10/28/2015

KaliLinuxHackingTutorials:HackWPA/WPA2WPSReaverKaliLinux

GENERAL

WIRELESS

PENETESTING

WEB HACKING

KALI LINUX

STARTERS GUIDE

Hack WPA/WPA2 WPS - Reaver - Kali Linux

WPA/WPA-2
When it was known that a WEP network could be hacked by any kid with a laptop and a network
connection (using easy peasy tutorials like those on our blog), the security guys did succeed in
making a much more robust security measure WPA/WPA2.
Now hacking WPA/WPA2 is a very tedious job in most cases. A
dictionary attack may take days, and still might not succeed. Also,
good dictionaries are huge. An exhaustive bruteforce including all
the alphabets (uppercase lowercase) and numbers, may take years,
depending on password length. Rainbow tables are known to
speed things up, by completing a part of the guessing job
beforehand, but the output rainbow table that needs to be
downloaded from the net is disastrously large (can be 100s of GBs sometimes). And finally the
security folks were at peace. But it was not over yet, as the new WPA technology was not at all
easy for the users to configure. With this in mind, a new security measure was introduced to
compliment WPA. Wifi Protected Setup (WPS). Now basically it was meant to make WPA even
tougher to crack, and much easier to configure (push a button on router and device connects).
However, it had a hole, which is now well known, and tools like reaver can exploit it in a single
line statement. It still might take hours, but it is much better than the previous scenario in which
months of brute-forcing would yield no result.

KaliTutorials
3,624likes

LikePage

UseApp

Bethefirstofyourfriendstolikethis

SPONSORED

Here's what wikipedia says about WPSCreated by the Wi-Fi Alliance and introduced in 2006, the goal of the protocol is to allow home
users who know little of wireless security and may be intimidated by the available security
options to set up Wi-Fi Protected Access, as well as making it easy to add new devices to an
existing network without entering long passphrases. Prior to the standard, several competing
solutions were developed by different vendors to address the same need. A major security flaw
was revealed in December 2011 that affects wireless routers with the WPS feature, which most
recent models have enabled by default. The flaw allows a remote attacker to recover the WPS
PIN in a few hours with a brute-force attack and, with the WPS PIN, the network's WPA/WPA2
pre-shared key. Users have been urged to turn off the WPS feature, although this may not be
possible on some router models.

Working Of WPS

Now while most of the things are the same as in WPA, there is a new concept of using pins for
authentication. So basically, the client sends 8 digit pins to the access point, which verifies it and
then allows the client to connect. Now a pin has 8 digits, and only contains numbers, so its a
possible target for bruteforece. Under normal bruteforcing of WPA passwords, you have to
consider the fact that there may be number, alphabets, and sometimes symbols (and more than
8 letters). This make the task a billion billion times tougher. However, we can try thousands of
keys per second, which make it a tad bit easier. Now in WPS, there is a delay because we have to
wait for APs response, and we may only try a few keys per second (practically the best I've seen
on my PC is 1 key per 2 sec). Basically, 8 digits and 10 possibilities per digit (0-9) make it 10^8
(interpret ^ as raised to the power of)seconds if we assume one key per second. Now that'll be
years. So, where is this taking us? The answer is, there are flaws in this technology that can be
used against it.
The 8th digit is a checksum of first 7 digits. 10^7 possibilities, i.e. one-tenth time. Two
months, still a way to go.
The pin number for verification goes in two halves, so we can independently verify the
first four and the last four digits. And believe me, its easy to guess 4 digits correct two
times, than to guess 8 correct digits at once. Basically, the first half would take 10^4
guess and the second would take 10^3.
Now the guesses would be 10^4+ 10^3 (not 10^4 *10 ^3). Now we need 11,000 guesses.
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html

POPULAR POSTS

Tutorial on Hacking With

Kali Linux
HackingWithKaliLinuxWhyKali
Linux?WithKaliLinux,hacking
becomesmucheasiersinceyouhaveallthetools
(morethan300pre...

Hack WPA/WPA2 WPS Reaver - Kali Linux

WPA/WPA2Whenitwasknown
thataWEPnetworkcouldbe
hackedbyanykidwithalaptopandanetwork
connection(usingeasypeasytuto...
1/17

10/28/2015

KaliLinuxHackingTutorials:HackWPA/WPA2WPSReaverKaliLinux

Wifi Hacking - WEP - Kali

Linux Aircrack-ng suite

So that'll take 3 hours approximately. And that's all the combinations, and most probably the
correct pin will not be the last combination, so you can expect to reach the result earlier.
However, the assumption is that bruteforcing will take place at a key per second. My personal
best is a key every 2 seconds, and yours might drop to as low as a key every 10 seconds.

Start Download
Convert Any File to a PDF. Get the Free From Doc to Pdf App!

How to carry out the attack

Now it might have been tough to carry out this attack at some point in history, but now, its a
breeze. If you have all the prerequisites, then hacking the network would be as easy as
reaveri<interfacename>b<BSSIDoftarget>

And if you are already familiar with hacking WEP, then just go to your Kali Linux terminal and
type the above command (replacing what needs to be replaced). Leave your machine as is, come
back 10 mins later, check the progress (must be 1% or something), and go take a nap. However,
if you're a newbie, then tag along.

Kali Linux

First off, you need to have Kali linux (or backtrack) up and running on your machine. Any other
Linux distro might work, but you'll need to install Reaver on your own. Now if you don't have Kali
Linux installed, you might want to go to this page, which will get you started on hacking with Kali
Linux. (Reaver has a known issue : Sometimes it doesn't work with Virtual Machines, and you
might have to do a live boot using live CD or live USB of Kali Linux. See the last section of this
post on = troubleshooting by scrolling down a bit)

Information Gathering

Now you need to find out the following about you target networkDoes it have WPS enabled. If not, then the attack will not work.
The BSSID of the network.
Now to check whether the network has WPS enabled or not, you can either use wash or just use
the good old airodump-ng. Wash is specifically meant to check whether a network has WPS
enabled or not, and thereby is much easier to use. Here are the stepsSet your wireless interface in monitor mode-
airmonngstartwlan0

Alright,thispostiswritten
assumingyouhaveKaliLinuxup
andrunningonyourcomputer.Ifnot,hereisa
postonhackingwithkalilinu...

Penetration Testing Hacking XP

Ourapproachtopenetrationtesting
isgoingtobesimple.Ialready
madeapostabouttheidealwaytobegin
penetrationtesting.Butwear...

Wifite : Hacking Wifi The

Easy Way : Kali Linux
WifiteWhiletheaircrackngsuite
isawellknownnameinthe
wirelesshacking,thesamecan'tbesaidabout
Wifite.Livinginth...

Hack WPA/WPA-2 PSK

Capturing the Handshake
WPApasswordhackingOkay,so
hackingWPA2PSKinvolves2
mainstepsGettingahandshake(itcontainsthe
hashofpassword,i.e.enc...

Hack Facebook Account :

Stuff You Should Know
HackFacebook?Okay,soyougot
luredintotheideaofhackinga
Facebookaccount?Iwon'taskwhy.Everyone
hastheirreasons.Ifyou...

Denial Of Service Attacks :

Explained for Beginners
and Dummies
Justlikemostotherthings
associatedwithhacking,adenialofservice
attackisnoteveryone'scupoftea.It,however,
canbeunders...

Evil Twin Tutorial

PrerequisitesKaliLinuxPrior
experiencewithwirelesshacking
Youwillalsoneedtoinstallatool
(bridgeutils)whichdoesn'...

Hacking Website with

Sqlmap in Kali Linux
AscreenshotfromtheSQLmap
officialwebsiteIntheprevious
tutorial,wehackedawebsiteusingnothingbuta
simplebrowseronaWind...

Use wash (easy but sometimes unable to detect networks even when they have wps
enabled). If any network shows up there, it has WPS enabled.

GOOGLE+ BADGE

washimon0

Shashwat Chaudhary
This will show all the networks with WPS enabled

google.com/+ShashwatChaudhary1
1st year CSE @ IIIT Delhi
Follow
484 followers

http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html

2/17

10/28/2015

KaliLinuxHackingTutorials:HackWPA/WPA2WPSReaverKaliLinux

This is an error which I haven't figured out yet. If you see it, then you'll have to do some howework, or move on to
airodump method. Update : washimon0ignorefcsmightsolvestheissue.

Use airodump-ng. It will show all networks around you. It tells which of them use
WPA. You'll have to assume they have WPS, and then move to next steps.
airodumpngmon0

None of them has WPS enabled, just saying.

BSSID of the network - Now irrespective of what you used, you should have a BSSID column in
the result that you get. Copy the BSSID of the network you want to hack. That's all the
information you need.
So by now you must have something like XX:XX:XX:XX:XX:XX, which is the BSSID of your target
network. Keep this copied, as you'll need it.

Reaver

Now finally we are going to use Reaver to get the password of the WPA/WPA2 network. Reaver
makes hacking very easy, and all you need to do is enterreaverimon0bXX:XX:XX:XX:XX:XX

Explanation = i - interface used. Remember creating a monitor interface mon0 using airmon-ng
start wlan0. This is what we are using. -b species the BSSID of the network that we found out
earlier.
This is all the information that Reaver need to get started. However, Reaver comes with many
advanced options, and some are recommended by me. Most importantly, you should use the -vv
option, which increases the verbosity of the tool. Basically, it writes everything thats going on to
the terminal. This helps you see whats happening, track the progress, and if needed, do some
troubleshooting. So final command should bereaverimon0bXX:XX:XX:XX:XX:XXvv

After some hours, you will see something like this. The pin in this case was intentionally
12345670, so it was hacked in 3 seconds.

Here is an extra section, which might prove useful (or more like consoling, to let you know you
are not the only one who is having troubles)

Known problems that are faced - Troubleshooting

1. As in the pic above, you saw the first line read "Switching wlan0 to channel 6". (Yours will be
mon0 instead of wlan0). Sometimes, it keeps switching interfaces forever.
2. Sometimes it never gets a beacon frame, and gets stuck in the waiting for beacon frame
http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html

3/17

10/28/2015

KaliLinuxHackingTutorials:HackWPA/WPA2WPSReaverKaliLinux

stage.
3. Sometimes it never associates with the target AP.
4. Sometimes the response is too slow, or never comes, and a (0x02) or something error is
displayed.
In most cases, such errors suggest1. Something wrong with wireless card.
2. AP is very choosy, won't let you associate.
3. The AP does not use WPS.
4. You are very far from the AP.
Possible workarounds1. Sometimes, killing naughty processes helps. (see pictures below)
2. Move closer to target AP
3. Do a fakeauth using aireplay-ng (Check speeding up WEP hacking) and tell Reaver not to
bother as we are already associated using -A (just add -A at the end of your normal reaver
code)
4. If you are using Kali Linux in Vmware, try booting into Kali using USB. I don't know why, but
sometimes internal adapters work wonders, and can't be used from inside of a VM. In my
case, booting up from USB and using internal adapter increased the signal strength and
speeded up the bruteforce process. Update : It has nothing to do with internal adapter.
I have verified my observation with various hackers, and it is now a known problem
with Reaver. It does not work well inside Virtual machines. It is recommended that
you do a live boot.

processes causing problems

Kill 'em all

All that I have written above (the troubleshooting section) is based on personal experience, and
might not work. All the problems mentioned above, are well known on forums, and no 100%
working solution could be found anywhere (I do my homework before posting). If you are aware
of solution to any of these, do comment (anonymous comments are enabled)
Update: For some people the reason Reaver is not working is because the version of
Libpcap you are using is not compatible with the version of Kali you are using.

Share !

Suka

168

Tweet

11

11

85 comments:
Anonymous

April 21, 2014 at 8:38 AM

Are there any another ways of wpa/wpa2 except reaver and aircrack?tx
Reply
Replies

SHASHWAT CHAUDHARY
March 13, 2015 at 12:17 AM
Wifite is there. It also uses Reaver only, except it types the commands
for you.
http://www.kalitutorials.net/2014/04/wifite-hacking-wifi-easy-waykali-linux.html

http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html

4/17

10/28/2015

KaliLinuxHackingTutorials:HackWPA/WPA2WPSReaverKaliLinux

ALEX RODRIGUES

August 12, 2015 at 8:49 PM

Friends , I'm from Brazil , very pleased . Would have a solution to

this? - WARNING: Detected AP rate limiting, waiting 60 seconds

ALEX RODRIGUES

August 12, 2015 at 8:51 PM

Friends , I'm from Brazil , very pleased . Would have a solution for
this? - WARNING : Detected AP rate limiting , waiting 60 seconds .
Thanks for listening

Anonymous

May 7, 2014 at 2:58 PM

has anybody else used fern?

Reply
Replies

SHASHWAT CHAUDHARY

May 8, 2014 at 12:57 AM

The only notable thing about Fern is the GUI. It makes stuff easy for
beginners, but honestly, that's no way of becoming a hacker. GUI
should be avoided most of the time.

SHUBHAM TOMAR

May 16, 2015 at 8:40 PM

Yes i used fern foe wep security it takes 30 minuts to break the WEP
password

Anonymous

May 14, 2014 at 1:58 AM

To rid the FSC issue:

#wash -i wlan0 --ignore-fcs
Reply
Replies

SHASHWAT CHAUDHARY

May 15, 2014 at 12:54 AM

Thanks, I'll update the post.

http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html

5/17

10/28/2015

KaliLinuxHackingTutorials:HackWPA/WPA2WPSReaverKaliLinux
Anonymous

May 14, 2014 at 2:52 AM

ok .but how to hack WPA/WPA2 with psk ??

Reply
Anonymous

May 20, 2014 at 9:41 AM

Is possible to hack a wpa2 network with a random alphanumerical 15 characters password? I think
this kind of psw does not exist in any dictionary..
Reply
Anonymous

June 16, 2014 at 1:25 PM

Hi there, i m trying to do it on my college wifi, although network supports wps but on giving the reaver
command as you said, it reverts me a kind of note "failed to retrieve a MAC address ".
Also i m not able to successfully getting a WPA handshake with the command "aireplay-ng --deauth 1 a mon0". Plz can u solve these problems
Reply
Replies
Anonymous

June 17, 2014 at 10:48 AM

when i type the command to see all networks as "airodump-ng

mon0", after selecting a particular bssid when i hit command
"airodump-ng -w (name of essid) --bssid (bssid of the network) mon0
-c (number of the channel)" it reverts me same window but at the
right upper corner it always swiches channel from one to another or
some times fixed to particular, it shows like "fixed channel mon0:-1",
plz solve this problem!

Anonymous

June 17, 2014 at 4:47 PM

So I've done everything without problems but after checking the

terminal Reaver says that there is approximately 207 hours and 36
minutes remaining. Is that normal?

SUDHARSAN VISWA

June 18, 2014 at 11:02 AM

i used crunch to create a word list for brute force,but for only numerical word list it tooks 100's of
gb,how can a get word list for less than 10 gb
Reply

SUDHARSAN VISWA

June 19, 2014 at 7:17 AM

thank you
Reply

SUDHARSAN VISWA

June 19, 2014 at 7:26 AM

i google it and i got this

"crunch 8 8 0123456789 | aircrack-ng -a 2 /home/tc/INFINITUMCBA277-02.cap -e INFINITUMCBA277 -

http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html

6/17

10/28/2015

KaliLinuxHackingTutorials:HackWPA/WPA2WPSReaverKaliLinux
b 58:98:35:CB:A2:77 -w -"
Reply
Replies

SHASHWAT CHAUDHARY

June 19, 2014 at 8:30 AM

Looks good enough.

I think it'll work just fine.

Anonymous

June 23, 2014 at 1:23 AM

Can you tell me how to boot kali linux from CD? Currently i am using in virtual box.
Reply
Replies

SHASHWAT CHAUDHARY

June 23, 2014 at 3:04 AM

Try Live USB instead. http://docs.kali.org/installation/kali-linux-liveusb-install

ARINDAM MARL-E

March 31, 2015 at 6:23 AM

got a power iso..and then use the tool option where u can fing Creat
bootable pendrive.Then select the iso file ...then after the complete,
restart the pc from pendrive..All done..Select the boot method.thats
st

WELL WISHER

June 23, 2014 at 1:00 PM

Can any one tell me about how can we change the channel of any network which is appearing on
airodump terminal. As sometimes my mon0 is fixed to channel 1 so may be i can receive a network on
1 which previously coming on channel 6 or 7 whatever
Reply
Replies

SHASHWAT CHAUDHARY

June 24, 2014 at 2:54 AM

ifconfig wlan0 channel 6

ifconfig won0 channel 6
airodump-ng mon0 -c 6
That should be enough.

WELL WISHER

http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html

June 23, 2014 at 1:06 PM

7/17

10/28/2015

KaliLinuxHackingTutorials:HackWPA/WPA2WPSReaverKaliLinux
Please Shashwat, can u provide me a good wordlist, because i have one wordlist which is about 22 MB
of .txt file but i have tried it on a network with fern, finally result came out, 'the list does not contain
the password'. So please give a link of wordlist which u think that would be enough break the pass.
Reply

SUDHARSAN VISWA

June 28, 2014 at 12:17 AM

how to get a SSID of a hidden network

Reply
Replies

SHASHWAT CHAUDHARY

June 28, 2014 at 4:57 AM

Use aireplay-ng to carry out a de-authentication attack on a client.

After that when the client reconnects you'll get the SSID.

SUDHARSAN VISWA

June 28, 2014 at 9:18 AM

thank you shashwat

Reply
Anonymous

July 13, 2014 at 2:52 PM

hi, can i ask few question.

first is i try cracking wpa2 pass, i almost finish cracking and at the last step need to use this command
"aircrack-ng -w wordlist.txt --bssid 00:11... wordlist-01.cap"
but it says that my wordlist can't be found. so how i want to check this wordlist or how can i make it.
second is i try to use this command
"wash -i [your interface] [My is wlan0] -c CHANNEL_NUM -C -s"
but it only replay
''[!] Found packet with bad FCS, skipping...''
and never stop. can help me please.
hope to get this info ASAP.
Reply
Replies

SHASHWAT CHAUDHARY

July 15, 2014 at 2:16 AM

You have to download the wordlist from the internet.

Try --ignore-fcs, it might solve the bad FCS issue.

HJGJK HJGHJ

http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html

July 15, 2014 at 4:32 PM

8/17

10/28/2015

KaliLinuxHackingTutorials:HackWPA/WPA2WPSReaverKaliLinux
I get the 0x03 and the 0x04 error all the time "WPS transaction failed, re-trying last pin". I had tried
with different networks but is always the same . One of them says "WARNING: Detected AP rate
limiting, waiting 60 seconds before re-checking, but that is all it does. What can I do? :'(
Reply

HJGJK HJGHJ

July 15, 2014 at 4:59 PM

I get the 0x03 and the 0x04 error all the same ("WPS transaction failed, re-trying last pin"). I have tried
with different networks, but is always the same. One of them says: "WARNING: Detected AP rate
limiting, waiting 60 seconds before re-checking", but that is all it does. What can I do? :'(
Reply

MATTHEW BARNARD

July 28, 2014 at 4:57 PM

Thanks! I dual booted and it solved the problem :D

Reply

SHASHWAT CHAUDHARY

July 28, 2014 at 8:00 PM

Glad it worked.
Reply

TOBBYHUSH

December 18, 2014 at 11:00 PM

Since I have only 150GB for Kali installation, I use Reaver all the time. Is one of the best tools I used. It
doesn't consume disk space or hardware resources. Is just what everyone who's testing want.
One thing I do and could help someone, is to make Reaver start from a specified number. If you know
the WPS default first numbers and you may think that WPS wasn't changed, you can Google to find
the first 1, 2, 4 numbers... Then, you give all the information to Reaver you would put normaly, and, in
the attribute -P put the first numbers you may know. Execute the command and stop it a few seconds
later by pressing CTRL+C. Don't be scared if you saw that the WPS PIN sent is 4 numbers long. Now,
you should run again the same command but erasing -P this time. Now, program will think that it
checked the previous PINs and will take less time. Or more, if the password is not default... But if you
have no patience, you could try it out. I.e., if you give to the app 4 first numbers, the scan will take only
1:30h with 999 tries.
This is also a way to avoid the manual edit of './usr/local/etc/reaver/*.wpc'.
Sorry for my poor English lvl, I did not sleep and I'm even worse. :c
Reply
Replies

SHASHWAT CHAUDHARY
December 21, 2014 at 7:51 AM
Thank you for sharing this with us. Your English is fine by the way.

MUBASHIR

January 23, 2015 at 11:01 AM

hi when we trying 2 or 3 pins in kali linux using reaver its getting error occur just like that ( WARNING:
Detected AP rate limiting, waiting 60 seconds before re-checking)
Reply

SATYARTH PRATEEK

http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html

February 1, 2015 at 8:36 AM

9/17

10/28/2015

KaliLinuxHackingTutorials:HackWPA/WPA2WPSReaverKaliLinux
I keep on getting this WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Switching mon0 to channel 11
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Trying pin 12345670
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[!] WPS transaction failed (code: 0x02), re-trying last pin
[+] Nothing done, nothing to save.
[+] 0.00% complete @ 2015-02-01 11:32:53 (0 seconds/pin)
[+] Max time remaining at this rate: (undetermined) (11000 pins left to try)
[+] Trying pin 12345670
Why is it trying the same pin again and again..??
Reply
Replies

MOEIN BAZARGAN

February 21, 2015 at 3:12 AM

I have the same problem!

SHASHWAT CHAUDHARY
February 21, 2015 at 11:52 PM
Maybe you're too far from the AP (signal strength?). Maybe you need
a better wireless adapter (are you using laptop's internal card?).
Maybe the AP does not have WPS enabled (does the AP appear in
wash?)

MOEIN BAZARGAN

February 22, 2015 at 9:07 AM

Yes it does!
I'm using laptop's internal wireless adapter.
I think I should use an external adapter becuase sometimes ARP
injection (WEP) doesn't work too

SHASHWAT CHAUDHARY
February 24, 2015 at 11:37 PM
Yes you should use external adapter. The internal ones do a good job
in receiving messages from AP but they aren't so good at (and are
not designed to) inject packets into the AP (i.e. they aren't as good in
transmitting packets as they are in recieving them).

http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html

10/17

10/28/2015

KaliLinuxHackingTutorials:HackWPA/WPA2WPSReaverKaliLinux

48D44572-AD42-11E4-ACF5-6FA66024793B

February 5, 2015 at 6:22 AM

Prateek, I wasn't able to do much either until yesterday.

I got a decent wireless card and after that I was able to associate via aireplay-ng -1 and as soon as that
happened I ran reaver. Now I am dealing with the wps lock, but I am taking my time. Patience is a
virtue ;)
Reply
Anonymous

March 27, 2015 at 9:29 AM

How can i install wine in 64 bit kali linux?????

Reply
midnightmadness

March 29, 2015 at 12:25 AM

every time I try either wash or airodump-ng it comes up saying that it fails to open mon0 for
capturing. Do I need to use a wifi adapter or use alive version of kali linux from USB?
Reply
Anonymous

April 2, 2015 at 5:47 AM

What if Wps is not active on the router??

Reply
Replies
Anonymous

April 8, 2015 at 12:47 PM

Then you cannot hack it. WPS must be enabled in order to attack the
AP via pin attempts.

Anonymous

April 8, 2015 at 1:14 PM

Try to attack it with a wordlist instead. The author of this article

mentioned it above.

Anonymous

April 15, 2015 at 10:26 PM

Is there a way to hacking wireless network in which wps disabled?

It was activated before, but now is Off
Reply
Anonymous

April 16, 2015 at 3:06 PM

I have made a modification in reaver to automatize the process for the pixie dust attack, here is the
github

(https://github.com/t6x/reaver-wps-fork-t6x),

here

is

the

discussion

topic

(https://forums.kali.org/showthread.php?25123-Reaver-modfication-for-Pixie-Dust-Attack)
Reply
Anonymous

April 18, 2015 at 6:42 AM

Hi, reaver in my pc is slow, 10 second/pin

how do i speed up?

http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html

11/17

10/28/2015

KaliLinuxHackingTutorials:HackWPA/WPA2WPSReaverKaliLinux
Reply
Anonymous

April 30, 2015 at 12:43 PM

hello i followed this tut but is it okeey is me terminal keep saying:

[+] 0.00% complete @ 2015-04-30 21:36:28 (0 seconds/pin)
[+] Max time remaining at this rate: (undetermined) (11000 pins left to try)
im running kali on me crappy netbook should i use me dekt5op with Virtual box instead?
thanks for the help
Reply

MUSHTAQ KHAN

May 7, 2015 at 9:58 PM

[#] Drone Hijacking With Maldrone Drone Malware

http://beinghaxor.blogspot.com/2015/05/drone-hijacking-with-maldrone-drone.html
Reply

MUSHTAQ KHAN

May 7, 2015 at 9:58 PM

[#] Traffic Lights Hacking

http://beinghaxor.blogspot.com/2015/05/traffic-lights-hacking.html
Reply
Anonymous

May 16, 2015 at 6:49 PM

AP rate limiting detected...

any solution to this problem?
Reply
Anonymous

May 17, 2015 at 2:57 AM

wash -i mon0 -C.

Reaver com comandos -L -E -A -T 2 -d 2 e outros comandos resultam.
Para desbloquear WPS?
Reply

RAM KEERTHANA

May 25, 2015 at 10:04 AM

Is there any free online book or pdf for kali linux hacker beginner?
Reply

ANTHON MLGAARD STEINESS 1K

June 2, 2015 at 7:02 AM

Hello, i am facing a lot of errors when i'm usin kali linux, actually i can't do anything because it comes
with errors every time i try cracking wpa og creating Payloads.
When using reaver i ger this error code: 0x04 i am typing in this
reaver -i mon0 -b "BSSID" -d "delayed time" -S -N -vv
where -S should increase cracking speed and -N should stop the nacking
I have tried with -d 5/10/15/20/25/30 and also tried with and without -S i have tried with and without N i have tried -c that specifies the channel.
But it keeps saying WPS transaction failed error code: 0x04

http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html

12/17

10/28/2015

KaliLinuxHackingTutorials:HackWPA/WPA2WPSReaverKaliLinux
Why is that?
And when i try out this specific command
reaver -i mon0 -A -b 00:30:4F:XX:XX:XX - c 6 -d 10 -vv --no-nacks --win7
It comes up with the error [!] WARNING: Receive timeout occurred
Why is that, and how does i fix these reaver problems i am facing?
I have researched on google for 2 days now, and no one has the answer i am looking for.
Also when i use the wash command the RSSI = 0 on all the networks that i can find.
I think this is the main problem for why reaver doesn't work
And just another thing, when i try using the setoolkit, when i have pressed 1 - 10 and try pressing 1 for
social engineering tool it says something about ratte_module not defined. if someone has a link to fix
that, i would be soooo happy :-)
Reply
Replies

ANTHON MLGAARD STEINESS 1K

June 2, 2015 at 7:08 AM
I think the error code 0x04 occures when recieving M1 Message and
sending out M2. The -N should stop this (i have read), but it doesn't. i
wil copy the outcome in the terminal and post it here later.

Anonymous

June 3, 2015 at 4:36 AM

I have followed everything but when I start the reaver I am getting "WPS transaction failed (code:
0x03), re-trying last pin" I am using an external wlan.
Reply
Replies

SHASHWAT CHAUDHARY

June 3, 2015 at 7:24 AM

Did you check with wash if WPS is enabled? Maybe they are using
rate limiting measures.

HEMANT KOHLI

July 14, 2015 at 11:29 PM

try using reaver with -N or --no-nacks option

DR. AWKWARD

June 4, 2015 at 4:13 PM

When I use reaver to attack it stops when it outputs waiting for a beacon. If I don't specify which
channel the network is it will just flip through the channels over and over. Any advice?
Reply
Replies

SHASHWAT CHAUDHARY

June 4, 2015 at 6:56 PM

http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html

13/17

10/28/2015

KaliLinuxHackingTutorials:HackWPA/WPA2WPSReaverKaliLinux

Fix a channel on your wlan0 and mon0 interface. The beacon frame
issue resolved itself in my case (one day it was there, then it was not).
I suspect it might have something to do with signal strength.

Anonymous

June 16, 2015 at 12:33 PM

Does Reaver still works? or has most companies already patched their WPS so that this method
doesn't work anymore? If it works which external wireless card would work? Thank you.
Reply
Anonymous

June 20, 2015 at 12:08 AM

i need help with external adapters for my vm for my mac 10.10 do you know any i could get
Reply
Anonymous

June 23, 2015 at 12:24 AM

please help i cant find a adapter that will work with my computer
Reply
Anonymous

June 23, 2015 at 10:45 PM

wifite not working man..

after so long waiting of 8 mins it says 0/1 wpa attacks failed...
is there something i can do?
Reply
Anonymous

June 26, 2015 at 5:39 AM

this error ("detecting ap limit rate") keeps comming after 10 pin test what to do about it any solution
and it dosn't
go for a whole day
Reply
Anonymous

June 30, 2015 at 8:28 PM

when do we have to use wordlist in the tutorial ??

Reply
Anonymous

July 5, 2015 at 7:32 AM

Is it possible to try to find out the password of a wifi network that you're connected to ? Because I am
just trying to test my own connection.Thanks
Reply
Replies
Anonymous

August 12, 2015 at 7:07 AM

go into your windows network settings and "Forget This Network"

then proceed with the tutorial

http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html

14/17

10/28/2015

KaliLinuxHackingTutorials:HackWPA/WPA2WPSReaverKaliLinux
Anonymous

July 14, 2015 at 11:07 PM

If network-manager is being used in ubuntu you get error "SIOCSIFFLAGS: Name not unique on
network" first stop network-manager.
/etc/init.d/network-manager stop
Reply
Anonymous

July 15, 2015 at 10:00 AM

Dose it need an internet connection to hack wifi

Reply
Anonymous

July 17, 2015 at 11:31 AM

Please help me. im using tplink tl-wn722n according to recommended wireless adapter.. But unable to
work with reaver again... What i have to to.. The problm is ap rate limit of 60 sec.. And in pixiewps
unable to crack wps. It just stoped automatically without trying any pin..
Reply
Anonymous

July 18, 2015 at 10:45 PM

i connected with wifi .How i get wps pin of this wifi.So that i get password al the time easily when
password will change.
Reply
Anonymous

July 23, 2015 at 8:41 AM

I bet every last one of you geeks has long hair, a heavy metal t-shirt and a complexion that has never
seen the sun. Grep a life!
Reply
Anonymous

July 25, 2015 at 1:19 PM

oops! I have a problem,when i enter "reaver -i mon0 -b xx:xx:xx:xx:xx -vv" this command writes over
and over and nothing will happen,please help me!
[+] Trying pin 12345670
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
[!] WARNING: Receive timeout occurred
[+] Sending EAPOL START request
Reply
Replies

TALHA BALAJ

October 18, 2015 at 8:15 PM

same here

Anonymous

July 29, 2015 at 4:48 AM

Is there anybody here?

http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html

15/17

10/28/2015

KaliLinuxHackingTutorials:HackWPA/WPA2WPSReaverKaliLinux
Reply
Anonymous

July 29, 2015 at 11:28 AM

Any ideas on what to do when you get wps pin but wpa psk is '' (empty brackets)?
What other tools or techniques could be used to obtain wpa psk?
Reply

SCOTT

August 31, 2015 at 12:52 PM

Once you get pin do you just enter it in place of the password key when logging in ?
Reply
Replies

DUSTIN AGEE

October 20, 2015 at 8:02 PM

#headslap

Anonymous

October 2, 2015 at 10:16 AM

what to do with wps pin as i know the wps pin of wifi?? how to hack password??
Reply

XSUKAX

October 16, 2015 at 5:12 AM

Just Try This Bash Script ;)

https://www.youtube.com/watch?v=IxHR-_p5JrY
Reply

TALHA BALAJ

October 18, 2015 at 8:13 PM

i just wanna know this way will work on the LIVE BOOTED KALI LINUX 1.1 OR 2.0 . I have both
Reply

Enteryourcomment...

Commentas:

Publish

AlifAkbarArifin(Google)

Preview

http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html

Signout

Notifyme

16/17

10/28/2015

KaliLinuxHackingTutorials:HackWPA/WPA2WPSReaverKaliLinux

http://www.kalitutorials.net/2014/04/hackwpawpa2wpsreaverkalilinux.html

17/17