Personnaliser l'apparence

WiFite2 Automated WiFi hacking tool

wi te2

There are many ways to attack a WiFi network. The type of encryption,
default settings of the manufacturer, and the number of connected
clients can determine how easy it will attack the target and which
method of hacking will work best. Wi te2 is a powerful tool that
automates WiFi hacking, allowing you to select targets within your
adapter’s coverage area, and then selects the best hacking strategy
for each network.
As a rule, programs are sharpened to perform one speci c function:

customer deauthentication
handshake
brute force
brute force WPS
etc., there are a lot of separate stages, methods.

Features:

sorts targets by signal (in dB); hacking the closest access points
rst
automatically deauthenticates hidden network clients to reveal
their SSID
a set of lters to accurately indicate what to attack (wep / wpa /
both, above a certain signal strength, channels, etc.)
exible settings (timeouts, packets per second, other)
“anonymity” functions: changing the MAC to a random address
before an attack, then a reverse change when the attack is
completed
all captured WPA handshakes are copied to the current wi te.py
directory
WPA smart deauthentication; cycles between deauthenticating all
clients and broadcast
stop any hacking with Ctrl + C with options to continue, go to the
next target, skip hacking or exit
display of general information on the session upon exit; show all
cracked keys
all passwords are saved in cracked.txt

Homepage: https://github.com/derv82/wi te2

When a wireless network tester gets to work, it moves from one

program to another to perform different stages of penetration, to use
different methods.

Wi te or Wi te2?

Wi te is not a new tool. It was one of the rst WiFi hacking tools we
met. Along with Besside-ng, automated scripts for hacking WiFi
allowed even the script kiddie to get good results, despite the fact
that they did not understand how these scripts work. Compared to
Besside-ng, the original Wi te thoroughly used all the tools available
to it to attack the network, but at the same time it was very slow.

One of the best features of the original Wi te was that he conducted a

WiFi scanning of the area before attacking nearby networks. This
allowed the hacker to specify one, several or all networks as targets.
Due to the fact that Wi te laid out to the user all the available targets
in an easy-to-understand format, even a beginner could understand
which attacks are best used against the nearest networks.

The original Wi te could automatically attack WPA networks by

intercepting handshakes or use the Reaver tool to bruteforce the WPS
PIN codes of nearby networks. Despite the fact that this method of
attack was very effective, its execution took 8 hours or more.

The updated WiFite2 works much faster due to the reduction of time
for the attacks themselves and the use of more advanced tactics than
in the previous version. Because of this, Wi te2 is a more serious and
powerful tool for hacking WiFi than the original Wi te.

WiFi hacking procedure

For the fastest possible hacking of nearby networks, Wi te2 uses a

simple but fairly effective procedure. He brings every tactic he is
trying to apply, to the limit of its practical application, he may even go
so far as to try to hack any incoming handshakes.

First of all, Wi te2 scans all channels in search of all networks in the
coverage area. Then it ranks the found networks by signal level, since
the fact of nding a network does not guarantee a reliable connection
with it.

In addition to sorting the detected networks in descending order of

signal, the reconnaissance phase includes the collection of
information about which hacking methods these networks may be
vulnerable to.

Thanks to the organization of Wi te2, you can easily add a directional

WiFi antenna, and use Wi te2 to locate the source of any nearby WiFi
network when conducting a neighborhood scan.

After the scan is complete, the counties will re ect all re ected
targets to see whether clients are connected to them, whether the
network announces WPS usage, and what type of encryption the
network uses. Based on this, the hacker chooses any target, group or
all targets for attack based on the information collected.

Wi te2 will go through the entire list of goals, starting with the fastest
and simplest attacks, such as WPS-Pixie, which can crack a password
in a matter of seconds, to less reliable tactics, such as checks for
using weak passwords using a dictionary attack. If the attack fails or
its completion takes too much time, then Wi te2 will proceed to the
next possible attack in a particular case, so as not to waste time, as
its predecessor did.

What you need

First you need a WiFi adapter that can be switched to monitoring
mode. This means that you must choose an adapter that is
compatible with Kali Linux. We have several excellent guides on this
subject. “ How to determine which WiFi adapter is suitable for Kali
Linux ”
and if you need a good wireless card for hacking check this huge list
of adapters that support monitor mode, Monitor Mode WiFi adapter

Wi te2 is installed by default in Kali Linux, so we recommend using

Kali on a virtual machine or as a second system on a laptop. You can
use Wi te2 on other Linux systems, but we will not elaborate on
installing it, since we assume that you still use Kali Linux.

WiFite installation
The program is preinstalled in Kali Linux, additionally install the
programs:

Linux installation
Required dependencies:

Python. Wi te is a Python script and requires Python to run, the

program is compatible with versions of python2 and python3.
iwcon g : To determine if the wireless interfaces are already in
monitor mode.
ifcon g : To start / stop wireless devices
Set aircrack-ng . The following programs are used speci cally:
airmon-ng : To list and enable Monitor Mode on wireless
interfaces.
aircrack-ng : To hack WEP .cap les and captured WPA
handshakes.
aireplay-ng : To deauthenticate Access Points, replay capture les,
various WEP attacks.
airodump-ng : To scan targets and generate capture les.
packetforge-ng: For fake capture les.

Optional but recommended dependencies:

Reaver , is intended for the selection of the WPS (Wi Protected

Setup) pin by the brute force method. Reaver turns on the “walsh”
(or “wash”) scanner to detect access points with WPS turned on.
Wi te uses Reaver scanning and to attack routers with WPS
enabled.
Pyrit , a WPA PSK key cracker using a graphics processor. Wi te
uses Pyrit (if found) to identify handshakes. In the future, Wi te
may get the option to crack WPA handshakes using Pyrit.
tshark. It is supplied in conjunction with Wireshark , software for
sni ng packages.
coWPAtty , WPA PSK key cracker. Wi te uses cowpatty (if found) to
identify handshakes.
Pixiewps , a tool written in C, is used for o ine brute force pin WPS
by exploiting the low or non-existent entropies of some access
points (pixie dust attack).

After installing dependencies, installing WiFite itself is very simple:

git clone https://github.com/derv82/wifite2.git

cd wifite2

sudo ./Wifite.py

In a typical launch, Wi te will only ask the user one time: which
access points should they attack?

You can run Wi te so that it will not even ask it — it will attack every
TD. You can specify a dictionary le — and the program will
completely autonomously send deauthentication packets, grab
handshakes, sort through passwords, sort through WPS pins and try
to use WPS PixieDust, conduct various attacks on WEP. Moreover, the
program will launch an attack on the weakest technologies and, in
case of failure, move on to more secure ones.

Depending on the success, the result of the program may be getting a

password in clear text, or captured les of handshakes — which need
to be brutal to get a password in clear text.

How to run WiFite

We need a dictionary le . With the following commands we copy it
into the current working directory, unpack and clean it (so that all
candidates for passwords meet the requirements of WPA
passwords).

cp /usr/share/wordlists/rockyou.txt.gz .

gunzip rockyou.txt.gz

cat rockyou.txt | sort | uniq | pw-inspector -m 8 -M 63 >

newrockyou.txt

Some more theory. WiFite is a “full cycle” program for hacking WiFi
access points. it does everything well, but such a stage as brute force
passwords can be done not only well — it can be done perfectly well.
Passwords can be signi cantly accelerated if Pyrit is used , but it
requires certain skills.
Let’s start with a very simple one — let WiFite do everything by itself.

Automated WiFi hacking using WiFite2

To do this, you need to launch the WiFite program with two additional
options:

– -crack says that you need to hack using a dictionary

–dict ~ / newrockyou.txt indicates which dictionary to use

sudo wifite --crack --dict ~/newrockyou.txt

After launching, wait a few minutes while the program collects

information about available access points:

When the information is su cient, press the CTRL + the C .

We will be asked to enter the numbers of access points that we want

to hack. You can select all (you need to enter all), you can select
individual APs, listing them separated by commas, you can select
ranges, listing them through a hyphen:

Then the program will do everything . If it seemed to you that the

program was stuck for too long on any access point or on any attack,
then press CTRL + C once to go to the next action. We will be asked —
we want to immediately exit or continue, however you can see we got
the handshake le here and it’s start trying to crack it , no luck for this
target but the next target was cracked as you will see

the next target took a few seconds to be cracked using WPS Pixie-
Dust :

WiFite output
WiFite — perhaps the best program for beginners. You can hack your
rst wireless access points with it without knowing anything about
handshaking, deauthentication, types of WiFi encryption and
technologies such as WEP, WPS. Personally, my rst successful
experience, which made me believe in myself and had awakened my
interest in this topic, is connected with the wi te program.

In terms of the “effort / results” ratio, there is no equal for wi te.

Nevertheless, developing in matters of Pentesting wireless networks
WiFi, working with your own hands and head, you can achieve better
results. A penster who has enough experience with a quick glance to
see unpromising access points (a very weak signal or not a single
client), if the pentester detects WPS, he will not get stuck on it for
hours, stopping another job (wi te gets stuck, this is correct, because
WPS is often hacked). Pentester would try to seize all possible
handshakes, and then, while the hashes are moving, launch attacks
on WPS and WEP.

Perhaps it depends a lot on conditions, but with proper skill it gets

easier for me to get a handshake using airodump-ng + aireplay-ng ,
than using wi te.

Some warnings and ways to protect

Wi te2 is an example of how script kiddies can effectively attack
networks with common vulnerabilities, such as WPS PIN codes and
weak passwords. But as the number of advanced attacks, whose
execution is automated, grows, it is very important to know about the
most common and effective methods of attacks on WiFi networks.

The best way to protect your network from tools like Wi te2 is to
make sure that you have WPS turned off, and choose a very strong
password for your WiFi network that you will not tell anyone.

It is important to note that by selecting “all” in the target list, Wi te2

will attack all detected networks, and not just those for which you
have permission to test. You must have permission to use this tool on
any network that you are attacking, because attacking a network
belonging to someone else without permission is a crime and can be
very troublesome. Just saying that the script did it, and not you — this
is no excuse, especially if you were caught attacking some important
network. Therefore, make sure that Wi te2 focuses only on those
networks for which you have permission to audit.

We hope you enjoyed this guide to automating the WiFi hacking with
Wi te2. If you have any questions about this article or about WiFi
hacking tools — feel free to write in the comments.

Disclaimer: This article is written for educational purposes only. The

author or publisher did not publish this article for malicious purposes.
If readers wish to use information for personal gain, the author and
publisher are not responsible for any harm or damage caused.