I have previously posted an article on How to Crack WEP, WPA, & WPA2 Wireless with BackTrack4 (GUI Edition) using GRIM WEPA.
In this article I am going to show you how to crack a wireless network using “WiFite r68”. Unlike “GRIM WEPA” you can attack multiple networks at the same time with “WiFite r68”, and it is more considered more “automated”, where it does try different methods of crack in case one fails.
Before you begin
- You need to have BackTrack 4 R2 installed and running on VMWare Player. How to Install VMWare & Backtrack 4 R2
- Check if your wireless adapter is compatible with Backtrack from List of compatible adapters
- I am using the Alfa AWUS036H which is a very well known usb wireless adapter because of its good performance and cheap price.
- Make sure that your wireless adapter is plugged into your virtual machine. In VMWare goto the menu “Virtual Machine” -> “Removable Devices” -> “YOUR ADAPTER MUST BE TICKED”
Downloading & Installing WiFite r68
- Downloading “WiFite r68”: Goto http://code.google.com/p/wifite/ and download “wifite_r68.py”
- Copy the file (wifite_r68.py) into the virtual machine by dragging & dropping it into the virtual machine
Cracking the Wireless Network
- Launch Konsole and run the following command
- Select the settings that you wish to use.
“interface”: is your wireless adapter.
“encryption type”: WEP encryption is much easier to crack and doesn’t need a dictionary file, so it’s better to start with WEP.
“channel”: make sure “all channels” is checked (colored red)
“select targets from list” or “everyone”: “everyone” will try to crack any wireless router that it finds; “select targets from list” will ask you which router to attack.
“minimum power”: 50 is ok.
“dictionary”: is list of words that are tried while cracking a WPA or WPA2 protected network.
“wep timeout” & “wpa timeout”: 10 & 5 should be ok.
“wep options”: method of attacking. Select all 4 options (arp-replay, chop-chop, fragmentation, -p 0841)
“change mac”: changes the mac address of your wireless adapter.
“ignore fake-auth” & “anonymize all attacks”: keep them unchecked.
“packets/sec”: keep it at 500.
- Now click the “h4x0r 1t n40” and wait until the networks are displayed
- In case you selected “select targets from list” in the options before you start, then you will asked to select the network(s) to attack, otherwise if you selected “everyone” then the attack will start automatically.
- One attack method might work on one network but not the other. So different attack methods will be tried in case one fails (3 attack methods failed in my case but the “-p0841” attack succeeded)
- The cracked key(s) will be displayed on the screen and stored in a file called “log.txt”
- Wait until the end or press “Ctrl+C” to stop the attack
As mentioned in my previous articles that cracking a WPA or WPA2 network is directly related to the complexity of the password and the dictionary file that you are using. This means that you might be able to crack the password in a matter of seconds or not crack it at all. You can download dictionary files from the internet.
Wifite-r68 is very user friendly and more automated than manual cracking or “GRIM WEPA” cracking. If you failed to crack a WEP network using “Wifite-r68” you can always try GRIM WEPA.
Feel free to ask questions or let me know if I have missed something by leaving a comment below.