Cybersecurity Technology

Wifite – Automate and speed up Wi-Fi Hacking with Wifite2

9 months ago
112 Views
45 Min Read
wifite
FacebookTwitterPinterestLinkedInRedditEmailWhatsApp

Automate Wi-Fi Hacking with Wifite2

wifite

There are many ways to attack a Wi-Fi network. The type of encryption, manufacturer settings, and the number of clients connected all dictate how easy a target is to attack and what method would work best. Wifite2 is a powerful tool that automates Wi-Fi hacking, allowing you to select targets in range and let the script choose the best strategy for each network.

Wifite2 vs. Wifite

Wifite has been around for some time and was one of the first Wi-Fi hacking tools I was introduced to. Along with Besside-ng, automated Wi-Fi hacking scripts enabled even script kiddies to have a significant effect without knowing much about the way the script worked. Compared to Besside-ng, the original Wifite was very thorough in using all available tools to attack a network, but it could also be very slow.

One of the best features of the original Wifite was the fact that it performed a Wi-Fi site survey before attacking nearby networks, allowing a hacker to easily designate one, some, or all nearby networks as targets. By laying out available targets in an easy to understand format, even a beginner could understand what attacks might work best against nearby networks.

The original Wifite would automatically attack WPA networks by attempting to capture a handshake or by using the Reaver tool to brute-force the WPS setup PIN of nearby networks. While this method was effective, it could prove to take 8 hours or more to complete.

The updated WiFite2 is much faster, churning through attacks in less time and relying on more refined tactics than the previous version. Because of this, Wifite2 is a more serious and powerful Wi-Fi hacking tool than the original Wifite.

Attack Flow for Wi-Fi Hacking

Wifite2 follows a simple but effective workflow for hacking nearby networks as rapidly as possible. To do so, it pushes each tactic it tries to the practical limit, even going to far as to try to crack any handshakes it retrieves.

In the first step, Wifite2 scans across all channels looking for any network in range. It ranks these networks it discovers by signal strength, as a network being detected does not ensure you can reliably communicate with it.

Organized from strongest to weakest signal strength, the reconnaissance phase involves gathering information about what networks are around and which hacking techniques they might be vulnerable to. Because of the way Wifite2 is organized, it’s easy to add a directional Wi-Fi antenna to use Wifite2 to locate the source of any nearby Wi-Fi network while performing a site survey.

After the site survey is complete, any targets displayed will show whether there are clients connected, whether the network advertises WPS, and what kind of encryption the network is using. Based on this, an attacker can select any target, a group of targets or all targets to begin an attack based on the information gathered.

Wifite2 will progress through the target list starting with the fastest and easiest attacks, like WPS-Pixie, which can result in a password being breached in seconds, on to less sure tactics like checking for weak passwords with a dictionary attack. If an attack fails or takes too long, Wifite2 will move on to the next applicable attack without wasting hours like its predecessor was prone to doing.

What You’ll Need

To get started, you’ll need a Wi-Fi network adapter you can put into wireless monitor mode. This means selecting one that is compatible with Kali Linux, which we have several excellent guides on doing.

Wifite2 is installed by default on Kali Linux, so I recommend you either use Kali in a virtual machine or dual-booted on a laptop. You can use Wifite2 on other Linux systems, but I won’t go through the installation as this guide assumes you’re using Kali Linux.

Step 1Install Wifite2

If you don’t have Wifite2 installed on your system already, you can do so from the GitHub repository. First, you can clone the repository by opening a terminal window and typing the following commands.

git clone https://github.com/derv82/wifite2.git
cd wifite2
sudo python setup.py install

This should download and install Wifite2 on your system. To test if it worked, you can type wifite -h to see information about the version installed.

wifite -h

  .               .
.´  ·  .     .  ·  `.  wifite 2.1.6
:  :  :  (¯)  :  :  :  automated wireless auditor
`.  ·  ` /¯\ ´  ·  .´  https://github.com/derv82/wifite2
  `     /¯¯¯\     ´

optional arguments:
  -h, --help           show this help message and exit

SETTINGS:
  -v, --verbose        Shows more options (-h -v). Prints commands and outputs. (default: quiet)
  -i [interface]       Wireless interface to use (default: choose first or ask)
  -c [channel]         Wireless channel to scan (default: all channels)
  -mac, --random-mac   Randomize wireless card MAC address (default: off)
  -p [scantime]        Pillage: Attack all targets after scantime seconds
  --kill               Kill processes that conflict with Airmon/Airodump (default: off)
  --clients-only, -co  Only show targets that have associated clients (default: off)
  --nodeauths          Passive mode: Never deauthenticates clients (default: deauth targets)

WEP:
  --wep                Filter to display only WEP-encrypted networks (default: off)
  --require-fakeauth   Fails attacks if fake-auth fails (default: off)
  --keep-ivs           Retain .IVS files and reuse when cracking (default: off)

WPA:
  --wpa                Filter to display only WPA-encrypted networks (includes WPS)
  --new-hs             Captures new handshakes, ignores existing handshakes in ./hs (default: off)
  --dict [file]        File containing passwords for cracking (default: /usr/share/wordlists/fern-wifi/common.txt)

WPS:
  --wps                Filter to display only WPS-enabled networks
  --bully              Use bully instead of reaver for WPS attacks (default: reaver)
  --no-wps             NEVER use WPS attacks (Pixie-Dust) on non-WEP networks (default: off)
  --wps-only           ALWAYS use WPS attacks (Pixie-Dust) on non-WEP networks (default: off)

EVIL TWIN:
  -ev, --eviltwin      Use the "Evil Twin" attack against all targets (default: off)

COMMANDS:
  --cracked            Display previously-cracked access points
  --check [file]       Check a .cap file (or all hs/*.cap files) for WPA handshakes
  --crack              Show commands to crack a captured handshake

Step 2Plug in Your Wi-Fi Card

With Wifite2 installed on your system, you’ll need to plug in your Kali Linux-compatible wireless network adapter. Wifite2 takes care of not only auto-selecting a wireless network adapter to use but also puts that wireless card into monitor mode for you, meaning you don’t need to do anything after plugging in the adapter.

Step 3Set Flags & Find a Target

If we know what channel we’re attacking on, we can select it by adding the -c command followed by the channel number. Other than that, running Wifite2 is as simple as typing wifite and letting the script gather information.

wifite -c 11

  .               .
.´  ·  .     .  ·  `.  wifite 2.1.6
:  :  :  (¯)  :  :  :  automated wireless auditor
`.  ·  ` /¯\ ´  ·  .´  https://github.com/derv82/wifite2
  `     /¯¯¯\     ´

 [+] option: scanning for targets on channel 11
 [!] conflicting process: NetworkManager (PID 464)
 [!] conflicting process: wpa_supplicant (PID 729)
 [!] conflicting process: dhclient (PID 13595)
 [!] if you have problems: kill -9 PID or re-run wifite with --kill)

 [+] looking for wireless interfaces

    Interface   PHY   Driver              Chipset
-----------------------------------------------------------------------
 1. wlan0       phy3  ath9k_htc           Atheros Communications, Inc. AR9271 802.11n

 [+] enabling monitor mode on wlan0... enabled wlan0mon

   NUM                      ESSID   CH  ENCR  POWER  WPS?  CLIENT
   ---  -------------------------  ---  ----  -----  ----  ------
     1              Suicidegirls    11   WPA   48db    no
     2      Bourgeois Pig Guest     11   WPA   45db    no
     3                     BPnet    11   WPA   42db    no
     4      DirtyLittleBirdyFeet    11   WPA   32db    no    5
     5                ATT73qDwuI    11   WPA   32db   yes
     6               SpanishWiFi    11   WPA   24db    no
     7            Franklin Lower    11   WPA   20db    no    3
     8                     Sonos    11   WPA   11db    no
     9            Villa Carlotta    11   WPA   11db    no
    10                     Sonos    11   WPA   10db    no
 [+] select target(s) (1-10) separated by commas, dashes or all:

Here, we executed a scan on channel 11 and found 10 different targets. Of those targets, two have clients connected, one has WPS enabled, and all are using WPA security.

 

Step 4Examine the Site Survey & Choose Targets

From our test survey, we can see that target number 5 may present the best target. While the signal strength isn’t the best, and there aren’t any clients connected, we can probably get a handshake with the new PMKID attack even if no one is connected.

If we’re looking for weak passwords, the first three networks have the strongest signal strength, while targets 4 and 7 have the best chance of scoring a quick four-way handshake to try brute-forcing later. If we’re targeting a particular network, now is when we can select it. If we want to pick the most likely networks, we might select targets 4, 5, and 7 for the likelihood of a fast handshake being captured and cracked, if the WPS PIN isn’t cracked first.

I

Tags
FacebookTwitterPinterestLinkedInRedditEmailWhatsApp

About the author

View All Posts

superadmin

Add Comment

Click here to post a comment

Sponsored Hosting