How to Crack WPS with Wifite
Hi, dear co-apprentices and wise masters. I've been recently trying to learn the basics to hacking here, and I've read all guides on Wi-Fi hacking and noticed no word is dedicated to this awesome script that comes bundled with Kali!
Okay, it may be a potential skiddie toy, but it saves a lot of time when we already know the process of getting a password. This tool is able to do many attacks, such as Caffe-Latte, ChopChop, coWPAtty hashing, and.... yes, cracking the WPS Pin with Reaver!
I hope this guide isn't taken as a shortcut to OTW awesome guides, and it's taken as a complement to that knowledge, because this script won't work all the time, while doing attacks manually tend to be way more successful. Anyways, it's worth a try!
For this tutorial, I will assume you're using your terminal as root.
If you're not, you can access root with by typing 'su' if you have root's password, or 'sudo su' if your account has superuser privileges.
Now we launch the script again, by typing
And if we have more than one wireless device, we'll be prompted which one we want to use.
In my case, I have a TL-WN7200ND I bought, and the wireless card that comes onboard in my notebook. Be sure to check this guide to make sure you're using the right adapter. For this attack (and most wireless attacks, unless you're really patient) you'll need an adapter which allows packet injection.
I'll be using wlan1 because that's my adapter. If you're not sure which one is your adapter, one good indicator is reading that name to the left of [phy], for example, I have one that says 'usb' in it, and one that doesn't. And yep, I have it plugged to USB, so that one's it.
I choose it by typing '1', and the script enables monitor mode on that device (sometimes it doesn't, and you have to do it manually previous to running the script).
After 5 seconds, you'll be presented with something like this:
As you can see, there's a listing of the ESSID of near access points, the channel they're on, the type of encryption they're using, the power of signal our antenna is receiving (although if you see 99db, it may be a misreading), if it is WPS enabled, and if it has any client connected to the network. For this guide, we'll choose the first access point from this list, because it's has WPS.
Press 'Ctrl+C' to stop the wireless networks scan, and then type in the number corresponding to the AP you want to focus your attack on.
The script will start by attacking WPS first, because it's faster than capturing the handshake and it requires no clients attached.
If the attack is working, you'll see a percent to start going up to the right of 'success/ttl'
Remember, the more signal power you get from that AP, the less packets will be lost, and the fastest this attack will be completed. You can improve it with directional antennas, or simply by getting closer to the AP, if you know where it is (and you can move your PC there).
If you didn't want to do a WPS attack, and prefer to skip right to handshake capturing, pressing 'Ctrl+C' will stop this attack and start that one. If you press 'Ctrl+C' again, the script will exit.
If the attack was successfully performed, you'll get a screen like this, with WPS PIN and the AP's password:
If you're lucky like me, it'll get one of the two pairs of 4 numbers in the pin really quick, and it'll go from 4% to 90% in a breeze. If that's not your case, this attack may take from 8 to 10 hours, all of which you should stay in range of the AP. It's not an attack you can perform on most notebooks battery power, but if you can plug it in and leave it working in place, you're good to go.
It will start capturing handshake after the attack, but what do you want it for? Ctrl+C and finish the script!
I hope you find this guide helpful, and learn the underworkings behind what this script does. If this guide has acceptance, I may explain other attack types with wifite as well, but I highly encourage for anyone to try it on their own (Hint: It can attack several AP's in a row!).