Professional Documents
Culture Documents
How To Crack A Wi-Fi Network's WPA Password With Reaver
How To Crack A Wi-Fi Network's WPA Password With Reaver
2012
SIGN IN
HIVE FIVE
Five Best Desktop Computer
Cases
STUFF WE LIKE
Extra Fuel Keeps You From
HACK ATTACK Having to Walk Home When You
Run Out of Gas
How to Crack a Wi-Fi
OPEN THREAD
Network’s WPA Password Share
Keep a Watchful Eye in This
with Reaver Week’s Open Thread
Here's the bad news: A new, free, open-source tool called Reaver exploits a security hole in LIFEHACKER TOP 10
wireless routers and can crack most routers' current passwords with relative ease. Here's how to Top 10 Ways to Deal with the
Internet’s Biggest Morons
crack a WPA or WPA2 password, step by step, with Reaver—and how to protect your network
against Reaver attacks. WEEKENDHACKER
Upgrade Your Smartphone’s
In the first section of this post, I'll walk through the steps required to crack a WPA password Music and Podcast Abilities This
using Reaver. You can follow along with either the video or the text below. After that, I'll Weekend
explain how Reaver works, and what you can do to protect your network against Reaver
attacks. ASK THE COMMENT…
“So I’ve got my paws
First, a quick note: As we remind often on 3 Raspberry Pi’s. What cool
remind readers when we discuss topics that stuff can I do with them?”
appear potentially malicious: Knowledge is
ALWAYS UP TO DA…
power, but power doesn't mean you should The Best PCs You Can
be a jerk, or do anything illegal. Knowing Build for $600 and $1200
how to pick a lock doesn't make you a thief.
Consider this post educational, or a proof-of- CROWDHACKER
How to Train Yourself to Identify
concept intellectual exercise. The more you
Seasonings, Spices, and Flavors
know, the better you can protect yourself.
INTERVIEWS
What You'll Need Answer the “Where Do You See
Yourself in Five Years” Question
You don't have to be a networking wizard to use Reaver, the command-line tool that does the with Specific Details
heavy lifting, and if you've got a blank DVD, a computer with compatible Wi-Fi, and a few
hours on your hands, you've got basically all you'll need. There are a number of ways you could SLEEP
set up Reaver, but here are the specific requirements for this guide: The Science of the Perfect Nap
apt-get update
iwconfig
Put your wireless card into monitor mode: Assuming your wireless card's interface name
is wlan0, execute the following command to put your wireless card into monitor mode:
This command will output the name of monitor mode interface, which you'll also want to make
note of. Most likely, it'll be mon0, like in the screenshot below. Make note of that.
Find the BSSID of the router you want to crack: Lastly, you need to get the unique
identifier of the router you're attempting to crack so that you can point Reaver in the right
direction. To do this, execute the following command:
airodump-ng wlan0
(Note: If airodump-ng wlan0 doesn't work for you, you may want to try the monitor
interface instead—e.g., airodump-ng mon0.)
You'll see a list of the wireless networks in range—it'll look something like the screenshot below:
http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver 3/6
How to Crack a Wi-Fi Network's WPA Password with Reaver 15.10.2012
When you see the network you want, press Ctrl+C to stop the list from refreshing, then copy
that network's BSSID (it's the series of letters, numbers, and colons on the far left). The network
should have WPA or WPA2 listed under the ENC column. (If it's WEP, use our previous guide to
cracking WEP passwords.)
Now, with the BSSID and monitor interface name in hand, you've got everything you need to
start up Reaver.
For example, if your monitor interface was mon0 like mine, and your BSSID was
8D:AE:9D:65:1F:B2 (a BSSID I just made up), your command would look like:
Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of
PINs on the router in a brute force attack, one after another. This will take a while. In my
successful test, Reaver took 2 hours and 30 minutes to crack the network and deliver me with
the correct password. As mentioned above, the Reaver documentation says it can take between
4 and 10 hours, so it could take more or less time than I experienced, depending. When Reaver's
cracking has completed, it'll look like this:
A few important factors to consider: Reaver worked exactly as advertised in my test, but it
won't necessarily work on all routers (see more below). Also, the router you're cracking needs to
have a relatively strong signal, so if you're hardly in range of a router, you'll likely experience
problems, and Reaver may not work. Throughout the process, Reaver would sometimes
experience a timeout, sometimes get locked in a loop trying the same PIN repeatedly, and so on.
I just let it keep on running, and kept it close to the router, and eventually it worked its way
through.
Also of note, you can also pause your progress at any time by pressing Ctrl+C while Reaver is
running. This will quit the process, but Reaver will save any progress so that next time you run
the command, you can pick up where you left off-as long as you don't shut down your
computer (which, if you're running off a live DVD, will reset everything).
In a phone conversation, Craig Heffner said that the inability to shut this vulnerability
down is widespread. He and others have found it to occur with every Linksys and Cisco
Valet wireless access point they've tested. "On all of the Linksys routers, you cannot
manually disable WPS," he said. While the Web interface has a radio button that allegedly
turns off WPS configuration, "it's still on and still vulnerable.
So that's kind of a bummer. You may still want to try disabling WPS on your router if you can,
and test it against Reaver to see if it helps.
You could also set up MAC address filtering on your router (which only allows specifically
whitelisted devices to connect to your network), but a sufficiently savvy hacker could detect the
MAC address of a whitelisted device and use MAC address spoofing to imitate that computer.
Double bummer. So what will work?
I have the open-source router firmware DD-WRT installed on my router and I was unable to
use Reaver to crack its password. As it turns out, DD-WRT does not support WPS, so there's yet
another reason to love the free router-booster. If that's got you interested in DD-WRT, check
their supported devices list to see if your router's supported. It's a good security upgrade, and
DD-WRT can also do cool things like monitor your internet usage, set up a network hard drive,
act as a whole-house ad blocker, boost the range of your Wi-Fi network, and more. It essentially
turns your $60 router into a $600 router.
Further Reading
Thanks to this post on Mauris Tech Blog for a very straightforward starting point for using
Reaver. If you're interested in reading more, see:
Ars Technia's hands on
This Linux-centric guide from Null Byte
The Reaver product page (it's also available in a point-and-click friendly commercial
version.
Reddit user jagermo (who I also spoke with briefly while researching Reaver) has created a
public spreadsheat intended to build a list of vulnerable devices so you can check to see if your
router is susceptible to a Reaver crack.
Have any experience of your own using Reaver? Other comments or concerns? Let's har it in
the comments.
DISCUSSIONS
A Reddit user (@jagermo on twitter or jagermo [at] hushmail.com) has posted a spreadsheet
titled "WPS Vulnerability Testing" listing various devices and user submitted testing data. While
the testing is not scientific, some may find it helpful. Be sure to read the comments and
background information at the bottom of the spreadsheet, which includes a link where you can
share your own testing data.
Link to spreadsheet: [docs.google.com]
jagermo @chgotechguy
Thank you for the link. We can always use more devices, so "get crackin'" (you should only
attack devices that you own, of course. We are not criminals.)
http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver 5/6
How to Crack a Wi-Fi Network's WPA Password with Reaver 15.10.2012
Melanie Pinola @chgotechguy
Link doesn't seem to be working. Trying this: [tinyurl.com]
Edited by Melanie Pinola at 01/09/12 9:56 AM
Walternate @chgotechguy
Congrats on the star and thanks for the info.
Five Best Desktop Unmasking Reddit's Wes Welker Getting These Gamers Won
Computer Cases Violentacrez, The Phased Out Of His $1 Million on
Biggest Troll on the Shoes, The Chiefs Saturday
Web And Buccaneers
Combining For
Something
Approximating A
Football Play And
More: Your Sunday
NFL GIF Roundup
My Boss Told Me My 10 of the Grossest Red Bull's Insane 24 Full Video of the
Hair and Makeup and Most Grotesque Mile Supersonic Supersonic Space
Were Holding Me Vampires from Stratos Space Jump Jump Is Astonishing
Back Folklore Has Been A Success
About Help Jobs Legal Priv acy Permissions Adv ertising Subscribe Send a tip
http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver 6/6