For legal purposes, please don’t try this on any equipment that you don’t own. WPA and WPA2 became the new near-bullet-proof standards to help prevent your router from being attacked and used by unauthorized persons. Unfortunately, there are still some ISP’s that require techs to use WEP on a customers router. Anyway, not too long ago, some vulnerabilities were discovered within WiFi Protected Setup protocol that allows people to use a program written in Python, code-named Reaver, to steal your WPA/WPA2 passphrases, and the worst part, it’s insanely easy to do – which is amazing and fascinating to me. Best way to prevent this? Buy a router that doesn’t have WPS, or use a router that has WPS, but disable the WiFi for it.
Before I begin. This is the official white paper that describes the science behind the attack.
In this demonstration, I am using the NetGear MBR624GU router and Alpha Networks AWUS036h wireless adapter. Keep in mind that Reaver isn’t compatible with all Wireless Adapters and it doesn’t work on every router that has WPS.
Tools Used: VMWare Player, NetGear MBR624GU Router, Alpha Networks AWUS036H Wireless Adapter, BackTrack 5, Reaver.
Also, you will need the MAC address (BSSID) for your router. You can find that somewhere printed on your router, write it down, make sure you input it in this format – 11:11:22:33:44:00. Since you are testing your own router, you won’t need airodump-ng to analyze all the AP’s in the area, right?
First we need to update the package listings from the repository for Backtrack 5.
Make sure your wifi adapter is connected to the VM and put it in monitor mode.
Now let’s start up reaver, input your router’s mac address and it should be done in a few hours. Go enjoy a cold beverage, read a book or even better, write an article for The New Tech!
Every now and then, the attack might pause or slow down, press ctrl c and it will give you the option to save your session/progress it’s made, so you don’t have to restart from the very beginning. Example of being able to restart it:
I didn’t feel like waiting 10 hours till reaver got done cracking my router, so I grabbed an old screenshot of another router I had originally/successfully performed this attack on, back in June. This is what it looks like when it’s successful.
And that’s about it. I am not nor do I pretend to be a network or security expert. That being said, if you have any questions or feedback, please feel free to express it.