Next click the Scan for Access Points to look for target APs if it detects WEP the wep button will be highlighted if not the WPA, in my case a WPA access point was detected. See the green text Monitor mode enabled on wlan1mon.
Run Fern Wifi cracker and choose from the drop down tab the wifi card it will automatically enable the card in monitor mode.
After all let’s kill processes that can intervene with your cards driver type airmon-ng check kill Then let’s check your cards interface to use type airmon-ng, mine is wlan1 with ath9k driver.
If not there’s no need to follow the instructions below you’ll never crack any wifi password without using compatible cards. Bruteforce Attacks (HTTP,HTTPS,TELNET,FTP)įirst step, make sure your card is capable of packet injection read hereand here herefor compatible wireless cards.Access Point MAC Address Geo Location Tracking.Session Hijacking (Passive and Ethernet Modes).Automatic saving of key in database on successful crack.WPA/WPA2 Cracking with Dictionary or WPS based attacks.WEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or WPS attack.
You do need a third-party app for the sniffing step, though.Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python QT Gui Library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks.įern Wifi Cracker currently supports the following features: It's restricted to two CPU cores and one GPU and only costs $399. The fully-automated version of WSA runs $1199, but it lets you use up to 32 CPU cores and eight GPUs, it adds sniffer support, and it features support for dedicated cracking hardware like Tableau's TACC1441 (the serious FPGA-based stuff). It sniffs (provided you have an AirPcap adapter), parses, and attacks a WPA-protected network in no more than 10 mouse clicks.Īlthough cracking is slightly more complicated to pull off in Linux, it's also less expensive. Admittedly, that app is so easy to use, a caveman could do it. In comparison, Elcomsoft offers a much more fluid experience with its Wireless Security Auditor. Then you switch to Pyrit in pass-through mode via coWPAtty (PMK-PTK conversion) for the brute-force attack. It should come as no surprise that coordinating an attack in Linux is more involved than Windows. In the end, there are really only two programs that perform truly random brute-force attacks: Pyrit (combined with John the Ripper in Linux) and Elcomsoft's Wireless Security Auditor (Windows). That means you need to provide a discrete database of words to check against. The majority of them, such as Aircrack-ng and coWPAtty, rely on a dictionary attack. Between Linux and Windows, there are fewer than 10 programs that actually perform the brute-force attack. The majority of wireless cards don't cut it because they use a driver that filters the RAW 802.11 packets and hides them from the upper layers of the operating system.Īfter we're done sniffing, we have to use a cracker to brute-force every master key against the PTK.
Specifically, you need one that has drivers able to provide access to low-level 802.11 protocol information.
Getting past the sniffing step is perhaps the most difficult part because it requires a particular type of wireless card. No matter what software route you take, making this happen isn't as easy as typing in the right commands. At the moment, Linux is the preferred route for many networking ninjas, but there are tools in Windows that streamline the process too. The entire process of sniffing, parsing, and attacking tends to be modular, but the exact procedure is a little different, depending on the operating system. Attacking: Employ brute-force password cracking.This means that someone needs to log on to the network while you're sniffing. The information you're trying to capture consumes less than 1 MB, but it's important that it includes packets that contain PTK authentication information. Parsing: Inspect the harvested packets to see if there's a valid handshake.Sniffing: Intercepting packets in order to get the data necessary to perform an attack.