Hey fellow hackers and aspiring wireless wizards! Recently Scottie Cole kicked off Raxis’ new wireless series with a topic that every wireless pentester appreciates: capturing and cracking WPA2 pre-shared keys using Wifite. Whether you’re a seasoned pentester or just dipping your toes into Wi-Fi hacking, this tool will make your life a whole lot easier.

Why Wireless? Why Wifite?

Let’s face it — wireless testing can be a headache. Between flaky hardware, obscure drivers, and the sheer number of moving parts, it’s no wonder many pentesters dread Wi-Fi engagements. Enter Wifite: the tool that takes the pain out of wireless assessments. With just a compatible wireless card (packet injection required!) and Wifite installed, you’re ready to roll. If you’re running Kali Linux, Wifite should already be in your toolbox, but if not, a quick apt install wifite will do the trick.

Once it’s installed, just fire up your terminal and type wifite. If you have multiple wireless cards, Wifite will let you pick which one you want to use. Prefer to specify your interface? Easy — just run:

wifite -i <interface>

Replace <interface> with your card’s name, like wlan1 or whatever your system assigns.

The Deauthentication Dance

Wifite’s default attack sequence is pretty slick: it tries a PMKID attack first, then falls back to a classic deauthentication attack to capture the WPA2 handshake. For this walkthrough, let’s skip the PMKID and focus on the deauth attack. Just add — no-pmkid to your command:

wifite -i wlan0 - no-pmkid

Wifite will start scanning for nearby wireless networks and show you a live-updating list, including the number of clients connected to each one. When you spot your target, hit CTRL+C to freeze the list and select which networks you want to attack.

Now comes the fun part: Wifite launches deauthentication attacks against your chosen networks, kicking off clients and forcing them to reconnect. When a client rejoins, Wifite snags the handshake — your golden ticket to cracking the pre-shared key. All captured handshakes are saved in the hs folder as .cap files, so you can always take another crack at them later if you don’t succeed on the first try.

Cracking the Code

Once you’ve captured a handshake, Wifite automatically tries to crack it using its default wordlist. If the password is in there, you’ll see a satisfying Cracked PSK message. Want to know which wordlists are available? Just run:

wordlists -h

But let’s be honest — default wordlists only get you so far. For real-world tests, you’ll want to bring your own. Specify your custom wordlist right from the start:

wifite -i wlan0 - dict <wordlistfile>

Or, if you want to make a new attempt at cracking a previously captured handshake with a new wordlist, use:

wifite - crack - dict <wordlistfile>

Wifite will show you all the handshakes it’s saved, and you can pick which one to attack. You’ve got four cracking tools at your disposal: aircrack-ng, hashcat, john, and cowpatty. If one isn’t installed, just grab it with:

apt-get install <tool_name>

Scottie leans on aircrack-ng or cowpatty for quick jobs on his Kali box. But for the heavy lifting, Scottie uses Raxis’ custom cracking rigs where he converts the handshake to .hccapx and unleashed hashcat’s GPU-powered fury.

Pro Tips for Wireless Warriors

• Always test your wireless card for packet injection before you head out on an engagement. Nothing kills momentum like hardware issues.

• Keep your wordlists up to date. Password trends change, and a fresh list can make all the difference.

• Save your handshakes! You might not crack them right away, but you can always try new techniques or lists later.

• Be stealthy. Deauth attacks are noisy and can trigger alerts. Use them judiciously, especially on red team ops.

Wrapping Up

Wifite is one of those rare tools that’s both beginner-friendly and powerful enough for pros. It streamlines the whole process of capturing and cracking WPA2 keys, letting you focus on the bigger picture of your assessment.

Focus on wireless network security for your organization with regular wireless penetration testing and remediations. And watch for future posts in this wireless series as well as this one and other posts from Scottie Cole.

If you’re new to wireless pentesting, give Wifite a spin. It’s a fantastic way to learn the ropes. And if you’re an old hand, I’d love to hear your own tips and stories. Drop a comment or shoot me a message. Until next time, happy hacking and may your handshakes always be crackable!

Stay tuned for more in our wireless series. See you in the next post!