reaven

7/28/2019 reaven

1/14

RELATED

How Secure Are You

Online: The Checklist

(http://lifehacker.com/5938980/how-

secure-are-you-online-the-checklist)

(http://lifehacker.com/5938980/how-secure-are-you-online-the-checklist)

How Can I Protect My

Computers and DataWhen Someone Else Is

Using My


can-i-protect-my-

computers-and-data-

when-someone-else-is-

using-my-network)

(http://lifehacker.com/5875465/how-can-i-protect-my-computers-and-data-when-someone-else-is-using-my-network)

Top 10 Ways to Break

Into and Out of Almost

Anything(http://lifehacker.com/5873829/top-

10-ways-to-break-into-

and-out-of-almost-

anything)

(http://lifehacker.com/5873829/top-10-ways-to-break-into-and-out-of-almost-anything)

Five Most Popular

Lifehacker Tips and

Guides(http://lifehacker.com/5981050/five-

most-popular-

lifehacker-tips-or-

guides)

(http://lifehacker.com/5981050/five-most-popular-lifehacker-tips-or-guides)

Turn Your DD-WRT

Enabled Router into a

Whole House AdBlocker

(http://lifehacker.com/5680670/turn-

your-dd+wrt-enabled-

router-into-a-whole-

house-ad-blocker)

(http://lifehacker.com/5680670/turn-your-dd+wrt-enabled-router-into-a-whole-house-ad-blocker)

How Can I Get Wi-Fi at

a Location that Doesn't

Offer It?(http://lifehacker.com/5945815/h

can-i-get-wi+fi-at-a-

location-that-doesnt-

offer-it)

(http://lifehacker.com/59can-i-get-wi+fi-at-a-locatdoesnt-offer-it)

(http://adam-pash.kinja.com)HACK ATTACK (/TAG/

1,935,924

(http://lifehacker.com/5873407/h ow-

to-crack-a-wi+ fi-networks-wpa-

password-with-reaver)

118

(http://lifehack er.com/5873407/how-

to-crack-a-wi+ fi-networks-wpa-

password-with-reaver#replies)

ADAM PASH

(HTTP://ADAM-

PASH.KINJA.COM)

1/09/12 5:00am


to-crack-a-wi+fi-networks-wpa-

password-with-reaver)

Your Wi-Fi network is your conveniently

wireless gateway to the internet, and since

you're not keen on sharing your connection

with any old hooligan who happens to be

walking past your home, you secure your

network with a password, right? Knowing, as

you might, how easy it is to crack a W EP

password

(http://lifehacker.com/5305094/how-to-

crack-a-wi+fi-networks-wep-password-with-backtrack), you probably secure your

network using the more bulletproof WPA

security protocol.

Here's the bad news: A new, free, open-

source tool called Reaver

(http://code.google.com/p/reaver-wps/)

exploits a security hole in wireless routers

and can crack most routers' current

passwords with relative ease. Here's how to

crack a WPA or WPA2 password, step by

step, with Reaverand how to protect your

network against Reaver attacks.

How to Crack a Wi-Fi Network's WPA Passwordwith Reaver (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver)

How to Crack a Wi-Fi

Network's WEP

Password with

BackTrack

(http://lifehacker.com/5305094/how-to-crack-a-

wi+fi-networks-wep-password-with-backtrack)

You already know that if you want to lock down

your Wi-Fi network, you should opt for WPA

encryption because WEP is easy to crack. But did

you know Read

(http://lifehacker.com/5305094/how-to-crack-

a-wi+fi-networks-wep-password-with-

backtrack)


to-crack-a-

wi+fi-

networks-

wep-

password-

with-

backtrack)

RELATED
http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5875465/how-can-i-protect-my-computers-and-data-when-someone-else-is-using-my-networkhttp://lifehacker.com/5875465/how-can-i-protect-my-computers-and-data-when-someone-else-is-using-my-networkhttp://lifehacker.com/5875465/how-can-i-protect-my-computers-and-data-when-someone-else-is-using-my-networkhttp://lifehacker.com/5875465/how-can-i-protect-my-computers-and-data-when-someone-else-is-using-my-networkhttp://lifehacker.com/5680670/turn-your-dd+wrt-enabled-router-into-a-whole-house-ad-blockerhttp://lifehacker.com/5873829/top-10-ways-to-break-into-and-out-of-almost-anythinghttp://lifehacker.com/5981050/five-most-popular-lifehacker-tips-or-guideshttp://lifehacker.com/5873829/top-10-ways-to-break-into-and-out-of-almost-anythinghttp://lifehacker.com/5981050/five-most-popular-lifehacker-tips-or-guideshttp://lifehacker.com/5873829/top-10-ways-to-break-into-and-out-of-almost-anythinghttp://lifehacker.com/5873829/top-10-ways-to-break-into-and-out-of-almost-anythinghttp://lifehacker.com/5981050/five-most-popular-lifehacker-tips-or-guideshttp://lifehacker.com/5680670/turn-your-dd+wrt-enabled-router-into-a-whole-house-ad-blockerhttp://lifehacker.com/5873829/top-10-ways-to-break-into-and-out-of-almost-anythinghttp://lifehacker.com/5981050/five-most-popular-lifehacker-tips-or-guideshttp://lifehacker.com/5873829/top-10-ways-to-break-into-and-out-of-almost-anythinghttp://lifehacker.com/5981050/five-most-popular-lifehacker-tips-or-guideshttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaverhttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaverhttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaverhttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaverhttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaverhttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaverhttp://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaverhttp://code.google.com/p/reaver-wps/http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrackhttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaverhttp://adam-pash.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#replieshttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaverhttp://lifehacker.com/tag/hack-attackhttp://adam-pash.kinja.com/http://lifehacker.com/5945815/how-can-i-get-wi+fi-at-a-location-that-doesnt-offer-ithttp://lifehacker.com/5945815/how-can-i-get-wi+fi-at-a-location-that-doesnt-offer-ithttp://lifehacker.com/5680670/turn-your-dd+wrt-enabled-router-into-a-whole-house-ad-blockerhttp://lifehacker.com/5680670/turn-your-dd+wrt-enabled-router-into-a-whole-house-ad-blockerhttp://lifehacker.com/5981050/five-most-popular-lifehacker-tips-or-guideshttp://lifehacker.com/5981050/five-most-popular-lifehacker-tips-or-guideshttp://lifehacker.com/5873829/top-10-ways-to-break-into-and-out-of-almost-anythinghttp://lifehacker.com/5873829/top-10-ways-to-break-into-and-out-of-almost-anythinghttp://lifehacker.com/5875465/how-can-i-protect-my-computers-and-data-when-someone-else-is-using-my-networkhttp://lifehacker.com/5875465/how-can-i-protect-my-computers-and-data-when-someone-else-is-using-my-networkhttp://lifehacker.com/5938980/how-secure-are-you-online-the-checklisthttp://lifehacker.com/5938980/how-secure-are-you-online-the-checklist

7/28/2019 reaven

2/14

(http://www.backtrack-

linux.org/downloads/)The BackTrack 5 Live DVD (http://www.backtrack-

linux.org/downloads/). BackTrack is a bootable Linux distribution that's filled to the

brim with network testing tools, and while it's not strictly required to use Reaver, it's the

easiest approach for most users. Download the Live DVD from BackTrack's download

page (http://www.backtrack-linux.org/downloads/) and burn it to a DVD. You can

alternately download a virtual machine image if you're using VMware, but if you don't

know what VMware is, just stick with the Live DVD. As of this writing, that means you

should select BackTrack 5 R1 from the Release drop-down, select Gnome, 32- or 64-bit

depending on your CPU (if you don't know which you have, 32 is a safe bet), ISO for

image, and then download the ISO.

A computer with Wi-Fi and a DVD drive. BackTrack will work with the wireless card
http://www.backtrack-linux.org/downloads/http://www.backtrack-linux.org/downloads/http://www.backtrack-linux.org/downloads/

7/28/2019 reaven

3/14

Let's Get Crackin'

At this point you should have BackTrack burned to a DVD, and you should have your laptop

handy.

Step 1: Boot into BackTrack

To boot into BackTrack, just put the DVD in your drive and boot your machine from the disc.

(Google around if you don't know anything about live CDs/DVDs and need help with this part.)

During the boot process, BackTrack will prompt you to to choose the boot mode. Select

"BackTrack Text - Default Boot Text Mode" and press Enter.

Eventually BackTrack will boot to a command line prompt. When you've reached the prompt,

type

startx

and press Enter. BackTrack will boot into its graphical interface.

Step 2: Install Reaver

Reaver has been added to the bleeding edge version of BackTrack, but it's not yet incorporated

with the live DVD, so as of this writing, you need to install Reaver before proceeding.

(Eventually, Reaver will simply be incorporated with BackTrack by default.) To install Reaver,

you'll first need to connect to a Wi-Fi network that you have the password to.

Now that you're online, let's install Reaver. Click the Terminal button in the menu bar (or clickApplications > Accessories > Terminal). At the prompt, type:

on most laptops, so chances are your laptop will work fine. However, BackTrack doesn't

have a full compatibility list, so no guarantees. You'll also need a DVD drive, since that's

how you'll boot into BackTrack. I used a six-year-old MacBook Pro.

A nearby WPA-secured Wi-Fi network. Technically, it will need to be a network

using WPA security with the WPS feature enabled. I'll explain in more detail in the "How

Reaver Works" section how WPS creates the security hole that makes WPA cracking

possible.

A little patience. This is a 4-step process, and while it's not terribly difficult to crack a

WPA password with Reaver, it's a brute-force attack, which means your computer will be

testing a number of different combinations of cracks on your router before it finds the

right one. When I tested it, Reaver took roughly 2.5 hours to successfully crack my

password. The Reaver home page (http://code.google.com/p/reaver-wps/) suggests it can

take anywhere from 4-10 hours. Your mileage may vary.

Click Applications > Internet > Wicd Network Manager

Select your network and click Connect, enter your password if necessary, click OK, and

then click Connect a second time.

1.

2.

729 reading: The Renovations That
http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/http://code.google.com/p/reaver-wps/

7/28/2019 reaven

4/14

apt-get update

And then, a fter the update completes:

apt-get install reaver

If all went well, Reaver should now be installed. It may seem a little lame that you need to

connect to a network to do this, but it will remain installed until you reboot your computer. At

this point, go ahead and disconnect from the network by opening Wicd Network Manager

again and clicking Disconnect. (You may not strictly need to do this. I did just because it felt like

I was somehow cheating if I were already connected to a network.)

Step 3: Gather Your Device Information, Prep Your Crackin'

In order to use Reaver, you need to get your wireless card's interface name, the BSSID of the

router you're attempting to crack (the BSSID is a unique series of letters and numbers that

identifies a router), and you need to make sure your wireless card is in monitor mode. So let's do

all that.

Find your wireless card: Inside Terminal, type:

iwconfig

Press Enter. You should see a wireless device in the subsequent list. Most likely, it'll be named

wlan0

, but if you have more than one wireless card, or a more unusual networking setup, it may be

named something different.

Put your wireless card into monitor mode: Assuming your wireless card's interface name

is

wlan0

, execute the following command to put your wireless card into monitor mode:

airmon-ng start wlan0

This command will output the name of monitor mode interface, which you'll also want to make

note of. Most likely, it'll be

7/28/2019 reaven

5/14

mon0

, like in the screenshot below. Make note of that.

Find the BSSID of the router you want to crack: Lastly, you need to get the unique

identifier of the router you're attempting to crack so that you can point Reaver in the right

direction. To do this, execute the following command:

airodump-ng wlan0

(Note: If

airodump-ng wlan0

doesn't work for you, you may want to try the monitor interface insteade.g.,

airodump-ng mon0

.)

You'll see a list of the wireless networks in rangeit'll look something like the screenshot below:

When you see the network you want, press Ctrl+C to stop the list from refreshing, then copy

that network's BSSID (it's the series of letters, numbers, and colons on the far left). The network

should have WPA or WPA2 listed under the ENC column. (If it's WEP, use our previous guide

to cracking WEP passwords (http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-

wep-password-with-backtrack).)

Now, with the BSSID and monitor interface name in hand, you've got everything you need to

start up Reaver.

Step 4: Crack a Network's WPA Password with Reaver

Now execute the following command in the Terminal, replacing

bssid

and

moninterface

with the BSSID and monitor interface and you copied down above:

reaver -i moninterface -b bssid -vv
http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrack

7/28/2019 reaven

6/14

For example, if your monitor interface was

mon0

like mine, and your BSSID was

8D:AE:9D:65:1F:B2

(a BSSID I just made up), your command would look like:

reaver -i mon0 -b 8D:AE:9D:65:1F:B2 -vv

Press Enter, sit back, and let Reaver work its disturbing magic. Reaver will now try a series of

PINs on the router in a brute force attack, one after another. This will take a while. In my

successful test, Reaver took 2 hours and 30 minutes to crack the network and deliver me with

the correct password. As mentioned above, the Reaver documentation says it can take between

4 and 10 hours, so it could take more or less time than I experienced, depending. When

Reaver's cracking ha s completed, it'll look like this:

A few important factors to consider: Reaver worked exactly as advertised in my test, but

it won't necessarily work on all routers (see more below). Also, the router you're cracking needs

to have a relatively strong signal, so if you're hardly in range of a router, you'll likely experience

problems, and Reaver may not work. Throughout the process, Reaver would sometimes

experience a timeout, sometimes get locked in a loop trying the same PIN repeatedly, and so on.

I just let it keep on running, and kept it close to the router, and eventually it worked its way

through.

Also of note, you can also pause your progress at any time by pressing Ctrl+C while Reaver is

running. This will quit the process, but Reaver will save any progress so that next time you run

the command, you can pick up where you left off-as long as you don't shut down your

computer (which, if you're running off a live DVD, will reset everything).

How Reaver Works

Now that you've seen how to use Reaver, let's take a quick overview of how Reaver works. The

tool takes advantage of a vulnerability in something called Wi-Fi Protected Setup, or WPS. It's a

feature that exists on many routers, intended to provide an easy setup process, and it's tied to a

PIN that's hard-coded into the device. Reaver exploits a flaw in these PINs; the result is that,

with enough time, it can reveal your WPA or WPA2 password.

Read more details about the vulnerability at Sean Gallagher's excellent post on Ars Technica(http://arstechnica.com/business/news/2011/12/researchers-publish-open-source-tool-for-

hacking-wifi-protected-setup.ars).

How to Protect Yourself Against Reaver Attacks

Since the vulnerability lies in the implementation of WPS, your network should be safe if you

can simply turn off WPS (or, even better, if your router doesn't support it in the first place).

Unfortunately, as Gallagher points out as Ars

(http://arstechnica.com/business/news/2012/01/hands-on-hacking-wifi-protected-setup-with-

reaver.ars), even with WPS manually turned off through his router's settings, Reaver was still

able to crack his password.
http://arstechnica.com/business/news/2012/01/hands-on-hacking-wifi-protected-setup-with-reaver.arshttp://arstechnica.com/business/news/2011/12/researchers-publish-open-source-tool-for-hacking-wifi-protected-setup.ars

7/28/2019 reaven

7/14

In a phone conversation, Craig Heffner said that the inability to shut this

vulnerability down is widespread. He and others have found it to occur with every

Linksys and Cisco Valet wireless access point they've tested. "On all of the Linksys

routers, you cannot manually disable WPS," he said. While the Web interface has a

radio button that allegedly turns off WPS configuration, "it's still on and still

vulnerable.

So that's kind of a bummer. You may still want to try disabling WPS on your router if you can,

and test it against Reaver to see if it helps.

You could also set up MAC a ddress filtering on your router (which only allows specifically

whitelisted devices to connect to your network), but a suff iciently savvy hacker could detect the

MAC address of a whitelisted device and use MAC address spoofing to imitate that computer.

Double bummer. So what will work?

I have the open-source router firmware DD-WRT (http://dd-wrt.com/) installed on my router

and I was unable to use Reaver to crack its password. As it turns out, DD-WRT does not

support W PS (http://code.google.com/p/reaver-wps/issues/detail?id=44), so there's yet

another reason to love the free router-booster. If that's got you interested in DD-WRT, check

their supported devices list (http://dd-wrt.com/wiki/index.php/Supp orted_Devices) to see if

your router's supported. It's a good security upgrade, and DD-WRT can also do cool things like

monitor your internet usage (http://lifehacker.com/5821773/how-to-monitor-your-internet-

usage-so-you-dont-exceed-your-data-cap), set up a network hard drive

(http://lifehacker.com/5756233/get-more-out-of-your-dd+wrt-router-with-an-external-drive?

tag=ddwrt), act as a whole-house ad blocker (http://lifehacker.com/5680670/turn-your-

dd+wrt-enabled-router-into-a-whole-house-ad-blocker?tag=ddwrt), boost the range of your

Wi-Fi network (http://lifehacker.com/5563196/turn-your-old-router-into-a-range+boosting-

wi+fi-repeater?tag=ddwrt), and more. It essentially turns your $60 router into a $600 router

(http://lifehacker.com/178132/hack-attack-turn-your-60-router-into-a-600-router).

Further Reading

Thanks to this post (http://maurisdump.blogspot.com/2011/12/reaver-11-wps-brute-force-

cracker-to.html) on Mauris Tech Blog for a very straightforward starting point for using Reaver.

If you're interested in reading more, see:

How to Monitor Your

Internet Usage So You

Don't Exceed Your Data

Cap

(http://lifehacker.com/5821773/how-to-monitor-

your-internet-usage-so-you-dont-exceed-your-

data-cap)

Internet data caps are becoming a reality and can

seriously suck. If you're stuck with the

limitation, the best thing you can do is monitor

your Read

(http://lifehacker.com/5821773/how-to-

monitor-your-internet-usage-so-you-dont-

exceed-your-data-cap)


to-monitor-

your-internet-

usage-so-

you-dont-

exceed-

your-data-

cap)

Get More Out of Your

DD-WRT Router with an

External Drive

(http://lifehacker.com/5756233/get-more-out-of-

your-dd+wrt-router-with-an-external-drive)

You've supercharged your router with DD-WRT,

you're using it to monitor your bandwidth use,

and yet you still wish it could do more. Well

Read (http://lifehacker.com/5756233/get-

more-out-of-your-dd+wrt-router-with-an-

external-drive)

(http://lifehacker.com/5756233/get-

more-out-

of-your-dd+wrt-

router-with-

an-external-

drive)

Ars Technia's hands on (http://arstechnica.com/business/news/2012/01/hands-on-

hacking-wifi-protected-setup-with-reaver.ars)

This Linux-centric guide from Null Byte (http://null-byte.wonderhowto.com/blog/hack-wpa-wifi-passwords-by-cracking-wps-pin-0132542/)

RELATED
http://null-byte.wonderhowto.com/blog/hack-wpa-wifi-passwords-by-cracking-wps-pin-0132542/http://arstechnica.com/business/news/2012/01/hands-on-hacking-wifi-protected-setup-with-reaver.arshttp://lifehacker.com/5756233/get-more-out-of-your-dd+wrt-router-with-an-external-drivehttp://lifehacker.com/5756233/get-more-out-of-your-dd+wrt-router-with-an-external-drivehttp://lifehacker.com/5756233/get-more-out-of-your-dd+wrt-router-with-an-external-drivehttp://lifehacker.com/5821773/how-to-monitor-your-internet-usage-so-you-dont-exceed-your-data-caphttp://lifehacker.com/5821773/how-to-monitor-your-internet-usage-so-you-dont-exceed-your-data-caphttp://lifehacker.com/5821773/how-to-monitor-your-internet-usage-so-you-dont-exceed-your-data-caphttp://maurisdump.blogspot.com/2011/12/reaver-11-wps-brute-force-cracker-to.htmlhttp://lifehacker.com/178132/hack-attack-turn-your-60-router-into-a-600-routerhttp://lifehacker.com/5563196/turn-your-old-router-into-a-range+boosting-wi+fi-repeater?tag=ddwrthttp://lifehacker.com/5680670/turn-your-dd+wrt-enabled-router-into-a-whole-house-ad-blocker?tag=ddwrthttp://lifehacker.com/5756233/get-more-out-of-your-dd+wrt-router-with-an-external-drive?tag=ddwrthttp://lifehacker.com/5821773/how-to-monitor-your-internet-usage-so-you-dont-exceed-your-data-caphttp://dd-wrt.com/wiki/index.php/Supported_Deviceshttp://code.google.com/p/reaver-wps/issues/detail?id=44http://dd-wrt.com/

7/28/2019 reaven

8/14

Reddit user jagermo (http://www.reddit.com/user/jagermo) (who I also spoke with briefly

while researching Reaver) has created a public spreadsheat

(https://docs.google.com/spreadsheet/lv?key=0Ags-

JmeLMFP2dFp2dkhJZGIxTTFkdFpEUDNSSHZEN3c) intended to build a list of vulnerable

devices so you can check to see if your router is susceptible to a Reaver crack.

Have any experience of your own using Reaver? Other comments or concerns? Let's har it in the

comments.

The Reaver product page (http://www.tacnetsol.com/products/) (it's also available in a

point-and-click friendly commercial version.

Discuss

44 discussions displayed

because an author is

participating or following a

participant.

9 additional replies awaiting

review.

Author is participating

Walternate

chgotechguy (http://chgoguy

A Reddit user (@jagermo on twitter or

jagermo [at] hushmail.com) has posted a

spreadsheet titled "WPS Vulnerability

Testing" listing various d evices and user

submitted testing data. While the testing is

not scientific, some may find it helpful. Besure to read the comments and background

information at the bottom of the

spreadsheet, which includes a link where you

can share your own testing data.

Link to spreadsheet: [docs.google.com]

(https://docs.google.com/spreadsheet/lv?

key=0Ags-

JmeLMFP2dFp2dkhJZGIxTTFkdFpEUD...)

1/09/12 7:33am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45822310#co

jagermo (http://jagermo-old.

Thank you for the link. We can always use

more devices, so "get crackin'" (you should

only attack devices that you own, of course.

We are not criminals.)


Melanie Pinola (http://melan

Link doesn't seem to be working. Trying this:

[tinyurl.com] (http://tinyurl.com/6ndb4hq)


10 participants

shockwaver and 6 others...

shido641 (http://shido641-ol

And here i thought i was so clever when i put

my Mac filtering on, SSID Broadcast off,

Limit DHCP to lease only 1 or 2 addresses

and have a 23 character password consisting

of alphanumeric and special characters.

Time to rethink my security...I must say, i

thank the guys that developed this because it

gives me a challenge :)

1/09/12 11:15pm (http://lifehacker.com/5873407/how-to-crack-a-wi+

mrh829 (http://mrh829.kinj

Turning the SSID broadcast off won't do

anything to enhance security; if anything, it

can actually reduce your security.

The reason for this is that when the access

point isn't broadcasting the SSID, your

wireless device has to initiate the

conversation, as opposed to the other way

around. This means that if you take your

laptop to other locations, it will send out

signals asking your home SSID if it's there,

which could be recorded by any nearby

device that's listening.

1/10/12 11:35am (http://lifehacker.com/5873407/how-to-crack-a-wi+

shido641 (http://shido641-ol

Well then i must have listened to the wrong

security guys lol...Thanks

1/11/12 5:34am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi

1 participant

Tristan (http://tristan-i.kinja.

Why not just use OpenWRT instead of DD-

WRT?

DD-WRT left a sour taste in my mouth a

while back when they were selling a re-

skinned version of OpenWRT (and weren't

releasing source code!). Things are a bit

different, but DD-WRT still comes action

packed with un-editable binary blobs in what

is essentially a FOSS software package. This

be a no-no!

The developer's logic behind doing this is to

prevent other people from re-branding DD-

WRT and selling it.

2 participants

Richard Milne (http://ricardo

And this is why I tell people to disable WPS

on their router.


The Stig's graphic designer c

Unfortunately, as Gallagher points out as

Ars, even with WPS manually turned off

through his router's settings, Reaver was

still able to crack his password.
http://glyphon.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45820540#commentshttp://ricardomilnio.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://tristan-i.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45892300#commentshttp://shido641-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45868382#commentshttp://mrh829.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45852833#commentshttp://shido641-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45827991#commentshttp://tinyurl.com/6ndb4hqhttp://melaniepinola.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45824483#commentshttp://jagermo-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45822310#commentshttps://docs.google.com/spreadsheet/lv?key=0Ags-JmeLMFP2dFp2dkhJZGIxTTFkdFpEUD...http://chgoguy7.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://www.tacnetsol.com/products/https://docs.google.com/spreadsheet/lv?key=0Ags-JmeLMFP2dFp2dkhJZGIxTTFkdFpEUDNSSHZEN3chttp://www.reddit.com/user/jagermo

7/28/2019 reaven

9/14

(If things have further changed, let me know

and I may reconsider my blacklisting DD-

WRT)


belak (http://belak1.kinja.co

OpenWRT doesn't support all the routers

that dd-wrt does. By all means, OpenWRT

looks better than dd-wrt, but I can't check

because OpenWRT doesn't run on my

Linksys e2000.

1/09/12 8:07am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45823535#c

while i agree with that step, it isn't a failsafe.

1/09/12 7:13am (http://lifehacker.com/5873407/how-to-crack-a-wi+f

Richard Milne (http://ricardo

Yeah I saw that, turn it off if you can I

suppose would be more accurate advice,

even if turning it off doesn't actually turn it

off lol.

I always turned it off because it just seems to

be unnecessary anyways. It's a classic case of

manufacturers trying to make life easier but

actually just making things worse.


Bogus Maximus (http://bogu

In a test of the networks near my apartment

(let's call it a "security site survey"), out of

over 20 networks only one responded, a nd I

was blacklisted after less than 2% complete.


1 participant

skim32 (http://skim32.kinja.

Just an FYI to Netgear WNDR3700 an 3800

owners. Disabling Router's Pin under the

WPS Settings in the Advanced Wireless

Settings section does protect against Reaver.

However I've read that other Netgear routers

are showing mixed results. Such as the

DGN2200. Disabling WPS in the DGN2200

just slows down Reaver but it eventuallycracks it. Hope this helps some people.

1/09/12 12:48pm (http://lifehacker.com/5873407/how-to-crack-a-wi

FriendlyFire (http://friendly0

I'm glad I've made the right choice then.

This Linksys thing seems incredibly dumb to

do, even for them.

1/09/12 4:01pm (http://lifehacker.com/5873407/how-to-crack-a-wi+f

radio.one (http://radio1.kinja

Holy crap. I read all through this- panicking

all the while.

Well, until the very end about dd-wrt. I run

openwrt (kong) on my router.


nka (http://nabilalk.kinja.com)

I hope this article and others like it will catch

the eye of the router manufacturers and that

they will plug this security hole.


3 participants

nka

digital_man (http://digital_mAnd another one fa lls. Any word as to how

Tomato [lifehacker.com]

(http://lifehacker.com/344765/) stands up

against Reaver?


Travis (http://travis-old.kinja

I do not think that Tomato has ever

supported WPS.


digital_man (http://digital_m

Yes, I don't think so either, but wanted to

make sure.


1 participant

Audi5000 (http://audi5000.

A list of devices that use WPS would be oh so

nice. Anyone know if 2Wire routers do?


slaw (http://slaw1.kinja.com)

If it's anything recent, yes.

1/19/12 5:43pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=46181718#com

1 participant

Caris (http://caris-old.kinja.c

"Also, the router >your< cracking needs to

have a relatively strong signal, so if you're

hardly in range of a router, you'll likely

experience problems, and Reaver may not

work." #typos

(http://lifehacker.com/typos/)


7 participants

5h17h34d (http://5h17h34d-

Last I looked into it, WPA2 Personal AES still

has not been cracked by anyone.


Alex Baillieul (http://alexbailli
http://alexbaillieul.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45820904#commentshttp://5h17h34d-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45826742#commentshttp://lifehacker.com/typos/http://caris-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=46181718#commentshttp://slaw1.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45827718#commentshttp://audi5000.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45825718#commentshttp://digital_man.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45822591#commentshttp://travis-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45821997#commentshttp://lifehacker.com/344765/http://digital_man.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45857296#commentshttp://nabilalk.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45820431#commentshttp://radio1.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45842808#commentshttp://friendly0fire.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45835375#commentshttp://skim32.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=48362032#commentshttp://bogusmaxiumus.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45824655#commentshttp://ricardomilnio.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45821710#commentshttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45823535#commentshttp://belak1.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45819806#comments

7/28/2019 reaven

10/14

Adam Pash (http://adam-pas

Thanks, fixed!

1/09/12 2:56pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45840666#c

Travis and 3 others...

As I read the a rticle, this is not cracking the

AES encryption, but using a brute force

attack to exploit the WPS on the router in

question.


jcollins387 (http://jcollins387

This is not an attack against WPA2+AES,

this is a side channel attack against WPS

(Wi-Fi Protected Setup), which is limited to

a short PIN number which can be brute

forced, since there does not seem to be a

lockout/timeout feature.


5 participants

Walternate and 1 others...


What's the benefit of using Backtrack as

opposed to other Linux distros? Is it just the

increased functionality of a network testing-

focused OS?



That is pretty much what it is created for,

network testing or "pentest". Not sure if you

gain any security on your end running it, I'm

sure with some tweaks you could. Its just a

build of Ubuntu with pre-installed packages.



Good to know. Thanks.

1/09/12 1:00pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45835958#co

5 participants

shido641 and 1 others...

Zak123 (http://zak123.kinja.

You people know that there is a MUCH

easier way to get your neighbors password

right?

1) Name your WiFi the same as your

neighbors

2) Log password attempts

3) Wait.



*ahem* honeypot


polobunny (http://polobunny

Saved password is saved. Can't bother

waiting a day or two. :P


3 participants

AntonK (http://antonk-old.ki

Hi. Has anyone used DD-WRT on their

Linksys WRT320N router? If so, is there a

simplified (read dumbed-down) guide on

how to do it around? I checked the DD-WRT

page for my router, and it's a bit techy for my

comfort. Thanks!

1/09/12 6:58am (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45821322#com

miocene (http://miocene-old

Not sure about the Linksys but I installed it

on my Buffalo router. The instructions seems

really confusing but it's really just a case of

choosing the "update firmware" option in

the stock router firmware and feeding it DD-

WRT. Then just do a hard reset for safety

(not sure why, I just did what it told me).

The tricky bit is finding the right firmware

file to feed to your router. The wiki on dd-

wrt's site usually helps: [dd-wrt.com]

(http://dd-

wrt.com/wiki/index.php/Linksys_WRT320

N_v1.0)


BingleyJoe (http://bingleyjoe

You could install Tomato firmware instead.

I'm running it on a WRT310N as well as an

E3000, and it's excellent; haven't wanted to

go back to DD-WRT since I installed it.

The webpage is a bit more straightforward as

well :)

[tomatousb.org]

(http://tomatousb.org/start)


3 participants

With my last breath, I curse Many laptops are sans DVD drive now. I've

had limited experience with Backtrack. can

it be loaded on a USB key? Also, isn't there a

limit to certain wifi cards? I have an older

lenovo X60 tablet which I would love to re

purpose to an an educational security

laptop. But I worry that the wifi card is

lacking the ability to do anything productive.



Yep, you can run it off of USB. I think they

may even have a special image for it (check

the site). Regarding Wifi in Linux, most stuff

is supported now, but in general, older tends

to be better since there's been more time for

the drivers to be written. The only other

"compatibility" issue is whether or not the

wireless card supports packet injection

which I do not believe this attack requires.



3 participants
http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://travis-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45821876#commentshttp://travis-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45820547#commentshttp://dkreifus.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45823278#commentshttp://tomatousb.org/starthttp://bingleyjoe.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45821867#commentshttp://dd-wrt.com/wiki/index.php/Linksys_WRT320N_v1.0http://miocene-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45821322#commentshttp://antonk-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45847401#commentshttp://polobunny001.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45841543#commentshttp://audi5000.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45838791#commentshttp://zak123.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45835958#commentshttp://caris-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45827683#commentshttp://audi5000.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45827211#commentshttp://caris-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45821125#commentshttp://jcollins387-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45821110#commentshttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45840666#commentshttp://adam-pash.kinja.com/

7/28/2019 reaven

11/14

ErichLOL

jagermo

Also, these are awesome and very well-

supported in BackTrack:

[www.amazon.com]

(http://www.amazon.com/Alfa-

AWUS036H-Upgraded-Wireless-Long-

Rang/dp/B000QYGNKQ/ref=sr_1_10?

tag=lifehackeramzn-20&ascsubtag=

[type|link[postId|466032579[asin|B000QY

GNKQ[authorId|453337608)


Walternate

volchara (http://volchara-old

Come on, it is NOT about cracking WPA

password, it is getting WPA password

through the hole in WPS setup. So disable

WPS and nothing will be cracked. Lifehacker

should know better than use misleading

article title.



From the article:

"Since the vulnerability lies in the

implementation of WPS, your network

should be safe if you can simply turn off

WPS (or, even better, if your router doesn't

support it in the first place). Unfortunately,

as Gallagher points out as Ars, even with

WPS manually turned off through his

router's settings, Reaver was still able to

crack his password."

Is this not true? I haven't done this before.



We have confirmed that Linksys devices still

accept PIN-Codes, even after WPS has been

turned off in the admin interface. This sucks,

and the only way to fix it is a firmware

update.


2 participants

PhilESkyline (http://phileskyli

Can't you get around this by setting up your

router to only connect to specific mac

addresses?


grondinm (http://grondinm-o

from the article:

"You could also set up MAC address filtering

on your router (which only allows specifically

whitelisted devices to connect to your

network), but a sufficiently savvy hacker

could detect the MAC address of a

whitelisted device and use MAC address

spoofing to imitate that computer."


PhilESkyline (http://phileskyliDidn't even read down that far, just watched

the video. Hmm...I guess you could also

creating fake wireless network from captured

packets. It'll be like needle in a hay stack. It's

quite funny and fairly easy to do but frowned

upon by Big Brother.


3 participants

wallmalker1

wallmalker1 (http://wallmalk

All I can a bout with this software - I a in't

goin anywhere near reaver territory1/09/12 4:57pm (http://lifehacker.com/5873407/how-to-crack-a-wi+

polobunny (http://polobunny

REAVERS INCOMING!


Aelver (http://aelver.kinja.co

I still can't believe they killed Wash.


2 participants

nachobel TOTORO! (http://n

Adam - I'm trying to use this in a virtual

machine, and I need a USB wireless device todo so. I tried doing some reading on what

the best supported device to use is, but I

can't find anything conclusive. Any ideas on

something you guys would recommend?


danimal4326 (http://danimal

It works with my Airlink+ 802.11g stick i got

from Fry's a long time ago for 8 bucks

1/12/12 12:41pm (http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45947915#com

nachobel TOTORO! (http://n

I grabbed a wusb54gc my friend had lying

around. Seems to be working. This is quite

interesting, I must say. Thanks for the tip

though!


2 participants

nortexoid (http://nortexoid.ki

Thanks for the tip. Just disabled WPS on my

Fritz!Box router.


CamJN (http://camjn.kinja.c

Might wanna check that, the settings to

disable WPS usually don't actually do

anything. As was explained when this hit

hacker news.


2 participants

catdogpigduck (http://catdog

anyone know if this affects Apple Airport

extreme wifi routers?

http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45822431#commentshttp://catdogpigduck-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45824738#commentshttp://camjn.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45821715#commentshttp://nortexoid.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45948898#commentshttp://nachobel-totoro--old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45947915#commentshttp://danimal4326.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45927566#commentshttp://nachobel-totoro--old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45857674#commentshttp://aelver.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45847385#commentshttp://polobunny001.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45844425#commentshttp://wallmalker1-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45832120#commentshttp://phileskyline.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45828850#commentshttp://grondinm-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45828802#commentshttp://phileskyline.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45838496#commentshttp://jagermo-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45827028#commentshttp://caris-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45824120#commentshttp://volchara-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45821981#commentshttp://www.amazon.com/Alfa-AWUS036H-Upgraded-Wireless-Long-Rang/dp/B000QYGNKQ/ref=sr_1_10?tag=lifehackeramzn-20&ascsubtag=[type|link[postId|466032579[asin|B000QYGNKQ[authorId|453337608http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#

7/28/2019 reaven

12/14


Fritz!Boxes only use WPS Push Button, they

are not affected (confirmed on two devices).

But yeah, turn it of if you don't need it.


CamJN (http://camjn.kinja.c

Nope, no WPS.


Aelver (http://aelver.kinja.co

Not quite true, but only in a veryspecific

circumstance:

[discussions.apple.com]

(https://discussions.apple.com/thread/3617

760?start=15&tstart=0)


1 participant

MrTreehorn (http://mrtreeh

I really don't know anything about hacking,

so I'm wondering what a person can actually

do if they manage to connect to our wifi

network? Will they then be able to access

files on windows user/password protected

network shares like on a NAS?


Vinay Kapadia (http://vkapa

Not likely. They have exactly the same

capabilities that any other person on your

wireless network has. That is, they are

perfectly able to see and attempt to access

your network shares, but if all other laptops

require a password to get into the share, the

hacker's would too.


1 participant

grondinm (http://grondinm-oI am not at home to try this out but if you

turn off SSID broadcast will the "airodump-

ng wlan0" command still find the network?

if not that's a sure way to protect against

this.



I think you still see the BSSID (wich is

basically the MAC-Adress), the SSID just

reads "hidden SSID" (at least on Kismet). So

you can still crack the WPS Implementation.

After that you just log the traffic until a

device signs on and you have the SSID.

Turing off SSID broadcast does not help at

all - it just creates a challenge ("uuhhhh,

lookie here, somebody tries to hiiiiidddeee".


1 participant

gokachu (http://gokachu.kinj

Should i be worried at all. How scared

should i be knowing that a program like this

is out?

1/09/12 10:06am (http://lifehacker.com/5873407/how-to-crack-a-wi

J.Xibalba (http://xibalba.kinj

Dont't worry. Protect your network the best

you can - possibly change (strong)

passwords frequently if even more worried.

It'd be very unlikely that someone would get

within proximity of your router with this

program and have malicious intent.

Fortunately for me I live on about 3-4 acres

and my neighbors are not tech savy.


1 participant

jinx (http://jinx.kinja.com)

(http://cache.gawker.com/assets/images/co

mment/17/2012/01/b5ee0a7aefb12ed62ba33

1e8b64e93f6/original.png)

Just goes to show that you are only as secure

as your weakest point.


Alexander Riccio (http://alex

[en.wikipedia.org]

(http://en.wikipedia.org/wiki/Rubberhose_)

(file_system)


1 participant

roman (http://roman-old.kinj

So, has anyone been able to crack it with

WPA2 enabled?



It does not matter if you use WPA or WPA2 -

Reaver and WPScrack attack the WPS

function.


1 participant

N o r b s (http://norbs.kinja.c

Damn I was getting all paranoid up until

they mentioned dd-wrt is immune...


GeorgeDW (http://georgedw

Same here, I was looking for WPS in my dd-

wrt configuration until I read that part.


carl48 (http://carl48-old.kinj
http://carl48-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45835151#commentshttp://georgedw.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45831353#commentshttp://norbs.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45874628#commentshttp://jagermo-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45867245#commentshttp://roman-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=46048794#commentshttp://en.wikipedia.org/wiki/Rubberhose_http://alexanderriccio.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45822598#commentshttp://cache.gawker.com/assets/images/comment/17/2012/01/b5ee0a7aefb12ed62ba331e8b64e93f6/original.pnghttp://jinx.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=46026294#commentshttp://xibalba.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45828397#commentshttp://gokachu.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45838433#commentshttp://jagermo-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45826802#commentshttp://grondinm-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45867274#commentshttp://vkapadia.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45855672#commentshttp://mrtreehorn.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45856945#commentshttps://discussions.apple.com/thread/3617760?start=15&tstart=0http://aelver.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45824543#commentshttp://camjn.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45838302#commentshttp://jagermo-old.kinja.com/

7/28/2019 reaven

13/14

I have only seen the WPS on netgrear routers

and then it did not work well, especially with

the Macs in the house.

Luckily my current router does not have it,

but I guess the moral is, wireless is open to

fraud/attack, but at least someone needs to

be nearby (I guess that is the up side to poor

signal strength ;o) ).

If you see someone sat outside with a laptop,

might be worth checking your network, they

might be trying for free wifi.

It always amazes me when in a street, even

my own, how many WiFi appear and

especially with their default name.


PKNY (http://pkny-old.kinja.

To add on to the mention about DD-WRT

not being vulnerable: that is the case for the

standard DD-WRT firmware, but there is

WPS support for those who have Buffalo

routers and are using the DD-WRT firmware

supplied by Buffalo. Please see this forum

post for more details:

[www.dd-wrt.com] (http://www.dd-

wrt.com/phpBB2/viewtopic.php?

t=149251&highlight=wps)


MORE HACK ATTACK STORIES (/TAG/HACK-ATTACK)

SOCIAL NETWORKIN

ADAM PASH

(HTTP://ADAM-

PASH.KINJA.COM)

(http://lifehacker.com/5928573/why-ive-opted-for-a-piecemeal-social-network-over-facebook-or-google%252B)

Facebook is the most popular social network on the internet. It's a

million things to nearly a billion people, and while Facebook does a

handful of things competently, it's truly great at next to nothing.

Why I've Opted for a Piecemeal Social Network Over Facebook or Google+(http://lifehacker.com/5928573/why-ive-opted-for-a-piecemeal-social-network-over-facebook-or-google%252B)

2

60 (http://lifehacker.com/5928573/why-ive-opted-for-a-piecemeal-social-network-over-

facebook-or-google%252B#replies)

HACK ATTACK (/TAG/

ADAM PASH

(HTTP://ADAM-

PASH.KINJA.COM)

(http://lifehacker.com/5842307/how-to-supercharge-all-your-favorite-webapps-with-ifttt)

Wouldn't it be handy if every time someone tagged a photo of you on

Facebook, that pic were automatically added to your Dropbox folder?

If items you starred in Google Reader were automatically added to

Instapaper or Read It Later? Or if you received a text message

whenever it was going to rain? If This Then That (http://ifttt.com/)

(ifttt

How to Supe rcharge All Your Favorite Webapps with ifttt(http://lifehacker.com/5842307/how-to-supercharge-all-your-favorite-webapps-with-ifttt)

3

43 (http://lifehacker.com/5842307/how-to-supercharge-all-your-favorite-webapps-with-

ifttt#replies)

TIMESAVERS (/TAG/T

ADAM PASH

(HTTP://ADAM-

PASH.KINJA.COM)

(http://lifehacker.com/5837922/automatically-fill-in-repetitive-web-forms)

As a citizen of the web, you frequently enter repetitive information

about yourself into forms. Every time you sign up for a new web site

with your email address or username, enter in your shipping address,

or type in your credit card information for purchases, you waste

precious time typing out the same information.

How to Automatically Fill in Repetitive Web Forms (and Avoid Tons of(http://lifehacker.com/5837922/automatically-fill-in-repetitive-web-forms)

2 26 (http://lifehacker.com/5837922/automatically-fill-in-repetitive-w eb-forms#replies)

HOW TO (/TAG/HOW-

ADAM PASH

(HTTP://ADAM-

PASH.KINJA.COM)

(http://lifehacker.com/254648/how-to-control-multiple-computers-with-a-single-keyboard-and-mouse)

If you have two or more computers at one desk, you don't want two or

more sets of keyboards and mice cluttering up your workspace, too.

You can buy a ha rdware gadget that lets you share a single keyboard

and mouse with several computers (which involves a mess of tangled

wires), or you could use a free software solution

How to Control Multiple Computers with a Single Keyboard and Mouse(http://lifehacker.com/254648/how-to-control-multiple-computers-with-a-single-keyboard-and-mouse)

2

338 (http://lifehacker.com/254648/how-to-control-multiple-computers-with-a-single-keyboard-

and-mouse#replies)

HOW TO (/TAG/HOW-

ADAM PASH

(HTTP://ADAM-

PASH.KINJA.COM)
http://adam-pash.kinja.com/http://lifehacker.com/tag/how-tohttp://lifehacker.com/254648/how-to-control-multiple-computers-with-a-single-keyboard-and-mouse#replieshttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/254648/how-to-control-multiple-computers-with-a-single-keyboard-and-mousehttp://lifehacker.com/254648/how-to-control-multiple-computers-with-a-single-keyboard-and-mousehttp://adam-pash.kinja.com/http://lifehacker.com/tag/how-tohttp://lifehacker.com/5837922/automatically-fill-in-repetitive-web-forms#replieshttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5837922/automatically-fill-in-repetitive-web-formshttp://lifehacker.com/5837922/automatically-fill-in-repetitive-web-formshttp://adam-pash.kinja.com/http://lifehacker.com/tag/timesavershttp://lifehacker.com/5842307/how-to-supercharge-all-your-favorite-webapps-with-ifttt#replieshttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5842307/how-to-supercharge-all-your-favorite-webapps-with-ifttthttp://ifttt.com/http://lifehacker.com/5842307/how-to-supercharge-all-your-favorite-webapps-with-ifttthttp://adam-pash.kinja.com/http://lifehacker.com/tag/hack-attackhttp://lifehacker.com/5928573/why-ive-opted-for-a-piecemeal-social-network-over-facebook-or-google%252B#replieshttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5928573/why-ive-opted-for-a-piecemeal-social-network-over-facebook-or-google%252Bhttp://lifehacker.com/5928573/why-ive-opted-for-a-piecemeal-social-network-over-facebook-or-google%252Bhttp://adam-pash.kinja.com/http://lifehacker.com/tag/social-networkinghttp://lifehacker.com/tag/hack-attackhttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45819756#commentshttp://www.dd-wrt.com/phpBB2/viewtopic.php?t=149251&highlight=wpshttp://pkny-old.kinja.com/http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver?comment=45819605#comments

7/28/2019 reaven

14/14

(http://lifehacker.com/5763170/how-to-secure-and-encrypt-your-web-browsing-on-public-networks-with-hamachi-and-privoxy)

When you're browsing from a public Wi-Fi connectionlike at your

favorite coffee shopanyone on that network can snoop on what

you're doing, with very few exceptions. So can the IT crew at your

workplace. Today, we're going to walk through setting up an

encrypted proxy server on your home computer so you can secure

How to Secure and Encrypt Your Web Browsing on Public Networks (with(http://lifehacker.com/5763170/how-to-secure-and-encrypt-your-web-browsing-on-public-networks-with-hamachi-and-privoxy)

4

89 (http://lifehacker.com/5763170/how-to-secure-and-encrypt-your-web-browsing-on-public-

networks-with-hamachi-and-privoxy#replies)

HOW TO (/TAG/HOW-

ADAM PASH(HTTP://ADAM-

PASH.KINJA.COM)

(http://lifehacker.com/5672051/how-to-build-a-hackintosh-mac-and-install-os-x-in-eight-easy-steps)

Building a Hackintosh from scratchthat is, installing Mac OS X on

non-Mac hardwarehas never been easier, and the final product has

never performed better. Here's how it works.

How to Build a Hackintosh Mac and Install OS X in E ight Easy Steps(http://lifehacker.com/5672051/how-to-build-a-hackintosh-mac-and-install-os-x-in-eight-easy-steps)

2

957 (http://lifehacker.com/5672051/how-to-build-a-hackintosh-mac-and-install-os-x-in-eight-

easy-steps#replies)

PRODUCTIVITY (/TAG

ADAM PASH

(HTTP://ADAM-

PASH.KINJA.COM)

(http://lifehacker.com/5590732/how-to-find-time-to-learn-something-new-or-tackle-a-passion-project)

You've got a career, friends, family, and a mountain of other

responsibilities that have a monopoly on your time. So how, amidst all

those time-consuming responsibilities, do you find time to learn

something new or tackle a passion project?

How to Find Time to Learn Som ething New or Tackle a Passion Project(http://lifehacker.com/5590732/how-to-find-time-to-learn-something-new-or-tackle-a-passion-project)

2

56 (http://lifehacker.com/5590732/how-to-find-time-to-learn-something-new-or-tackle-a-

passion-project#replies)

PLAIN TEXT (/TAG/PL

ADAM PASH

(HTTP://ADAM-

PASH.KINJA.COM)

(http://lifehacker.com/5584924/the-holy-grail-of-ubiquitous-plain+text-capture)

Despite all the cool productivity porn modern technology has birthed,

the Holy Grail for me is simple: I want to create and edit plain text

from anywhere (desktop/tablet/phone), and I want the results to sync

flawlessly between devices. And now I ca n.

The Holy Grail of Ubiquitous Plain-Text Capture(http://lifehacker.com/5584924/the-holy-grail-of-ubiquitous-plain+text-capture)

2

230 (http://lifehacker.com/5584924/the-holy-grail-of-ubiquitous-plain+text-capture#replies)

Load More hack-attack Stories

About (http://lifehacker.kinja.com/5732066/about-lifehacker) Help (http://help.gawker.com/) Terms of Use (http://legal.kinja.com/kinja-terms-of-use-90161644)

Privacy (http://legal.kinja.com/privacy-policy-90190742) Content Guidelines (http://legal.kinja.com/content-guidelines-90185358) RSS (http://feeds.gawker.com/lifehacker/full)

Jobs (http://jobs.kinja.com/open-positions-at-gawker-media-477561225) Gawker Media 2013
http://jobs.kinja.com/open-positions-at-gawker-media-477561225http://feeds.gawker.com/lifehacker/fullhttp://legal.kinja.com/content-guidelines-90185358http://legal.kinja.com/privacy-policy-90190742http://legal.kinja.com/kinja-terms-of-use-90161644http://help.gawker.com/http://lifehacker.kinja.com/5732066/about-lifehackerhttp://lifehacker.com/5584924/the-holy-grail-of-ubiquitous-plain+text-capture#replieshttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5584924/the-holy-grail-of-ubiquitous-plain+text-capturehttp://lifehacker.com/5584924/the-holy-grail-of-ubiquitous-plain+text-capturehttp://adam-pash.kinja.com/http://lifehacker.com/tag/plain-texthttp://lifehacker.com/5590732/how-to-find-time-to-learn-something-new-or-tackle-a-passion-project#replieshttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5590732/how-to-find-time-to-learn-something-new-or-tackle-a-passion-projecthttp://lifehacker.com/5590732/how-to-find-time-to-learn-something-new-or-tackle-a-passion-projecthttp://adam-pash.kinja.com/http://lifehacker.com/tag/productivityhttp://lifehacker.com/5672051/how-to-build-a-hackintosh-mac-and-install-os-x-in-eight-easy-steps#replieshttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5672051/how-to-build-a-hackintosh-mac-and-install-os-x-in-eight-easy-stepshttp://lifehacker.com/5672051/how-to-build-a-hackintosh-mac-and-install-os-x-in-eight-easy-stepshttp://adam-pash.kinja.com/http://lifehacker.com/tag/how-tohttp://lifehacker.com/5763170/how-to-secure-and-encrypt-your-web-browsing-on-public-networks-with-hamachi-and-privoxy#replieshttp://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver#http://lifehacker.com/5763170/how-to-secure-and-encrypt-your-web-browsing-on-public-networks-with-hamachi-and-privoxyhttp://lifehacker.com/5763170/how-to-secure-and-encrypt-your-web-browsing-on-public-networks-with-hamachi-and-privoxy

reaven

Documents