Professional Documents
Culture Documents
LATEST STORIES
HIVE FIVE Five Best Audio Editing Applications LIFEHACKER TOP 10 Top 10 Tricks for Turning Your Junk Into Money
BY ADAM PASH
Share
HACK ATTACK
MOTIVATION A Better Way to Practice MIND HACKS Defaulting to Being Nice Does You No Good WEEKENDHACKER Make Your Computer More SelfSufficient This Weekend WEEKEND FUN The Inebriator Is An Incredible Arduino-Powered Bartender CLEVER USES Glue Together Business Cards For A Tear Em Off Stack OS X MOUNTAIN LION Enable AirDrop Over Ethernet, Even on Unsupported Macs and Hackintoshes SPONSORED AUG 30, 12 Amusing Home 2012 Accessories Revealing the Fun Side of Decorating LIFEHACKER U Plan Your Free Online Education at Lifehacker U: Fall Semester 2012 CLEVER USES Turn Any Laptop Into a MoneySaving Wi-Fi Hotspot For Your Hotel Room
FOLLOW LIFEHACKER
Like 479,306 people like this. Sign Up to see what your friends like.
SECURITY Heres Everywhere You Should Enable Two-Factor Authentication Right Now QUANTIFIED SELF Use Gmail and Google Docs to Easily and Quickly Track
Easily and Quickly Track Anything SECURITY How Secure Are You Online: The Checklist OPEN THREAD Get Some Fresh Air in This Weeks Open Thread PROGRESS Look At Yourself Objectively WOLFRAM ALPHA Wolfram Alphas Facebook Report Analyzes Every Dark Corner of Your Facebook Activity RESUMES Turn Work Experiences into Measurable Achievements on Your Resume ASK LIFEHACKER How Can I Build a Quiet, LowPowered Home File Server? WINDOWS DOWNLOADS Snipping Tool++ Easily Sends Windows Screenshot Snippets to the Cloud DOWNLOAD ROUNDUP This Weeks Top Downloads MOTIVATION The Right Way to Speak to Yourself COMMUNICATION Youre Not Listening Whip Up Futuristic Cocktails Using Dry Ice and Fireballs COOKING HACKS Caramelize Onions in 15 Minutes Flat DOWNLOADS Headphones Automatically Downloads, Processes, and Converts Any Music You Want ASK LIFEHACKER Whats the Best Wireless Carrier?
(Eventually, Reaver will simply be incorporated with BackTrack by default.) To install Reaver, you'll first need to connect to a Wi-Fi network that you have the password to. 1. Click Applications > Internet > Wicd Network Manager 2. Select your network and click Connect, enter your password if necessary, click OK, and then click Connect a second time. Now that you're online, let's install Reaver. Click the Terminal button in the menu bar (or click Applications > Accessories > Terminal). At the prompt, type:
apt-get update
If all went well, Reaver should now be installed. It may seem a little lame that you need to connect to a network to do this, but it will remain installed until you reboot your computer. At this point, go ahead and disconnect from the network by opening Wicd Network Manager again and clicking Disconnect. (You may not strictly need to do this. I did just because it felt like I was somehow cheating if I were already connected to a network.)
Press Enter. You should see a wireless device in the subsequent list. Most likely, it'll be named wlan0, but if you have more than one wireless card, or a more unusual networking setup, it may be named something different.
Put your wireless card into monitor mode: Assuming your wireless card's interface name is wlan0, execute the following command to put your wireless card into monitor mode:
airmon-ng start wlan0
This command will output the name of monitor mode interface, which you'll also want to make note of. Most likely, it'll be mon0, like in the screenshot below. Make note of that.
Find the BSSID of the router you want to crack: Lastly, you need to get the unique identifier of the router you're attempting to crack so that you can point Reaver in the right direction. To do this, execute the following command:
airodump-ng wlan0
(Note: If airodump-ng wlan0 doesn't work for you, you may want to try the monitor interface insteade.g., airodump-ng mon0.) You'll see a list of the wireless networks in rangeit'll look something like the screenshot below:
When you see the network you want, press Ctrl+C to stop the list from refreshing, then copy that network's BSSID (it's the series of letters, numbers, and colons on the far left). The network should have WPA or WPA2 listed under the ENC column. (If it's WEP, use our previous guide to cracking WEP passwords.) Now, with the BSSID and monitor interface name in hand, you've got everything you need to start up Reaver.
For example, if your monitor interface was mon0 like mine, and your BSSID was 8D:AE:9D:65:1F:B2 (a BSSID I just made up), your command would look like:
reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv
Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my successful test, Reaver took 2 hours and 30 minutes to crack the network and deliver me with the correct password. As mentioned above, the Reaver documentation says it can take between 4 and 10 hours, so it could take more or less time than I experienced, depending. When Reaver's cracking has completed, it'll look like this:
A few important factors to consider: Reaver worked exactly as advertised in my test, but it won't necessarily work on all routers (see more below). Also, the router you're cracking needs to have a relatively strong signal, so if you're hardly in range of a router, you'll likely experience problems, and Reaver may not work. Throughout the process, Reaver would sometimes experience a timeout, sometimes get locked in a loop trying the same PIN repeatedly, and so on. I just let it keep on running, and kept it close to the router, and eventually it worked its way through. Also of note, you can also pause your progress at any time by pressing Ctrl+C while Reaver is running. This will quit the process, but Reaver will save any progress so that next time you run the command, you can pick up where you left off-as long as you don't shut down your computer (which, if you're running off a live DVD, will reset everything).
Further Reading
Thanks to this post on Mauris Tech Blog for a very straightforward starting point for using Reaver. If you're interested in reading more, see: Ars Technia's hands on
This Linux-centric guide from Null Byte The Reaver product page (it's also available in a point-and-click friendly commercial version. Reddit user jagermo (who I also spoke with briefly while researching Reaver) has created a public spreadsheat intended to build a list of vulnerable devices so you can check to see if your router is susceptible to a Reaver crack. Have any experience of your own using Reaver? Other comments or concerns? Let's har it in the comments.
COMMENT
FEATURED
ALL
chgotechguy
A Reddit user (@jagermo on twitter or jagermo [at] hushmail.com) has posted a spreadsheet titled "WPS Vulnerability Testing" listing various devices and user submitted testing data. While the testing is not scientific, some may find it helpful. Be sure to read the comments and background information at the bottom of the spreadsheet, which includes a link where you can share your own testing data. Link to spreadsheet: [docs.google.com]
Edited by chgotechguy at 01/09/12 7:34 AM promoted by Adam Pash chgotechguy was starred
jagermo @chgotechguy Thank you for the link. We can always use more devices, so "get crackin'" (you should only attack devices that you own, of course. We are not criminals.) Melanie Pinola @chgotechguy Link doesn't seem to be working. Trying this: [tinyurl.com]
Edited by Melanie Pinola at 01/09/12 9:56 AM
Walternate @chgotechguy