PDA

View Full Version : wifite v2 beta



derv82
02-22-2012, 02:57 PM
Hello BT5 community,

I'm working on a second version of Wifite, an automated wireless auditor. The program has been completely re-written and I want to get a few more hands on it before I release the official update.

Notable changes in version 2:


Command-line only (no more buggy GUI)
Support for "reaver", the WPS cracker
Handshake verification using up to 4 programs; includes a "handshake checker" option (-check).
2 more WEP attacks (hirte and caffe latte)
Much cleaner code: no more "rm -rf *" commands.
Removed sqlite3/tkinter dependencies.


Here's a screenshot of the WPS PIN attack on multiple networks:
http://i.imgur.com/mJmTj.png

Wifite makes use of aircrack-ng, cowpatty, and tshark; all of which come standard on BT5R1. Wifite will run fine with just these programs but I recommend installing reaver and pyrit to get added functionality. Reaver is used to crack the 8-digit PINs on WPS-enabled routers (project homepage (http://reaver-wps.googlecode.com/)). Pyrit is used to verify that a valid handshake has been captured; Wifite will NOT crack WPA handshakes using Pyrit (yet).

To install reaver, open a terminal and type:



apt-get update
apt-get install reaver

To install pyrit, type:


apt-get install pyrit

To download and run Wifite, type:



wget https://raw.github.com/derv82/wifite/master/wifite.py
chmod +x wifite.py
./wifite.py

And for the full list of options, type:


./wifite.py -h

The purpose of this is to get bug reports, problems, confusions, suggestions, and feature requests.

There are 4 places you can report these to:


Preferably at wifite's issue page on github (https://github.com/derv82/wifite/issues) (requires github account)
at wifite's old issue page on google code (http://code.google.com/p/wifite/issues/entry) (requires google account)
here, in a reply to this post (requires bt-linux.org account)
via email at derv82 at gmail.


I will appreciate all feedback, be it critical or constructive.

Stallh0f3n
02-24-2012, 05:05 AM
It's a very nice tool/script, but there is one thing I don't like so much:

While wifite is scanning the available APs and the connected clients, it would be much better, in my opinion, that the APs are shown instantly and refreshed dynamically. So I can see if the desired access point is available instead of waiting about a minute and the only things I see are the number of the available APs and the connected clients.

It's just a small "issue" in my mind, but it would be great if you'll fix that.

n1tr0g3n
02-24-2012, 04:24 PM
v2 works awesome! Thanks for keeping it up to date and adding reaver support. Keep up the good work!

I added a new post about it on my blog.. http://www.n1tr0g3n.com/1532/new-v2-of-wifite-wireless-cracker-released/

sirano
02-25-2012, 04:04 PM
This is a great tool I'll defenetly try it !!
Thank you for you hard work :)

derv82
02-26-2012, 06:31 PM
@stallh0f3n, I wanted to dynamically list all AP's but the only way to do this is to clear the screen at every update.

I've implemented what (I think) you've mentioned. Check out the latest version.

There's no "-upgrade" option (yet) so you'll have to re-download the latest version from github. I'll implement the upgrade option after beta.

To disable the clear-screens, use command line argument "-q" or "-quiet".

bugme
02-27-2012, 10:42 AM
great tool... hope it could be integrated in the upcoming bt5r2!

lambo
02-28-2012, 03:17 PM
Great tool derv82 but how accurate is it at detecting wps, I drove around my neighbourhood and out of 480 ap's 18 were detected as wps enabled, mostly vodafone and 3wireless with one netgear and one belkin, I have done this as I am thinking of buying the reaver pro when it comes out over at hak5.

Stallh0f3n
02-29-2012, 10:31 AM
awesome script ;)

derv82
02-29-2012, 11:17 AM
@lambo: Wifite uses reaver's "wash" (or "walsh") program to detect WPS-enabled networks. From what I can tell, tacnetsol's programs are of very high caliber, designed to be compatible with a wide range of devices.

lambo
02-29-2012, 01:00 PM
thanks derv82 I got same results using walsh with the awus03sh, again great work Thanks.

bakru
03-05-2012, 05:47 AM
another thanks for your work keep it up.
i have one question about the 300 sec. limit reaver has when attacking wps, seems a little short cause not always
things are running fast. so can you give reaver more time, to perform also slower attacks.
lets say 10 minutes or at least 10% results or quit.
regards
bakru

blackstratusrt
03-05-2012, 01:49 PM
Hey first i want to say that your program is amazing! I do miss some of the features that were in V1. like when you were cracking a WEP and you could press CTL + C and then it gave you the option to go to the next attack or contiune to the next tartget. Do you think that you might be able to bring that option back?

derv82
03-06-2012, 10:08 PM
@bakru, Your suggestion for a longer WPS timeout is excellent. The newest beta (BETA9) has a default 11min WPS timeout since some routers seem to have a 10min lockout time.

@blackstratusrt, I also liked the ability to "skip" WEP attacks in wifite v1. I am working on adding this to V2 and will let you know when it is available in the latest beta.

grikster
03-08-2012, 09:59 AM
This is one great piece of code. Just reporting a small problem.


[0:00:00] initializing WPS PIN attack on ***** (00:11:22:33:44:55)
[0:11:00] WPS attack, 0/282 success/ttl, 0.40% complete (0 sec/att)
[!] unable to complete successful try in 660 seconds
[+] skipping *****

If i use reaver plain straight i can get positive tries 3sec/pin but for my router i use these commands along:
-w (win7)
-L (ignore locks)
-N (no nacks)

So in my case it needs a way to specify the use of the commands, i also use:

-T X (X sec for M5/M7 timeout, default is 0.20)
-d X (is also a needed option in some cases to delay the pin try for X seconds, some routers dont like to be hurried :) )

Thanks

poppajoe
03-08-2012, 05:43 PM
For some reason since I last ran a BT5R2 dist-upgrade wifite has been crashing toward the end of its run during the cracking process, anyone else experiencing this or have any suggestions as to why this might be happening? I have every recommended prerequisite installed and everything is current version.

derv82
03-09-2012, 03:29 PM
@grikster, I use reaver's "-a" option to automatically choose the best settings (which isn't always "the best"). I can add the option for users to pass commands to reaver through wifite, but if the user already knows which reaver commands are needed for a specific router, the user may as well just use reaver instead.

I wanted to make wifite try different settings in reaver until it finds the optimal settings with the highest keys/sec rate. However, this would be very difficult (due to hundreds of routers having different settings) and since I only have one router with WPS to test on, wifite will still use the general "-a" command (for now).

@poppajoe, I just tested wifite on a fresh install of BT5R2 (via the 64-bit VMWare image, not the dist-upgrade). I was able to crack WEP and WPA without any problems. Could you copy/paste the error you are getting? I have avoided the dist-upgrade since I heard about people experiencing bugs/problems.

Mavrix91
03-11-2012, 10:27 AM
Hi, first of all thank's for this amazing script, but i have some troubles trying to crack WPA wifi, it only works with WEP, do we had to do special things when it's a WPA wifi ?

I also have another problem, my wifi interface is wlan0 but when the script launch it works with mon0

Thank's

lambo
03-15-2012, 04:14 AM
Hi, first of all thank's for this amazing script, but i have some troubles trying to crack WPA wifi, it only works with WEP, do we had to do special things when it's a WPA wifi ?

WPA is a different type of encryption you need to brute force it using a dictionary and the password will have to be in the dictionary or it wont work.

I also have another problem, my wifi interface is wlan0 but when the script launch it works with mon0
the script puts the interface wlan0 into monitor mode ie: mon0 so it can search and monitor traffic

locovagra
03-20-2012, 01:21 PM
what is the lowest signal that wifite 2 will effectively recover the WPS? I see my network at like 69 db, and the next strongest is at 45, and then drops below 40. Likewise I agree the Control+C option to skip a network was very nice. Will the final do WEP, WPA/WPA2, and WPS? I tried to run this against my own WEP and it errored out.

Thank you for a very nice script. keep up the good work.

Tentatio
03-20-2012, 11:53 PM
Wow... Pretty slick man.

I'll admit to being a novice to the pentesting world, I actually stumbled onto backtrack a year ago when asking some online acquaintances the "favorite Linux distro" question.

So far I'm having a lot of fun, but your tool is doing a really good job of teaching me how the programs work together and how to use them (at least in terms of wpa/wpe testing). I already used it to (surprise the hell out of myself) crack my home network, and promptly rethought my key.

I don't really have anything to report. I've been around linux in general long enough to have a very sincere appreciation for how easy and well documented this is, and to extend a very sincere compliment for a job well done.

Lets face it... If Micro$oft produced "betas" this smooth, functional, and easy to use, I probably wouldn't have gotten into Linux in general and BT in particular in the first place.

Thanks again.

PS- If it's relevant, I can say it's tested and found working extraordinarily well against WEP and WPA (as long as the key is in the dictionary) on an Asus U30SD with hybrid intel graphics (cpyrit is fully functional thanks to a couple of snafu777's threads); running BackTrack 5r2 (clean install to HDD) and using an Intel Centrino 1030 wifi adapter. Router is a Linksys e4200.

I'll report back if I find anything noteworthy. I do have to ask though, is this working the cuda cores though Pyrit? My battery drain jumps to 50k mW just like it does when I'm benchmarking pyrit with bbswitch on. If it is... Its even cooler than I thought.

twocents
03-28-2012, 05:15 PM
Thankyou for this awesome script. Working flawlessly on AR9285, AWUS036H and AWUS036NH.

blackstratusrt
04-06-2012, 03:15 PM
I was just wondering is there is a new beta yet?

wifiUK
04-08-2012, 03:47 AM
i reported an issue on the google page, about aireplay-ng exited unexpectedly on two different laptops with 2 different cards using 2 different versions of backtrack

Brn93
04-10-2012, 08:51 AM
great work, thanks :)

MKing
04-11-2012, 03:45 AM
excellent script,

I tested my router WPS attack, and a got:

[+] PIN found: 02638xxx
[+] WPA key found: f0f8f495a7e0c3b978685b775b32d4df3518c310131d35418f e84ec7f600a25d

I tested again and a got:

[+] PIN found: 02638xxx
[+] WPA key found: 9bd968297e96004836d0693f1e509baae907d3b87c23dea006 c2b5e17adacca2


But key is not Passphrase, and i can't connect on my network with this key.

What can i do, to know my password, i have PIN?


Greeting

ASTRAPI
04-29-2012, 11:11 PM
The cracked file that the software is creating is not readable by many text editors :(

tonytue
05-08-2012, 02:38 AM
it's awesome script but it depend on the model of AP, i tested it with DLink AP and it work

miroslavk
05-18-2012, 08:01 AM
How can I enable pyrit and cowpatty in wifite as it's off when I run -h

I have them installed btw

Thanks

hannah
05-18-2012, 07:50 PM
I am having same issue which MKing is having as stated in Post #25.


I also got the following details against my router:

"Key is '14563e990da85f59371c72d1b0882a9ac51181488712522fd 4318d7523efc659' and PIN is '18794786'"

But the I know for a matter of fact the Key is wrong. So the question is what can I use the PIN for please.

Regards

hannah
05-19-2012, 01:44 AM
Another question?

Can you run wifite.py against hidden WPS enabled AP..

Look at my output:


[+] select target numbers (1-8) separated by commas, or 'all': 2

[+] 1 target selected.

[0:00:00] initializing WPS PIN attack on (00:11:22:33:44:55)
^C0:03:11] WPS attack, 0/0 success/ttl,


It was running for 3 mins and no progress..just asking...
regards

thad0ctor
05-19-2012, 08:58 PM
@hannah you are better off using just reaver to do it. from my experiences I had to grab a handshake and from that I was able to find the bssid and then I inputted that and the essid into the reaver commands

hannah
05-20-2012, 06:51 PM
@thad0ctor got your point. it's trivial to get the essid as we all know. I quite like wifite hence I am just asking if this prog can crack hidden APs or not ... if not then the author might like to add that functionality as well..that's all

longjidin
05-21-2012, 08:11 AM
Nice version of Wifite. when the stable is release??

longjidin
05-21-2012, 08:13 AM
maybe put some tools to find the hidden essid it will be nice......

miroslavk
05-23-2012, 07:31 AM
I have problem that what ever WEP I try to crack it doesn't crack with new beta 2 version but with the version before I was able to crack any WEP I attack..

Any Idea?

btw my pyrit and cowpatty ar OFF for wifite when I run -h option...

flatounet
10-03-2012, 11:06 AM
i used wifite succesfull with testing 2 wep network 1 with client , 1 without;
but i see few option to add :
i am testing wps on my network ; i got some succesfull attack , but wifite turn itself off after few time
(more than 10min because got some good attack ; can you put option for non-stop attack ? )

- same wps attack seem are blocked on some box ,
can you look if changing wlan ip every xxx attack or xxx time , this dont block box ? (and wps attack are faster)

,same (i think it's a dream : i got 2 card alfa awu036h )
can you optimise test networking with multiple card ?
1 attack , 2th scout for new network / client ?
and swith to network with more bandwitch/transfert for get more chance to get arp ?

sorry for my bad english , i hope you understand what i think ;)
thank's

Turambar1337
01-26-2013, 03:28 PM
I get acess denied when I go where https://raw.github.com/derv82/wifite/master/wifite.py in Backtrack, by opening a terminal.
What Am I doing wrong?

chipi
01-30-2013, 12:36 PM
Hi,

I used Back Track 5r3 version.
I tried the program wifite.
But why is this message? What is the problem?

Image (http://ftptarhely.com/chipi/kepek/linux/wifite.jpg)

Firebloodphoenix
02-02-2013, 01:05 AM
Hi,

I used Back Track 5r3 version.
I tried the program wifite.
But why is this message? What is the problem?

Image (http://ftptarhely.com/chipi/kepek/linux/wifite.jpg)
Test Injection With Your Wi-Fi Adapter ...

I have a Feature Request for this awesome script:
Change TX power

Didn't test it a lot but working so far :
BTR3 KDE 64
AWUS036NH
TL-WR1043ND (DD-WRT firmware)
Hand shake captured and cracked

crossword
02-09-2013, 03:37 PM
i am testing wps on my network ; i got some succesfull attack , but wifite turn itself off after few time
(more than 10min because got some good attack ; can you put option for non-stop attack ? )

thank's

Try starting wifite with the wps no-time option.


./wifite.py -wpst 0

Good luck.