Monday, January 23, 2012

Reaver

Recently a new hacking tool was released named Reaver. Reaver uses vulnerabilities in Wifi Protected Setup, or WPS, to obtain a WPA pass phrase. This process takes more or less time depending on how fast the router accepts pins, but averages around 4-10 hours. Now, this might sound like a substantial amount of time, and it is of course, but I've pentested my network using other tools that have ran for two or three days and still only found the passphrase because my several gigabytes large wordlist was lucky enough to have my weak password near the top. Even routers that have supposedly disabled WPS tend to be vulnerable.  It's possible to make a virtuallyinvulnerable WPA passphrase when it comes to the methods aircrack-ng and similar tools use, but unless your router comes without WPS at all that effort is in vain. A few weeks I ran Reaver on my network with relative success. (for reaver, not netgear) My router seemed to be somewhat better than most because, it locked WPS for about 10 minutes every 30 wrong pins or so. The attack worked nonetheless, finding the WPA passphrase in about a day. If you'd like to test run Reaver, on your own network only, you can download it from http://code.google.com/p/reaver-wps/ or install it using apt-get if you're on ubuntu. Before you can use reaver you'll neted to install something to put your wireless card into monitor mode and something to find your router's bssid with, I'm sure their are other ways, but I like to use the aircrack-ng suite.

To put your interface into monitor mode first download and install aircrack-ng for your operating system. (apt-get install airckrack-ng for ubuntu) then run:
airmon-ng start (interface)

This should show something about starting your interface in monitor mode as mon0.

To find your router's bssid, a.k.a mac address, run 

airodump-ng -i (interface in monitor mode)

Most of the time your interface will be wlan0, however after running airmon-ng it should have started a new interface named mon0, you can check this by running iwconfig and finding which interface is in monitor mode. Now it's time to start Reaver. Its basic usage is:

reaver -i (interface in monitor mode) -b (router bssid)

If you need more help run try the -h option and if you still need help feel free to comment.

Happy Cracking :)

3 comments:

  1. You realize Bitcoin Plus is a scam and making your readers mine for you will only cause damage to their machines and you will not receive 1 penny from them.

    ReplyDelete
    Replies
    1. Although I completely disagree with you, it is very inefficient to use bitcoinplus, so I'll probably remove it after I've set up some small adds or other sources of revenue.

      Delete
  2. Actually I've already had multiple payouts from bitcoin plus and it does *not* do damage to readers machines. Please educate yourself before posting.

    ReplyDelete