Showing posts with label wifi hacking. Show all posts
Showing posts with label wifi hacking. Show all posts

Thursday, 28 August 2014

Hacking Wifi

Wifite : Hacking Wifi The Easiest Way : Kali Linux Tutorial


  • Securities
  • Popular Posts
  • How to insta

Wifite

While the aircrack-ng suite is a well known name in the wireless hacking , the same can't be said about Wifite. Living in the shade of the greatness of established aircrack-ng suite, Wifite has finally made a mark in a field where aircrack-ng failed. It made wifi hacking everyone's piece of cake. While all its features are not independent (eg. it hacks WPS using reaver), it does what it promises, and puts hacking on autopilot. I'm listing some features, before I tell you how to use wifite (which I don't think is necessary at all, as anyone who can understand simple English instructions given by Wifite can use it on his own).

Features Of Wifite

  • Sorts targets by signal strength (in dB); cracks closest access points first
  • Automatically de-authenticates clients of hidden networks to reveal SSIDs
  • Numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
  • Customizable settings (timeouts, packets/sec, etc)
  • "Anonymous" feature; changes MAC to a random address before attacking, then changes back when attacks are complete
  • All captured WPA handshakes are backed up to wifite.py's current directory
  • Smart WPA de-authentication; cycles between all clients and broadcast deauths
  • Stop any attack with Ctrl+C, with options to continue, move onto next target, skip to cracking, or exit
  • Displays session summary at exit; shows any cracked keys
  • All passwords saved to cracked.txt
  • Built-in updater./wifite.py -upgrade

I find it worth mentioning here, that not only does it hack wifi the easy way, it also hack in the best possible way.  For example, when you are hacking a WEP wifi using Wifite, it uses fakeauth and uses the ARP method to speed up data packets (I wrote a full length post about something which it does automatically!).

Hacking WEP network

If you've followed my previous posts on Hacking Wifi (WEP), you know there's a lot of homework you have to do before you even start hacking. But not here. With Wifite, its as easy and simple as a single command.
wifite -wep
You might even have used the command
wifite
If you see any error at this stage move to the bottom of the page for troubleshooting tips. If your issue is not listed please comment. We reply within a day.
The -wep makes it clear to wifite that you want to hack WEP wifis only. It'll scan the networks for you, and when you think it has scanned enough, you can tell it to stop by typing ctrl+c. It'll then ask you which wifi to hack. In my case, I didn't specify -wep so it shows all the wifis in range.
 You can also select all and then go take a nap (or maybe go to sleep). When you wake up, you might be hacking all the wifi passwords in front of you. I typed one and it had gathered 7000 IVs (data packets) within 5 mins. Basically you can except it to hack the wifi in 10 mins approx. Notice how it automatically did the fake auth and ARP replay.
Here are a few more screenshots of the working of Wifite, from their official website (./wifite.py is not something that should bother you. You can stick with the simple wifite. Also, specifying the channel is optional so even the -c 6 was unnecessary. Notice that instead of ARP replay, the fragmentation attack was used, using -frag) -

 Hacking WPS wasn't fast (it took hours), but it was easy and didn't require you to do anything but wait.
 Note, the limitation that many reader on my blog are beginners forbid me from introducing too many attacks. I made a tutorial about ARP replay attack, and that too was detailed as hell. However, Wifite makes it possible for you to use any method that you want to use, by just naming it. As you saw in the screenshot above, the fragmentation attack was carried out just by typing -frag. Similarly, many other attacks can be played with. A good idea would be to execute the following-
wifite -help
This will tell you about the common usage commands, which will be very useful. Here is the list of WEP commands for different attacks-
    WEP
-wep         only target WEP networks [off]
-pps <num>   set the number of packets per second to inject [600]
-wept <sec>  sec to wait for each attack, 0 implies endless [600]
-chopchop    use chopchop attack      [on]
-arpreplay   use arpreplay attack     [on]
-fragment    use fragmentation attack [on]
-caffelatte  use caffe-latte attack   [on]
-p0841       use -p0841 attack        [on]
-hirte       use hirte (cfrag) attack [on]
-nofakeauth  stop attack if fake authentication fails    [off]
-wepca <n>   start cracking when number of ivs surpass n [10000]
-wepsave     save a copy of .cap files to this directory [off]
As you can see, its the same thing as is there on the help screenshot. Play around with the attacks and see what you can do. Hacking WPA without WPS wouldn't be that easy, and while I don't usually do this, I'm providing a link to an external website for the tutorial . This is the best WPA cracking tutorial I've seen, and I can't write a better one. It's highly detailed, and I'm just hoping I don't lose my audience to that website. Here is the tutorial - Cracking Wifi WPA/WPA2 passwords using pyrit cowpatty in Kali Linux

Troubleshooting

Wifite quits unexpectedly, sating "Scanning for wireless devices. No wireless interfaces were found. You need to plug in a wifi device or install drivers. Quitting."
You are using Kali inside a virtual machine most probably. Virtual machine does not support internal wireless card. Either buy an external wireless card, or do a live boot / side boot with Windows. Anything other than Virtual machine in general.

WIFI hacking

How To Hack WPA/WPA2 Wi-Fi With Kali Linux & Aircrack-ng

          Kali Linux can be used for many things, but it probably is best known for its “ability” to hack WPA and WPA2. There are hundreds of tools for windows that claim they can hack into WPA; don’t get them! They’re just scams. There is only one real way to hack into a WPA network, and that is with a Linux-based OS, a wireless card capable of monitor mode, and aircrack-ng. Also note that, even with these tools, Wi-Fi cracking is not for beginners. Hacking it requires basic knowledge of how WPA authentication works, and moderate familiarity with Kali Linux and its tools.
These are things that you’ll need:
If you have these then roll up your sleeves and let’s get to it.
          Important notice: Hacking into anyone’s Wi-Fi without permission is considered an illegal act or crime in most countries.

Step One:
 Start Kali Linux and login, preferably as root.
Step 1
Step Two:
Plugin your injection-capable wireless adapter, (Unless your computer card supports it). If you’re using Kali in VMware, then you might have to connect the card via the imageicon in the device menu.
Step Three:
Disconnect from all wireless networks, open a Terminal, and type airmon-ng
Step 3
This will list all of the wireless cards that support monitor (not injection) mode. If no cards are listed, try disconnecting and reconnecting the card and check that it supports monitor mode. You can check if the card supports monitor mode by typing ifconfig in another terminal, if the card is listed in ifconfig, but doesn’t show up in airmon-ng, then the card doesn’t support it.
You can see here that my card supports monitor mode and that it’s listed as wlan0.
Step Four:
Type airmon-ng start followed by the interface of your wireless card. mine is wlan0, so my command would be: airmon-ng start wlan0
Step 4
The “(monitor mode enabled)” message means that the card has successfully been put into monitor mode. Note the name of the new monitor interface, mine is mon0.
Step Five:
Type airodump-ng followed by the name of the new monitor interface, which is probably mon0.
Step 5
Step Six:
Airodump will now list all of the wireless networks in your area, and lots of useful information about them. Locate your network or the network that you have permission to penetration test. Once you’ve spotted your network on the ever-populating list, hit Ctrl + C on your keyboard to stop the process. Note the channel of your target network.
step 6
Step Seven:
Copy the BSSID of the target network
Step 7
Now type this command:
airodump-ng –c [channel] –bssid [bssid] –w /root/Desktop/ [monitor interface]Replace [channel] with the channel of your target network. Paste the network BSSID where [bssid] is, and replace [monitor interface] with the name of your monitor-enabled interface, (mon0).

A complete command should look like this:
airodump-ng -c 10 --bssid 00:14:BF:E0:E8:D5 -w /root/Desktop/ mon0
image
Now press enter.
Step Eight:
Airodump with now monitor only the target network, allowing us to capture more specific information about it. What we’re really doing now is waiting for a device to connect or reconnect to the network, forcing the router to send out the four-way handshake that we need to capture in order to crack the password.
Also, four files should show up on your desktop, this is where the handshake will be saved when captured, so don’t delete them!
But we’re not really going to wait for a device to connect, no, that would take too long. We’re actually going to use another cool-tool that belongs to the aircrack suite called aireplay-ng, to speed up the process. Instead of waiting for a device to connect, we’re going to use this tool to force a device to reconnect by sending deauthentication (deauth) packets to the device, making it think that it has to reconnect with the router.
Of course, in order for this tool to work, there has to be someone else connected to the network first, so watch the airodump-ng and wait for a client to show up. It might take a long time, or it might only take a second before the first one shows. If none show up after a lengthy wait, then the network might be empty right now, or you’re to far away from the network.

You can see in this picture, that a client has appeared on our network, allowing us to start the next step.
Step 8
Step Nine:
leave airodump-ng running and open a second terminal. In this terminal, type this command:
aireplay-ng –0 2 –a [router bssid] –c [client bssid] mon0The –0 is a short cut for the deauth mode and the 2 is the number of deauth packets to send.
-a indicates the access point (router)’s bssid, replace [router bssid] with the BSSID of the target network, which in my case, is 00:14:BF:E0:E8:D5.
-c indicates the clients BSSID, noted in the previous picture. Replace the [client bssid] with the BSSID of the connected client, this will be listed under “STATION.”
And of course, mon0 merely means the monitor interface, change it if yours is different.
My complete command looks like this:
aireplay-ng –0 2 –a 00:14:BF:E0:E8:D5 –c 4C:EB:42:59:DE:31 mon0
Step 9
Step Ten:
Upon hitting Enter, you’ll see aireplay-ng send the packets, and within moments, you should see this message appear on the airodump-ng screen!
image
step 10
This means that the handshake has been captured!Open-mouthed smile You can close the aireplay-ng terminal and hit Ctrl + C on the airodump-ng terminal to stop monitoring the network, but don’t close it yet just incase you need some of the information later.
Step 11:
This concludes the external part of this tutorial. From now on, the process is entirely between your computer, and those four files on your Desktop. Actually, the .cap one, that is important. Open a new Terminal, and type in this command:
aircrack-ng -a2 -b [router bssid] -w [path to wordlist] /root/Desktop/*.cap
-a is the method aircrack will use to crack the handshake, 2=WPA method.
-b stands for bssid, replace [router bssid] with the BSSID of the target router, mine is 00:14:BF:E0:E8:D5.
-w stands for wordlist, replace [path to wordlist] with the path to a wordlist that you have downloaded. I have a wordlist called “wpa.txt” in the root folder.
/root/Desktop/*.cap is the path to the .cap file containing the password, the * means wild card in Linux, and since I’m assuming that there are no other .cap files on your Desktop, this should work fine the way it is.
My complete command looks like this:
aircrack-ng –a2 –b 00:14:BF:E0:E8:D5 –w /root/wpa.txt  /root/Desktop/*.cap
image
Now press Enter.
Step 12:
Aircrack-ng will now launch into the process of cracking the password. However, it will only crack it if the password happens to be in the wordlist that you’ve selected. Sometimes, it’s not. If this is the case, then you can congratulate the owner on being “Impenetrable,” of course, only after you’ve tried every wordlist on the internet!
Cracking the password might take a long time depending on the size of the wordlist. Mine went very quickly.
If the phrase is in the wordlist, then aircrack-ng will show it too you like this:

image
The passphrase to our test-network was notsecure, and you can see here that aircrack found it!
If you see a message similar to this, then your tests have penetrated the network. Tell the owner that he needs a stronger password!

Tuesday, 11 June 2013

wifi hacking

WEP CRACKING ON BACKTRACK 5





AIM


This tutorial aim is to guide you the process of WEP CRACKING On Backtrack 5 .



Should have a knowledge of these terms -

AP : stands for Access Point or a wireless router .
MAC Address : stands for ;Media Access Control ,its a unique address , It is in the Hexadecimal format like 00:6B:6B:2F:C8:C8 .
BSSID : It is the AP Mac Address.
ESSID : It shows the AP broadcasting name .
WEP : stands for Wired Equivalency Protocol .
WEP is a security protocol for Wifi (Wireless fidility) Networks.


Tools used to Crack WEP are -
iwconfig : A tool that for configure wireless adapter
macchanger : A tool that allow you to spoof your Mac Address.
airmon - a tool that set your wireless adapter into monitor mode .
airodump - a tool that capture packet from the wireless router.
aireplay - a tool for forging ARP request.
aircrack - a tool for decrypting WEP keys .
Requirements

Backtrack 5 distro.
Wireless Adapter Card
Lets start the Procedure -


Step 1 : Open a new konsole on Backtrack 5

See the image how to open konsole on Backtrack 5 .




Step 2 : Type the command shown below -

Command 1: ifconfig wlan0
Command 2: iwconfig wlan0
See the image below for more details -


Step 3: Put your Wifi adapter card on Monitor Mode

Open a new konsole and enter the command shown below -
Type the following command to put your card into Monitor mode .
Command : airmon-ng start (your interface)
Example : airmon-ng start wlan0
A message is also display on the screen that your monitor mode is enabled.
See the image for more details -



Step 4: Display the monitor mode .

New monitor mode created named mon0
To see the monitor mode enter the command shown below -
Command : iwconfig
See the image for more details -




Step 5: Finding a Target

Now we have to find the network that is protected by the WEP .
To find those networks we use a simple command shown below -
Command : airodump-ng mon0
Here airodump-ng is the command to start the program
mon0 is the new interface which you created in the earlier step .
See the image below for more details -




Step 6: Capture the data into file
To capture the data we use airodump tool with additional switches like --bssid ( mac address), -c (channel), -w (filename )
Syntax of the commands is -
Command : airodump-ng mon0 --bssid (Mac Address) -c (channel no.) -w (filename)
Example : airodump-ng mon0 --bssid 00:08:68:2F:C8:C8 -c 1 -w WEPkey
See the image below for more details -


Step 7: Open Home Directory to check WEPkey file is created or not .

Open the Home Directory .
Check your WEPkey file is created or not .
See the image below - Image shows WEPkey file is created and saved in the home directory.



Step 8: Crack the WEP Key using Aircrack Tool

Open a new konsole .
Then enter the command : aircrack-ng (file name)
Example : aircrack-ng WEPkey-01.cap
Withing a minute aircrack will decrypt your WEP key as shown in the image .
See the image below



This is how we can WEP CRACKING on Backtrack 5 .
If you like this article , then drop a comment .
I hope you like this article on WEP CRACKING on Backtrack 5