Now open terminal
Now you need to find out the following about your target network.
1.Does it have WPS enabled. If not, then the attack will not work.
2.The Bssid of the network
*Now to check whether the network has WPS enabled or not, you can either use "wash" or "airodump-ng".
*set your Wireless interface in monitor mode
*type "airmon-ng start wlan0"
*it will probably show "some processes that could cause trouble", we will simply kill those processes by entering "kill "(e.g. kill 2799)
*type "airodump-ng mon0" - it will show all networks around you and About WPA. and bssid details.
*now open Reaver - hacking tool for wifi networks
*type "reaver -i mon0 -b XX:XX:XX:XX:XX"
*Explanation = i - interface used. Remember creating a monitor interface mon0 using airmon-ng start wlan0. This is what we are using. -b species the BSSID of the network that we found out earlier.
This is all the information that Reaver need to get started. However, Reaver comes with many advanced options, and some are recommended by me. Most importantly, you should use the -vv option, which increases the verbosity of the tool. Basically, it writes everything thats going on to the terminal. This helps you see whats happening, track the progress, and if needed, do some troubleshooting. So final command should be-
*"reaver-i mon0 -b XX:XX:XX:XX:XX -w"(**you can use "-vv" in place of "-w")
the password will be cracked
**For more details how reaver works:
Lets Learn How This Attack Is Carried Out
In order to use Reaver, you need to get your wireless card’s interface name, the BSSID of the router you’re attempting to crack (which I will show you how to find), and you need to make sure your wireless card is in monitor mode. So let’s do all that!
Find your wireless card:
Inside Terminal, type: $iwconfig
Press Enter. You should see a wireless device in the subsequent list. Most likely, it’ll be named:
wlan0 or wlan1
But if you have more than one wireless card, or a more unusual networking setup, it may be named something different.
Put your wireless card into monitor mode: Assuming your wireless card’s interface name is: wlan0
Execute the following command to put your wireless card into monitor mode:
"airmon-ng start wlan0"
This command will output the name of monitor mode interface, which you’ll also want to make note of. Most likely, it’ll be: mon0
Find the BSSID of the router you want to crack:
Lastly, you need to get the unique identifier of the router you’re attempting to crack so that you can point Reaver in the right direction. To do this, execute the following command:
"airodump-ng mon0"
When you see the network you want, press Ctrl+C to stop the list from refreshing, then copy that network’s BSSID (it’s the series of letters, numbers, and colons on the far left). The network should have WPA or WPA2 listed under the ENC column.
Now, with the BSSID and monitor interface name in hand, you’ve got everything you need to start up Reaver.
Crack a Network’s WPA Password with Reaver
To find out if the AP you are attacking uses WPS (vulnerable to Reaver), you can use:
"wash -i mon0"
Look under the LOCK column. If your target BSSID has it’s WPS LOCKED (you will see “yes” for LOCKED WPSs), then Reaver will not be able to crack the PIN. If you see a “no”, then continue…
Now execute the following command in the Terminal. (replacing and monitor interface and the BSSID with the BSSID that you copied down above):
"reaver -i mon0 -b [bssid] -vv"
For example, if your monitor interface was mon0 like mine, and your BSSID was
"8D:AE:9D:65:1F:B2"
(a BSSID I just made up), your command would look like:
"reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv"
Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my successful test, Reaver took about 6 hours to crack the PIN and deliver me the correct password. The Reaver documentation says it can take between 4 and 10 hours so it could take more or less time than I experienced, depending.
