The Ethical Hacker’s Guide to Cracking WiFi (WPS)

July 23, 2015 | Views: 48472

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hello and welcome to this little tutorial!

We’re going to use Reaver and Wash. For those of you who don’t what Reaver and Wash are, Google them. In short, Reaver tries different pins until it catches the right one. It TAKES HOURS TO CRACK A PIN, so be patient.

You can use OS X, Kali package or whatever. If we are on Kali, type following:

Airmon-ng start interface
> mon0

For the scan, we’re using Wash to check for WPS. If it’s locked, we have a little problem, since we’re trying the pins and we’ll be blocked. It will have us wait 60 sec, 120sec and so on. Not good.

I interface on Wash and a list of different targets should appear. Of course, do this only on your own network or if you’re pentesting.

Now, for the cracking part: we’ve found our target and we copy the BSSID.

Type: Reaver -i mon0/interface -b BSSID -vv or you can check the help sections for more – I will autodetect best methods for this target.

A little trick if the WPS is locked:  Since there’s already a video explaining this trick, I’ll give you the link to turn the WPS Lock from locked to off > YES > NO.

Here’s a list of commands used:

  • Airmon-ng start wlan0 > puts wlan0 on monitor mode
  • Wash -i mon0/interface > scans the network for WiFi protections WPS (WiFi protection setup)
  • Reaver -i mon0/interface -b bssid=00:90:4C:C1:AC:21 -vv

There are other ways to crack a network. The most used methods are Aircrack, WiFiphisher, WiFipin and so on.

WiFii cracking is what people ask for mainly, besides hacking Facebook and stuff like that.

I hope this concise approach is useful to all the new people. Please try this method on your own property or when you’re pentesting. To the new guys, stay away from any sort of illegal stuff like trying to break into others’ computers, Facebook and other places without permission.

By the way, I’m Danish and don’t use English all the time.

Cheers all!

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. you can use airodump-ng wlan0mon –wps to see if the router have wps on/off and you can use
    –manufactur and see what router is more vulnerable to wps because there is some routers uses pcb push button and that one not always can be cracked like some zte

  2. Glad that you all like this share. Hope that everyone can use this and hopefully also perfectly execute. Else pm me in advance if any problems.

    Best regards, Kevin Mark.

Page 10 of 10« First...«678910
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?