BackTrack - Cracking a WPA password with reaver

Wi-Fi Protected Setup (WPS) was introdused to allow home users with little or no knowelage of wirelss security to set up a wireless network encrypted with WPA or WPA2 as well as making it easy to add new devices to an existing network without entering long passwords/passphrases. In this example I will be using BackTrack 5 R1 Gnome 32 bit. You can either boot off the DVD or install it. The creating of a bootable DVD and installing BackTrack is beyond the scope of this tutorial. I'm assuming you have two network connections one for internet access and one with your wireless adapter that we will be using in this test. In my case I'm using both a wired and wireless adapter. Open up a terminal and run the following commands apt-get update apt-get install reaver Next we need to find out what interface is assigned to your wireless card using the following command. iwconfig In my case wlan0 Next we need to put the wireless card in to monitor mode. airmon-ng start wlan0 The monitor interface created is mon0 Next we need to find the BSSID of our test router we want to crack airodump-ng wlan0 In my case 00:11:22:33:44:55 Next we launch reaver reaver -i mon0 -b 00:11:22:33:44:55 -vv Now sit back and wait, grab a cup or two of coffee, and let reaver do its thing. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my case it took just over 2 hours.