OP 11 January, 2023 - 02:06 PM
Wifite2 — is an excellent tool for automated attack on WPA/WPA2 networks. It contains all the best things a human could invent in terms of network hacking — exploiting vulnerabilities, bruteforce WPS, and intercepting a 4-way handshake, a kind of Swiss knife in the world of wardriving.
Preparing
In order to hack WiFi, you need a WiFi adapter that supports monitoring mode. If you have a laptop, you probably have one. You can check for sure by searching for information about your network adapter or by trying to run the wifite2 tool described below. If your network adapter does not support monitoring mode, you will not be able to run the program.
So, let’s start with the tools. We are going to use:
It is assumed that you use a Linux system, but in the case of Windows, you can use the platform WSL. If WSL you are not satisfied, but do not want to use Linux on a regular basis, you can use a bootable flash drive with Kali Linux. Details on the installation can be found on the official Kali Linux website.
Let’s start by installing Wifite2. On Ubuntu-based systems, this is very easy:
If you are using another Linux distribution you can download and run the source code. The launch process is described by the authors.
Important note! Make sure that you installed wifite version 2, that is, wifite2. The first version contains bugs and is no longer supported by the developers.
Hashcat installation:
The sources can be found at this link. And now that both tools are installed, let’s get to work.
Serching for networks.
Run wifite. This can be done by entering the appropriate command into the terminal:
If your network adapter supports monitoring mode, you will lose your Internet connection and the terminal will look like this:
![[Image: 1*lpvNCD-QTaBIAyMQjbFWeg.webp]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fmiro.medium.com%2Fmax%2F1100%2F1%2AlpvNCD-QTaBIAyMQjbFWeg.webp)
Allow the utility to find all WiFi networks. Then press Ctrl+C, wait until the entries in the terminal stop flickering and the text appears as in the picture:
![[Image: 1*2DJNa39XmGgvZFucyz1n5w.webp]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fmiro.medium.com%2Fmax%2F4800%2F1%2A2DJNa39XmGgvZFucyz1n5w.webp)
Now you have to enter the numbers of the networks you want to hack. I will probably choose the first 4, entering the number of each network, separated by commas. Press ENTER, wifite begins to do its work, give it time.
![[Image: 1*IQYGYckp9S8yijLd9fIOOQ.webp]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fmiro.medium.com%2Fmax%2F4800%2F1%2AIQYGYckp9S8yijLd9fIOOQ.webp)
The first thing Wifite will do is try to hack the devices it finds, if they have any vulnerabilities. If none are present, the last hope is to intercept the 4-way handshake. An example of a successfully hijacked handshake is in the picture below:
![[Image: 1*S1AvSLXeR4ia05vQ9rUfKg.webp]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fmiro.medium.com%2Fmax%2F4800%2F1%2AS1AvSLXeR4ia05vQ9rUfKg.webp)
WPA/WPA2 uses a 4-way handshake to authenticate devices on the network. You do not need to know what this means, but you must intercept one of these handshakes to break the network password. These handshakes happen whenever a device connects to the network, such as when your neighbor comes home from work.
If wifite has managed to hack the network by itself using network vulnerabilities, I can safely congratulate you! In that case you will be able to find all the information you need about the network in the terminal. If not, but managed to hijack the network handshake (.cap file, like in the picture above), there is still hope.
Cracking the 4-way handshake. Cracking the hash.
This is where the hashcat tool described above comes to our aid. It is worth noting right away that it requires a GPU to work. The more powerful video card — the faster will be the search process, but if you do not have one, you can use the appropriate services to crack the hash. I recommend to use https://hashdog.me/ — inexpensive and extremely easy to use, you only need to put the resulting .cap file into the search queue. When using the cheapest rate will need to pay only if successful, in addition, sometimes there are promo codes for free brute (eg NY2023DP to date).
Going back to the brute force, hashcat does not know how to work with .cap files, this file must be converted. You can do it with the help of utility on the link https://hashcat.net/cap2hashcat/. We will use the converted file further on.
Hashcat supports several attack modes. The first one is a mask attack, the second one is a dictionary attack and, in this example we will be using the mask attack. The command to launch:
8 digits — the mask of the most popular password for WiFi networks, especially in older routers. It is this mask that is shown in the argument “?d?d?d?d?d?d?”.
hashcat will let you know if it manages to find the password. If not, it is still possible to use the online service described above.
Read more about hashcat and WiFi hacking here.
Preparing
In order to hack WiFi, you need a WiFi adapter that supports monitoring mode. If you have a laptop, you probably have one. You can check for sure by searching for information about your network adapter or by trying to run the wifite2 tool described below. If your network adapter does not support monitoring mode, you will not be able to run the program.
So, let’s start with the tools. We are going to use:
- wifite2 (https://github.com/derv82/wifite2) —for network hacking. It is based on the popular utility aircrack-ng
- hashcat (https://github.com/hashcat/hashcat) — to crack the password hash if the router could not be cracked by exploitation of vulnerabilities. Also you can use online alternatives such as hashdog.me, gpuhash and etc.
It is assumed that you use a Linux system, but in the case of Windows, you can use the platform WSL. If WSL you are not satisfied, but do not want to use Linux on a regular basis, you can use a bootable flash drive with Kali Linux. Details on the installation can be found on the official Kali Linux website.
Let’s start by installing Wifite2. On Ubuntu-based systems, this is very easy:
Code:
sudo apt-get update
sudo apt-get install wifiteIf you are using another Linux distribution you can download and run the source code. The launch process is described by the authors.
Important note! Make sure that you installed wifite version 2, that is, wifite2. The first version contains bugs and is no longer supported by the developers.
Hashcat installation:
Code:
sudo apt-get install hashcatThe sources can be found at this link. And now that both tools are installed, let’s get to work.
Serching for networks.
Run wifite. This can be done by entering the appropriate command into the terminal:
Code:
wifite
# or
wifite2If your network adapter supports monitoring mode, you will lose your Internet connection and the terminal will look like this:
Allow the utility to find all WiFi networks. Then press Ctrl+C, wait until the entries in the terminal stop flickering and the text appears as in the picture:
Now you have to enter the numbers of the networks you want to hack. I will probably choose the first 4, entering the number of each network, separated by commas. Press ENTER, wifite begins to do its work, give it time.
The first thing Wifite will do is try to hack the devices it finds, if they have any vulnerabilities. If none are present, the last hope is to intercept the 4-way handshake. An example of a successfully hijacked handshake is in the picture below:
WPA/WPA2 uses a 4-way handshake to authenticate devices on the network. You do not need to know what this means, but you must intercept one of these handshakes to break the network password. These handshakes happen whenever a device connects to the network, such as when your neighbor comes home from work.
If wifite has managed to hack the network by itself using network vulnerabilities, I can safely congratulate you! In that case you will be able to find all the information you need about the network in the terminal. If not, but managed to hijack the network handshake (.cap file, like in the picture above), there is still hope.
Cracking the 4-way handshake. Cracking the hash.
This is where the hashcat tool described above comes to our aid. It is worth noting right away that it requires a GPU to work. The more powerful video card — the faster will be the search process, but if you do not have one, you can use the appropriate services to crack the hash. I recommend to use https://hashdog.me/ — inexpensive and extremely easy to use, you only need to put the resulting .cap file into the search queue. When using the cheapest rate will need to pay only if successful, in addition, sometimes there are promo codes for free brute (eg NY2023DP to date).
Going back to the brute force, hashcat does not know how to work with .cap files, this file must be converted. You can do it with the help of utility on the link https://hashcat.net/cap2hashcat/. We will use the converted file further on.
Hashcat supports several attack modes. The first one is a mask attack, the second one is a dictionary attack and, in this example we will be using the mask attack. The command to launch:
Code:
hashcat -m 22000 <file_path> -a 3 ?d?d?d?d?d?d?d?d8 digits — the mask of the most popular password for WiFi networks, especially in older routers. It is this mask that is shown in the argument “?d?d?d?d?d?d?”.
hashcat will let you know if it manages to find the password. If not, it is still possible to use the online service described above.
Read more about hashcat and WiFi hacking here.
