Here we will go through how I tested Kali Linux with Reaver and Airmon-ng to hack into my WPA2 encrypted work network.
In order to use Reaver, you need to get your wireless card’s interface name, the BSSID of the router you’re attempting to crack (which I will show you how to find), and you need to make sure your wireless card is in monitor mode. So let’s do all that!
Find your wireless card:
Inside Terminal, type: iwconfig
Press Enter. You should see a wireless device in the subsequent list. Most likely, it’ll be named:
wlan0 or wlan1
But if you have more than one wireless card, or a more unusual networking setup, it may be named something different.
Put your wireless card into monitor mode: Assuming your wireless card’s interface name is: wlan0
Check any problematic processes, using:
Kill all listed PIDs using:
Execute the following command to put your wireless card into monitor mode:
airmon-ng start wlan0
This command will output the name of monitor mode interface, which you’ll also want to make note of. Most likely, it’ll be: mon0
Find the BSSID of the router you want to crack:
Lastly, you need to get the unique identifier of the router you’re attempting to crack so that you can point Reaver in the right direction. To do this, execute the following command:
When you see the network you want, press Ctrl+C to stop the list from refreshing, then copy that network’s BSSID (it’s the series of letters, numbers, and colons on the far left). The network should have WPA or WPA2 listed under the ENC column.
Now, with the BSSID and monitor interface name in hand, you’ve got everything you need to start up Reaver.
Crack a Network’s WPA Password with Reaver
To find out if the AP you are attacking usese WPS (vulnerable to Reaver), you can use:
wash -i mon0
Now execute the following command in the Terminal. (replacing bssid with the BSSID and monitor interface and you copied down above):
reaver -i mon0 -b [bssid] -vv
For example, if your monitor interface was mon0 like mine, and your BSSID was
(a BSSID I just made up), your command would look like:
reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv
Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of PINs on the router in a brute force attack, one after another. This will take a while. In my successful test, Reaver took about 6 hours to crack the network and deliver me with the correct password. As mentioned above, the Reaver documentation says it can take between 4 and 10 hours, so it could take more or less time than I experienced, depending.