We already went through the complex process of “trying” to crack a WPA/WPA2, and I am using the word ‘trying’ as the results are quite uncertain and heavily dependent on your wordlist. However, many routers’ are vulnerable to a much easier attack. You must have come across routers with enabled WPS ( Wi-Fi Protected setup) – it works in several methods such as PIN method, Push-button-method and etc. If you want to get more familiar with WPS and this attack – I recommend reading Stefan Viehbock’s article on it. These devices that have WPS enaabled, are vulnerable to brute-force attacks and by ‘guessing’ the WPS code, you essentially also gain the WPA2 encryption password – or in other words the needed Wi-Fi password.
All this is possible thanks to Reaver. Downloading and installing is explained on their website on Google Code. The process is insanely easy – once installed, you can use Wash to find the available Wi-Fi networks with enabled WPS protection:
walsh -i ‘your wireless interface in monitor mode(usually mon0)’
This will essentially show you the networks vulnerable to the attack. If you encounter the “Found packet with bad FCS, skipping…” error, edit the command to walsh -i mon0 –ignore-fcs .
Choose your network and launch the attack:
reaver -i ’your wireless interface in monitor mode(usually mon0)’ -b ‘victim router’s Mac address’ -vv (or -v for less info)
This essentially should break the WPA password for up to 10 hours. There are ways to speed things up – add parameters such as -c <channel of router> and -d 0, which will speed things up BUT can result in the router crashing.
The best part is, the software is fully functional under Maemo and the N900. The latest version available is revision 100, provided in this post thanks to marc0s_h4f. (However, this version has issues with wash reading pcap format, but it is irrelevant to this post.) You should check that thread, as he seems to provide new versions constantly.
Moreover, Saturn has edited Cleven and it now has a GUI for Wash and Reaven and essentially makes the process even easier. You should note that macr0s_h4f’s files should be unpacked to /home/user/.reaver/ - once that is done, restart cleven ( make sure you have the latest version) and the options for reaver and wash should appear.
DISCLAIMER: This program is intended for learning purposes only. I do not condone hacking and wouldn’t be held responsible for your actions. Only you would face legal consequences if you used this script for illegal activities.