Cracking WPA: To crack WPA you must use a different approach than you would with WEP. Fortunately, one of the best tools available for thwarting WPA is freely available in Kali Linux in the form of Reaver.
Reaver exploits holes in wireless routers in an attempt to retrieve information about the WPA preshared key that is used to access the network.
Cracking WPA with Reaver and Wash
In this exercise you will use Kali Linux 2.0 to break WPA.
In order to perform this exercise you will need to have Kali Linux installed on a physical system (Avoid Virtualization). WPA uses WPS for client configuration.
- With Kali Linux open a terminal window and enter the following command:
Airmon-ng start wlan0
This will put the card into monitor mode.
- Next, you will locate access point with WPS using command called wash. At the command line enter the following:
Wash –I <monitoring Interface>
Interface should be mon0, but verify that this is the case.
- Locate your access point and record its BSSID.
- At the command line enter the following
reaver –I <interface-name> -b <BSSID of target>
Where the interface name is mon0 or whatever you recorded on your system, and the BSSID is the address of the access point (include colons when you enter the BSSID).
When you have verified this last step is running, it’s time to play the waiting game and let Reaver retrieve the PIN.
Once you have the PIN, you can join the wireless network.