warnning disclaimer
this post does not promote or encourage any illegal activities all contents provided by the post is meant for educational purpose
How to hack Wi-Fi using Kali Linux with Wifite
If this were in monitoring mode, we would constantly be seeing all the wireless networks, and the packets receivedwould be increasing. To do wireless hacking orwireless penetration testing, the NIC has to be able tobe put in monitoring mode and that's why thisNIC is used right here. This ALFA NIC. So, I'm gonna put it inmonitoring mode first and then we will get wifi set up properly. And then we'll capture some handshakes. I'm gonna do I-P link set wlan0 down, so I'm gonna put wlan0 down first, then I-W config wlan0 mode monitor. I'm putting wlan0 in monitoring mode. I-P link set wlan0 up. Now if I do ifconfig, we should see the receive packets continually go up for wlan0, up to 13 now, but beforewe didn't have any. The next step is to install pyrit, so I'm gonna do A-P-T install P-Y-R-I-T. Then after that, we're goingto install the htxdumptool.
And then we will run Wifite. Wifite will scan, lookingfor wireless networks, then you are going to pauseit or stop it from scanning, pick a network or several networks, that you want it to grabthe handshakes from. Now that pyrit is done installing, we will install hcxdumptool. So, A-P-T install H-C-X dumptool.... When this is done installing,we will run Wifite which is already installed with Kali. So, just Wifite. Right now it's scanning for targets. May take a while for them to appear but any wireless networks you see, you can see from your antennawill start showing up here. You really need to find wireless networks that have a client on them,so on the second column here, you have the ESSID which is right here, this is the access point. On the far right column, youhave the number of clients connected to that access point. What we're trying to dois, if we have a client, we're going to kick theclient off of the access point and force it to re-authenticate.
The client won't even notice this but wirelessly the 4-wayhandshake for WPA2 will take place and we're going to tryand grab that handshake when the client re-authenticatesto the access point. The more clients you have, the better, and the more power, like the ones here in green, the more likely it is thatyou're going to succeed kicking the client off of the access point and actually grabbing the handshake. One other nuance with wireless hacking is you actually have tobe close to the client, in order to kick them off. You have to be close to the client, as well as the access point. So ideally you're right in the middle. Looks like we've found quite a bit here, so I'm gonna go ahead and hit ctrl+c. Just hit this one time. Now, we're gonna select which ESSIDs or which targets, based on the number on the far left, we want to grab the handshakes from. So I'm gonna select 1 which is kona. I'm gonna select, I'm gonna put a comma, select couple other ones. I'll do Woodlands Condo, which is number 7. That has two clients connected to it, so I'll do that one as well. What this is doing is, we're kicking the clientoff of the wireless network. The client with thisMAC address right here, EC:2C:E2 on this wifi network called kona, we're de-authorizing it which'll make it re-authorize itself, or re-authenticate, and thenwhen it re-authenticates, we're trying to grab the 4-way handshake. Once we grab that 4-way handshake, we can run that througha password cracking tool such as hashcat to crack the passphrase. And this deauth process can take a while, it's not always consistent. In my experience, if youhave a lot of clients on a busy wireless network, it's easier. In this case, we have one client. So the one client we have isactually this iPad down here. It's connected to the access point. It looks like it grabbedthe handshake for kona. You see right here it'ssaved it, this dot cap file. So the next step, we're gonna covert that capfile to different format and then we'll try tocrack it using hashcat. And one of the thingsthat's kind of interesting is the access point we're usinghere is my phone right here. I had the phone on thesame side as my iPad, which is the client, and the antenna's on this side over here. When I moved the phone to theother side of the antenna, so the antenna was between,the ALFA antenna was between the phone and the iPad, that's when I was ableto capture the handshake.
Doesn't seem like it shouldmatter but I just noticed that's when it actuallycaptured the handshake. Now we're running through the next one, we said we would do two. We told it to do kona and Woodlands Condo. We'll let it run throughWoodlands Condo here. There's quite a fewclients at Woodlands Condo so we have a better chance of de-authorizing one of those clients and catching the handshakeversus just a single client. So we have four we've found so far, so we can deauth all those and try to grab the handshake when any of thoseclients re-authenticates. And that's okay, you maysee this message here, "Failed to crack handshake." It just tried thisprobable list right here, the top 4,800 passwords and our password for thisaccess point or passphrase was not in that list.
It looks like we discovereda new client here. And we captured the handshake for Woodlands Condo right there. So it captured two handshakes, they're both in dot cap format. Handshake kona, handshake Woodlands Condo. The next step is toconvert those handshakes to a... hccapx format and then crack those using a tool like hashcat.