Hacking Wi-Fi using Reaver Kali Linux

Reaver – Overview

Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases. On average Reaver will recover the target AP’s plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.

NOTE: It is illegal to perform this attack on a network that does not belong to you unless you have explicit permission from the owner. The information presented here is for educational purposes only.

What You’ll Need

  1. Kali linux : Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing.It is maintained and funded by Offensive Security Ltd. Mati Aharoni, Devon Kearns and Raphaël Hertzog are the core developers.
  2. Wireless USB Adapters : I cannot guarantee this will work with all the internal wireless card.I recommend a external wireless card.
  3. Patience : The process is simple but brute forcing the PIN takes time.So you have to be patient. Kicking the computer won’t help.


Steps for Hacking Wi-Fi using Reaver

  • The first thing we need to do is enable the wireless USB adapter. Run the command “airmon-ng” to see if Kali recognizes your wireless USB adapter.It should show “Wlan0” along with the chipset.


  •  Once the wireless USB adapter is working we need to enable monitor mode.To do this run the following command “airmon-ng start wlan0”. If all goes well the screen will scroll by with some information then say monitor mode enabled on wlan0mon.


  • To find a router that’s vulnerable to Reaver’s attack, we’ll use a tool called WASH, which let’s us scan nearby wireless networks that use WPS. Run the command “wash -i wlan0mon” to scan WPS enabled Wi-Fi.


  • Copy the BSSID, then press CTRL+C to stop the terminal window.
  • Now run the following command
     reaver -i mon0 -b (Target BSSID) –vv


  • Reaver will now run and start a brute force attack against the Pin number of the router.It will run until it finds the wireless password usually 2-10 hours.Here is a screenshot of what it looks like when Reaver cracks the password.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s