In this guide, we will see how to get access on a router with WPS PIN enabled, using Reaver.
The Reaver is integrated in its tools Time and other Linux security distributions, you do not need to download or install anything.
Step # 1 - Discover WPS-enabled networks
First of all, we need to set our wireless connection to monitor mode, using airmon-ng, by typing the following command:
kali> airmon-ng start wlan0 ή wlan1
Now, let's check to see if any of the APs (Access Points) in our area have WPS enabled and unlocked. The command we will use now is:
kali > wash -i
If the wireless device network is wlan0, airmon-ng will probably change its name to something like wlan0mon . So we have to change the command, as you will see below:
kali> wash -i wlan0mon
As you can see, there are many APs near us with WPS enabled and unlocked. Note that the first column shows the BSSID that we will need in the next step.
Step # 2 Break the PIN with reaver
Let's start the process of breaking the WPS PIN. Remember we have to try up to 11.000 possible PINs. This will probably take us several hours, so we will have to be patient enough. The basic syntax of the command to run Reaver is as follows:
kali >reaver -i wlan0mon -b
Where
wlan0mon Her name wireless our device in monitor mode
BSSID It's MAC address from the AP (Access Point) we will attack
Starting the break process, we identify the access point name, the number of maximum attempts, the manufacturer and the model name. It then starts testing all 11.000 possible PINs.
If reaver manages to find the correct PIN, it will show it to you in the form you see below
Now that you have the correct PIN, you can connect to the access point without having the router password!
and say that we broke it… how do we then connect to our cell phone?
There are plenty of applications that just put WPS and connect normally. Especially on Android phones.