Fern Wifi Cracker: wireless security audit tools Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks. MAC addresses are unique – sort of. A MAC 1 address, or “Media Access Control” address, is a unique 48-bit number 2 assigned to every network interface. If your computer has multiple network interfaces – say both a wired ethernet port and a wireless network adapter – each interface will have its own MAC address. I prefer to call this software Wi-Fi genie or Wi-Fi cracker than hacker because it unlocks any available wireless network you want to access. Wi-Fi genie or Wi-Fi cracker sounds like a better name to me. I gave a lot of suggestions to the administrator to improve the software experience. Hopefully, the team will implement it soon. Dpkg -i Fern-Wifi-Cracker1.1all.deb Software Icon can be found at the application Menu of the GNOME desktop interfaces Icon can also be found at /usr/share/applications for KDE and also GNOME.
NOTE: The information contained in this tutorial is directed toward the Kali Linux distribution, but can also apply to other Linux varieties if the appropriate tools are installed. All tools used in this tutorial are freely available.
For the purposes of this article, all ESSIDs and BSSIDs have been pixelated. When you run actual scans, you will be able to see these values.
SETTING YOUR WIRELESS CARD TO MONITOR MODE:
Before using any wifi pen testing tool, you will need to set your wireless interface to Monitor mode. First, find out which wireless interfaces are available by running iwconfig from the command line.
The response to this command tells you a few things. We know that the wireless interface on this system is wlan0 (Be wary as this may not be wlan0 after a reboot. Some systems shuffle the interface name on reboot.), we know that Wlan0 is not associated with an access point (not connected to a wireless network), and we know that the Tx-Power (transmit power) of this interface is 15dBm. Depending on your drivers, you can bump this setting as high as 30dBm, though most systems are now limited to 20dBm to conserve power and avoid over-heating your wireless card.
To adjust your transmit power, run the following:
# iwconfig wlan0 txpower 30
In order to set an interface to Monitor Mode (Using the example of wlan0), you should run airmon-ng start wlan0**.
Airmon-ng (part of the Aircrack suite) has now created a new interface called mon0 which is a sub-interface of wlan0 and is set to Monitor Mode. You can now use the command airodump-ng mon0 to view the wireless traffic in your area.
THIS IS NOT AN ATTACK OF ANY KIND - IT SIMPLY LISTENS TO PASSING TRAFFIC IN YOUR AREA. FEEL FREE TO TRY IT OUT
While using airomon-ng, the BSSID field shows the MAC addresses of nearby wireless networks. ESSID shows the names (SSIDs) of these networks. PWR shows the power of each network, which helps to determine its location and your likelihood of cracking the wifi password (the greater the power, the better your chances. NOTE: Power is never negative, but is shown that way in airodump-ng depending upon the version of the rt18187 module that is installed. This can be fixed by accessing the terminal and running airdriver-ng unload 36, then running airdriver-ng load 35.) CH shows the channel on which a given network is broadcasting. ENC shows the encryption standard employed by each network. WEP networks are the easiest to crack, followed by WPA, and then WPA2. CIPHER and AUTH both provide further information as to how the network is secured.
In the lower section of the terminal, you will notice that each BSSID entry is associated with a STATION. The STATION is a device which is reaching out for a network. PROBE indicates the network that the STATION is trying to reach. More often than not, you'll see a response of (not associated), meaning that the desired network isn't available, the device didn't connect, etc. If you see a real MAC address in the BSSID field, then the STATION has just connected to that network.
Now it's time to actually do something with all this traffic!
USING FERN-WIFI-CRACKER TO PEN TEST WIRELESS NETWORKS
Fern-Wifi-Cracker is a free, GUI-based tool that uses the aircrack suite to attack wireless networks. Fern can be launched from the Kali Linux application menu under Wireless Attacks >> Wireless Tools >> fern-wifi-cracker.
The Fern interface is pretty intuitive and will allow you to point and click your way through a wireless assessment (to an extent). In order to search for available networks, simply choose an interface from the dropdown Interface list and click the button to Scan for Access Points.
After a few seconds, you'll see networks begin showing up next to both the WEP button and the WPA button.
Click either the WEP or WPA button to choose a target. As the names suggest, each button is related to an encryption standard and will list the available wireless access points using that particular encryption standard.
Now choose your target network from the list, click the Attack button, and wait...
NOTE: If you choose to update Fern, it will stop working. This is because the updater is broken. Don't worry though – it's an easy fix. From the command line, run the following: chmod x /usr/share/fern-wifi-cracker/resources/execute.py. As soon as you run this command, Fern will begin operating normally again.
USING WIFITE TO PEN TEST A WIRELESS NETWORK
If you are comfortable using the command line, a somewhat more powerful tool available to you is Wifite. You can call wifite directly from the command line by running wifite.
Wifite will begin scanning for local networks and start gathering data on devices which connect to these networks. Once you are satisfied that you have gathered enough data (I recommend waiting about 3-5 minutes), hit CTRL C to stop scanning and select a target.
Enter the number of your target network and hit ENTER to begin an attack against that network. You want to target networks that are marked with client or clients - These networks are actively communicating with a wireless device, making them even more vulnerable.
Wifite automatically iterates through multiple attack types supported by Aircrack-ng in order to give you the best chances of success.
Further Information on Aircrack-ng:
For more information / tutorials around Aircrack-ng, visit http://www.aircrack-ng.org/doku.php?id=Main#tutorials.
NEVER MISS A BLOG
Get the latest stories, expertise, and news about security today.
In my previous tutorial I show how to crack WPA password but now let’s downgrade on cracking WEP that is less secure and easier to crack than WPA password, easier than eating popcorn. In cracking WEP password you don’t need to use any wordlist because cracking the key depends on the initialization vectors you’ve captured and the tool will automatically crack the key. Fire up Fern Cracker once again you goddamn bastard!
- Choose the wireless card (ex. wlan0, wlan1, eth0)
- Scan for wireless APs nearby
- When there’s available WEP APs the WEP button will be abled, just click the button and it will open the attack panel.
Fern Wifi Cracker Ubuntu
This panel will show you useful information on the router. – channel, ESSID, BSID. Click your target router, tick the regular attack and on the upper right side click wifi attack. When everything goes smoothly you’ll see the increasing number of IVs like the picture above. Take note that the speed of IVs depends on the connected devices using the network because if they are just connected but not browsing something the attack will be very slow.
27133 IVs and counting still no WEP key but in this world for us to exist, patience is virtue. You can leave it there and watch your favorite tv show.
Fern Wifi Cracker No Mac Address Settings
Alas! the WEP key! a 26-digit key that you can enter as password or if you want you can decrypt the password using online hex to ascii converters. To sum it, if you’re still using WEP change it to more secure WPA/WPA2. There’s another tool that can crack WEP like wifite that I will use in my upcoming tutorials.
Comments are closed.