Fern wifi cracker on kali linux

Cracking WPA using Fern WiFi Cracker

Note: For this demo I’m using a lab environment network that is not routed to the internet. I will be using the Fern WiFi Cracker open source wireless security tool included in the Kali Linux and Backtrack 5 r3 security distros. Before attempting to use Fern or any other utility in Kali or Backtrack please make sure to read the help and MAN pages for a complete description of the program options and switches. This demo is for wireless pentesting educational purposes and to emphasize the insecurities of using a weak or common dictionary word for wireless network authentication and encryption security key or passphrase.

Fern Wi-fi Cracker can crack WEP, WPA, and WPA2 secured wireless networks. Fern basically takes the command line utilities to crack these networks and puts them in a GUI. Very simple to use… scary easy! Fern also provides some extra functionality for hijacking sessions and locating a computers geolocation via its Mac address, but I have not tested with these features.

For this demo I will be using Backtrack 5 r3 running in VMware Workstation on a Win 7 host.

Originally I was using Fern in Kali and ran into some issues with my wireless adapter and with the program freezing or not opening after updating it. I have the fixes I discovered in another blog post for anyone else that may have these same problems.

Router Setup

I’m using an old Cisco/Linksys 802.11g wireless router for this demo and all the settings are defaulted except the security settings, which I set to WPA Personal with a Shared Key passphrase of “password”. The word password should never be used for a real password or passphrase and I’m using it here since I know the Fern program will quickly crack it. In real world situations a WPA/WPA2 passphrase should be completely random and not a common dictionary word. For help on creating a secure WPA/WPA2 passphrase please read my earlier blog post.

Setup the Wireless Adapter

Plug in the USB wireless adapter (I’m using the Alfa AWUS036H 802.11b/g USB wireless adapter) and open the Terminal and run iwconfig to verify the USB adapter interface.

On occasions I have had to bring the wireless adapter interface up using the following command.

Starting the Fern Program

To start Fern from the Terminal type in the following commands

#cd /pentest/wireless/fern-wifi-cracker #python execute.py

or start Fern via the GUI using the Backtrack menu

Applications/Backtrack/Exploitation Tools/Wireless Exploitation Tools/WLAN Exploitation/fern-wifi-cracker

Select the Interface and Fern enables monitor mode. If your wireless interface does not show in the list hit the Refresh button and try again.

Before starting the scan double-click on any blank area of the Fern home screen to bring up the Access Point Scan Preferences screen. You can set the channel option to scan a single channel or leave it at the default All Channels. One nice feature is to check the Enable XTerms option which will have Fern open up the Terminal windows during its usage to see what the program is doing in the background. Click OK when done.

Back on the Fern home screen click the Scan for Access points button.

Two Terminal windows will open; one showing the WEP enabled networks (no screen shot), and another showing the WPA enabled networks. The top part of the WPA Scan Terminal window shows the networks being found, and the lower part shows any connected client devices. For a WPA attack to work it requires a connected client. The most important part of the attack will kick the client off the wireless network and capture the 4-way handshake when the client device re-authenticates to the network. If the network you want to pentest has no connected client your out of luck!

On Ferns home screen the networks being detected will start populating next to the WiFi WEP or WiFi WPA buttons. (I have been seeing less and less WEP enabled networks, so that is a good thing!)

Clicking on the WiFi WEP or WiFi WPA button will bring up the Attack screen and the top pane will list the networks found. Select the AP to crack, but before clicking the Attack button to the right let’s go over a couple of settings.

I will use the Regular Attack option, but there is a WPS Attack option and I believe Fern uses the Reaver utility to launch the WPS attack. You can read more about Reaver by clicking here.

Common.txt is the wordlist that comes with the Fern program, but any wordlist you download or have created on your own can be used by hitting the Browse button and pointing Fern to the alternative wordlist file.

With the Regular Attack and the wordlist selected hit the Attack button.

Fern will start the attack and on the left side of the screen the attack steps will turn yellow as Fern works through the various steps. The most important step is capturing the 4-way handshake and Fern will open an aireplay-ng Terminal window showing the progress of deauthentication (if XTerms is checked in the preferences) of the connected client.

It may take several attempts to deauth a client and capture the 4-way handshake.

Once Fern has captured the handshake it will start the bruteforce attack. Viola! If the WPA key is in the wordlist being used it will display the found key in Red .

As I mentioned I setup a passphrase I knew would be found quickly, and from start to finish this attack took under 4 minutes!

Back on the Fern main screen is a Key Database button and it now shows one entry.

Clicking the Key Database button will display the found keys.

Using a common dictionary word for a WPA or WPA2 passphrase makes it easier to hack with utilities like Fern. The Fern utility is free to download and simple to use, and not everyone is going to use it for legit wireless pentesting purposes.

With possession of the WPA key a person can associate to network and have a gateway to the internet, or they could launch other attacks. For example, with possession of the WPA key the attack could be expanded to include decryption of the data traffic of the legitimate clients on the wireless network.

Thanks for reading and stay wireless secure!

Источник

Day 49 — Fern WiFi Cracker — 100 tools in 100 days!

This post is designed to introduce you to the tool Fern WiFi Cracker.

Disclaimer : Please only use Fern WiFi Cracker for professional and educational reasons. Do not use this tool for nefarious or malicious reasons.

1. Introduction

Welcome to the forty-ninth blog post of 100 tools in 100 days.

Find Fern WiFi Cracker @ GitHub here.

2. My Setup

For running the Fern WiFi Cracker tool, I used Kali Linux in a VMware Workstation 16 Player virtualized environment.

For my network card, I used an Alfa Network AWUS036NHA USB card in monitor mode.

For my victim network, I am using a private Linksys WRT54GL router broadcasting a 2.4Ghz SSID.

For my wordlist I am using a top 4800 WPA list from SecLists found here.

Note: For you to use Fern WiFi Cracker you will need a wireless card that has monitor mode.

The majority of wireless cards do not have monitor mode.

Please see an article here on monitor capable wireless cards.

3. What is Fern WiFi Cracker?

If you were around on Day 004 of this blog series I discussed the tool Kismet which is a wireless network detector, sniffer, wardriver, and WIDS.

Fern WiFi Cracker tool is a tool that functions similarly to Kismet, except this tool is used just for attacking WiFi networks.

4. Why use Fern WiFi Cracker?

Some penetration tests require an analyst to connect directly to an organization’s wireless network in order to gain initial or extended access.

Fern WiFi Cracker automates that process in a GUI supported tool which makes getting into protected wireless systems easier. This tool uses wordlists to perform dictionary attacks against the SSID after deauthorizing a MAC address.

Disclaimer : Please only use Fern WiFi Cracker on wireless networks you have explicit legal access to. Attempting to steal your neighbor’s internet is ILLEGAL.

5. How to use Fern WiFi Cracker?

First, you must have a wireless card that supports monitor mode, see section 2 of this post if you are unsure.

Second, Fern Wifi Cracker comes with Kali Linux so no installation is needed during this blog.

In order for this attack to work, you must have a wordlist with the password. This is not always viable or realistic, but for default and weak credentials, this attack method may work. I used the shuffle command to display a random line from the wordlist file, the password chosen for this test was fishhead .

Step 1: Navigate to your applications menu and to the section: '06 - Wireless Attacks' Click "fern wifi cracker" 

Step 2: If you are not roo enter your root password in the prompt. 

Step 3: The GUI will open and you are presented with an option to select your interface network device. Select your wireless card with monitor and injection capabilities, likely wlan0. 

Step 4: Click the blue wireless signal button to activate scanning mode for discovering nearby wireless access points. Once you see XX detected click either WPA or WEP to view the SSID's found. 

Step 5: This is the attack menu, click the target access point and click browse to select a wordlist file for the dictionary attack. I chose the top 4800 WPA list from SecLists. 

Step 6: Once ready click attack in the top right of the window. This will initiate a probe to find MAC addresses currently connected. Then the tool will attempt a deauthentication process in order to appear as the MAC address of the deauthenticated device in order to initiate a handshake to the wireless access point. 

Step 7: Once the handshake is complete the tool will initiate the dictionary attack and if successful will display the password and connect to the network. 

Step 8: If you want to view previously cracked access points and their passwords click 'Key Database' on the original menu. 

6. Summary

Fern WiFi Cracker does exactly as it sounds, it performs MAC address sniffing on a wireless network, deauthenticates the chosen device, clones the MAC address, and attempts to perform a handshake with the access point.

Once a handshake is established the tool then performs a dictionary attack against the access point in order to gain access to the network.

I hope you enjoyed this blog post.

If you have suggestions for what tool to cover next, contact me!

Источник

Инструменты Kali Linux

Список инструментов для тестирования на проникновение и их описание

Fern Wifi Cracker

Описание Fern Wifi Cracker

Fern Wifi Cracker — это программное обеспечение для аудита беспроводной безопасности, написано с использованием языка программирования Python и библиотеки Python Qt GUI. Программа способна взламывать и восстанавливать WEP/WPA/WPS ключи и также запускать другие сетевые атаки на беспроводные или проводные сети.

Fern Wifi Cracker в настоящее время поддерживает следующие функции:

1. Взлом WEP с использованием фрагментационной, чоп-чоп, кофе Латте, Hirte, воспроизведение запросов ARP или WPS атак
2. Взлом WPA/WPA2 по словарю или основанными на WPS атаками
3. Автоматическое сохранение ключей в базе данных при успешном взломе
4. Автоматизированная система атаки точки доступа
5. Перехват сессий (Hijacking) (Пассивный и Ethernet режимы)
6. Геолокационный трекинг MAC адреса точки доступа
7. Внутренний движок MITM (человек-посередине)
8. Брутфорс атаки (HTTP,HTTPS,TELNET,FTP)
9. Поддержка обновлений

Автор: Saviour Emmanuel Ekiko

Справка по Fern Wifi Cracker

Справка отсутствует, поскольку эта программа имеет только графический пользовательский интерфейс.

Руководство по Fern Wifi Cracker

Примеры запуска Fern Wifi Cracker

Установка Fern Wifi Cracker

Программа предустановлена в Kali Linux.

Установка в BlackArch

Программа предустановлена в BlackArch.

sudo pacman -S fern-wifi-cracker

Информация об установке в другие операционные системы будет добавлена позже.

Скриншоты Fern Wifi Cracker

Инструкции по Fern Wifi Cracker

Источник