Reaver
Reaver is a tool specifically designed to attack routers that have WPS (Wi-Fi Protected Setup) features. WPS is a method that makes it easy for users to connect devices to a Wi-Fi network by pressing a button on the router or entering an eight-digit PIN. While WPS is designed for ease of use, this feature has security loopholes that can be exploited, making routers with WPS a specific target for Reaver.
Reaver uses the brute-force method to guess the WPS PIN of the target router. By brute-forcing the WPS PIN, Reaver can gain access to the Wi-Fi network even if using WPA/WPA2. This process involves trying different combinations of WPS PINs until they find the correct one, which then allows Reaver to get the Wi-Fi password.
Reaver Usage Guide and Examples of Success Cases
Here is a step-by-step guide to using Reaver:
- To install Reaver on Linux (for example, Debian-based distributions such as Ubuntu), open a terminal and run the following command:
sudo apt-get update sudo apt-get install reaver
- Enable monitor mode on your Wi-Fi adapter (e.g., wlan0):
sudo airmon-ng start wlan0
- This will change the interface name to wlan0mon.
- Use wash to scan the network and find routers with WPS on:
sudo wash -i wlan0mon
- Note the BSSID and channel of the target router that has WPS active.
- Run Reaver with the BSSID target and the channel already recorded:
sudo reaver -i wlan0mon -b [BSSID] -c [Channel] -vv
- Replace [BSSID] with the BSSID of the target router and [Channel] with the channel used by that router. The -vv option provides a more detailed output.
- Reaver will start trying different combinations of WPS PINs to get the correct PIN. This process can take quite a while depending on the security level of your router and the speed of your computer.
- Once the WPS PIN is found, Reaver will display the Wi-Fi password on the screen.
Examples of Success Cases
Suppose you want to test the security of an office Wi-Fi network that uses a router with WPS enabled. By using Reaver, you can initiate a brute-force attack on the router. Here is a step-by-step scenario that illustrates this process:
- Run a wash to find a router with WPS active. For example, let’s say you find a router with BSSID 00:11:22:33:44:55 and channel 6.
- Run the following command to initiate the attack:
sudo reaver -i wlan0mon -b 00:1:22:33:4:5 -c 6 -vv
- You’ll see Reaver try different combinations of WPS PINs and report each attempt. This process can take a few hours to a few days depending on your computer’s luck and speed.
- Once the WPS PIN is found, Reaver will display the associated Wi-Fi password. For example, you get the password SuperSecurePassword123.
Kismet
Kismet is an open-source tool for detecting and collecting data packets from Wi-Fi networks. Kismet works by scanning and capturing data packets sent over Wi-Fi networks and can be used for a variety of purposes, such as:
- Network Detection: Identifies nearby Wi-Fi networks.
- Data Collection: Captures data packets for further analysis.
- Intrusion Identification: Detects unauthorized devices trying to connect to the network.
- Security Analysis: Identifies potential weaknesses and security issues on Wi-Fi networks.
To use Kismet to capture Wi-Fi network traffic, your network adapter must support a mode monitor. This mode allows the adapter to listen for all packets sent over the network, not just packets destined for that device. Here are the basic steps to use Kismet in monitor mode:
- To install Kismet on Linux (for example, a Debian-based distribution such as Ubuntu), open a terminal and run the following command:
sudo apt-get update sudo apt-get install kismet
- Enable monitor mode on your Wi-Fi adapter. For example, if your adapter is wlan0, run the following command:
sudo airmon-ng start wlan0
- This will activate monitor mode and change the interface name to wlan0mon.
- Open Kismet by typing the following command in the terminal:
sudo kismet
- The kismet will open in terminal mode or web interface, depending on your system configuration.
Kismet Setup and Data Analysis Tutorial
Here is a step-by-step tutorial to set up Kismet and analyze the captured data:
- After opening Kismet, you will be prompted to configure the capture source. Choose an interface that supports monitor mode, for example, wlan0mon.
- Confirm and start capturing by pressing Start or following the on-screen instructions.
- Kismet will start picking up data packets from Wi-Fi networks around you. You’ll see a list of detected networks as well as information such as SSID, BSSID, signal strength, and encryption type.
- Kismet will also record all captured packets for further analysis.
- You can save the captured data to a file for further analysis by selecting the Save option or using the command:
kismet -c wlan0mon -w /path/to/outputfile
- The data will be stored in a pcap format that can be opened with other analysis tools such as Wireshark.
- Open the pcap file stored with an analysis tool like Wireshark to perform a more in-depth analysis of the captured packets.
- You can filter packets by protocol, IP address, or other information to look for suspicious patterns or potential threats.
Usage Examples
Suppose you want to monitor the Wi-Fi network activity in your office to detect unauthorized devices or potential security threats. With Kismet, you can perform the following steps:
- Open Kismet and start capturing packets from your office’s Wi-Fi network using the wlan0mon interface.
- Pay attention to the list of detected networks and connected devices. Record important information such as SSID, BSSID, and signal strength.
- If you see an unknown device or suspicious activity, you can investigate further.
- Save captured data and open it with Wireshark for deeper analysis.
- Filter packets based on specific criteria to find suspicious activity, such as brute-force attacks or attempts to access sensitive data.