Tuesday, 22 March 2016

Wifite - Crack WEP, WPS, WPA/WPA2

Wifite is a Linux platform tool (available on Kali, Backtrack 5, BlackBuntu, BackBox and Pentoo Operating Systems) which is used to attack multiple encrypted networks (WEP, WPA/2 and WPS) in a row. This tool is customized to be automated with only a few arguments. Wifite aims to be the “set it and forget it” wireless auditing tool. In this tutorial we’ll be using Wifite only to Hack WiFi password of WEP, WPA/2 and WPS Secured Networks.

More wifite Help (source code): https://github.com/derv82/wifite

Types Of Encryption : 

WEP, WPA/WPA2 & WPS are different security technologies used to protect WiFi from unauthorized access.

WEP stands for Wired Equivalent Privacy,
WPA stands for Wi-Fi Protected Access &
WPS stands for Wi-Fi Protected Setup.

In this tutorial I’m going to demonstrate you – how to Hack WiFi password using Wifite. We’ll be hacking WEP, WPA, WPA2 (Same as WPA cracking) & WPS enabled WiFi using Wifite.

Things We Need :

 Kali Linux OS (includes aircrack-ng suite and wifite tool).
  External WiFi Adapter or inbuilt WiFi Device.

TIME NEEDED – To Hack WiFi’s Passwords :

Wifite is an awesome automated tool, very efficient and just asks you to choose your target. Of course, advance users can play with different switches and commands to can customize it according to their needs.
WEP – Usually less than 10 Minutes (2 min. in our case) – 99.9% Chances.
WPA or WPA2 – Usually few seconds to Never – 20% Chances.
WPS Enabled WPA/2 – Usually few hours (2 to 12 hours) – 50% Chances.

Factors Affecting our Hacking Process:

Increase in distance between hacker and target decreases the process speed.

Increase in Traffic and no. of Users on target WiFi network increases process speed).
Poor wireless adapter decreases the WiFi cracking process speed (Generally speaking).
 Large number of WiFi networks around you (usually on same channels) decreases speed.

Tutorial: Let’s Hack WiFi Passwords with Wifite:

Ready to Hack WiFi Password? First Go to Application > Kali Linux > Wireless Attacks > 802.11 wireless tools > Wifite; or simply type wifite in Terminal. Now you can see List of Available WiFi Access Points. (you must be root).

Now wait for few seconds or a couple of minutes, you’ll see all nearby WiFi Listed. You’ll  notice three types of WiFi’s i.e. WEP, WPA/WPA2 (with and without WPS enabled). We’ll hack each one of them.
Let’s begin with WEP cracking and then we’ll move to WPA/WPA2 and finally to WPS enabled WPA/WPA2.
* Choosing a WiFi with good signal strength and having client(s) associated with that AP (Access Point) will be the best deal otherwise get ready for frustration!

How to Hack WiFi Password – WEP?

You don’t have to do anything when you have Wifite. Just choose the appropriate target NUM (1,2,3,..,n) to crack it. There are currently 5 attacks available for cracking WEP key that ensures almost 100% chances of getting the WEP WiFi password.
It shouldn’t take more than 10 minutes for an attack to be completed. If one WEP Wifi attack fails, the other will be automatically come into action (for next 10 minutes).
In the image below, I’ll choose NUM 2 Wifi which is WEP and have clients, although signal is quiet low. After selecting “2” the WEP WiFi got cracked in just 2 minutes. That’s simply Amazing!

The WEP Key is a Hexadecimal representation of WEP WiFi’s password. You can simply use the WEP Key as the WiFi password. You can also convert it into human readable form (actual password) using any free online Hex-to-ASCII converter.

Cracking WPS WiFi Password

Just like above WEP WiFi password hacking, you don’t have to do anything much. Just choose your target (WPS enabled) and see the magic. As mentioned it might take few minutes to some hours depending on router you are attacking. So, be patient when you’ll try to Hack WiFi Password of WPS enabled WPA/WPA2 Network!

Trouble shooting: Some routers will block you from brute-forcing (pin attack) and Wifite will display “WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking”, at that time you might be out of luck and have to tweak Wifite with some customizing commands. Many tweaks are available online, just Google for it.
(Hint: Spoofing MAC identical to an associated client or using delayed PIN attack –d 60 might help!)
NOTE: Wifite internally uses reaver (a WPS only WiFi password hacking software) to accomplish above WPS cracking task. As far as I know Wifite don’t provide reaver’s feature of saving current progress (no pause option). That means if Wifite fails with WPS, you have to start again but with reaver you can save you progress automatically and resume WPS cracking next day or next week .

How to Hack WPA/WPA2 WiFi Password?

Now again, following the above fashion, you don’t have to do anything. Just choose your WPA/WPA2 target and see the miracle. As mentioned it might take few minutes to Never depending on WiFi’s password strength. The stronger the password, the difficult will the password hacking process.
Handshake is a file that is captured when router (WiFi Access Point) and client(s) (laptop, mobile or other WiFi enabled devices) communicate to authenticate each other. Handshake file contains password but in encrypted form. We will try different password combination on the encrypted password to get the original password (known as brute forcing). Brute-forcing is done offline and handshake can be easily captured in less than 2 minutes.
A dictionary file is a file that usually contains all known words from different dictionaries (English or other languages) and other sources. These words or phrases can be a WiFi password. Usually most dictionaries contains few thousands to billions of passwords.
A password file may contains all possible words created using combination of different character and numbers (even special symbols) in a file that becomes very huge and needs lot of computational/cracking power.
Hint: You can use rockyou.txt, darkcode.lst or crackstation dictionaries-password files.

The above command will crack the saved handshake (TEST_C0-A0-BB-04-5C-A9.cap) using a password file (rockyou.txt) that is saved by me at /root/DICTIONARY/.

The above WPA2 Got cracked easily because password was easy, but if you’re dealing with strong password you may have to wait for hours, days or months to crack it. The truth is that even after trying for months you may fail to recover strong WiFi passwords.

How to Protect your WiFi from getting Hacked?

From the above demonstration it’s understood that WiFi’s password hacking process is very easy. You should now focus on tightening your WiFi security (instead of going to jail for any hacking act). I hope this articles makes average Internet user aware about information security and WiFi hacking. Following are some tips you can implement for WiFi security.
·         Change WiFi security from WEP to WPA/WPA2. WEP is now depreciated security protection.
·         Don’t enable WPS as it has lots of vulnerabilities. Google for WPS CVE (Common Vulnerabilities and Exposures).
·         Change your WiFi password periodically so that in case someone gets hands on your WiFi password, he/she shouldn’t be able to enjoy your free Internet for long .
·         Finally, try to hack your own WiFi Password (as shown in this article) then try to upgrade your security. then repeat the WiFi auditing process and confirm your security gain.

No comments:

Post a Comment