You are on page 1of 14

RELATED

(http://lifehacker.com/5938980/how(http://lifehacker.com/5875465/how(http://lifehacker.com/5873829/top(http://lifehacker.com/5981050/five(http://lifehacker.com/5680670/turn(http://lifehacker.com/5945815/how secure-are-you-online-the-checklist) can-i-protect-my-computers-and10-ways-to-break-into-and-out-ofmost-popular-lifehacker-tips-oryour-dd+wrt-enabled-router-into-acan-i-get-wi+fi-at-a-location-thatdata-when-someone-else-is-usingalmost-anything) guides) whole-house-ad-blocker) doesnt-offer-it) How Secure Are You my-network) Top 10 Ways to Break Five Most Popular Turn Your DD-WRT How Can I Get Wi-Fi at
Online: The Checklist How Can I Protect My Into and Out of Almost Lifehacker Tips and Enabled Router into a a Location that Doesn't (http://lifehacker.com/5938980/howComputers and Data Anything Guides Whole House Ad Oer It? secure-are-you-onlineWhen Someone Else Is (http://lifehacker.com/5873829/top(http://lifehacker.com/5981050/veBlocker (http://lifehacker.com/5945815/howthe-checklist) Using My 10-ways-to-break-intomost-popular(http://lifehacker.com/5680670/turncan-i-get-wi+-at-a(http://lifehacker.com/5875465/howand-out-of-almostlifehacker-tips-oryour-dd+wrt-enabledlocation-that-doesntcan-i-protect-myanything) guides) router-into-a-wholeoer-it) computers-and-datahouse-ad-blocker) when-someone-else-isusing-my-network)

ADAM PASH (HTTP://ADAMPASH.KINJA.COM)


1/09/12 5:00am (http://lifehacker.com/5873407/howto-crack-a-wi+fi-networks-wpapassword-with-reaver)

How to Crack a Wi-Fi Network's WPA Password with Reaver (http://lifehacker.com/5873407/howto-crack-a-wi+-networks-wpa-password-withreaver)

(http://adampash.kinja.com)
HACK ATTACK (/TAG/

1,935,924 (http://lifehacker.com/5873407/howto-crack-a-wi+fi-networks-wpapassword-with-reaver) 118 (http://lifehacker.com/5873407/howto-crack-a-wi+fi-networks-wpapassword-with-reaver#replies)

Your Wi-Fi network is your conveniently wireless gateway to the internet, and since you're not keen on sharing your connection with any old hooligan who happens to be walking past your home, you secure your network with a password, right? Knowing, as you might, how easy it is to crack a WEP password (http://lifehacker.com/5305094/how-tocrack-a-wi+fi-networks-wep-password-withbacktrack), you probably secure your network using the more bulletproof WPA security protocol. Here's the bad news: A new, free, opensource tool called Reaver (http://code.google.com/p/reaver-wps/) exploits a security hole in wireless routers and can crack most routers' current passwords with relative ease. Here's how to crack a WPA or WPA2 password, step by step, with Reaverand how to protect your network against Reaver attacks.

RELATED

How to Crack a Wi-Fi Network's WEP Password with BackTrack (http://lifehacker.com/5305094/howto-crack-awi+finetworksweppasswordwithbacktrack) (http://lifehacker.com/5305094/how-to-crack-awi+-networks-wep-password-with-backtrack)
You already know that if you want to lock down your Wi-Fi network, you should opt for WPA encryption because WEP is easy to crack. But did you know Read (http://lifehacker.com/5305094/how-to-cracka-wi+fi-networks-wep-password-withbacktrack)

In the first section of this post, I'll walk through the steps required to crack a WPA password using Reaver. You can follow along with either the video or the text below. After that, I'll explain how Reaver works, and what you can do to protect your network against Reaver attacks.

First, a quick note: As we remind often remind readers when we discuss topics that appear potentially malicious: Knowledge is power, but power doesn't mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn't make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise. The more you know, the better you can protect yourself.

What You'll Need


You don't have to be a networking wizard to use Reaver, the command-line tool that does the heavy lifting, and if you've got a blank DVD, a computer with compatible Wi-Fi, and a few hours on your hands, you've got basically all you'll need. There are a number of ways you could set up Reaver, but here are the specific requirements for this guide:

(http://www.backtracklinux.org/downloads/)The BackTrack 5 Live DVD (http://www.backtracklinux.org/downloads/). BackTrack is a bootable Linux distribution that's filled to the brim with network testing tools, and while it's not strictly required to use Reaver, it's the easiest approach for most users. Download the Live DVD from BackTrack's download page (http://www.backtrack-linux.org/downloads/) and burn it to a DVD. You can alternately download a virtual machine image if you're using VMware, but if you don't know what VMware is, just stick with the Live DVD. As of this writing, that means you should select BackTrack 5 R1 from the Release drop-down, select Gnome, 32- or 64-bit depending on your CPU (if you don't know which you have, 32 is a safe bet), ISO for image, and then download the ISO. A computer with Wi-Fi and a DVD drive. BackTrack will work with the wireless card

on most laptops, so chances are your laptop will work fine. However, BackTrack doesn't have a full compatibility list, so no guarantees. You'll also need a DVD drive, since that's how you'll boot into BackTrack. I used a six-year-old MacBook Pro. A nearby WPA-secured Wi-Fi network. Technically, it will need to be a network using WPA security with the WPS feature enabled. I'll explain in more detail in the "How Reaver Works" section how WPS creates the security hole that makes WPA cracking possible. A little patience. This is a 4-step process, and while it's not terribly difficult to crack a WPA password with Reaver, it's a brute-force attack, which means your computer will be testing a number of different combinations of cracks on your router before it finds the right one. When I tested it, Reaver took roughly 2.5 hours to successfully crack my password. The Reaver home page (http://code.google.com/p/reaver-wps/) suggests it can take anywhere from 4-10 hours. Your mileage may vary.

Let's Get Crackin'


At this point you should have BackTrack burned to a DVD, and you should have your laptop handy.

Step 1: Boot into BackTrack

729 reading: The Renovations That

EXPAND

To boot into BackTrack, just put the DVD in your drive and boot your machine from the disc. (Google around if you don't know anything about live CDs/DVDs and need help with this part.) During the boot process, BackTrack will prompt you to to choose the boot mode. Select "BackTrack Text - Default Boot Text Mode" and press Enter. Eventually BackTrack will boot to a command line prompt. When you've reached the prompt, type
s t a r t x

and press Enter. BackTrack will boot into its graphical interface.

Step 2: Install Reaver


Reaver has been added to the bleeding edge version of BackTrack, but it's not yet incorporated with the live DVD, so as of this writing, you need to install Reaver before proceeding. (Eventually, Reaver will simply be incorporated with BackTrack by default.) To install Reaver, you'll first need to connect to a Wi-Fi network that you have the password to. 1. Click Applications > Internet > Wicd Network Manager 2. Select your network and click Connect, enter your password if necessary, click OK, and then click Connect a second time. Now that you're online, let's install Reaver. Click the Terminal button in the menu bar (or click Applications > Accessories > Terminal). At the prompt, type:

a p t g e t u p d a t e

And then, after the update completes:

a p t g e t i n s t a l l r e a v e r

If all went well, Reaver should now be installed. It may seem a little lame that you need to connect to a network to do this, but it will remain installed until you reboot your computer. At this point, go ahead and disconnect from the network by opening Wicd Network Manager again and clicking Disconnect. (You may not strictly need to do this. I did just because it felt like I was somehow cheating if I were already connected to a network.)

Step 3: Gather Your Device Information, Prep Your Crackin'


In order to use Reaver, you need to get your wireless card's interface name, the BSSID of the router you're attempting to crack (the BSSID is a unique series of letters and numbers that identifies a router), and you need to make sure your wireless card is in monitor mode. So let's do all that. Find your wireless card: Inside Terminal, type:

i w c o n f i g

Press Enter. You should see a wireless device in the subsequent list. Most likely, it'll be named
w l a n 0

, but if you have more than one wireless card, or a more unusual networking setup, it may be named something different. Put your wireless card into monitor mode: Assuming your wireless card's interface name is
w l a n 0

, execute the following command to put your wireless card into monitor mode:

a i r m o n n g s t a r t w l a n 0

This command will output the name of monitor mode interface, which you'll also want to make note of. Most likely, it'll be

m o n 0

, like in the screenshot below. Make note of that.

Find the BSSID of the router you want to crack: Lastly, you need to get the unique identifier of the router you're attempting to crack so that you can point Reaver in the right direction. To do this, execute the following command:

a i r o d u m p n g w l a n 0

(Note: If
a i r o d u m p n g w l a n 0

doesn't work for you, you may want to try the monitor interface insteade.g.,
a i r o d u m p n g m o n 0

.) You'll see a list of the wireless networks in rangeit'll look something like the screenshot below:

When you see the network you want, press Ctrl+C to stop the list from refreshing, then copy that network's BSSID (it's the series of letters, numbers, and colons on the far left). The network should have WPA or WPA2 listed under the ENC column. (If it's WEP, use our previous guide to cracking WEP passwords (http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networkswep-password-with-backtrack).) Now, with the BSSID and monitor interface name in hand, you've got everything you need to start up Reaver.

Step 4: Crack a Network's WPA Password with Reaver


Now execute the following command in the Terminal, replacing
b s s i d

and
m o n i n t e r f a c e

with the BSSID and monitor interface and you copied down above:

r e a v e r i m o n i n t e r f a c e b b s s i d v v

For example, if your monitor interface was


m o n 0

like mine, and your BSSID was


8 D : A E : 9 D : 6 5 : 1 F : B 2

(a BSSID I just made up), your command would look like:

r e a v e r i m o n 0 b 8 D : A E : 9 D : 6 5 : 1 F : B 2 v v

Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my successful test, Reaver took 2 hours and 30 minutes to crack the network and deliver me with the correct password. As mentioned above, the Reaver documentation says it can take between 4 and 10 hours, so it could take more or less time than I experienced, depending. When Reaver's cracking has completed, it'll look like this:

A few important factors to consider: Reaver worked exactly as advertised in my test, but it won't necessarily work on all routers (see more below). Also, the router you're cracking needs to have a relatively strong signal, so if you're hardly in range of a router, you'll likely experience problems, and Reaver may not work. Throughout the process, Reaver would sometimes experience a timeout, sometimes get locked in a loop trying the same PIN repeatedly, and so on. I just let it keep on running, and kept it close to the router, and eventually it worked its way through. Also of note, you can also pause your progress at any time by pressing Ctrl+C while Reaver is running. This will quit the process, but Reaver will save any progress so that next time you run the command, you can pick up where you left off-as long as you don't shut down your computer (which, if you're running off a live DVD, will reset everything).

How Reaver Works


Now that you've seen how to use Reaver, let's take a quick overview of how Reaver works. The tool takes advantage of a vulnerability in something called Wi-Fi Protected Setup, or WPS. It's a feature that exists on many routers, intended to provide an easy setup process, and it's tied to a PIN that's hard-coded into the device. Reaver exploits a flaw in these PINs; the result is that, with enough time, it can reveal your WPA or WPA2 password. Read more details about the vulnerability at Sean Gallagher's excellent post on Ars Technica (http://arstechnica.com/business/news/2011/12/researchers-publish-open-source-tool-forhacking-wifi-protected-setup.ars).

How to Protect Yourself Against Reaver Attacks


Since the vulnerability lies in the implementation of WPS, your network should be safe if you can simply turn off WPS (or, even better, if your router doesn't support it in the first place). Unfortunately, as Gallagher points out as Ars (http://arstechnica.com/business/news/2012/01/hands-on-hacking-wifi-protected-setup-withreaver.ars), even with WPS manually turned off through his router's settings, Reaver was still able to crack his password.

In a phone conversation, Craig Heffner said that the inability to shut this vulnerability down is widespread. He and others have found it to occur with every Linksys and Cisco Valet wireless access point they've tested. "On all of the Linksys routers, you cannot manually disable WPS," he said. While the Web interface has a radio button that allegedly turns off WPS configuration, "it's still on and still vulnerable.

So that's kind of a bummer. You may still want to try disabling WPS on your router if you can, and test it against Reaver to see if it helps. You could also set up MAC address filtering on your router (which only allows specifically whitelisted devices to connect to your network), but a sufficiently savvy hacker could detect the MAC address of a whitelisted device and use MAC address spoofing to imitate that computer. Double bummer. So what will work? I have the open-source router firmware DD-WRT (http://dd-wrt.com/) installed on my router and I was unable to use Reaver to crack its password. As it turns out, DD-WRT does not support WPS (http://code.google.com/p/reaver-wps/issues/detail?id=44), so there's yet another reason to love the free router-booster. If that's got you interested in DD-WRT, check their supported devices list (http://dd-wrt.com/wiki/index.php/Supported_Devices) to see if your router's supported. It's a good security upgrade, and DD-WRT can also do cool things like monitor your internet usage (http://lifehacker.com/5821773/how-to-monitor-your-internetusage-so-you-dont-exceed-your-data-cap), set up a network hard drive (http://lifehacker.com/5756233/get-more-out-of-your-dd+wrt-router-with-an-external-drive? tag=ddwrt), act as a whole-house ad blocker (http://lifehacker.com/5680670/turn-yourdd+wrt-enabled-router-into-a-whole-house-ad-blocker?tag=ddwrt), boost the range of your Wi-Fi network (http://lifehacker.com/5563196/turn-your-old-router-into-a-range+boostingwi+fi-repeater?tag=ddwrt), and more. It essentially turns your $60 router into a $600 router (http://lifehacker.com/178132/hack-attack-turn-your-60-router-into-a-600-router).
RELATED

How to Monitor Your Internet Usage So You Don't Exceed Your Data Cap (http://lifehacker.com/5821773/howto-monitoryourinternetusage-soyou-dontexceedyour-datacap) (http://lifehacker.com/5821773/how-to-monitoryour-internet-usage-so-you-dont-exceed-yourdata-cap)
Internet data caps are becoming a reality and can seriously suck. If you're stuck with the limitation, the best thing you can do is monitor your Read (http://lifehacker.com/5821773/how-tomonitor-your-internet-usage-so-you-dontexceed-your-data-cap)

Get More Out of Your DD-WRT Router with an External Drive (http://lifehacker.com/5756233/getmore-outof-yourdd+wrtrouter-withan-externaldrive) (http://lifehacker.com/5756233/get-more-out-ofyour-dd+wrt-router-with-an-external-drive)
You've supercharged your router with DD-WRT, you're using it to monitor your bandwidth use, and yet you still wish it could do more. Well Read (http://lifehacker.com/5756233/getmore-out-of-your-dd+wrt-router-with-anexternal-drive)

Further Reading
Thanks to this post (http://maurisdump.blogspot.com/2011/12/reaver-11-wps-brute-forcecracker-to.html) on Mauris Tech Blog for a very straightforward starting point for using Reaver. If you're interested in reading more, see: Ars Technia's hands on (http://arstechnica.com/business/news/2012/01/hands-onhacking-wifi-protected-setup-with-reaver.ars) This Linux-centric guide from Null Byte (http://null-byte.wonderhowto.com/blog/hackwpa-wifi-passwords-by-cracking-wps-pin-0132542/)

The Reaver product page (http://www.tacnetsol.com/products/) (it's also available in a point-and-click friendly commercial version. Reddit user jagermo (http://www.reddit.com/user/jagermo) (who I also spoke with briefly while researching Reaver) has created a public spreadsheat (https://docs.google.com/spreadsheet/lv?key=0AgsJmeLMFP2dFp2dkhJZGIxTTFkdFpEUDNSSHZEN3c) intended to build a list of vulnerable devices so you can check to see if your router is susceptible to a Reaver crack.

Have any experience of your own using Reaver? Other comments or concerns? Let's har it in the comments.
Discuss

44 discussions displayed because an author is participating or following a participant. 9 additional replies awaiting review.

Author is participating chgotechguy (http://chgoguy A Reddit user (@jagermo on twitter or jagermo [at] hushmail.com) has posted a spreadsheet titled "WPS Vulnerability Testing" listing various devices and user submitted testing data. While the testing is not scientific, some may find it helpful. Be sure to read the comments and background information at the bottom of the spreadsheet, which includes a link where you can share your own testing data. Link to spreadsheet: [docs.google.com] (https://docs.google.com/spreadsheet/lv? key=0AgsJmeLMFP2dFp2dkhJZGIxTTFkdFpEUD...)

10 participants shido641 (http://shido641-ol And here i thought i was so clever when i put my Mac filtering on, SSID Broadcast off, Limit DHCP to lease only 1 or 2 addresses and have a 23 character password consisting of alphanumeric and special characters. Time to rethink my security...I must say, i thank the guys that developed this because it gives me a challenge :)

1/09/12 11:15pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

mrh829 (http://mrh829.kinj Turning the SSID broadcast off won't do anything to enhance security; if anything, it can actually reduce your security. The reason for this is that when the access point isn't broadcasting the SSID, your wireless device has to initiate the conversation, as opposed to the other way around. This means that if you take your laptop to other locations, it will send out signals asking your home SSID if it's there, which could be recorded by any nearby device that's listening.

1/09/12 7:33am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45822310#comments)

jagermo (http://jagermo-old. Thank you for the link. We can always use more devices, so "get crackin'" (you should only attack devices that you own, of course. We are not criminals.)

1/09/12 8:32am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45824483#comments)

Melanie Pinola (http://melan Link doesn't seem to be working. Trying this: [tinyurl.com] (http://tinyurl.com/6ndb4hq) 1 participant Tristan (http://tristan-i.kinja. Why not just use OpenWRT instead of DDWRT? DD-WRT left a sour taste in my mouth a while back when they were selling a reskinned version of OpenWRT (and weren't releasing source code!). Things are a bit different, but DD-WRT still comes action packed with un-editable binary blobs in what is essentially a FOSS software package. This be a no-no! The developer's logic behind doing this is to prevent other people from re-branding DDWRT and selling it.
Walternate

1/10/12 11:35am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

shido641 (http://shido641-ol Well then i must have listened to the wrong security guys lol...Thanks

1/09/12 9:55am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45827991#comments)

1/11/12 5:34am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa

2 participants

shockwaver and 6 others...

Richard Milne (http://ricardo And this is why I tell people to disable WPS on their router.

1/09/12 6:24am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

The Stig's graphic designer c Unfortunately, as Gallagher points out as Ars, even with WPS manually turned off through his router's settings, Reaver was still able to crack his password.

(If things have further changed, let me know and I may reconsider my blacklisting DDWRT)

while i agree with that step, it isn't a failsafe.

1/09/12 7:13am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa

1/09/12 5:34am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45819806#comments) Richard Milne (http://ricardo

Yeah I saw that, turn it off if you can I belak (http://belak1.kinja.co OpenWRT doesn't support all the routers that dd-wrt does. By all means, OpenWRT looks better than dd-wrt, but I can't check because OpenWRT doesn't run on my Linksys e2000. suppose would be more accurate advice, even if turning it off doesn't actually turn it off lol. I always turned it off because it just seems to be unnecessary anyways. It's a classic case of manufacturers trying to make life easier but actually just making things worse. 1 participant skim32 (http://skim32.kinja. Just an FYI to Netgear WNDR3700 an 3800 owners. Disabling Router's Pin under the Settings section does protect against Reaver. However I've read that other Netgear routers are showing mixed results. Such as the DGN2200. Disabling WPS in the DGN2200 radio.one (http://radio1.kinja Holy crap. I read all through this- panicking all the while. Well, until the very end about dd-wrt. I run openwrt (kong) on my router. just slows down Reaver but it eventually cracks it. Hope this helps some people.

1/09/12 8:07am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45823535#comments)

1/09/12 8:36am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

Bogus Maximus (http://bogu In a test of the networks near my apartment (let's call it a "security site survey"), out of over 20 networks only one responded, and I was blacklisted after less than 2% complete.

3/28/12 10:15am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=48362032#comments) WPS Settings in the Advanced Wireless

1/09/12 12:48pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

FriendlyFire (http://friendly0 I'm glad I've made the right choice then. This Linksys thing seems incredibly dumb to do, even for them.

1/09/12 6:19am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45820431#comments)

1/09/12 4:01pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa

nka (http://nabilalk.kinja.com)

Adam Pash

3 participants digital_man (http://digital_m And another one falls. Any word as to how Tomato [lifehacker.com] against Reaver? (http://lifehacker.com/344765/) stands up

I hope this article and others like it will catch the eye of the router manufacturers and that they will plug this security hole.

1/10/12 6:44am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45857296#comments)

1 participant Audi5000 (http://audi5000. A list of devices that use WPS would be oh so nice. Anyone know if 2Wire routers do?

1/09/12 7:22am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

Travis (http://travis-old.kinja I do not think that Tomato has ever

1/09/12 9:48am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45827718#comments) supported WPS.

1/09/12 7:41am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa

slaw (http://slaw1.kinja.com) If it's anything recent, yes.

Audi5000 digital_man (http://digital_m make sure.

1/19/12 5:43pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=46181718#comments) Yes, I don't think so either, but wanted to

1 participant Caris (http://caris-old.kinja.c "Also, the router >your< cracking needs to have a relatively strong signal, so if you're hardly in range of a router, you'll likely experience problems, and Reaver may not work." #typos (http://lifehacker.com/typos/)

1/09/12 9:01am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa

7 participants
nka

5h17h34d (http://5h17h34d- Last I looked into it, WPA2 Personal AES still has not been cracked by anyone.

1/09/12 6:42am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

Alex Baillieul (http://alexbailli

1/09/12 9:25am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45826742#comments)

Adam Pash (http://adam-pas Thanks, fixed!

As I read the article, this is not cracking the AES encryption, but using a brute force question.

attack to exploit the WPS on the router in 1/09/12 2:56pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45840666#comments) 5 participants Caris (http://caris-old.kinja.c What's the benefit of using Backtrack as opposed to other Linux distros? Is it just the increased functionality of a network testingfocused OS?

1/09/12 6:51am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa

jcollins387 (http://jcollins387 This is not an attack against WPA2+AES, this is a side channel attack against WPS (Wi-Fi Protected Setup), which is limited to a short PIN number which can be brute forced, since there does not seem to be a 5 participants lockout/timeout feature. Zak123 (http://zak123.kinja.

1/09/12 9:36am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45827211#comments)

Audi5000 (http://audi5000. That is pretty much what it is created for, network testing or "pentest". Not sure if you gain any security on your end running it, I'm sure with some tweaks you could. Its just a build of Ubuntu with pre-installed packages.

1/09/12 6:51am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa

You people know that there is a MUCH Travis and 3 others... easier way to get your neighbors password right? 1) Name your WiFi the same as your neighbors 2) Log password attempts

1/09/12 9:47am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45827683#comments)

Caris (http://caris-old.kinja.c Good to know. Thanks.

1/09/12 1:00pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45835958#comments) 3) Wait. Walternate and 1 others...

1/09/12 2:05pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

3 participants

Audi5000 (http://audi5000. AntonK (http://antonk-old.ki Hi. Has anyone used DD-WRT on their Linksys WRT320N router? If so, is there a simplified (read dumbed-down) guide on how to do it around? I checked the DD-WRT page for my router, and it's a bit techy for my comfort. Thanks! polobunny (http://polobunny Saved password is saved. Can't bother waiting a day or two. :P *ahem* honeypot

1/09/12 3:22pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

1/09/12 6:43pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

1/09/12 6:58am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45821322#comments)

3 participants

shido641 and 1 others...

miocene (http://miocene-old Not sure about the Linksys but I installed it on my Buffalo router. The instructions seems really confusing but it's really just a case of choosing the "update firmware" option in the stock router firmware and feeding it DDWRT. Then just do a hard reset for safety (not sure why, I just did what it told me). The tricky bit is finding the right firmware file to feed to your router. The wiki on ddwrt's site usually helps: [dd-wrt.com] (http://ddwrt.com/wiki/index.php/Linksys_WRT320 N_v1.0)

With my last breath, I curse Many laptops are sans DVD drive now. I've had limited experience with Backtrack. can it be loaded on a USB key? Also, isn't there a limit to certain wifi cards? I have an older lenovo X60 tablet which I would love to re purpose to an an educational security laptop. But I worry that the wifi card is lacking the ability to do anything productive.

1/09/12 6:24am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

Travis (http://travis-old.kinja Yep, you can run it off of USB. I think they may even have a special image for it (check the site). Regarding Wifi in Linux, most stuff is supported now, but in general, older tends to be better since there's been more time for the drivers to be written. The only other "compatibility" issue is whether or not the wireless card supports packet injection which I do not believe this attack requires.

1/09/12 7:18am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45821867#comments)

BingleyJoe (http://bingleyjoe You could install Tomato firmware instead. I'm running it on a WRT310N as well as an E3000, and it's excellent; haven't wanted to go back to DD-WRT since I installed it. The webpage is a bit more straightforward as well :) [tomatousb.org] 3 participants (http://tomatousb.org/start)

1/09/12 7:18am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa

Travis (http://travis-old.kinja

1/09/12 7:59am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45823278#comments)

volchara (http://volchara-old Come on, it is NOT about cracking WPA password, it is getting WPA password through the hole in WPS setup. So disable WPS and nothing will be cracked. Lifehacker should know better than use misleading article title.
ErichLOL

Also, these are awesome and very wellsupported in BackTrack: [www.amazon.com] (http://www.amazon.com/Alfa2 participants AWUS036H-Upgraded-Wireless-LongRang/dp/B000QYGNKQ/ref=sr_1_10? PhilESkyline (http://phileskyli tag=lifehackeramzn-20&ascsubtag= Can't you get around this by setting up your [type|link[postId|466032579[asin|B000QY

1/09/12 8:23am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45824120#comments)

Caris (http://caris-old.kinja.c From the article: "Since the vulnerability lies in the implementation of WPS, your network should be safe if you can simply turn off WPS (or, even better, if your router doesn't support it in the first place). Unfortunately, as Gallagher points out as Ars, even with WPS manually turned off through his router's settings, Reaver was still able to crack his password." Is this not true? I haven't done this before.

router to only connect to specific mac GNKQ[authorId|453337608) addresses? 1/09/12 7:22am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp
jagermo

1/09/12 10:16am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

grondinm (http://grondinm-o from the article: "You could also set up MAC address filtering on your router (which only allows specifically whitelisted devices to connect to your network), but a sufficiently savvy hacker could detect the MAC address of a whitelisted device and use MAC address spoofing to imitate that computer."

1/09/12 10:17am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp 1/09/12 9:31am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45827028#comments)

PhilESkyline (http://phileskyli jagermo (http://jagermo-old. We have confirmed that Linksys devices still accept PIN-Codes, even after WPS has been turned off in the admin interface. This sucks, and the only way to fix it is a firmware update. Didn't even read down that far, just watched the video. Hmm...I guess you could also creating fake wireless network from captured packets. It'll be like needle in a hay stack. It's quite funny and fairly easy to do but frowned upon by Big Brother.

1/09/12 1:59pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45838496#comments) 1/09/12 11:35am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

2 participants Walternate nachobel TOTORO! (http://n Adam - I'm trying to use this in a virtual machine, and I need a USB wireless device to do so. I tried doing some reading on what the best supported device to use is, but I can't find anything conclusive. Any ideas on something you guys would recommend?

3 participants wallmalker1 (http://wallmalk All I can about with this software - I ain't goin anywhere near reaver territory

1/09/12 4:57pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

polobunny (http://polobunny REAVERS INCOMING!

1/11/12 9:57pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45927566#comments) 1/09/12 6:43pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

danimal4326 (http://danimal It works with my Airlink+ 802.11g stick i got from Fry's a long time ago for 8 bucks

Aelver (http://aelver.kinja.co I still can't believe they killed Wash.

1/10/12 6:59am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa 1/12/12 12:41pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45947915#comments) wallmalker1

nachobel TOTORO! (http://n I grabbed a wusb54gc my friend had lying around. Seems to be working. This is quite interesting, I must say. Thanks for the tip though!

2 participants nortexoid (http://nortexoid.ki Thanks for the tip. Just disabled WPS on my Fritz!Box router.

1/12/12 1:03pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45948898#comments) 1/09/12 7:13am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa

2 participants catdogpigduck (http://catdog anyone know if this affects Apple Airport extreme wifi routers?

CamJN (http://camjn.kinja.c Might wanna check that, the settings to disable WPS usually don't actually do anything. As was explained when this hit hacker news.

1/09/12 7:37am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45822431#comments) 1/09/12 8:38am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

CamJN (http://camjn.kinja.c Nope, no WPS.

jagermo (http://jagermo-old. Fritz!Boxes only use WPS Push Button, they But yeah, turn it of if you don't need it.

1/09/12 8:33am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45824543#comments) are not affected (confirmed on two devices).

Aelver (http://aelver.kinja.co Not quite true, but only in a very specific circumstance: [discussions.apple.com] (https://discussions.apple.com/thread/3617 1 participant 760?start=15&tstart=0)

1/09/12 1:55pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

1 participant MrTreehorn (http://mrtreeh I really don't know anything about hacking, so I'm wondering what a person can actually network? Will they then be able to access files on windows user/password protected network shares like on a NAS?

do if they manage to connect to our wifi 1/10/12 6:29am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45856945#comments) grondinm (http://grondinm-o I am not at home to try this out but if you turn off SSID broadcast will the "airodumpng wlan0" command still find the network? if not that's a sure way to protect against this.
1/09/12 9:26am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45826802#comments)

1/10/12 5:16am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa

Vinay Kapadia (http://vkapa

Not likely. They have exactly the same jagermo (http://jagermo-old. I think you still see the BSSID (wich is basically the MAC-Adress), the SSID just reads "hidden SSID" (at least on Kismet). So you can still crack the WPS Implementation. After that you just log the traffic until a device signs on and you have the SSID. Turing off SSID broadcast does not help at all - it just creates a challenge ("uuhhhh, lookie here, somebody tries to hiiiiidddeee". gokachu (http://gokachu.kinj should i be knowing that a program like this 1 participant jinx (http://jinx.kinja.com) is out?
1/09/12 1:58pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45838433#comments) Should i be worried at all. How scared

capabilities that any other person on your wireless network has. That is, they are perfectly able to see and attempt to access your network shares, but if all other laptops require a password to get into the share, the hacker's would too.

1/10/12 11:09am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

1 participant

1/09/12 10:06am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

J.Xibalba (http://xibalba.kinj Dont't worry. Protect your network the best you can - possibly change (strong) passwords frequently if even more worried. It'd be very unlikely that someone would get within proximity of your router with this program and have malicious intent. Fortunately for me I live on about 3-4 acres

(http://cache.gawker.com/assets/images/co mment/17/2012/01/b5ee0a7aefb12ed62ba33 1e8b64e93f6/original.png) Just goes to show that you are only as secure as your weakest point.

and my neighbors are not tech savy.

1/15/12 1:48pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa

1 participant

1/09/12 7:41am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45822598#comments) roman (http://roman-old.kinj

So, has anyone been able to crack it with Alexander Riccio (http://alex 1 participant [en.wikipedia.org] (http://en.wikipedia.org/wiki/Rubberhose_) N o r b s (http://norbs.kinja.c (file_system) Damn I was getting all paranoid up until they mentioned dd-wrt is immune... WPA2 enabled?

1/10/12 11:08am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wp

jagermo (http://jagermo-old. Reaver and WPScrack attack the WPS function.

1/16/12 10:02am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=46048794#comments) It does not matter if you use WPA or WPA2 1/09/12 11:17am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45831353#comments)

GeorgeDW (http://georgedw Same here, I was looking for WPS in my ddwrt configuration until I read that part.

1/10/12 1:54pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa

carl48 (http://carl48-old.kinj 1/09/12 12:43pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45835151#comments)

I have only seen the WPS on netgrear routers and then it did not work well, especially with the Macs in the house. PKNY (http://pkny-old.kinja. To add on to the mention about DD-WRT not being vulnerable: that is the case for the standard DD-WRT firmware, but there is WPS support for those who have Buffalo routers and are using the DD-WRT firmware supplied by Buffalo. Please see this forum post for more details: [www.dd-wrt.com] (http://www.ddwrt.com/phpBB2/viewtopic.php? t=149251&highlight=wps) Luckily my current router does not have it, but I guess the moral is, wireless is open to fraud/attack, but at least someone needs to be nearby (I guess that is the upside to poor signal strength ;o) ). If you see someone sat outside with a laptop, might be worth checking your network, they might be trying for free wifi. It always amazes me when in a street, even my own, how many WiFi appear and

especially with their default name. 1/09/12 5:30am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45819756#comments) 1/09/12 5:19am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa

MORE HACK ATTACK STORIES (/TAG/HACK-ATTACK)

SOCIAL NETWORKIN
ADAM PASH (HTTP://ADAMPASH.KINJA.COM)

Why I've Opted for a Piecemeal Social Network Over Facebook or Google+ (http://lifehacker.com/5928573/why-ive-opted-for-a-piecemeal-socialnetwork-over-facebook-or-google%252B)
Facebook is the most popular social network on the internet. It's a
2 million

things to nearly a billion people, and while Facebook does a


facebook-or-google%252B#replies)

60 (http://lifehacker.com/5928573/why-ive-opted-for-a-piecemeal-social-network-overhandful of things competently, it's truly great at next to nothing.

(http://lifehacker.com/5928573/whyive-opted-for-a-piecemealsocial-network-overfacebook-or-google%252B)

HACK ATTACK (/TAG/


ADAM PASH (HTTP://ADAMPASH.KINJA.COM)

How to Supercharge All Your Favorite Webapps with ifttt (http://lifehacker.com/5842307/how-to-supercharge-all-your-favoritewebapps-with-ifttt)


Wouldn't it be handy if every time someone tagged a photo of you on Facebook, that pic were automatically added to your Dropbox folder? If items you starred in Google Reader were automatically added to

(http://lifehacker.com/5842307/howto-supercharge-all-yourfavorite-webapps-with-ifttt)

Instapaper or Read It Later? Or if you received a text message


3 whenever

it was going to rain? If This Then That (http://ifttt.com/)


ifttt#replies)

43 (http://lifehacker.com/5842307/how-to-supercharge-all-your-favorite-webapps-with(ifttt

TIMESAVERS (/TAG/T
ADAM PASH (HTTP://ADAMPASH.KINJA.COM)

How to Automatically Fill in Repetitive Web Forms (and Avoid Tons of (http://lifehacker.com/5837922/automatically-ll-in-repetitive-web-forms)
As a citizen of the web, you frequently enter repetitive information about yourself into forms. Every time you sign up for a new web site with your email address or username, enter in your shipping address, or type in your credit card information for purchases, you waste

(http://lifehacker.com/5837922/automaticallyprecious time typing out the same information. fill-in-repetitive-web-forms) 2 26 (http://lifehacker.com/5837922/automatically-fill-in-repetitive-web-forms#replies)

HOW TO (/TAG/HOW-
ADAM PASH (HTTP://ADAMPASH.KINJA.COM)

How to Control Multiple Computers with a Single Keyboard and Mouse (http://lifehacker.com/254648/how-to-control-multiple-computers-with-asingle-keyboard-and-mouse)
If you have two or more computers at one desk, you don't want two or more sets of keyboards and mice cluttering up your workspace, too. You can buy a hardware gadget that lets you share a single keyboard

(http://lifehacker.com/254648/howto-control-multiplecomputers-with-a-singlekeyboard-and-mouse)

2 and

mouse with several computers (which involves a mess of tangled


and-mouse#replies)

338wires), (http://lifehacker.com/254648/how-to-control-multiple-computers-with-a-single-keyboardor you could use a free software solution

HOW TO (/TAG/HOW-
ADAM PASH (HTTP://ADAMPASH.KINJA.COM)

How to Secure and Encrypt Your Web Browsing on Public Networks (with (http://lifehacker.com/5763170/how-to-secure-and-encrypt-your-webbrowsing-on-public-networks-with-hamachi-and-privoxy)
When you're browsing from a public Wi-Fi connectionlike at your favorite coffee shopanyone on that network can snoop on what you're doing, with very few exceptions. So can the IT crew at your

(http://lifehacker.com/5763170/howto-secure-and-encrypt-yourweb-browsing-on-publicnetworks-with-hamachi-andprivoxy)

4 workplace.

Today, we're going to walk through setting up an


networks-with-hamachi-and-privoxy#replies)

89 encrypted (http://lifehacker.com/5763170/how-to-secure-and-encrypt-your-web-browsing-on-publicproxy server on your home computer so you can secure

HOW TO (/TAG/HOW-
ADAM PASH (HTTP://ADAMPASH.KINJA.COM)

How to Build a Hackintosh Mac and Install OS X in Eight Easy Steps (http://lifehacker.com/5672051/how-to-build-a-hackintosh-mac-and-installos-x-in-eight-easy-steps)
Building a Hackintosh from scratchthat is, installing Mac OS X on
2 non-Mac

hardwarehas never been easier, and the final product has


easy-steps#replies)

957 (http://lifehacker.com/5672051/how-to-build-a-hackintosh-mac-and-install-os-x-in-eightnever performed better. Here's how it works.

(http://lifehacker.com/5672051/howto-build-a-hackintosh-macand-install-os-x-in-eight-easysteps)

PRODUCTIVITY (/TAG
ADAM PASH (HTTP://ADAMPASH.KINJA.COM)

How to Find Time to Learn Something New or Tackle a Passion Project (http://lifehacker.com/5590732/how-to-nd-time-to-learn-something-newor-tackle-a-passion-project)
You've got a career, friends, family, and a mountain of other responsibilities that have a monopoly on your time. So how, amidst all
2 those

time-consuming responsibilities, do you find time to learn


passion-project#replies)

(http://lifehacker.com/5590732/howto-find-time-to-learnsomething-new-or-tackle-apassion-project)

56 (http://lifehacker.com/5590732/how-to-find-time-to-learn-something-new-or-tackle-asomething new or tackle a passion project?

PLAIN TEXT (/TAG/PL


ADAM PASH (HTTP://ADAMPASH.KINJA.COM)

The Holy Grail of Ubiquitous Plain-Text Capture (http://lifehacker.com/5584924/the-holy-grail-of-ubiquitous-plain+textcapture)


Despite all the cool productivity porn modern technology has birthed, the Holy Grail for me is simple: I want to create and edit plain text from anywhere (desktop/tablet/phone), and I want the results to sync flawlessly between devices. And now I can.
(http://lifehacker.com/5584924/the-holy-grail-of-ubiquitous-plain+text-capture#replies)

(http://lifehacker.com/5584924/theholy-grail-of-ubiquitousplain+text-capture)

230

Load More hack-attack Stories

About (http://lifehacker.kinja.com/5732066/about-lifehacker) Help (http://help.gawker.com/) Terms of Use (http://legal.kinja.com/kinja-terms-of-use-90161644) Privacy (http://legal.kinja.com/privacy-policy-90190742) Content Guidelines (http://legal.kinja.com/content-guidelines-90185358) RSS (http://feeds.gawker.com/lifehacker/full) Jobs (http://jobs.kinja.com/open-positions-at-gawker-media-477561225) Gawker Media 2013