Tuesday, 6 December 2016

WPA/WPA2 Wi-Fi testing with Wifite in Kali Linux

This tutorial shows you how to hack WPA/WPA2 Wi-Fi in Kali Linux using Wifite - 

Steps - 

Get your Dictionary File ready - 

First, we're gonna need a dictionary, to perform the dictionary attack. If the n/w you're testing has WPS, you may attempt to get the password quick.

In Kali Linux, you have a nice wordlist that comes within your installation or live USB. It's located in /usr/share/wordlists, but it comes compressed in .gz format.

To get ready just type in - 

gzip -d /usr/share/wordlists/rockyou.txt.gz

And within seconds...extracted and ready .

Backtrack has them located in /pentest/passwords/wordlists. It has one that's called darkc0de.lst along with the rockyou.txt one.

You can use them simply copying one of this after the '-dict' option.


For any other distros, search for "download wordlist rockyou" or "download wordlist darkc0de", or just "download wordlist" in DuckDuckGo. It gives more precise results than Google for this kind of stuff.

Launch Wifite

To launch Wifite, you must be running with root permissions.

In a live Kali boot, you are logged on by default with the root user. If you let it running for a while (while cracking with the dictionary, pressumably) and it asks for a password to return to the session, it's 'toor' (root backwards).

Same for BackTrack (confirmation needed), and for other distros you can gain root access by typing "su" or "sudo su" and entering the password. The first command requires you to know root's password, and the second your current account's and it must have root privileges.

Okay, you just want the command? Here it is!

wifite -mac -aircrack -dict /usr/share/wordlists/rockyou.txt

-mac | Anonymizes your MAC Address by randomizing it (it mustn't be set to monitor mode, or this command won't work).

-aircrack | Tells Wifite we'll be doing an Aircrack only attack.

-dict | Select a dictionary to use for cracking the password after capturing the handshake, otherwise you'll get the '.cap' file and Wifite will terminate.

I have it located in a different folder because I'm not running Kali, but it's pretty much the same.

Select Your Wireless Adapter and Your Target

If you have a laptop, you'll probably have to choose which adapter to use, if you have an external USB adapter. Please note that you'll need a compatible adapter that's able to inject packets and enter into promiscuous mode (monitor mode), or this won't work.

If you want the list of compatible adapters - You may get that here 

If prompted, we select our adapter choosing the number Wifite has assigned it. In my case, I'll type '1', because that's mine. One good indicator for knowing which one it is, is reading that name to the left of phy. For example, I have one that says 'usb' in it, and one that doesn't. And yep, I have it plugged to USB, so that one's it.

Now we'll see a list of wireless networks, and if we let it run, it will eventually display 'client' or 'clients' at the top right of the network info, showing that it has a client (or more) connected to it.

To stop the scan, press Ctrl+C. I'll choose "Casa" (spanish for House).

Sit and Wait

If the network you're attempting to crack has WPS enabled, it'll start cracking it like that first. To stop it, just press Ctrl+C

Now it will attempt to capture the handshake for a few minutes.

If no clients are connected, it'll send a general deauth to the wireless adapter, so that clients may show up.

If it detects a client connected to the network, it'll tell you it's MAC Address, and proceed to send targeted deauths to that client.

When it succeeds deauthenticating a client (who has re-connect enabled by default), or a new client connects to the network, hopefully it will capture the handshake, and it'll start attempting to crack it with aircrack-ng and the dictionary file you gave it.

If the passphrase is any of the words contained in that dictionary, it'll stop and show it on screen. Otherwise, it'll run through the whole dictionary, and say it couldn't find the key. But it has a nice success rate.
I used my country in lowercase letters as the passphrase (argentina), and as it's along the first words in this dictionary, it took only one second to crack it. For you it may take over an hour or two, depending on your processing power and if the passphrase is near the beginning or the end of the list.

Wifite Succeded but Failed!

If it failed, you still get the '.cap' file (hopefully not empty).

You can use that file with the same dictionary (or others) with aircrack-ng, using this command:

aircrack-ng -w <location of dictionary> <location of your .cap file>

In Kali live, '.cap' files get saved into a folder named 'hs' of the folder you're standing.

After Wifite has ended, type:

ls ./hs

To see you '.cap' files and other files for cracking.

Thank you guys for reading this.

You may want to see my other posts - 

No comments:

Post a comment