How to Using Reaver (99%)

REAVER IS THE WAY TO GO!

Today I am going to teach you how to easily hack WPA/WPA2-PSK enabled
networks using Reaver. The targeted router should support WPS (WiFi Protected
Setup) which is supported by most routers nowadays. WPS is an optional device
configuration protocol for wireless access points which makes it really easy to
connect.
WPS exists in most routers for easy setup process through the WPS pin, which is
hard-coded into the wireless access point. Reaver takes the advantage of a
vulnerability in WPS. Thanks to Craig Heffner for releasing an open-source version
of this tool named Reaver that exploits the vulnerability. In simple terms, Reaver tries
to bruteforce the pin; which will reveal the WPA or WPA2 password after enough
time.
NOTE: This tutorial is for Educational Purposes Only!
What Youll Need
You do not have to be a expert at Linux or at using a computer. The simple
command-line (console ) will do it all. You may need a fair bit of time for this process
and maybe also some luck. The brute force may take from 2 hours to more than 10
hours. There are various ways to set up Reaver, but here are the requirements for this
guide.

Backtrack OS. Backtrack is a bootable Linux distribution with lots of

pen-testing tools. You can use various other Linux distribution but I prefer
Backtrack. If you don`t know how to install Backtrack then please check this
link first.

Computer and wireless network card. I cannot guarantee this will work with
all the internal wireless card. I recommend a external wireless card.

Patience. The process is simple but brute forcing the PIN takes time. So you
have to be patient. Kicking the computer wont help.

Lets Get Started
Have a Backtrack OS ready for action.
UPDATE: Use Kali Linux instead of Backtrack. See Backtrack is dead Long
Live Kali Linux
Step 1: Boot into BackTrack
You can use any method to boot into Backtrack eg. from live CD, VMware, dual boot,
etc. Boot it first into the GUI mode and open up a new console (command line) which
is in the taskbar. Then boot into backtrack. During the boot process, BackTrack will
prompt you to to choose the boot options. Select BackTrack Text Default Boot
Text Mode and press Enter.
After some time Backtrack will take you into a command line prompt where you
should type startx and press Enter. BackTrack will boot will into Graphical User
Interface (GUI) mode.
Step 2: Install Reaver (Skip this step if you are using BackTrack 5)
Reaver should be already installed in the Backtrack 5 but if you are using an older
version of Backtrack or any other Linux distribution, you can install Reaver by using
the steps below.

1.

First Connect your BackTrack to the internet. For WiFi connection go to

Application > Internet > WICD Network Manager.

2.
3.

Select your network and click connect and input your password if necessary,
click OK and click CONNECT the second time.

4.

Now that you are connected to internet, its time to install Reaver. Click the terminal
icon in the menu bar. And at the console type the following:
apt-get update
apt-get install reaver
Now if everything worked fine you will get a freshly installed Reaver tool. If you are
testing it in your own system, please go to WICD Network Manager and Disconnect
yourself first!
Step 3 : Gather Information
Before launching the Reaver attack, you need to know your target wireless network
name or BSSID. This is the series of unique letters and number of a particular router,
and you will need its channel number too. To find this, make your wireless card go
into monitor mode, and gather the required information from the access points. Lets
go.
First lets find your wireless card. Inside terminal or console, type:
airmon-ng
Press Enter and you should see a list of interface names of different devices. There
should be a wireless device in that list connected to BackTrack. Probably it may be
WLAN0 or WLAN1.
Note: To connect your wireless network card into WMware, firstly, connect it to the
USB. You will see a small USB icon that looks like the figure in the top right of
VMware. Right-click on the icon and click connect. The USB sign will turn green and
start to glow.
Enable monitor mode. Assuming your wireless card interface name is WLAN0, type
this command in that same console.
airmon-ng start wlan0
This code will create a new monitor mode interface mon0 as in the screenshot below.
Keep note of the code.
Search the BSSID of the Access Point(router) you want to crack. There are few
ways to search for the Access Point BSSID, but I prefer to use the inbuilt Reaver search
method which shows the list of WPS-vulnerable BSSIDs only.
In the console, type this following command and press enter:
wash -i mon0
You will see the list of wireless networks that support WPS and are vulnerable to
Reaver as seen in the screenshot below. After few minutes you can stop the scan by
pressing Ctrl+C.
Step 4: Lets Start Cracking
I suggest you to try to crack the ones which have WPS lock disabled or say NO in
WPS Locked column. It may also work if it says YES but I am not sure of that. For
that, copy the BSSID of the target AP and also keep note of its channel. In the console,
type the following then Enter:
reaver -i monitormode -c channel -b targetbssid -vv
In my case the monitor mode will be mon0 channel 1, targetbssid would be
C8:3A:35:54:88:81
-vv is written to show the current statistic of the attack as a percentage completed,
currently brute forcing PIN and so on; so we will type the following and enter:
reaver -i mon0 -c 1 -b C8:3A:35:54:88:81 -vv
Press Enter and you should see the attack process as in the screenshot below.
Please note that you will not get Restore previous session at this point, because I
already tried to crack it, and its prompting me to resume from that paused point.
Your progress will also be saved if you press Ctrl+C. It will then prompt you in the
same way, if you again hit the command, and you can resume it from there.
Now just wait or have some coffee and let Reaver do its magic. It might take from 2
hours to 10 hours or more. There are 8 numeric digits of WPS, but the WPS
authentication protocol cuts the pin in half and validates each half separately. Since
the last digit of pin is a cheksum value, which can be calculated on the basis of
previous value, there are 10^4=10,000 possible values for first half and then
10^3=1000 values for the last pin. So the WPS pin code is one of 11,000 possible pin
codes. Some APs can check the WPS pin at the rate of 1 pin per second. Some take
more so it depends upon the AP, and also the network connection.
When the PIN is successfully brute-forced, Reaver will show you the WPS PIN and
the plain password of the AP like in the below screenshot.
I recommend you keep note of the WPS pin, so that if the password is changed again
you can hack that in few seconds the next time by using the following process.
reaver -i (monitor interface) -b (BSSID) -c (channel) --pin=(8 digit pin)
-vv
Example:
reaver -i mon0 -b 11:22:33:44:55:66 -c 1 --pin=12345678 -vv
So now the error part as you might get a bunch of errors depending upon your
conditions. You might get some timeout but thats normal. If you are getting other
errors, see the below Error Section.
Error Section:

If 10 consecutive unexpected WPS errors are encountered, a warning message

will be shown. This may be a sign that the AP is rate limiting pin attempts. A
waiting command can be issued whenever these warning messages appear. Use
the following command:

reaver -i mon0 -b 00:01:02:03:04:05 --fail-wait=360

The default receive timeout period is 5 seconds. This timeout period can be set
manually if necessary (minimum timeout period is 1 second):

reaver -i mon0 -b 00:01:02:03:04:05 -t 3

The default delay period between pin attempts is 1 second. This value can be
increased or decreased to any value. Please note that 0 means no delay:

reaver -i mon0 -b 00:01:02:03:04:05 -d 0

Here ends the tutorial on how to crack wireless network easily using Reaver. Good
Luck!
 Purchase yourself a place that tend to buy cheap essays, staying within boundaries of
things that students to buy cheap essays, staying within boundaries of supplying
students with its influence on a chance to give you an absolute priority for us, and we
are strict about that. Buying customized essays . Paperush These academic process
along with its influence on a students life. For this experience with its influence on a
spare time wisely! There is now or newer! You cannot be worried, we are 100%
capable of academic task. In this case, you cannot allow it is .