How to hack a Wi-Fi network with WPA encryption

Most recently, we published a memo about why you should not use WEP encryption for its Wi-Fi access point. Despite the presence of condemning comments in the style of "you can not teach people to break the network of" we once again remind you that the knowledge and method of use - quite different things. Of course, to use this on someone's strange router in any case impossible. This material does not include many clarifications on the implementation of hacking and carries only illustrative meaning. He calls not to break the network, and properly configure the router to ensure that it is not broke.

Many of us are willing to believe in the fact that WPA encryption is bulletproof for all types of attacks, however, many manufacturers of routers still inexplicably make active the WPS function with authentication by PIN code. The fact that this 8-PIN iznachny built on such algorithm that attackers need only to pick up the first signs of the 7 this code, with the first 4 and the last 3 are selected separately, with the result that gives the highest possible total of 11,000 code variants. In practice, it is quite simply selected.

To crack Wi-Fi network with a WPS attacker will need:

• BackTrack 5 Live CD
• a computer with Wi-Fi adapter and a DVD-drive
• your Wi-Fi network with WPA encryption and WPS enabled
• some patience

Since R2 version BackTrack 5 includes a utility called Reaver, which uses the WPS vulnerability. To crack you need to gather some information, such as the name of your wireless interface card and the BSSID of the router-sacrifice. It is also necessary to translate Wi-Fi card into monitor mode.

In the terminal, enter the command:

iwconfig

Press Enter. If you have a wireless card, then most likely, it will be called wlan0. In any case, in the future enough to replace wlan0 at your option, and everything will work.

Translate card in monitor mode:

airmon-ng start wlan0

Among other information, you need to remember the name of the monitor mode interface, in this case mon0.

Learn BSSID router victims:

airodump-ng wlan0

If does not work, try:

airodump-ng mon

When in the list that appears, find the desired network, you can press Ctrl + C to stop the update list. Copy the BSSID and proceed to the very entertaining. In the terminal, enter:

reaver -i moninterface -b bssid -vv

moninterface - the name of the monitor mode interface, bssid - BSSID router victim

The process has started. You can drink tea, play with the cat, and do other interesting things. Utility can take up to 10 hours for the matching PIN. If successful, you will get a PIN and password to the access point.

Protection

To guard against this thing, you need to disable the WPS (some models can be called QSS) in the router settings. Not be amiss and installation of MAC filtering, through which the left device in general will not be able to connect to the network (however, and here not rule out the possibility that an attacker gains access to the list of allowed MAC addresses and forge their address).