Wifite is a Linux platform tool (available on
Kali, Backtrack 5, BlackBuntu, BackBox and Pentoo Operating Systems) which is
used to attack multiple encrypted networks (WEP, WPA/2 and WPS) in a row. This
tool is customized to be automated with only a few arguments. Wifite aims to be the “set
it and forget it” wireless auditing tool. In this tutorial we’ll be
using Wifite only to Hack WiFi password of
WEP, WPA/2 and WPS Secured Networks.
More wifite Help (source code): https://github.com/derv82/wifite
Types Of Encryption :
WEP, WPA/WPA2 & WPS are different
security technologies used to protect WiFi from unauthorized access.
WEP stands for Wired
Equivalent Privacy,
WPA stands for Wi-Fi Protected Access &
WPS stands for Wi-Fi Protected Setup.
WPA stands for Wi-Fi Protected Access &
WPS stands for Wi-Fi Protected Setup.
In this
tutorial I’m going to demonstrate you – how to Hack WiFi password using Wifite.
We’ll be hacking WEP, WPA, WPA2 (Same as WPA cracking) & WPS enabled WiFi
using Wifite.
Things We Need :
External WiFi Adapter or inbuilt WiFi Device.
TIME NEEDED – To
Hack WiFi’s Passwords :
Wifite is an
awesome automated tool, very efficient and just asks you to choose your
target. Of course, advance users can play with different switches and
commands to can customize it according to their needs.
WEP – Usually less than 10 Minutes (2 min.
in our case) – 99.9% Chances.
WPA or WPA2 – Usually few seconds to Never – 20% Chances.
WPS Enabled WPA/2 – Usually few hours (2 to 12 hours) – 50% Chances.
WPA or WPA2 – Usually few seconds to Never – 20% Chances.
WPS Enabled WPA/2 – Usually few hours (2 to 12 hours) – 50% Chances.
Factors Affecting our Hacking
Process:
Increase in distance between hacker and target decreases the process speed.
Increase in Traffic and no. of Users on target WiFi network increases process speed).
Poor wireless adapter decreases the WiFi cracking process speed (Generally speaking).
Large number of WiFi networks around you (usually on same channels) decreases speed.
Increase in distance between hacker and target decreases the process speed.
Increase in Traffic and no. of Users on target WiFi network increases process speed).
Poor wireless adapter decreases the WiFi cracking process speed (Generally speaking).
Large number of WiFi networks around you (usually on same channels) decreases speed.
Tutorial: Let’s Hack WiFi
Passwords with Wifite:
Ready to Hack WiFi Password? First Go to Application > Kali
Linux > Wireless Attacks > 802.11 wireless tools > Wifite; or simply
type wifite in Terminal. Now you can see List of
Available WiFi Access Points. (you must be root).
Now
wait for few seconds or a couple of minutes, you’ll see all nearby WiFi Listed.
You’ll notice three types of WiFi’s i.e. WEP, WPA/WPA2 (with and
without WPS enabled). We’ll hack each one of them.
Let’s begin
with WEP cracking and then we’ll move to WPA/WPA2 and finally to WPS
enabled WPA/WPA2.
* Choosing a WiFi with good
signal strength and having client(s) associated with that AP (Access Point)
will be the best deal otherwise get ready for frustration!
How to Hack WiFi Password –
WEP?
You don’t have to do anything when you
have Wifite. Just choose the appropriate target
NUM (1,2,3,..,n) to crack it. There are currently 5 attacks available
for cracking WEP key that ensures almost 100% chances of getting
the WEP WiFi password.
It shouldn’t
take more than 10 minutes for an attack to be completed. If one WEP Wifi attack
fails, the other will be automatically come into action (for next 10
minutes).
In the image below, I’ll choose NUM 2 Wifi which is WEP and have
clients, although signal is quiet low. After selecting “2” the WEP WiFi got
cracked in just 2 minutes. That’s simply Amazing!
The WEP Key is a Hexadecimal
representation of WEP WiFi’s password. You can simply use the WEP Key
as the WiFi password. You can also convert it into human readable
form (actual password) using any free online Hex-to-ASCII converter.
Cracking WPS WiFi Password
Just like above WEP WiFi
password hacking,
you don’t have to do anything much. Just choose your target (WPS enabled) and
see the magic. As mentioned it might take few minutes to some hours depending on router you are
attacking. So, be patient when you’ll try to Hack WiFi Password of WPS
enabled WPA/WPA2 Network!
Trouble shooting: Some routers will block you from
brute-forcing (pin attack) and Wifite will display “WARNING: Detected AP rate
limiting, waiting 60 seconds before re-checking”, at that time
you might be out of luck and have to tweak Wifite with some customizing
commands. Many tweaks are available online, just Google for it.
(Hint:
Spoofing MAC identical to an associated client or using
delayed PIN attack –d 60 might help!)
NOTE: Wifite internally uses reaver (a WPS
only WiFi password hacking software) to accomplish above WPS cracking
task. As far as I know Wifite don’t provide reaver’s feature of saving current
progress (no pause option). That means if Wifite fails with WPS, you have to
start again but with reaver you can save you progress automatically and resume
WPS cracking next day or next week .
How to Hack WPA/WPA2 WiFi Password?
Now again, following the
above fashion, you don’t have to do anything. Just choose your
WPA/WPA2 target and see the miracle. As mentioned it might take few minutes to Never depending on WiFi’s password strength. The
stronger the password, the difficult will the password hacking process.
Handshake is a file that is captured when router
(WiFi Access Point) and client(s) (laptop, mobile or other WiFi enabled
devices) communicate to authenticate each other. Handshake file contains
password but in encrypted form. We will try different password combination
on the encrypted password to get the original password (known as
brute forcing). Brute-forcing is done offline and handshake can be easily
captured in less than 2 minutes.
A dictionary file is a file that usually contains all known words from different dictionaries (English
or other languages) and other sources. These words or phrases can be a
WiFi password. Usually most dictionaries contains few thousands to billions
of passwords.
A password
file may contains all possible words created using combination of different
character and numbers (even special symbols) in a file that becomes very huge
and needs lot of computational/cracking power.
Hint: You can use rockyou.txt, darkcode.lst
or crackstation dictionaries-password files.
The
above command will crack the saved handshake (TEST_C0-A0-BB-04-5C-A9.cap) using
a password file (rockyou.txt) that is saved by me at /root/DICTIONARY/.
The
above WPA2 Got cracked easily because password was easy, but if you’re dealing
with strong password you may have to wait for hours, days or months to
crack it. The truth is that even after trying for months you may fail to
recover strong WiFi passwords.
How to Protect your WiFi from
getting Hacked?
From the above
demonstration it’s understood that WiFi’s password hacking process is very
easy. You should now focus on tightening your WiFi security (instead
of going to jail for any hacking act). I hope this articles makes average
Internet user aware about information security and WiFi hacking. Following are
some tips you can implement for WiFi security.
·
Change
WiFi security from WEP to WPA/WPA2. WEP is now depreciated security
protection.
·
Don’t
enable WPS as it has lots of vulnerabilities. Google for WPS CVE
(Common Vulnerabilities and Exposures).
·
Change
your WiFi password periodically so that in case someone gets hands on your WiFi
password, he/she shouldn’t be able to enjoy your free Internet for long .
·
Finally,
try to hack your own WiFi Password (as shown in this article) then try to
upgrade your security. then repeat the WiFi auditing
process and confirm your security gain.
No comments:
Post a Comment