WPA/WPA-2
Like Page Use App
When it was known that a WEP network could be hacked by any kid with a laptop and a network
Be the first of your friends to like this
connection (using easy peasy tutorials like those on our blog), the security guys did succeed in
making a much more robust security measure WPA/WPA2.
Now hacking WPA/WPA2 is a very tedious job in most cases. A
dictionary attack may take days, and still might not succeed. Also,
good dictionaries are huge. An exhaustive bruteforce including all
the alphabets (uppercase lowercase) and numbers, may take years, SPONSORED
depending on password length. Rainbow tables are known to
speed things up, by completing a part of the guessing job
beforehand, but the output rainbow table that needs to be
downloaded from the net is disastrously large (can be 100s of GBs sometimes). And finally the
security folks were at peace. But it was not over yet, as the new WPA technology was not at all
easy for the users to configure. With this in mind, a new security measure was introduced to
compliment WPA. Wifi Protected Setup (WPS). Now basically it was meant to make WPA even
tougher to crack, and much easier to configure (push a button on router and device connects).
However, it had a hole, which is now well known, and tools like reaver can exploit it in a single
line statement. It still might take hours, but it is much better than the previous scenario in which
months of brute-forcing would yield no result.
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html 1/17
10/28/2015 Kali Linux Hacking Tutorials: Hack WPA/WPA2 WPS Reaver Kali Linux
And if you are already familiar with hacking WEP, then just go to your Kali Linux terminal and
Hack WPA/WPA-2 PSK
type the above command (replacing what needs to be replaced). Leave your machine as is, come
Capturing the Handshake
back 10 mins later, check the progress (must be 1% or something), and go take a nap. However,
WPA password hacking Okay, so
if you're a newbie, then tag along. hacking WPA2 PSK involves 2
main steps Getting a handshake (it contains the
Kali Linux hash of password, i.e. enc...
First off, you need to have Kali linux (or backtrack) up and running on your machine. Any other
Hack Facebook Account :
Linux distro might work, but you'll need to install Reaver on your own. Now if you don't have Kali
Stuff You Should Know
Linux installed, you might want to go to this page, which will get you started on hacking with Kali
Hack Facebook? Okay, so you got
Linux. (Reaver has a known issue : Sometimes it doesn't work with Virtual Machines, and you
lured into the idea of hacking a
might have to do a live boot using live CD or live USB of Kali Linux. See the last section of this Facebook account? I won't ask why. Everyone
post on = troubleshooting by scrolling down a bit) has their reasons. If you...
GOOGLE+ BADGE
Use wash (easy but sometimes unable to detect networks even when they have wps
enabled). If any network shows up there, it has WPS enabled.
wash i mon0
Shashwat Chaudhary
This will show all the networks with WPS enabled google.com/+ShashwatChaudhary1
Follow
484 followers
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html 2/17
10/28/2015 Kali Linux Hacking Tutorials: Hack WPA/WPA2 WPS Reaver Kali Linux
This is an error which I haven't figured out yet. If you see it, then you'll have to do some howework, or move on to
airodump method. Update : wash i mon0 ignorefcs might solves the issue.
Use airodump-ng. It will show all networks around you. It tells which of them use
WPA. You'll have to assume they have WPS, and then move to next steps.
airodumpng mon0
BSSID of the network - Now irrespective of what you used, you should have a BSSID column in
the result that you get. Copy the BSSID of the network you want to hack. That's all the
information you need.
So by now you must have something like XX:XX:XX:XX:XX:XX, which is the BSSID of your target
network. Keep this copied, as you'll need it.
Reaver
Now finally we are going to use Reaver to get the password of the WPA/WPA2 network. Reaver
makes hacking very easy, and all you need to do is enter-
reaver i mon0 b XX:XX:XX:XX:XX:XX
Explanation = i - interface used. Remember creating a monitor interface mon0 using airmon-ng
start wlan0. This is what we are using. -b species the BSSID of the network that we found out
earlier.
This is all the information that Reaver need to get started. However, Reaver comes with many
advanced options, and some are recommended by me. Most importantly, you should use the -vv
option, which increases the verbosity of the tool. Basically, it writes everything thats going on to
the terminal. This helps you see whats happening, track the progress, and if needed, do some
troubleshooting. So final command should be-
reaver i mon0 b XX:XX:XX:XX:XX:XX vv
After some hours, you will see something like this. The pin in this case was intentionally
12345670, so it was hacked in 3 seconds.
Here is an extra section, which might prove useful (or more like consoling, to let you know you
are not the only one who is having troubles)
Known problems that are faced - Troubleshooting
1. As in the pic above, you saw the first line read "Switching wlan0 to channel 6". (Yours will be
mon0 instead of wlan0). Sometimes, it keeps switching interfaces forever.
2. Sometimes it never gets a beacon frame, and gets stuck in the waiting for beacon frame
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html 3/17
10/28/2015 Kali Linux Hacking Tutorials: Hack WPA/WPA2 WPS Reaver Kali Linux
stage.
3. Sometimes it never associates with the target AP.
4. Sometimes the response is too slow, or never comes, and a (0x02) or something error is
displayed.
Possible workarounds-
All that I have written above (the troubleshooting section) is based on personal experience, and
might not work. All the problems mentioned above, are well known on forums, and no 100%
working solution could be found anywhere (I do my homework before posting). If you are aware
of solution to any of these, do comment (anonymous comments are enabled)
Update: For some people the reason Reaver is not working is because the version of
Libpcap you are using is not compatible with the version of Kali you are using.
85 comments:
Are there any another ways of wpa/wpa2 except reaver and aircrack?tx
Reply
Replies
SHASHWAT CHAUDHARY
March 13, 2015 at 12:17 AM
Wifite is there. It also uses Reaver only, except it types the commands
for you.
http://www.kalitutorials.net/2014/04/wifite-hacking-wifi-easy-way-
kali-linux.html
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html 4/17
10/28/2015 Kali Linux Hacking Tutorials: Hack WPA/WPA2 WPS Reaver Kali Linux
Friends , I'm from Brazil , very pleased . Would have a solution for
this? - WARNING : Detected AP rate limiting , waiting 60 seconds .
Reply
Replies
The only notable thing about Fern is the GUI. It makes stuff easy for
beginners, but honestly, that's no way of becoming a hacker. GUI
should be avoided most of the time.
Yes i used fern foe wep security it takes 30 minuts to break the WEP
password
Reply
Replies
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html 5/17
10/28/2015 Kali Linux Hacking Tutorials: Hack WPA/WPA2 WPS Reaver Kali Linux
Anonymous May 14, 2014 at 2:52 AM
Reply
Is possible to hack a wpa2 network with a random alphanumerical 15 characters password? I think
this kind of psw does not exist in any dictionary..
Reply
Hi there, i m trying to do it on my college wifi, although network supports wps but on giving the reaver
command as you said, it reverts me a kind of note "failed to retrieve a MAC address ".
Also i m not able to successfully getting a WPA handshake with the command "aireplay-ng --deauth 1 -
a mon0". Plz can u solve these problems
Reply
Replies
i used crunch to create a word list for brute force,but for only numerical word list it tooks 100's of
gb,how can a get word list for less than 10 gb
Reply
thank you
Reply
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html 6/17
10/28/2015 Kali Linux Hacking Tutorials: Hack WPA/WPA2 WPS Reaver Kali Linux
b 58:98:35:CB:A2:77 -w -"
Reply
Replies
Can you tell me how to boot kali linux from CD? Currently i am using in virtual box.
Reply
Replies
got a power iso..and then use the tool option where u can fing Creat
bootable pendrive.Then select the iso file ...then after the complete,
restart the pc from pendrive..All done..Select the boot method.thats
st
Can any one tell me about how can we change the channel of any network which is appearing on
airodump terminal. As sometimes my mon0 is fixed to channel 1 so may be i can receive a network on
1 which previously coming on channel 6 or 7 whatever
Reply
Replies
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html 7/17
10/28/2015 Kali Linux Hacking Tutorials: Hack WPA/WPA2 WPS Reaver Kali Linux
Please Shashwat, can u provide me a good wordlist, because i have one wordlist which is about 22 MB
of .txt file but i have tried it on a network with fern, finally result came out, 'the list does not contain
the password'. So please give a link of wordlist which u think that would be enough break the pass.
Reply
Reply
Replies
Reply
first is i try cracking wpa2 pass, i almost finish cracking and at the last step need to use this command
but it says that my wordlist can't be found. so how i want to check this wordlist or how can i make it.
Reply
Replies
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html 8/17
10/28/2015 Kali Linux Hacking Tutorials: Hack WPA/WPA2 WPS Reaver Kali Linux
I get the 0x03 and the 0x04 error all the time "WPS transaction failed, re-trying last pin". I had tried
with different networks but is always the same . One of them says "WARNING: Detected AP rate
limiting, waiting 60 seconds before re-checking, but that is all it does. What can I do? :'(
Reply
I get the 0x03 and the 0x04 error all the same ("WPS transaction failed, re-trying last pin"). I have tried
with different networks, but is always the same. One of them says: "WARNING: Detected AP rate
limiting, waiting 60 seconds before re-checking", but that is all it does. What can I do? :'(
Reply
Reply
Glad it worked.
Reply
Since I have only 150GB for Kali installation, I use Reaver all the time. Is one of the best tools I used. It
doesn't consume disk space or hardware resources. Is just what everyone who's testing want.
One thing I do and could help someone, is to make Reaver start from a specified number. If you know
the WPS default first numbers and you may think that WPS wasn't changed, you can Google to find
the first 1, 2, 4 numbers... Then, you give all the information to Reaver you would put normaly, and, in
the attribute -P put the first numbers you may know. Execute the command and stop it a few seconds
later by pressing CTRL+C. Don't be scared if you saw that the WPS PIN sent is 4 numbers long. Now,
you should run again the same command but erasing -P this time. Now, program will think that it
checked the previous PINs and will take less time. Or more, if the password is not default... But if you
have no patience, you could try it out. I.e., if you give to the app 4 first numbers, the scan will take only
1:30h with 999 tries.
This is also a way to avoid the manual edit of './usr/local/etc/reaver/*.wpc'.
Sorry for my poor English lvl, I did not sleep and I'm even worse. :c
Reply
Replies
SHASHWAT CHAUDHARY
December 21, 2014 at 7:51 AM
Thank you for sharing this with us. Your English is fine by the way.
hi when we trying 2 or 3 pins in kali linux using reaver its getting error occur just like that ( WARNING:
Detected AP rate limiting, waiting 60 seconds before re-checking)
Reply
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html 9/17
10/28/2015 Kali Linux Hacking Tutorials: Hack WPA/WPA2 WPS Reaver Kali Linux
I keep on getting this -
WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Switching mon0 to channel 11
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2015-02-01 11:32:53 (0 seconds/pin)
[+] Max time remaining at this rate: (undetermined) (11000 pins left to try)
[+] Trying pin 12345670
Reply
Replies
SHASHWAT CHAUDHARY
February 21, 2015 at 11:52 PM
Maybe you're too far from the AP (signal strength?). Maybe you need
a better wireless adapter (are you using laptop's internal card?).
Maybe the AP does not have WPS enabled (does the AP appear in
wash?)
Yes it does!
I'm using laptop's internal wireless adapter.
I think I should use an external adapter becuase sometimes ARP
injection (WEP) doesn't work too
SHASHWAT CHAUDHARY
February 24, 2015 at 11:37 PM
Yes you should use external adapter. The internal ones do a good job
in receiving messages from AP but they aren't so good at (and are
not designed to) inject packets into the AP (i.e. they aren't as good in
transmitting packets as they are in recieving them).
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html 10/17
10/28/2015 Kali Linux Hacking Tutorials: Hack WPA/WPA2 WPS Reaver Kali Linux
Reply
Reply
every time I try either wash or airodump-ng it comes up saying that it fails to open mon0 for
capturing. Do I need to use a wifi adapter or use alive version of kali linux from USB?
Reply
Reply
Replies
Then you cannot hack it. WPS must be enabled in order to attack the
AP via pin attempts.
Reply
I have made a modification in reaver to automatize the process for the pixie dust attack, here is the
github (https://github.com/t6x/reaver-wps-fork-t6x), here is the discussion topic
(https://forums.kali.org/showthread.php?25123-Reaver-modfication-for-Pixie-Dust-Attack)
Reply
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html 11/17
10/28/2015 Kali Linux Hacking Tutorials: Hack WPA/WPA2 WPS Reaver Kali Linux
Reply
im running kali on me crappy netbook should i use me dekt5op with Virtual box instead?
Reply
http://beinghaxor.blogspot.com/2015/05/drone-hijacking-with-maldrone-drone.html
Reply
http://beinghaxor.blogspot.com/2015/05/traffic-lights-hacking.html
Reply
Reply
Reply
Is there any free online book or pdf for kali linux hacker beginner?
Reply
Hello, i am facing a lot of errors when i'm usin kali linux, actually i can't do anything because it comes
with errors every time i try cracking wpa og creating Payloads.
When using reaver i ger this error code: 0x04 i am typing in this
where -S should increase cracking speed and -N should stop the nacking
I have tried with -d 5/10/15/20/25/30 and also tried with and without -S i have tried with and without -
N i have tried -c that specifies the channel.
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html 12/17
10/28/2015 Kali Linux Hacking Tutorials: Hack WPA/WPA2 WPS Reaver Kali Linux
Why is that?
Why is that, and how does i fix these reaver problems i am facing?
I have researched on google for 2 days now, and no one has the answer i am looking for.
Also when i use the wash command the RSSI = 0 on all the networks that i can find.
I think this is the main problem for why reaver doesn't work
And just another thing, when i try using the setoolkit, when i have pressed 1 - 10 and try pressing 1 for
social engineering tool it says something about ratte_module not defined. if someone has a link to fix
that, i would be soooo happy :-)
Reply
Replies
I think the error code 0x04 occures when recieving M1 Message and
sending out M2. The -N should stop this (i have read), but it doesn't. i
wil copy the outcome in the terminal and post it here later.
I have followed everything but when I start the reaver I am getting "WPS transaction failed (code:
0x03), re-trying last pin" I am using an external wlan.
Reply
Replies
Did you check with wash if WPS is enabled? Maybe they are using
rate limiting measures.
When I use reaver to attack it stops when it outputs waiting for a beacon. If I don't specify which
channel the network is it will just flip through the channels over and over. Any advice?
Reply
Replies
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html 13/17
10/28/2015 Kali Linux Hacking Tutorials: Hack WPA/WPA2 WPS Reaver Kali Linux
Fix a channel on your wlan0 and mon0 interface. The beacon frame
issue resolved itself in my case (one day it was there, then it was not).
I suspect it might have something to do with signal strength.
Does Reaver still works? or has most companies already patched their WPS so that this method
doesn't work anymore? If it works which external wireless card would work? Thank you.
Reply
i need help with external adapters for my vm for my mac 10.10 do you know any i could get
Reply
please help i cant find a adapter that will work with my computer
Reply
Reply
this error ("detecting ap limit rate") keeps comming after 10 pin test what to do about it any solution
and it dosn't
go for a whole day
Reply
Reply
Is it possible to try to find out the password of a wifi network that you're connected to ? Because I am
just trying to test my own connection.Thanks
Reply
Replies
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html 14/17
10/28/2015 Kali Linux Hacking Tutorials: Hack WPA/WPA2 WPS Reaver Kali Linux
Anonymous July 14, 2015 at 11:07 PM
If network-manager is being used in ubuntu you get error "SIOCSIFFLAGS: Name not unique on
network" first stop network-manager.
/etc/init.d/network-manager stop
Reply
Reply
Please help me. im using tplink tl-wn722n according to recommended wireless adapter.. But unable to
work with reaver again... What i have to to.. The problm is ap rate limit of 60 sec.. And in pixiewps
unable to crack wps. It just stoped automatically without trying any pin..
Reply
i connected with wifi .How i get wps pin of this wifi.So that i get password al the time easily when
password will change.
Reply
I bet every last one of you geeks has long hair, a heavy metal t-shirt and a complexion that has never
seen the sun. Grep a life!
Reply
oops! I have a problem,when i enter "reaver -i mon0 -b xx:xx:xx:xx:xx -vv" this command writes over
and over and nothing will happen,please help me!
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
Reply
Replies
same here
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html 15/17
10/28/2015 Kali Linux Hacking Tutorials: Hack WPA/WPA2 WPS Reaver Kali Linux
Reply
Any ideas on what to do when you get wps pin but wpa psk is '' (empty brackets)?
What other tools or techniques could be used to obtain wpa psk?
Reply
Once you get pin do you just enter it in place of the password key when logging in ?
Reply
Replies
#headslap
what to do with wps pin as i know the wps pin of wifi?? how to hack password??
Reply
https://www.youtube.com/watch?v=IxHR-_p5JrY
Reply
i just wanna know this way will work on the LIVE BOOTED KALI LINUX 1.1 OR 2.0 . I have both
Reply
Enter your comment...
Publish Preview Notify me
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html 16/17
10/28/2015 Kali Linux Hacking Tutorials: Hack WPA/WPA2 WPS Reaver Kali Linux
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html 17/17