Cracking WPA2 with Fern WIFI cracker

Gninja
10 years ago | edited 10 years ago

0

Fern WIFI cracker

Disclaimer: I carried out this attack using my own WIFI network, all MAC Addresses and names have been faked. This tutorial is for learning purposes only and should not be used for any illegal activities.

Introduction:

This is a step by step on how to use the Fern WIFI Cracker that comes installed with Kali-Linux. I used a Surface Pro to share a WPA2 network (which is a pain to do when you realise that windows 8 has taken out the GUI ability to create a adhoc network!!! you now have to use command to do it.) I connected to the network with another device for reasons that will come apparent later in the tutorial, then I cracked it :) This is by far one of the most user friendly tools I have used and is great for beginners.

Step 1 - Setting up your wifi adaptor to monitor mode

Open a terminal window and type:

airmon-ng start wlan0

Image

Step 2 - Launch Fern WIFI Cracker

Once launched click on the select interface as seen below:

Image

Now if your wireless card successfully entered monitor mode from the first step you should see the following:

Image

Step 3 - Detecting a network to crack

Click the top button highlighted below to activate the search, your results will be displayed as WEP or WPA networks as seen below, you then click on the relevent button ie WPA:

Image

Step 4 - Select a network to crack

Click on your chosen network then ensure that you click regular attack, browse to your dictionary file select it and then wait for the program to find a client to deauth.

Image

The program has a worldlist (file path seen below) but its not great you will want to have your own to crack networks with strong passwords.

Image

Step 5 - Attack the network

Once selecting a wordlist file (highlighted below as common.txt) and a client MAC to deauth you can run your attack:

Image

As you can see below the wordlist common.txt did not contain my password so you will need to either use a different wordlist or update this one.

Image

To save time i updated the wordlist with the password of the network and as you can see below it cracked it :)

Image

Other Features:

Fern WIFI Cracker contains a key database were it saves keys from networks that have been previously hacked.

Image

This is the key from the HackMe network that we just hacked :)

Image

Summary:

I’ve found this a very easy and self explanatory tool to use, its great for beginners and cracks not just WPA but WEP and WPS with ease. The only points to note are that based on the password of the network and the length of your wordlist it may take quite some time to crack.

Hope you found this tutorial useful, please comment if you liked it.

Happy Hacking

^__^

48replies
25voices
17,968views
11images
Gninja
10 years ago

0

This is worth a look aswell :)

WPS Hacking

[d3adMaN]
10 years ago | edited 10 years ago

0

Thx for this tut mate, I try this NOW!!! :D
What do you think about dictionnaries you found on the net??? To test aircrack, I got a 13gb one and all the passwords it tests are useless, for the key of my wpa is made on a special algorithm(RC4 I guess) it would be cool to have a programm that can generate keys on this algorithm rather than testing stupid words lke “1stjannuary1984”

oxide
10 years ago

0

yes this does work very well but i have had more luck in close ranges with this tool how was it for you?

[d3adMaN]
10 years ago

0

(Sorry English is not my natural language) what do you mean by close ranges???

harith-1997
10 years ago

0

lien download -_-

Gninja
10 years ago

0

Dictionaries will always be a problem as a password can be anything, i suppose thats why WPA is still widely used.

guuf
10 years ago

0

Excellent Gninja, I love your graphics focus, clear reading, even or me. I understand this. Thank you.

R4z0r
10 years ago

0

When this program captures the handshake for WPA can you navigate to a directory were it is saved and then take a copy of it?

Gninja
10 years ago

0

@guuf I remembered one of your posts on an earlier tut I did and I’ve tried to stick to better more clear graphics :)

@R4z0r I’m not sure I’ll look into it for you asap.

Gninja
10 years ago

0

@oxide It does work better at close ranges but I’ve found it still works even when the access point is on the edge of the wireless cards max range.

Gninja
10 years ago

0

@R4z0r Yes it does save the file in its installation directory :) good question.

Fern updates…

R4z0r
10 years ago | edited 10 years ago

0

@Gninja

Thanks for the speedy answer ;) I only asked because I could capture the handshakes and then transfer them to a better machine to crack them.

Gninja
10 years ago

0

@R4z0r No problem, don’t forget you can always use the CLI of aircrack-ng suite to capture the handshake to a directory of your choosing.

DaGr8Kornolio
10 years ago

0

Hey guys,

It’s not the first time that I read this on a wifi cracking tutorial and I would like to know if someone here know more about this feature/bug… I understand that to be able to sniff a handshake between the client and the AP you can : 1- Wait or 2- deauthenticate a client of this network… This is a big power… I guess you can use it to DOS the whole network? How is it possible that client accept to be cut off of a network like this? If the message would come from the AP I could understand I guess… You could be disconnected so that you can use another AP with a stronger signal maybe… (if a controller can see the client on multiple AP…)

I would also like to know if the monitor mode needed to do all this stuff is now possible with all new WiFi NIC or do I have to buy a special card? If yes, how do I know if this card is good?

I hope I’m clear… (sorry for bad English) Here are my questions :
1- Anyone know more about this feature/bug and know why it has been implemented?
2- Can you knock down a network with it?
3- What are the requirements to be able to start having fun with all the good tutorial of @Gninja.

Thanks guys!

DaGr8

DaGr8Kornolio
10 years ago

0

Oh and also how can I protect my network from third party who would like to have some fun by disconnecting the clients..?

Thx

Gninja
10 years ago

0

@DaGr8Kornolio I hope this helps:

How Deauthentication works

Deauthentication commands explained

I’m not sure that you could knock a network down with it as the speed of authentication is so fast. When I was doing it to my network I was still browsing the web on my target machine and didn’t notice the disconnect/reconnect.

All that is required is a wireless card that supports the ability to inject packets and also go into monitor mode. I’ve not been able to find a website that lists all working models as its a massively debated discussion. If your looking to buy a card specifically for it I would google it first.

Gninja
10 years ago | edited 10 years ago

0

Reference protecting your network from deauth read this LINK

This part made me laugh:

“The only way to prevent such an attack is to block the attacker’s ability to send wireless transmissions that will reach your legitimate users. That’s not a practical solution for several reasons (but extra points if you can convince your workers to sit in a Faraday Cage).”

[d3adMaN]
10 years ago

0

It’s alll about the chipset of the card here’s a link that explains everything :
http://www.aircrack-ng.org/doku.php?id=compatibility_drivers

and this is the wifi usb key I have, it’s perfectly doing the job:
http://www.amazon.com/TP-LINK-TL-WN722N-Wireless-Adapter-Detachable/dp/B002WBX9C6/ref=sr_1_1?ie=UTF8&qid=1371413483&sr=8-1&keywords=tp+link+tl+WN722N

Gninja
10 years ago | edited 10 years ago

0

This laptop is a good all rounder and fully supports Kali-Linux (wifi & bluetooth attacks) …..:)

LINK

DaGr8Kornolio
10 years ago

0

Thanks for the search @gninja. I understand that the authentication process is running fast… But sending this spoofing packet goes fast enough I guess. Here is a link to someone who did the test : WiFi jamming via deauthentication packets.

I understand that you can’t prevent this but you can still TRY to locate the guys and use a baseball bat… I might try the Faraday cage… or cables.

Thanks for the link @d3adMaN, I found my answer. Now I will try to find out how to connect it to an antenna on my roof. See what I’ll need to purchase… I guess I will need an antenna that can connect directly to my computer for the cracking and that I could also connect to my router… Fun stuff is coming…

oxide
10 years ago

0

well i have had lots of luck running many wifi cards alot do support injection mode and monitor mode you would be surprised alot of linksys and netgear usb wifi cards will work great

Gninja
10 years ago

0

The only wireless card I’ve had trouble with is the built in one on the surface pro (Marvell Wireless Driver) its a nightmare to get working, but other than that I’ve always been quite lucky with the kit I already own :)

[d3adMaN]
10 years ago

0

@DaGr8Kornolio an antenna on your roof??? are you trying to aircrack your whole city???
if so, please give me a call I’d like to see this haha

Gninja
10 years ago | edited 10 years ago

0

This is what you want lol

LINK…

oxide
10 years ago

0

well i have a few small ones i have an onmni directional yagi 26dbi gain supposedly,a 26 dbi parabolic small dish again supposedly , an orinico gold pcmcia card, a linksys pcmcia both with external connectors for these 2 26 dbi antenna i cant really tell the difference but im able to get about block or 2 radius and if you were to use a ddwrt client bridge you could easily make it farther

Gninja
10 years ago

0

Very nice indeed @oxide I think I mite invest in a decent dish

R4z0r
10 years ago

0

I’ve never used anything other than my card in my laptop, but I am in an area flooded with wireless connections “London” ;)

Gninja
10 years ago

0

The tube - Wireless and Bluetooth heaven lol

Aleks [Hashcode]
10 years ago

0

Wow man thats a unquine way to Crack WiFi

Gninja
10 years ago

0

Yep, one of many @Hashcode :)

oxide
10 years ago

0

yes and it gets easier go download wifiway it is read yto go out the box and has all these tools in it as well as xiaopan i have been hacking wep since it was hackable this shit is great you can use backtrack but unless you are good just use wifiway its some much easier for a noob

soldier_cyber
10 years ago

0

this crack takes a Millenium guys use aircarck

*********** [ADIGA]
10 years ago

0

Nice one, But the problem with Dictionary attacks that is takes for ever, and may not give a result.

Check this article about reaver, Reaver 101

It may not work for all wpa password routers/access points, but a fair amount will work.

and soldier_cyber, aircrack is for wep passwords :(

bluhacker56
10 years ago

0

i do agree with all of each and single point of vew , it depends on each one’s experience on his working station …just one question which oone do think can be suitable for mac os?

*********** [ADIGA]
10 years ago

0

why dont you try both on VM?

EttaBuchhen
10 years ago | edited 10 years ago

0

I have an experience to share with you guys. Once I was in a remote place, my signal in my phone got jammed, i thought the problem would be with my service provider. After coming back home i gave black and blues to my customer care highlighting my issue. They pleaded me saying that the problem is not with them. Then i browsed through the search engine regarding my issue, i got a remedy for my cell phone, there i came to know the problem called signal jamming that is experienced in most cell phones. They have a product called cell phone signal jammer could be very useful to get rid of these problems. Check out the details here cell phone signal jammer and hope this information would be beneficial. Hope that u would pass this information to all your friends, so that they too would benefited, Stay safe, Cheers

jayssj11
10 years ago

0

really good article . :D

s01andy
10 years ago

0

GPS jammer is a widely used gadget today by those who dont want someone else to track their position wherever they go. Do you have the same concerns? It is easy to prove whether you are being tracked and prevent the situation simply with a GPS jammer to disable all the gps enable tracking gadgets. Here we got an even more convenient gadget for all, mini portable double frequency GPS jammer with built-in antenna light brown.

Reply has been removed
[HUNON]
10 years ago

0

Very NICE! Good job!:)
I love the screen shots it helps a lot for begginers !:) keep up the good work!

mr.hacker.dz
10 years ago

0

nice … !

it just the good work

2 replies have been removed
[deleted user]
10 years ago

0

Thanks for the post. :)

[deleted user]
10 years ago

0

Looks like a lot of people enjoyed this post. :)

Reply has been removed
Mugi [Mugiwara27]
8 years ago

0

The owner of this site does not accept responsibility for the actions of any users of this site. Users are solely responsible for any content that they place on this site. This site does not encourage or condone any illegal activity, or attempts to hack into any network where they do not have authority to do so.

SIGKILL [r4v463]
8 years ago

0

Why are you posting 3 times the same message ‘-’ everybody see with only once

Zzdarkangel
8 years ago

0

Good evening everyone . I will wish to use this to my classes, but the problem I still do not know how to configure my network card (wlan0) then please can someone help me -it?

tattoorocky
7 years ago

0

i have checked out several how toos on using fern and follow the steps exactly. however, i never goes beyond the step of probing for a mac address. i have let this go all day a couple time with the same results. what am i doing wrong or not getting correct? it never goes beyond what is shown in the pic in step 4 in the how to above

jiraiya
7 years ago

0

although fern is a great tool and i have also used it but the problem is that in real life we dont know the passwords of the wifi networks so even a wordlist of 1Gb is useless and waste of time too .
So i would like to know a tool that doesnt require a word-list (now wifi phisher it requires 2 wireless adapters) so something easy to carry and can hack into the network without a word-list will be great

ELJIE
7 years ago

0

Thank you for the Tuto
Eljie

Discussion thread has been locked. You can no longer add new posts.
1 of 49

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss