [*] Started wlan0 monitor on enable
    [*] ERROR: wlan0 card could not be started!
    [*] Monitor wlan0mon: removed.

    [ ok ] Starting networking (via systemctl): networking.service.[*] All monitor devices have been shut down, Goodbye...
    root@atreyu:~# airmon-ng

    PHY Interface Driver Chipset

    phy0 wlan0mon rtl8723be Realtek Semiconductor Co., Ltd. RTL8723BE PCIe Wireless Network Adapter
    phy63 wlan3 ath9k_htc Atheros Communications, Inc. AR9271 802.11n

    root@atreyu:~#

  18. #18
    Join Date
    2013-Sep
    Posts
    264
    error is here:
    Code:
    Started wlan0 monitor on enable
    debugging the script (launch it with -x tag) you can see that MON1 (in my case) was not properly defined
    Code:
    MON1=enable
    this part is not working with actual airmon-ng stdout
    Code:
    		echo $GRN;MON1=$(airmon-ng start $NIC | grep monitor | cut -d ' ' -f 5 | head -c -2);echo "[*] Started $NIC monitor on $MON1"
    	else
    		echo $GRN;MON1=$(airmon-ng start $NIC 1 | grep monitor | cut -d ' ' -f 5 | head -c -2);echo "[*] Started $NIC monitor on $MON1"
    I can see that there are other stuffs that won't go right so modifying the script is not an option for me. If you have time you can play with it but... might be easier to start form the scratch...

Similar Threads

  1. Wardriving for all devices mac ?
    By adrianTNT in forum General Archive
    Replies: 1
    Last Post: 2016-11-28, 12:41
  2. Automated install/preseeding not working with 1.1.0
    By prateep in forum Installing Archive
    Replies: 2
    Last Post: 2015-09-16, 23:45
  3. Double tagging vlan attack agains Procurve Switches
    By t0or in forum General Archive
    Replies: 0
    Last Post: 2013-07-12, 14:53
  4. Suggestions for Wardriving
    By asterixthc in forum General Archive
    Replies: 0
    Last Post: 2013-05-29, 18:31

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •