See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/370048764

Password Hacking Analysis of Kali Linux Applications

Conference Paper · February 2023

CITATIONS READS
0 5,210

2 authors:

Jon Cathcart Tauheed Khan Mohd

Augustana College Eastern Michigan University
6 PUBLICATIONS 0 CITATIONS 65 PUBLICATIONS 73 CITATIONS

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Tauheed Khan Mohd on 15 April 2023.

The user has requested enhancement of the downloaded file.

 Password Hacking Analysis of Kali Linux
Applications
Jon Cathcart Tauheed Khan Mohd
Dept. of Math and Computer Science Dept of Math and Computer Science
Augustana College Augustana College
Rock Island, Illinois: United States Rock Island, Illinois
[email protected] [email protected]

Abstract—Kali Linux is an open-source software that special- to create more advanced encryption from TKIP (Temporal
izes in professional penetration testing and security auditing. This Key Integrity Protocol) to the AES-CCMP (Counter Mode Ci-
study analyzes 5 applications that are used for password cracking pher Block Chaining Message Authentication Code Protocol),
in Kali Linux. The attacks included in this experiment are
dictionary-based attacks. Each application is researched through which is used in WPA2 networks. But as security encryption
5 attributes: speed, efficiency, complexity, design, and versatility. developed, way of attacking grew with it. With WPA networks,
These components will determine which of the 5 tools analyzed the ”man-in-the-middle’ method made it vulnerable, causing
is the overall best for password cracking, as well as look at the WPA2 networking to develop. Nowadays, cracking has been
pros and cons for each application. introduced to brake through WPA2 networks. The main crack-
Index Terms—password cracking, aircrack-ng, wifite, hydra,
fern wifi cracker, hashcat, WPA, dictionary, penetration testing,
ing software, aircrack-ng, has made attacking WPA/WPA2
virtualbox efficient.
Aircrack-ng is the most common tool for Kali Linux users,
I. I NTRODUCTION because it can do all parts of WiFi hacking: Monitoring
(capturing files), attacking (de-authentications or creating fake
WiFi hacking has been a big subject in cyber security ever access points) , testing (analysing WiFi and drivers) , and
since WiFi has dominated every part of our lives. People on cracking (accessing WEP/WPA content). Another application
a daily basis rely on a wireless connection to function their available in Kali Linux is Wifite, the current version being
devices whether that is through personal or professional use. Wifite2. This uses air-cracking tools and formats it to automate
Unfortunately, the evolution of WiFi resulted in a spike of wireless auditing using Python script. This is very helpful on
cyber attacks. People do not always have access to Ethernet, a convenience standard, especially for beginners who are not
which is more secure then wireless networks. These attacks used to Linux programming language. Fern WiFi cracker is
can consist of capturing data to destroying a device with similar to Wifite2, but is formatted differently. It creates a
adware or botnets. From this, the demand for cyber security to Python/PyQT GUI interface and it very interactive, with no
this day is desperately needed. Over time the defensive side of coding required.
attacks have developed various software applications made as Why does Kali Linux include so many applications if they
anti-virus and anti-malware to stop any form of cyber attack all achieve the same goal or use the same Linux commands?
possible. Still, these applications are not guaranteed as the Do these applications have advantages over one another,
attacking and defensive sides keep revolutionizing methods to and what is the best one to use overall? This study will
gain advantage to one another. investigate these questions and test qualities to determine an
There are some WiFi-hacking systems that are for good overall census for each application analyzed, based on speed,
use. One of those examples is Kali Linux. Kali mostly is efficiency, complexity, design, and versatility.
used for professional penetration testing and security auditing,
II. R ELATED W ORK
though it can be useful in other aspects. For WiFi hacking, this
study with be working with penetration testing. Kali Linux A. Earlier Experiments Applied
can do many forms of WiFi hacking, such as capturing data Penetration testing is not a brand new subject. Kali Linux is
like WEP/WPA addresses, passwords or cause damage to the known for attacking and capturing data on wireless networks.
data like jamming or removing devices. Not only that, Kali One specific use is to crack a password using a Hashcat
Linux provides free applications to make these attacks more technique. This technique consists of a dictionary with a
accessible and user-friendly. list of possible passwords and goes through one-by-one until
With wireless networks, developments of WiFi protected the correct password is matched. This is when the Hashcat
Access (WPA) was necessary to ensure a security standard. comes in. A Hashcat includes a algorithm where it is able
Created by the WiFi Alliance, over time they have continued to decipher a hash that is implemented in a password for
security protection. A past study experimented with is Hashcat method to Wifite, where it uses given dictionaries to crack
technique, where testing consisted of various password hack- through. One downside to Fern is not being able to use all the
ing applications supported by Kali Linux [1]. It researches features unless paying for the pro version. That being said, it
both online and offline hacking. Here in this study, the focus is a very impressive tool and is one of the most popular tools
is specifically on online networking. The study gives brief used in this category.
summaries on methods of attacks and encryption techniques.
III. E XPERIMENTAL S ETUP
The security standards used are WPA and WPA-2. When
cracking, Aircrack-ng is the method of attack applied. Asaad is A. Tools and Prerequisites
able to monitor the network targeted, analyze the WPA/WPA- For this experiment to be possible, there are some tools
2 security of the router, then attempt the crack with hash needed to be included. Kali Linux is installed on Oracle
cat and dictionary used. The dictionary Asaad applies in VM VirtualBox. This was the best environment for a laptop
this experiment is called ”rockyou” which is a given default that is run on Microsoft Windows, since Virtualbox allows
dictionary in Kali Linux. This dictionary will be used in this cross-platform. A second external source of a connection is
study as well. needed too, so in this study, a USB WiFi Adapter is used
One specific application included in Kali Linux is a tool for the wireless connection. This adapter is the ASUS USB-
called Hydra [2]. It is a cracking tool to obtain a login AC53 Nano, which the chipset is the Realtek RTl8812BU.
username and password. The brute attack technique is also The issue with this chipset is that Kali Linux does not support
used here, but what’s different is that Hydra attempts to crack it as of April 2022 because it is outdated. There is a way
a parallel network service. This is achieved by providing a around it, where additional packages and kernels need to be
dictionary file just like a Hashcat. Another great feature Hydra installed to get the adapter to work. The step-by-step details
can do is that this tool is able to find two different passwords, will not be included but here is the source for the required
whereas other password cracking tools in Kali Linux can packages [7]. The recommended chipsets for Kali Linux to use
only do one. The command lines needed to crack a password wireless connection with a USB adapter are Atheros AR9271,
or username using Hydra is applied in the terminal, but Ralink RT3070, and Realtek RTl8187l. The expansion pack
Hydra also provides their own GUI. This can be accessed by for Kali Linux also needed to be installed in the virtualbox
executing xhydra in the command terminal. In the experiment since the standard does not support USB 2.0, which is what
this GUI will be described in depth and shown to describe all the USB WiFi adpaters use. After that, all the tools used in
the possible features. this experiment are automatically installed into Kali Linux so
An all around tool supported by Kali Linux called Wifite there was no additional downloads for any of the tools. Make
can do password cracking as well. It uses a Python script to sure that Kali Linux is updated (command: sudo apt update)
examine wireless networks. The great feature about this tool and upgraded (command: sudo apt upgrade) before attempting
is that it runs all the existing tool for the user, so knowing cracking.
command arguments and switches are not needed [3]. A study
on WEP vs WPA2 in 2019 used Wifite to show how this tool
can crack a WEP password in a matter of a few steps [4], it
is very straight-forward to follow. When they activate wifite
in the command terminal, they show how it only takes a few
lines to be able to get a desired password. This is because it
does deauthentication attacks on its own to show all possible
SSIDs to attack. The efficient feature about wifite is that it
automatically scans and shows all possible targets to attack
based on signal strength. Once the user stops the scanning
and chooses which SSID to crack the password, wifite again
does all the work with a given dictionary to go through and
finds the matched password and stores it in a .json file in a
local folder in Kali Linux to access.
The last tool that will be experimented is called fern wifi
cracker. It’s an automated GUI based tool which uses various
methods/packages such as air cracking to crack wireless access
point passwords by using many implementations including Fig. 1. Wireless connection details
dictionary files just like Wifite [5]. The user-friendly interface
is what makes this tool so convenient for the user, because The wireless connection used is a mobile hot spot on a
there is no coding command lines involved. This GUI is Samsung Galaxy S21. This connnection uses a WPA-2 which
python language oriented. Fern can attack wired and wireless will test intensively how efficient this tools are in Kali Linux.
networks, cracking and recovering WEP/WPA/WPS keys [6]. The password is not complicated to test the speed of cracking
With WiFi WPA based attacks, fern uses a similar attack a password in each tool. When cracking, always make sure
to use a connection that is not open sourced to the public but There are a few things to notice here in Fig. 3 that makes
instead for personal use only. this tool very user-friendly and easy to use. Monitor mode
was not enabled before running wifite, but that is not an
B. Wifite issue with this tool, because wifite is able to enable it on its
own. Once the wireless connection is on monitor mode, wifite
There are a few commands needed to create a workable automatically scans nearby networks and creates a clear visible
environment for Wifite. This tool implements all aircrack-ng list of possible attacks. There are listed based on connectivity
branches to make crack a password possible. One branch that strength, hence why Samsung Galaxy S21 is towards the top.
the user needs to do before running Wifite is airmon-ng. This Typing Ctrl + C will stop the scanning process. Then wifite
consists of checking if there is a working wireless connection will prompt the user to type in numbers based the scanned
and finding processes that could cause issues when cracking. list and which to target. Notice that wifite does not limit to
attacking only one source, but can attack up to all listed which
is what makes this tool effective. When a target(s) is selected,
the user can sit back and watch wifite try multiple methods to
crack the targeted password.

Fig. 4. Wifite cracking processes

Here in Fig. 4, The BSSID is captured by a WPA handshake,

Fig. 2. Airmon-ng command lines then analyzes it using tshark and aircrack-ng to determine the
best method to crack the password. It decides to attempting the
Like shown in Fig. 2, airmon-ng is needed to check and cracking by using aircrack-ng and a .txt file (wordlist.probable)
kill harmful processes in order for tools like Wifite to run that contains a long list of possible passwords to compare to.
smoothly. The main reason why is because of NetworkMan- It is able to crack the WPA handshake in under 10 seconds,
ager. If it is killed, then your wireless connection will go which is very effective.
unnoticed, which bypasses some security implementations.
Part of this is enabling a wireless connection to ”monitor
mode,” which captures all relevant data packets to check
whether a targeted network is vulnerable to any attacks [8].
With all of this, now is the time to pull up Wifite, by typing
”wifite” in the command line.

Fig. 5. Credentials of the cracked network

All of the credentials are then saved in a .json file like shown
in Fig. 5, which details the type of network, date, essid, bssid,
password, and the handshake .cap file.
C. Aircrack-ng
The Aircrack-ng tool include the fundamental methods
Fig. 3. Startup of Wifite for revolutionized tools like Wifite and Fern. For password
hacking, airmon, airodump, aireplay, and aircrack commands
are needed to crack a WPA/WPA2 password. When monitor
mode is turned on using ”airmon-ng start wlan0,” the other
sub-components of aircrack-ng is available. First, a capture of
a WPA/WPA2 handshake is needed. This is possible by using
the airodump-ng command followed by the interface of the
wireless connection.

Fig. 6. Details of targeted connection

A scanning process will occur showing the BSSID needed to

get a handshake capture. Fig. 6 shows the targeted connection
in this experiment. A .cap file is needed so that when the
handshake capture is successful, it can be stored in a readable Fig. 9. Password cracking with Aircrack-ng
and crack-able file. When the BSSID is accessible, the com-
mand in Fig. 7 makes a .cap file with the information of the
WPA/WPA2. bare-bones tool of password cracking will always be reliable
and is not at a huge difference in speed than more modern
tools. symbols in your equation have been defined before or
immediately following the equation.

D. Hydra
Fig. 7. Command line for .cap file
Hydra is very efficient because of the possibility of parallel
An important thing to note is that the directory is stored cracking. Instead of using a BSSID to crack a password, it
where the used dictionary is located for cracking the password, takes an IP address and the used protocol with it. Hydra is
but this is not required. When the .cap file is created, the flexible because it can support various kinds of protocols such
handshake capture still needs to be acquired. This is achieved as HTTP, MySQL, SSH, and VNC (control of a user’s device
through de-authenticating every user that is using the attacked screen remotely).
WPA/WPA2 and then wait for a source to reconnect to capture
that user’s credentials.

Fig. 8. Command to deauthenticate the desried WPA/WPA2

The aireplay-ng command is used to start the de-

authentication. Now the captured handshake is possible and
will be stored in the .cap file. Kali Linux provides a .cap file
reader called wireshark, which makes it easy to manually view Fig. 10. Protocol types
all the information. After all of these steps are made, now the
aircrack-ng can be possible. This command includes the .cap In this setup, with VirtualBox on a windows operating
file of the captured handshake, and the word-list/dictionary system using a mobile hotspot, none of the protocols for this
that will be processed to find the WPA password. wireless connection are compatible with Hydra, like shown
Here in Fig. 9 shows that aircrack-ng found the Samsung in Fig. 10. Therefore, cracking a password in this experiment
Galaxy S21’s password within 15 seconds! This proves that the under these conditions is not possible.
E. Fern WIFI Cracker
Fern is the best application when it comes to beginner
hackers. This is because of the full GUI interface. Cracking
a password does not require any command lines. It also has
other functionalities that make it versatile. Unfortunately, Fern
also does not work in this experiment as well.

Fig. 12. Hashcat memory space error.

0 means the hash type is md5sum and -a 0 means a dictionary

attack. Unfortunately, there is not enough memory space on
this setup to crack a password that is using a hash. As shown
in Fig. 12, the max length of a password supported by the CPU
Fig. 11. Fern Cracker mac address probing error. and kernel used is 256,000 bytes, but even the simplest attack
using Hashcat required 262,144 bytes. Therefore, Hashcat is
Shown in Fig. 11, it can scan and find the hot spot Samsung also not compatible with this setup.
Galaxy 21 to setup a handshake capture. The issue is the
requirement of a MAC address. If you click on a connection IV. R ESULTS
you want to attack, it is supposed to generate a MAC address Each application in this experiment has their own advan-
automatically. But it does not do that in this case, so it gets tages and disadvantages. This experiment is made to take both
stuck in the process. Manually putting in MAC addresses is into consideration and determine the best application in Kali
an alternative method to get around this issue, but that does Linux for WiFi cracking with a dictionary based attack. There
not work as well. This is a common issue with hackers and are 5 main categories that will determine this result. The first is
it seems the root cause is the WiFi adapter used. The one in speed, which will be the time taken to successfully obtain the
this experiment is not naturally compatible with Kali Linux cracked password. Second is efficiency, based on how many
unless downloading extra kernels and packages so it has the steps it takes to crack a password. Third is complexity, which
functionality needed. Since it has worked with Wifite and scores the level of difficulty involved with the commands
Aircrack-ng, there is suspicion that it is just not able to work or steps. Fourth is design, which is based on the visual
with Fern with its high level Python based GUI. representation of an application or user-friendliness. And the
last category is versatility, which is scores based on how many
F. Hashcat different attack methods are available within a cracking tool.
Hashcat has so many ways to attack, making it one of the The scores are measured from 1-5 with 5 being the best of
most versatile and powerful cracking applications. Complex that attribute. For example, a 1 in complexity means that a
passwords can include salts (extra characters for security), and certain tool is insanely complex.
Hashcat has a bunch of hash types and attacks to crack these As from the results shown in the table, wifite takes the top
complex passwords. The needed information to use Hashcat spot as the best Kali Linux application for password cracking.
though is that you know what hash technique is used and Wifite is an all-around tool for all aspects in cracking. As being
the shadow file but do not know the plain password. A strong able to work with the setup in this experiment, the newest
dictionary or brute force combination attack is needed to crack and most compatible requirements are not needed in order
a hash. to be able to do password cracking. The speed is excellent,
The one used in this experiment will be the basic md5sum. with little to no command lines needed, which also makes it
This will be saved in a .txt file in root. Next is the Hashcat not complex to understand at all. The design is great for not
command to crack a password with a given hash. I will be being a full GUI like fern. The only downside is the versatility
using a short word-list to have Hashcat scan through. The -m because to be able to do different attacks like a PMKID attack,
 Categories aircrack-ng wifite hydra fern cracker hashcat
[8] D. Joshi, V. V. Dwivedi, and K. Pattani, “De-authentication attack on
Speed 4 5 0 0 0
wireless network 802.11 i using kali linux,” International Research
Efficiency 3 5 3 5 3
Journal of Engineering and Technology (IRJET), vol. 4, pp. 1666–1669,
Complexity 2 5 4 5 2
2017.
Design 2 3 4 4 2 [9] K. Linux, “Kali linux,” 2019.
Versatility 4 2 4 3 5
Total 15 20 15 17 12

unless downloading extra packages. Now, given the table, fern

wifi cracker has the 2ND highest score, even though there
was no successful password crack with it. This testifies to if
this experiment had a more ideal setup for fern to work, then
without a doubt it would be the best. The full GUI with no
arguments needed is like no other. When it comes to versatility,
hashcat has the most upside but very complex to jump into
without advanced knowledge. Hashcat is able to the CPU as
well as the GPU, which easily makes it the fastest and most
powerful tool on Kali Linux. Someone who has a career in
this field should be using hashcat for majority of the time.

V. C ONCLUSION
As shown from the experiments, the setup used here unfor-
tunately caused a lot of limitations. This made the result not
completely accurate as hydra, Fern WiFi cracker, and hashcat
did not get a complete analysis compared to aircrack-ng and
wifite. It still does not take away from the potential these
applications have if used successfully, and this experiment is
to address those possibilities. Kali Linux is a very reliable
open-source for professional penetration testing and security
auditing [9]. It is very advanced and not an ideal distribution
for beginner users of Linux in general. This severely impacted
how this experiment concluded, as 3 of the 5 tools used were
not successful. The setup used was not naturally compatible
and many difficult altercations arose with downloading extra
packaging to make components like the USB WiFi adapter
usable. It unfortunately still wasn’t fully compatible with
hydra, Fern WiFi cracker, and hashcat. This doesn’t take away
the importance of this study, because Kali Linux provides all
these applications and professionals should understand which
one is the best overall or for their needs.

R EFERENCES
[1] R. R. Asaad, “Penetration testing: Wireless network attacks method on
kali linux os,” Academic Journal of Nawroz University, vol. 10, no. 1,
pp. 7–12, 2021.
[2] L. Allen, T. Heriyanto, and S. Ali, Kali Linux–Assuring security by
penetration testing. Packt Publishing Ltd, 2014.
[3] Kimocoder, “Kimocoder/wifite2: Rewrite of the popular wireless network
auditor, ”wifite” - original source by @derv82 right over.”
[4] A. Martin, B. Mohammed, and R. Ramadhin, “Wep vs wpa2 encryptions,”
2019.
[5] M. Singh, D. Singh, and A. Jara, “Secure cloud networks for connected
& automated vehicles,” in 2015 International Conference on Connected
Vehicles and Expo (ICCVE), pp. 330–335, IEEE, 2015.
[6] A. Yacchirena, D. Alulema, D. Aguilar, D. Morocho, F. Encalada, and
E. Granizo, “Analysis of attack and protection systems in wi-fi wireless
networks under the linux operating system,” in 2016 IEEE International
Conference on Automatica (ICA-ACCA), pp. 1–7, IEEE, 2016.
[7] Morrownr, “Morrownr/8812au-20210629: Linux driver for usb wifi
adapters that are based on the rtl8812au chipset - v5.13.6.”

View publication stats