Crack A WPA Password Using Reaver
Wi-Fi is the convenient wireless connectivity to the Internet. With this being, no one wants to share it with others around. So, they protect their Wi-Fi network with a password. You may probably use WPA security protocol to protect your network. But do you know that it has become very easy to crack a WPA password?
Well, it’s all because of the Reaver which can reveal your highly protected WPA password. It’s a new free open-source that can crack most routers’ current password with ease.
First, let us get into how to crack a WPA password with Reaver followed by how to protect your Wi-Fi network’s password against Reaver attacks.
Crack a WPA password:
Requirements:
You need not have to be a techie to use Reaver and the command-line tool. All that you need to crack a Wi-Fi password is a laptop with compatible Wi-Fi network and an empty DVD. You just have to spend an hour or two to get your work done.
- The BackTrack5 Live DVD: BackTrack is a bootable Linux distribution that’s filled to the brim with Wi-Fi network password hacking tools. While it’s not strictly required to use Reaver, although it’s the easiest approach for most users. Download the Live DVD from BackTrack’s download page and burn it to a DVD. You can alternately download a virtual machine image if you’re using VMware. But if you don’t know what VMware is, just stick with the Live DVD. Select BackTrack 5 R3 from the Release drop-down. Then, select Gnome, 32-bit or 64-bit depending on your CPU, ISO for an image. Finally, download the ISO.
- A laptop with Wi-Fi and a DVD drive: BackTrack will work with the wireless card on most laptops, so chances are your laptop will work fine. However, BackTrack doesn’t have a full compatibility list, so no guarantees. You’ll also need a DVD drive since that’s how you’ll boot into BackTrack.
- A nearby WPA-secured Wi-Fi network: Technically, it will need to be a network using WPA security with the WPS feature enabled. There are more details in the performance of the Reaver section to let you know in detailed how WPS creates the security hole that makes WPA cracking possible.
- A little patience: This process involves just 4 steps and however it’s not terribly difficult to crack a WPA password with Reaver. It’s a brute-force attack, which means your computer will be testing a number of different combinations of cracks on your router before it finds the right one. When I tested it, Reaver took roughly 2.5 hours to successfully crack my password. The Reaver home page suggests it can take anywhere from 4-10 hours. Your mileage may vary.
Step 1: Boot into BackTrack
First, insert the DVD into the drive and boot your machine from the disc to boot into BackTrack. During the boot process, BackTrack will prompt you to choose the boot mode. Select “BackTrack Text – Default Boot Text Mode” and press Enter. Eventually, BackTrack will boot to a command line prompt. When you’ve reached the prompt, type “startx“ and press Enter. BackTrack will boot into its graphical interface.
Step 2: Install reaver
If you are using BackTrack 5, you can skip to the next step since it comes pre-installed on this. Otherwise, go through the following steps to get it installed. Reaver isn’t yet incorporated with the live DVD. So you need to install before proceeding. To install this, first, connect your device to a Wi-Fi network which is protected with a password.
Follow the below steps:
- Click Applications > Internet > Wicd Network Manager
- Select your network and tap on Connect. Now enter your password if necessary, click OK, and then click Connect a second time.
- Click the Terminal button in the menu bar or click Applications > Accessories > Terminal. At the prompt, type:
apt-get update
And then, after the update completes:
apt-get install reaver
If everything is perfect, you can find that Reaver is installed. But the thing is you need to connect to a network to do this. But it will remain installed until you reboot your laptop. Now you should disconnect from the network by opening Wicd Network Manager again and clicking Disconnect.
Step 3: Gather Your Device Information, Prep Your Cracking
You need to get the interface name of your wireless card and the BSSID of the router in order to use Reaver. Make sure that your wireless card is in monitor mode.
1. Find your wireless card: Type the following inside the terminal and then press Enter:
iwconfig
Now check for a wireless device in the subsequent list. Most likely, it’ll be named “wlan0“. But if you have more than one wireless card or a more unusual networking setup, it may be named something different.
2. Put your wireless card into monitor mode: Assuming your wireless card’s interface name is, wlan0, execute the following command to put your wireless card into monitor mode:
airmon-ng start wlan
0
This command will output the name of monitor mode interface, which you’ll want to make note of. Most likely, it’ll be, mon0 like in the screenshot below.
3. Find the BSSID of the router you want to crack: Lastly, you need to get the unique identifier of the router you’re attempting to crack. This will help you to point Reaver in the right direction. To do this, execute the following command:
airodump-ng wlan
0
When you find the required network among a few networks, press “Ctrl+C” to stop the list from refreshing. Then copy that network’s BSSID. The network should have WPA or WPA2 listed under the ENC column.
Now, having the BSSID and monitor interface name, you’ve got everything you need to start up Reaver.
Step 4: Crack a WPA Password with Reaver
Now execute the following command in the Terminal, replacing bssid and moninterface with the BSSID and monitor interface:
reaver -i moninterface -b bssid -vv
Now, press Enter. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take some time to get it done. When Reaver’s cracking has completed, it’ll look like this:
There are a few important factors to consider:
Reaver won’t work necessarily on all routers. The router which you are cracking needs to have an enough strong signal. If you are in the range of the router, then you will experience problems. This will result in improper Reaver work. Reaver would experience a number of problems throughout the process. Problems such as timeout, getting locked in a loop that repeatedly tries the same PIN, and so on. Let it run and keep it close to the router.
Also, you can pause your progress at any time by pressing Ctrl+C while Reaver is running. This will quit the process, but Reaver will save any progress. This will help the next time when you run the command, you can pick up where you left off. This will repeat as long as you don’t shut down your computer.
Performance Of The Reaver
Now as you have seen how to use Reaver, let’s have a quick overview of the performance of Reaver and how it works. The tool takes advantage of a vulnerability in something called Wi-Fi Protected Setup, or WPS. It’s a common feature that exists on many routers. This feature is mainly intended to provide an easy setup process. And it’s tied to a PIN that’s hard-coded into the device. Reaver exploits a flaw in these PINs. This resulted that, with enough time, it can reveal your WPA or WPA2 password.
Protect Your Network Against Reaver Attacks
Since the vulnerability lies in the implementation of WPS, your network should be safe if you can simply turn off WPS (or, even better, if your router doesn’t support it in the first place). Unfortunately, it is said that even with WPS manually turned off through the router’s settings, Reaver was still able to crack the password.
You may still want to try disabling WPS on your router if you can and test it against Reaver to see if it helps.
You could also set up MAC address filtering on your router (which only allows specifically whitelisted devices to connect to your network), but a sufficiently savvy hacker could detect the MAC address of a whitelisted device and use MAC address spoofing to imitate that computer.
Now you might be aware of how to crack a WPA password or Wi-Fi network using Reaver and also how to protect your network against the Reaver attacks.
You May Also Like: How To Find Hidden And Saved Passwords In Windows
