Wifi Hacking - WEP - Wireless Hacking: Introduction to Wireless Hacking with Kali Linux (2017)

Wireless Hacking: Introduction to Wireless Hacking with Kali Linux (2017)

4

Wifi Hacking - WEP

1. Name of your wireless adapter.
Alright, now, your computer has many network adapters, so to scan one, you need to know its name. So there are basically the following things that you need to know
• lo - loopback. Not important currently.
• eth - ethernet
• wlan - This is what we want. Note the suffix associated.
Now, to see all the adapters, type ifconfig on a terminal. See the result. Note down the wlan (0/1/2) adapter:
2. Enable Monitor mode
We are going to use a tool called airmon-ng to create a virtual interface called mon. Just type:
airmon-ng start wlan0
Your monitoring interface will be created - mon0 in case of Kali 1.x, wlan0mon in all other cases.

3. Start capturing packets

Now, we'll use airodump-ng to capture the packets in the air. This tool gathers data from the wireless packets in the air. You'll see the name of the wifi you want to hack. For kali 2.0 or rolling, replace mon0 with wlan0mon

airodump-ng mon0


36
4. Store the captured packets in a file
This can be achieved by giving some more parameters with the airodump command. For Kali 2.0 or rolling, replace mon0 with wlan0mon.
airodump-ng mon0 --write name_of_file

Now the captured packets will be stored in name_of_file.cap
You will have to wait till you have enough data (10000 minimum)

PS: Don't wait too long for this step though. Just understand how the procedure works (including the next sections), and once you are convinced you know what you are doing, proceed to the next tutorial where we use ARP replay to speed up the rate at which we gets packets. Using ARP request replay, we can get 10k packets in a few minutes. 5. Crack the wifi

If all goes well ,then you'll be sitting in front of your pc, grinning, finally you've got 10000 packets (don't stop the packet capture yet). Now, you can use aircrack-ng to crack the password. (in a new terminal)

aircrack-ng name_of_file-01.cap

The program will ask which wifi to crack, if there are multiple available. Choose the wifi. It'll do its job. If the password is weak enough, then you'll get it in front of you. If not, the program will tell you to get more packets. The program will retry again when there are 15000 packets, and so on.

You'll get the key, probably in this format:
xx:xx:xx:xx:xx
Remove the colons
xxxxxxxxxx is the password of the wireless network
Not working?
Try this:
ifconfig wlan0 up
ifconfig wlan0 down
airmon-ng check kill
rfkill unblock all

or this:
ifconfig wlan0mon down
iwconfig wlan0mon mode monitor
ifconfig wlan0mon up

Disconnected from internet (wifi)?
Replace mon0 with wlan0mon for Kali 2.0 or rolling.
airmon-ng stop mon0
This is usually sufficient. If wlan0 is not up (check ifconfig or iwconfig), then do this (if you don't know what to do, then do this anyway)
ifconfig wlan0 up
If wifi still doesn't start, try this too
service network-manager restart
EXTRAS
Wifite

• Sorts targets by signal strength (in dB); cracks closest access points first
• Automatically de-authenticates clients of hidden networks to reveal SSIDs
• Numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)

• Customizable settings (timeouts, packets/sec, etc) • "Anonymous" feature; changes MAC to a random address before attacking, then changes back when attacks are complete

• All captured WPA handshakes are backed up to wifite.py's current directory
• Smart WPA de-authentication; cycles between all clients and broadcast deauths
• Stop any attack with Ctrl+C, with options to continue, move onto next target, skip to cracking, or exit
• Displays session summary at exit; shows any cracked keys
• All passwords saved to cracked.txt
• Built-in updater: ./wifite.py -upgrade

I find it worth mentioning here, that not only does it hack wifi the easy way, it also hack in the best possible way. For example, when you are hacking a WEP wifi using Wifite, it uses fake auth and uses the ARP method to speed up data packets.

Hacking WEP network

If you've followed my previous posts on Hacking Wifi (WEP), you know there's a lot of homework you have to do before you even start hacking. But not here. With Wifite, its as easy and simple as a single command.

wifite -wep
You might even have used the command
wifite


If you see any error at this stage move to the bottom of the page for troubleshooting tips. The -wep makes it clear to wifite that you want to hack WEP wifis only. It'll scan the networks for you, and when you think it has scanned enough, you can tell it to stop by typing ctrl+c. It'll then ask you which wifi to hack. In my case, I didn't specify -wep so it shows all the wifis in range:

You can also select all and then go take a nap (or maybe go to sleep). When you wake up, you might be hacking all the wifi passwords in front of you. I typed one and it had gathered 7000 IVs (data packets) within 5 mins. Basically you can except it to hack the wifi in 10 mins approx. Notice how it automatically did the fake auth and ARP replay.

Here are a few more screenshots of the working of Wifite, from their o fficial website (./wifite.py is not something that should bother you. You can stick with the simple wifite. Also, specifying the channel is optional so even the -c 6 was unnecessary. Notice that instead of ARP replay, the fragmentation attack was used, using -frag)

Hacking WPS wasn't fast (it took hours), but it was easy and didn't require you to do anything but wait.

Wifite makes it possible for you to use any method that you want to use, by just naming it. As you saw in the screenshot above, the fragmentation attack was carried out just by typing -frag. Similarly, many other attacks can be played with. A good idea would be to execute the following:

wifite -help
This will tell you about the common usage commands, which will be very useful. Here is the list of WEP commands for different attacks:
-wep only target WEP networks [off]
-pps <num> set the number of packets per second to inject [600]
-wept <sec> sec to wait for each attack, 0 implies endless [600]
-chopchop use chopchop attack [on]
-arpreplay use arpreplay attack [on]
-fragment use fragmentation attack [on]
-caffelatte use caffe-latte attack [on]
-p0841 use -p0841 attack [on]
-hirte use hirte (cfrag) attack [on]
-nofakeauth stop attack if fake authentication fails [off]
-wepca <n> start cracking when number of ivs surpass n [10000]



-wepsave: save a copy of .cap files to this directory [off]
As you can see, its the same thing as is there on the help screenshot. Play around with the attacks and see what you can do. Hacking WPA without WPS wouldn't be that easy.
Wifite quits unexpectedly, stating: "Scanning for wireless devices. No wireless interfaces were found. You need to plug in a wifi device or install drivers. Quitting."

You are using Kali inside a virtual machine most probably. Virtual machine does not support internal wireless card. Either buy an external wireless card, or do a live boot / side boot with Windows. Anything other than Virtual machine in general.

Fluxion

Wifite is cool and all, but doesn't do much against the invincible WPA-2 networks. Using a combination of evil-twin and man in the middle sort of attacks, fluxion tries to fool a client into giving you the key to the WPA-2 protected access point.