Wifite walkthrough part 1
This is the first article about Wifite walkthrough.
what is Wifite walkthrough?
In this series of articles, we will look at a tool called Wifite suitable for automated auditing of wireless networks. Most of you experienced in wireless pentesting would use tools like airmon-ng, aireplay-ng, airodump-ng, aircrack-ng to crack wireless networks.
This would involve a sequence of steps such as capturing a specific number of IVs in the case of WEP, capturing the WPA handshake in the case of WPA, etc., and then using aircrack-ng to crack the password needed to authenticate to the network. Wifite aims to make this process easier by using a wrapper over all these tools to crack Wifi networks very easily.
Here is the list of features of Wifite according to its official homepage.
- sorts targets by signal strength (in dB); the closest access points are cracked first
- automatically de-authenticates hidden network clients to reveal the SSID
- numerous filters that specify exactly what to attack (wep/wpa/both, above a certain signal strength, channels, etc.)
- customizable settings (timeouts, packets/s, etc.)
- “anonymous” function; it changes the MAC to a random address before the attack and changes back after the attacks are complete
- all captured WPA handshakes are backed up to the current wifite.py directory
- intelligent WPA deauthentication; cycles between all clients and broadcast deauths
- stop any attack with Ctrl+C with options to continue, move to next target, skip to cracking or quit
- show session summary on exit; shows all cracked keys
- all passwords saved in cracked.txt
- built-in updater: ./wifite.py -upgrade
Before we start using wifite, make sure you have the right wireless card that supports packet embedding. If you don’t have one, I recommend purchasing this card.
Note that there is a bug in Wifite that may or may not be in your particular version of Wifite. The error basically makes aireplay-ng not work properly and shows an error like aireplay-ng terminated unexpectedly. To fix this, you will need to make some minor modifications to the wifite code. You can install gedit (apt-get install gedit), which is a text editor, and then edit the wifite python script (located in /usr/bin/wifite) using the steps here. Use gedit /usr/bin/wifite to open wifite. This will open the wifite source code. Then replace each occurrence of cmd = [‘aireplay-ng’, cmd = [‘aireplay-ng’,’–ignore-negative-one’,
Wifite can be found under Applications -> Kali Linux -> Wireless Attacks -> 802.11 Wireless Tools. Also note that if you are using wifite on a VM other than Kali Linux, you need to make sure that tools like airmon-ng, aireplay-ng, airodump-ng, aircrack-ng are already installed on that system. This is because Wifite is nothing more than a wrapper for all these tools. Before we even start using Wifite, it is better to update to the latest version.
In my case, i already have the latest version. In this tutorial, we will be targeting a simple Wifi network with WEP encryption. Just using the command wifite -h will give you a list of all the commands.
A very tempting option would be -all, which will try to attack every network it finds. We will try this in the next articles in this series. But first, let’s look at all the goals we have. To do this, use the wifite -showb command.
Once this is done, we can see that wifite has put our NIC into monitoring mode (using airmon-ng) and started looking for clients. After a few seconds, a list of access points will start to appear.
Note that as stated in its list of features (it automatically de-authenticates hidden network clients to reveal the SSID), this list will also include hidden access points. Therefore, wifite can also be used to find hidden access points. In this case, we will attack an access point with BSSID 00:26:75:02:EF:65, which I set up for testing purposes. The access point has a simple WEP password of 1234567890.
Press Ctrl+C to start attacking the access point. Wifite will now ask you to select a destination number from a list. The target number for my testnet is 1, so let me enter that. Note that if you press Ctrl+C again, Wifite will exit.
You can now see that Wifite will start trying to crack the WEP access point using various known techniques to crack WEP encryption. After several failed attempts, he finally started attacking access points using various techniques to crack WEP.
Once enough IV’s are being captured, it will automatically start cracking the password.
As we can see, Wifite has successfully figured out the WEP key for the access point. Wifite is an extremely useful tool for cracking wireless networks. As I mentioned earlier you need to have all tools like airmon-ng, aireplay-ng, airodump-ng, aircrack-ng installed on your system. To prove this further, let’s dive into Wifite’s source code.
As we can see, the python code has mentions of calling aireplay-ng. Hence, it is recommended to run Wifite inside Kali linux.
In the next article, we will look at some advanced usage options of Wifite.
