In this hacking tutorial we are going to use a new vulnerability in WPA and WPA 2 (PSK/TKIP)Wireless passwords, this weak point is to attack WPS, Which is Wireless Protected Setup. This type of setup is built in 90% of routers to allow easy establishment of secure home wireless by the user, though it has been shown to fall to BruteForce Attacks. This BruteForce attack will try all combinations of Router’s PIN number (Provided by WPS) and access the router to reveal the password. This type of hack have many benefits such as, You can always have the Wireless Password even if It’s changed by knowing the PIN number.
Steps To Hack WPA/WPA2 Passwords using Ubuntu (Reaver)
Follow these simple steps.
Step 1 (Setting up Reaver 1.4 )
1) Open terminal and type
and then type your password.
2) Download Reaver (Better Download the Latest Version ) Place in a specified folder.
3) Open the Terminal and type
tar xvfz reaver-1.4.tar.gz
4) Install dependencies
sudo apt-get install libpcap-dev
sudo apt-get install libsqlite3-dev
Note: libpcap and libsqlite3 maybe included in your Ubuntu version but they are very important.
5) Enter the folder by typing
Note: To test if Reaver have been successfully installed, Open a Terminal and Type ‘reaver’ and hit enter, it should list all Reaver’s sub commands.
Step 2 ( Hacking WPA/WPA2 Wireless)
After installing reaver 1.4, it’s time to proceed to the main part which is hacking wireless passwords that uses WPA/WPA2 Encryption. Requirements: Install aircrack-ng by typing
sudo apt-get install aircrack-ng
Airodump-ng / Airmon-ng commands
Reaver 1.4 (Install in Step 1)
1) We need to have the wireless BSSID (Mac address) so we use airodump-ng. Open a terminal and Type :
airmon-ng start wlan0
It will lists the available wireless passwords, now copy the BSSID of the Access Point ( e.g : 00:11:28:32:49:55 ) 2) Starting the attack type:
reaver -i mon0 -b 00:11:28:32:49:55
Now it will start testing bruteforcing the PIN number of the vulnerability WPS (which we have spoke about it), and it will show you the WPA/WPA2 Password in the end of the Crack.
Note: You can use walsh -i mon0 to scan for vulnerable Access Points.
For better idea follow the video on the top of this page.