After using my trusted raspberry pi for a little over 2 years, I was in need of an upgrade. In the beginning my goal was just to make a home firewall/server using PFsense, but then I added an extra requirement, it had to use as little energy as possible. My top priority was getting a system that…
Wifite and raspberry
Being quite a while since I have done a new blog post, been really busy with the project but had a lot of errors, and they just kept on piling up. I decided only do document what worked, rather than write about a bunch of stuff that didn’t work. Being able to sniff networks and inject packages into them now, my journey into the wireless is almost complete for now. Been playing around with Wifite and raspberry a lot lately, and I’ve come to love it a bit.
Wifite is a big script written in python, its goal is to automate the act of cracking wireless access points to the point where there will not be a need for a user to input commands. This is exactly what I needed in order to continue my work, so i downloaded it with a wget
chmod +x wifite.py
these two will download the script and place it in the current folder you where in when the command was executed. The chmod needed to execute the script itself, it just tells the file system that this file my be run as a program. Now that the script is downloaded and made execuatble, we need to start it.
You should now be greeted by a welcome screen and some information about what is going on.
It will put your wireless device into monitor mode (promiscuous mode). This courses the NIC to send all signals to the CPU rather than only the intended signals. This lets us catch “unintended packages” and makes us able to crack networks.
A bit of theory
I wanted to try out cracking the WEP networks first, this is the oldest and worst encryption you can put on your network. Some theory might be needed for this to make sense. When you are using WEP, almost all your packages are sent with a 3 byte long vector called Initalization Vector. Inside almost all package sent by the netowrk, your will find these IV numbers. The IV’s are based on the pre-shared key that all associated/authenticated clients know. Knowing this helps us understand whats going on when write shows us this :
Pay attention to the last message “deauthing to generate packets”. A more active WEP network means that more packages are sent which in turn means that we are able to get IV’s faster. This is good since the more IV’s we have, the better the chance to crack a WEP encryption. Doing a deauthing means to kick off asoiated wireless clients off the network. I use tool void11 for example, it forces all the clients to deauthenticate from the network, when the wireless client notices that the connection is lost, it will try to reassociate with the network. This helps us cracking the WEP encryption, since the act of reassociate with the network menas more packages for us, which means more IV’s to crack.