Wifite | How To Hack WiFi Password? WEP, WPA, WPA2, WPS Enabled!

AIM: This tutorial is focused on hacking WiFi password using WIFITE. We’ll be using only wifite to Hack passwords of WEP, WPA and WPA2 (and WPS enabled) WiFi networks.

PREREQUISITE: First Read Basics of WiFi Hacking & Security!

Wifite Tutorial

WIFITE is a wireless auditing tool available for Linux platform. It can be used to attack multiple encrypted Wireless networks in a row. In this tutorial we’ll be using  WIFITE comes pre-installed in most security auditing operating systems such as Kali, Backtrack 5, BackBox, BlackBuntu and Pentoo.

Are You Ready to Hack WiFi Password? If yes! Then, Let’s Go!

As mentioned everywhere, WIFITE is designed as a “set it and forget it” WiFi auditing tool. It’s a convenient and efficient tool and you don’t have to do much. Just open the terminal and type wifite.

Kali Linux Terminal

(You can also browse to Application > Kali Linux > Wireless Attacks > 802.11 wireless tools > Wifite)

Look at the image below; in few seconds you’ll be able to see List of all Available WiFi Access Points. Press CTRL+C to stop, when target WiFi appears!

  • Choose the target WiFi’s NUM (1 or 2 or 3 as appropriate) and hit the ENTER WIFITE will hack Target WiFi for you.

/*********** WIFITE FIRST RUN ****************************/

* Make sure the Target WiFi has fair signal strength and some client(s) associated to it. Otherwise, be ready for frustration!

Hack WiFi Password – WEP

As mentioned already, you don’t have to do anything if you have WIFITE. It currently supports 5 different WiFi attacks for cracking WEP WiFi. This ensures successful recovery of WEP Key.

Now, if you are interested in cracking just WEP WiFi networks then open the WIFITE with following command:

Kali Linux Terminal
[email protected]:~# wifite –wep

­­­###### IMAGE ###### WEP WIFI LIST #######

Look at the image above; after few seconds you’ll be able to see List of all WEP WiFi Access Points. Now, Press CTRL+C to stop, when target WiFi is visible!

  • Choose the appropriate target’s NUM (1 or 2 or 3 as appropriate) and hit the ENTER

WIFITE will now hack Target WiFi for you.

/*********** IMAGE:  WEP CRACKED ******************/

The above WiFi password (or WEP Key) is in Hexadecimal representation. You can use WEP Key as WiFi password or you can just convert it into human readable form (actual password) using any free online Hex-to-ASCII converter.

Cracking WPS WiFi Pin

Just like cracking WEP WiFi password, you don’t have to do anything fancy.

If you are interested in cracking just WPS enabled WiFi networks then open the WIFITE with following command:

Kali Linux Terminal
[email protected]:~# wifite –wps

After few seconds you’ll be able to see List of all WEP WiFi Access Points. Now, Press CTRL+C to stop, when target WiFi is visible!

  • Choose the appropriate target’s NUM (1 or 2 or 3 as appropriate) and hit the ENTER

WIFITE will now hack Target WiFi for you.

/*********** WPS cracked  *****************/

BUT as mentioned earlier, it might take few minutes to few hours to crack WPS Pin therefore have some patience!

Troubleshooting: When you try to crack WPS pin this way (i.e. brute forcing), some routers may block you, obviously for security reasons. Then, wifite will display a message “WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking”. At this time you are just out of luck or you can try tweaking.

Hint: Spoofing MAC address, just clone the MAC address of an already associated client. You can also use delayed PIN attack option –d 60.

Wifite internally uses reaver (a WPS only WiFi password hacking tool) to accomplish above WPS Pin cracking task. So, I’ll suggest you using Reaver to Crack WPS Pin for WPA and WPA2 WiFi.

Hack WPA and WPA2 WiFi Password

Now again, following the same fashion of WEP and WPS, you don’t have to do anything expect than selecting a WiFi target.

Before, you can crack password of any WPA or WPA2 WiFi – let’s learn the related terminology:

Handshake & Password Dictionary!

Handshake: When a client tries to authenticate itself to any access point, they share few data packets of SYN and AKN (synchronization and acknowledgement). These sharing of packet from both parties is called handshake. To crack WPA or WPA2 WiFi, we try to capture these handshake packets.

Handshake stores password in hashed form that humans can’t read. Therefore, to recover the actual password from this hash, we’ll try brute forcing against it. Handshake can be easily captured in few seconds and bruteforcing is done offline.

Password dictionary file is a file that contains all words from different human dictionaries (English, German etc.) and some other sources. Majority of people, unaware of hacking and security usually chooses easy password such as words or phrases from English dictionary. These types of passwords can be easily racked using password dictionary files.

A dictionary file might contain few hundreds to billions of passwords.

NOTE: You already have a password file available to you by Kali at /PATH/PENTEST/ROCKYOU.TXT. You can also download rockyou.txt, darkcode.lst or crackstation password dictionaries.

Steps: Hacking WPA and WPA2 WiFi

Now, you are ready to crack WPA and WPA2 WiFi networks. Open the WIFITE with following command:

Kali Linux Terminal
[email protected]:~# wifite –wpa –dict ./PATH/rockyou.txt

After few seconds you’ll be able to see List of all WEP WiFi Access Points. Now, Press CTRL+C to stop, when target WiFi is visible!

  • Choose the appropriate target’s NUM (1 or 2 or 3 as appropriate) and hit the ENTER

WIFITE will now hack Target WiFi for you!

/******* CRACKED IMAGE WPA2 **********/

The above WPA2 WiFi uses weak password and therefore got cracked easily. But if you’re trying to crack a strong password, you might have to wait for few hours, days or even months to crack it. And even after trying for months you may fail to recover strong WiFi passwords.

Use More Password Files

Suppose, you were unable to crack WiFi using password file that you supplied to wifite using -dict switch. Now, you can try other password files to crack the password.

Wifite automatically saves captured handshake (TEST_C0-A0-BB-04-5C-A9.cap) at /home/hs/.

Now you need to manually use the aircrack-ng tool this time. This is a wireless auditing tool that wifite internally uses.

The command is

  • Aircrack-ng /hs/HIMANSHUNEGO.ORG-01.cap –w /dictionary/rockyou.txt

If you didn’t understand the above command, then don’t worry! You’ll learn about using aircrack-ng in the next tutorial.

Countermeasures: Protect your WiFi

Now it’s clear that hacking WiFi passwords is an easy task. You should always focus on auditing (and tightening) your own WiFi security (instead of going Jail for hacking other’s WiFi).

Tips on WiFi security is already given in detail on our previous article:

For the sake of completion of this article, let me mention the tips briefly here:

  • Upgrade your WiFi security by switching to WPA2 (or at least WPA). Never use WEP!
  • Don’t enable WPS security option as it’s vulnerable to WPS Pin Attack.
  • Always choose strong passwords as they tend to make bruteforcing infeasible!
  • Change your WiFi password periodically. The cracker shouldn’t be able to enjoy you WiFi for longer.
  • Finally, try to hack your own WiFi Password (as shown in this tutorial) and upgrade your WiFi security accordingly.
Shares 0