-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathwep_attack
More file actions
executable file
·70 lines (59 loc) · 2.07 KB
/
wep_attack
File metadata and controls
executable file
·70 lines (59 loc) · 2.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#!/usr/bin/python
import socket
import time
import operator
### This script connects to the server which John Black set up for us to try to find the first 5 bytes of the "RC4 key."
w0 = 0
w1 = 0
w2 = 0
w3 = 0
w4 = 0
### The sequence of numbers based on the pattern John Vennard and I discovered by running through the KSA with pen and paper at 8pm at Jake's while drinking Dale's Pale Ale:
seq = [6,10,15,21,28]
print "Initializing...\n"
for k in range(0,4):
array = [0]*256
for i in range(0,200):
### Crafting my bytes to send to server:
y = str(hex(i))[2:]
if i<16:
x_byte = "0" + y
else:
x_byte = y
whattheheckman = "0" + str(3 + k)
iv = whattheheckman + " ff " + x_byte + "\n"
he = '0x'
x = str(he) + str(x_byte)
host = '128.138.201.119'
port = 31416
s = socket.socket( socket.AF_INET, socket.SOCK_STREAM )
s.connect( (host,port) )
s.send( iv )
raw = s.recv( 4 )
rawstrip = raw.strip('\n')
### The Math:
data = ((int(rawstrip,16) ^ int(0xaa)) - (int(seq[k]) + (w0 + w1 + w2 + w3 + w4) + int(x,16)))%256
### Add instances to array:
array[data] += 1
s.close()
### Performing the frequency analysis of data for each iteration of k range. I know this could definitely be more concise.
if k == 0:
windex0, v0 = max(enumerate(array), key=operator.itemgetter(1))
w0 = (w0 + windex0)
w0char = str(hex(w0))[2:].strip('\n')
print "Found w0"
if k == 1:
windex1, v1 = max(enumerate(array), key=operator.itemgetter(1))
w1 = (w1 + windex1)
w1char = str(hex(w1))[2:].strip('\n')
print "Found w1"
if k == 2:
windex2, v2 = max(enumerate(array), key=operator.itemgetter(1))
w2 = (w2 + windex2)
w2char = str(hex(w2))[2:].strip('\n')
print "Found w2"
if k == 3:
windex3, v3 = max(enumerate(array), key=operator.itemgetter(1))
w3 = (w3 + windex3)
w3char = str(hex(w3))[2:].strip('\n')
print "Found w3\n\n" + str(w0char) + str(w1char) + " " + str(w2char) + str(w3char) + "\n"