Level 2 WiFi Hacking: Using Wifite for Cracking WPA/WPA2

Last week, I shared my journey of using aircrack-ng for cracking WPA/WPA2 WiFi networks. After posting my learning diary online, I received a flood of responses—both kind and a tad rude—calling me a “Script Kiddie” and suggesting I explore a more advanced tool: Wifite.

So, this week, I’m taking their advice. I’ll dive into Wifite, a powerful tool for WiFi hacking, and compare it with the aircrack suite to see how they stack up against each other.

Introducing Wifite: The “Set It and Forget It” WiFi Cracker

Wifite is designed to attack multiple WEP and WPA encrypted networks simultaneously. It’s built for ease of use, requiring minimal user input while automating the process.

The irony wasn’t lost on me: they were calling me a script kiddie while using automated tools to simplify the process I was doing manually. But I digress👾.

The beauty of Wifite lies in its ability to integrate and automate attacks using other established wireless auditing tools, such as airmon-ng, aircrack-ng, aireplay-ng, airodump-ng, and packetforge-ng.

Key Components of Wifite:

• Airmon-ng: Enables monitor mode on wireless interfaces and can revert to managed mode. Running it without parameters displays the interface’s status.
• Aircrack-ng: An 802.11 WEP and WPA/WPA2-PSK key cracking program that can recover keys once enough encrypted packets are captured with airodump-ng. For WPA/WPA2, it uses a dictionary method, requiring at least a partial four-way handshake.
• Aireplay-ng: Used for deauthentication attacks, replaying capture files, and various WEP attacks like fake authentication, ARP request replay, and fragmentation attacks.
• Airodump-ng: Captures raw 802.11 frames, useful for collecting WEP IVs for use with aircrack-ng. It can also log GPS coordinates of found access points if a GPS receiver is connected.
• Packetforge-ng: Creates encrypted packets for injection, such as ARP requests, UDP, ICMP, and custom packets.

Wifite’s optional dependencies enhance its capabilities:

• Reaver: Scans and attacks routers with WPS enabled.
• Pyrit: Benchmarks CPU speeds, analyzes capture files for crackable handshakes, and utilizes GPU power for password cracking.
• Tshark: A network protocol analyzer that captures packet data from live networks or reads from saved capture files.
• Cowpatty: Implements an offline dictionary attack against WPA/WPA2 networks.
• Pixiewps: Performs an offline brute force attack on WPS pins.

Why Wifite Over Aircrack-ng?

My initial tests reveal that Wifite simplifies many of the processes I manually handled with aircrack-ng. Here’s why I find it superior:

• Automation: Wifite automates steps that require meticulous setup in aircrack-ng, making it more user-friendly.
• Integration: Seamlessly uses other tools to enhance its hacking capabilities, ensuring a broader range of attacks with less hassle.
• Efficiency: Speeds up the cracking process, allowing for quicker results with less user intervention.

Cracking WPA/WPA2 Wi-Fi with Wifite

Prerequisites:

• Ensure you have Kali Linux installed.
• You need a wireless adapter capable of monitor mode.

Steps to Use Wifite:

1. Open your terminal.
   Start by opening a terminal window in Kali Linux.
2. Enable Monitor Mode:
   Enter the following command to start Wifite and automatically enable monitor mode on your wireless adapter:

   sudo wifite

3. Scan for Targets:

• Wifite will begin scanning for available networks.
• To stop scanning and proceed to the next step, press Ctrl + C.

4. Select Network to Attack:

• Wifite will display a list of detected networks with associated numbers.
• If you want to attack multiple networks, specify their numbers separated by commas.
• Example: If you want to attack the networks listed as 1, 5, and 7, you would enter: 1,5,7

5. Troubleshooting:

• If you encounter issues during the attack, you can restart Wifite with the kill option to stop conflicting processes:

   sudo wifite --kill

6. Using a Wordlist:

• Navigate to the wordlist directory in Kali Linux:

   cd /usr/share/wordlists/

• Locate the rockyou.txt.gz file, which contains millions of potential passwords.

7. Decompress the Wordlist:

• Use the following command to unzip the rockyou.txt.gz file:

   sudo gzip -d rockyou.txt.gz

• Note: This might take some time due to the size of the file.

8. Run Wifite with Native Kali Wordlist:

• To use the decompressed wordlist for a WPA attack, enter:

   sudo wifite --wpa --dict /usr/share/wordlists/rockyou.txt --kill

• Press Ctrl + C to continue through the attacks as Wifite captures handshakes and attempts to crack them.

9. View Cracked Passwords:

• After the attacks are completed, you can check if any passwords were cracked by looking in the output files:

   ls
   cat cracked.txt

Conclusion:
Using Wifite is more straightforward and automated compared to other suites like Aircrack-ng. It provides a user-friendly way to perform network attacks with minimal manual intervention. Remember, using Wifite for unauthorized network attacks is illegal and unethical. Always have permission before testing networks with Wifite or any other penetration testing tools.