Cracking Wifi With Reaver

                      BRUTEFORCING  WIFI  WITH  REAVER

 

 

Introduction:

 

Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases.

Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations.

On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.

 

Now  let me tell you that Reaver will work only on those APs who have WPS on them. 

 

 

PROCEDURE :

 

Step 1: 

 

Open terminal and start the wireless mode by typing the following command.

 

airmon-ng start wlan0  (hit enter key) 

This command will output the name of monitor mode interface, which you'll also want to make note of. Most likely, it'll be mon0, like in the screenshot below. Make note of that.

Step 2 :

Find the BSSID of the router you want to crack: 

You need to get the unique identifier of the router you're attempting to crack so that you can point Reaver in the right direction. To do this, execute the following command:

 

airodump-ng mon0 (press enter key)

You'll see a list of the wireless networks in range—it'll look something like the screenshot below:

When you see the access point that you want to attack, press Ctrl+C to stop the list from refreshing. Now copy that Acess point's BSSID. The network should have WPA or WPA2  listed under the ENC column. (If it's WEP, use our previous guide to cracking WEP passwords.)

Now, with the BSSID and monitor interface name in hand, you've got everything you need to start up Reaver.

 

 

Step 3:

 

Cracking  Network's WPA/WPA2 Password with Reaver: 

 

Now execute the following command in the Terminal, replacing  bssid  and  moninterface with the BSSID and monitor interface and you copied down above:

reaver -i moninterface -b bssid -vv

For example, if your monitor interface is mon0, and your target's  BSSID is 8D:AE:9D:65:1F:B2, your command would look like:

reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv 

Press Enter, and let the Reaver work. In this command -v is for verbose. This will show us everything on the screen. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my successful test, Reaver took 3 hours and 20 minutes to crack the network and deliver me with the correct password. As mentioned above, the Reaver documentation says it can take between 4 and 10 hours, so it could take more or less time than I experienced, depending. When Reaver's cracking has completed, it'll look like this:

Reaver has a few more options beside those mentioned above. But the steps mentioned above are enough to crack the WPS pin of the access point. 

Important factors to consider: 

Reaver worked exactly as mentioned in above, but it won't necessarily work on all routers. Also, the router you're cracking needs to have a relatively strong signal, so if you're hardly in range of a router, you'll likely experience problems, and Reaver may not work. Throughout the process, Reaver would sometimes experience a timeout, sometimes get locked in a loop trying the same PIN repeatedly, and so on. So don't  get worried just let it keep on running, and keep it close to the router.

Also there is a great feature in Reaver to pause your progress at any time. you can pause it by pressing Ctrl+C while Reaver is running. This will quit the process, but Reaver will save any progress so that next time you run the command, you can pick up where you left off. But remember if you shut-down your computer then this data will be lost and Reaver would start over again.

 

Working method of Reaver :

Now that you've seen how to use Reaver, let's take a quick overview of how Reaver works. The tool takes advantage of a vulnerability in something called Wi-Fi Protected Setup, or WPS. It's a feature that exists on many routers, intended to provide an easy setup process, and it's tied to a PIN that's hard-coded into the device. Reaver exploits a flaw in these PINs; the result is that, with enough time, it can reveal your WPA or WPA2 password. 

So now with this we learnt one more method to crack WPA/WPA2 password.  

Happy Hacking ...... Keep visiting for more updates and HAVE A GREAT DAY.....!!!!