Privacy & Cookies

This website uses cookies. By continuing to use this site you are agreeing to our use of cookies.
Forum Index

Sections

View

Filter topics in this section

Stats

Threads6,831
Posts56,193
Authors6,271

Cracking WPA2 with Fern WIFI cracker

Hacking & Security > Tutorials and Articles > Cracking WPA2 with Fern WIFI cracker


    • 4810
    • 506

    0

    Fern WIFI cracker



    Disclaimer: I carried out this attack using my own WIFI network, all MAC Addresses and names have been faked. This tutorial is for learning purposes only and should not be used for any illegal activities.

    Introduction:



    This is a step by step on how to use the Fern WIFI Cracker that comes installed with Kali-Linux. I used a Surface Pro to share a WPA2 network (which is a pain to do when you realise that windows 8 has taken out the GUI ability to create a adhoc network!!! you now have to use command to do it.) I connected to the network with another device for reasons that will come apparent later in the tutorial, then I cracked it This is by far one of the most user friendly tools I have used and is great for beginners.

    Step 1 - Setting up your wifi adaptor to monitor mode



    Open a terminal window and type:

    Code:
    airmon-ng start wlan0


    up_34c3a91dfbbd7d62d69211b675845806.jpg

    Step 2 - Launch Fern WIFI Cracker



    Once launched click on the select interface as seen below:

    up_22e89c39ceabbd2ed8889bbfe79dc532.jpg

    Now if your wireless card successfully entered monitor mode from the first step you should see the following:

    up_6684229cbe52204c218b81e039e311c3.jpg

    Step 3 - Detecting a network to crack



    Click the top button highlighted below to activate the search, your results will be displayed as WEP or WPA networks as seen below, you then click on the relevent button ie WPA:

    up_5942ef41fb5ce7e7b362ec112c01189d.jpg

    Step 4 - Select a network to crack



    Click on your chosen network then ensure that you click regular attack, browse to your dictionary file select it and then wait for the program to find a client to deauth.

    up_bd1d70c435531724b7c4fbf3084a61e9.jpg

    The program has a worldlist (file path seen below) but its not great you will want to have your own to crack networks with strong passwords.

    up_65d06e8527ca75156d7017a0beb97414.jpg

    Step 5 - Attack the network



    Once selecting a wordlist file (highlighted below as common.txt) and a client MAC to deauth you can run your attack:

    up_76902656e823c57ee2f75241dcb58080.jpg

    As you can see below the wordlist common.txt did not contain my password so you will need to either use a different wordlist or update this one.

    up_69643db1ed0b1d9f74acb319efc75c4b.jpg

    To save time i updated the wordlist with the password of the network and as you can see below it cracked it

    up_bda93f616f24b5b8f7004750b3f151a7.jpg

    Other Features:



    Fern WIFI Cracker contains a key database were it saves keys from networks that have been previously hacked.

    up_e757e01b5eec1f915108db41da148444.jpg

    This is the key from the HackMe network that we just hacked

    up_3e706aeb717e45560f6d4dcfdd69d7a6.jpg

    Summary:



    I've found this a very easy and self explanatory tool to use, its great for beginners and cracks not just WPA but WEP and WPS with ease. The only points to note are that based on the password of the network and the length of your wordlist it may take quite some time to crack.

    Hope you found this tutorial useful, please comment if you liked it.

    Happy Hacking

    ^__^
    up_bac59c3405ec8a1a28d6347c0b6ed62c.jpg
Viewing 10 replies - 11 through 20 (of 52 total)
  • Gninja
    Gninja's profile picture

    • 4810
    • 506

  • R4z0r
    R4z0r's profile picture

    • 6035
    • 144

    0
    Gninja

    Thanks for the speedy answer I only asked because I could capture the handshakes and then transfer them to a better machine to crack them.
  • Gninja
    Gninja's profile picture

    • 4810
    • 506

    0
    R4z0r No problem, don't forget you can always use the CLI of aircrack-ng suite to capture the handshake to a directory of your choosing.
    up_bac59c3405ec8a1a28d6347c0b6ed62c.jpg
  • DaGr8Kornolio
    DaGr8Kornolio's profile picture

    • 6060
    • 267

    0
    Hey guys,

    It's not the first time that I read this on a wifi cracking tutorial and I would like to know if someone here know more about this feature/bug... I understand that to be able to sniff a handshake between the client and the AP you can : 1- Wait or 2- deauthenticate a client of this network... This is a big power... I guess you can use it to DOS the whole network? How is it possible that client accept to be cut off of a network like this? If the message would come from the AP I could understand I guess... You could be disconnected so that you can use another AP with a stronger signal maybe... (if a controller can see the client on multiple AP...)

    I would also like to know if the monitor mode needed to do all this stuff is now possible with all new WiFi NIC or do I have to buy a special card? If yes, how do I know if this card is good?

    I hope I'm clear... (sorry for bad English) Here are my questions :
    1- Anyone know more about this feature/bug and know why it has been implemented?
    2- Can you knock down a network with it?
    3- What are the requirements to be able to start having fun with all the good tutorial of @Gninja.

    Thanks guys!

    DaGr8
    Just because I am paranoid doesn’t mean they’re not after me...


    57b50e96d99557.11210619.png
  • DaGr8Kornolio
    DaGr8Kornolio's profile picture

    • 6060
    • 267

    0
    Oh and also how can I protect my network from third party who would like to have some fun by disconnecting the clients..?

    Thx
    Just because I am paranoid doesn’t mean they’re not after me...


    57b50e96d99557.11210619.png
  • Gninja
    Gninja's profile picture

    • 4810
    • 506

    0
    DaGr8Kornolio I hope this helps:

    How Deauthentication works

    Deauthentication commands explained

    I'm not sure that you could knock a network down with it as the speed of authentication is so fast. When I was doing it to my network I was still browsing the web on my target machine and didn't notice the disconnect/reconnect.

    All that is required is a wireless card that supports the ability to inject packets and also go into monitor mode. I've not been able to find a website that lists all working models as its a massively debated discussion. If your looking to buy a card specifically for it I would google it first.
    up_bac59c3405ec8a1a28d6347c0b6ed62c.jpg
  • Gninja
    Gninja's profile picture

    • 4810
    • 506

    0
    Reference protecting your network from deauth read this LINK

    This part made me laugh:
    "The only way to prevent such an attack is to block the attacker's ability to send wireless transmissions that will reach your legitimate users. That's not a practical solution for several reasons (but extra points if you can convince your workers to sit in a Faraday Cage)."
    up_bac59c3405ec8a1a28d6347c0b6ed62c.jpg
  • d3adMaN
    d3adMaN's profile picture

    • 7510
    • 123

  • Gninja
    Gninja's profile picture

    • 4810
    • 506

    0
    This laptop is a good all rounder and fully supports Kali-Linux (wifi & bluetooth attacks) .....

    LINK
    up_bac59c3405ec8a1a28d6347c0b6ed62c.jpg
  • DaGr8Kornolio
    DaGr8Kornolio's profile picture

    • 6060
    • 267

    0
    Thanks for the search @gninja. I understand that the authentication process is running fast... But sending this spoofing packet goes fast enough I guess. Here is a link to someone who did the test : WiFi jamming via deauthentication packets.

    I understand that you can't prevent this but you can still TRY to locate the guys and use a baseball bat... I might try the Faraday cage... or cables.

    Thanks for the link d3adMaN, I found my answer. Now I will try to find out how to connect it to an antenna on my roof. See what I'll need to purchase... I guess I will need an antenna that can connect directly to my computer for the cracking and that I could also connect to my router... Fun stuff is coming...
    Just because I am paranoid doesn’t mean they’re not after me...


    57b50e96d99557.11210619.png
Viewing 10 replies - 11 through 20 (of 52 total)