Sunday, June 8, 2014

Installing wifite and reaver on Ubuntu for brute force attacks against WPS

Using wifite and reaver together gives us the possibility of obtaining WPA and WPA2passwords without using dictionaries.
In this post we will see how to install both tools on a Ubuntu machine and a small demonstration of use. Wifite documentation recommends installing other tools  such aspyrytcowpatty and tshark in order to verify WPA handshakes, but in this case we’ll install only reaver, since it’s all we need to attack networks with WPS encryption.
First we’ll download and install reaver:
tar -xzvf reaver-1.4.tar.gz
Before proceeding, we need to install auxiliary libraries:
sudo apt-get install libpcap-dev sqlite3 libsqlite3-dev libpcap0.8-dev
Finally, we proceed to the installation:
cd reaver-1.4
cd src
sudo make install
Install wifite is equally simple:
wget -O
chmod +x
Usually wifite is used with any of the available options. In this example we are interested in finding WPS enabled networks and, therefore, we run the program with the option:
python -wps
Automatically, wifite enables monitor mode on the network interface -obviously the device must have that capability- and scans looking for networks with WPS enabled. This process ends when they the user types Ctrl + C.
Then we’ll be asked about our targets. The procedure can be seen perfectly in the figure below. When targets are selected, wifite will use reaver to run a brute force attack on them. Now all you need is patience.
Atac wifite
When the attack ends, wifite disables automatically monitor mode on the network interface and exits.
Other examples of usage can be found on the official website of wifite. Here are some examples:
  • to crack all WEP access points:   ./ -all -wep
  • to crack all WPS access points with signal strength greater than (or equal to) 50dB:  ./ -p 50 -wps
  • to attack all access points, use ‘darkc0de.lst‘ for cracking WPA handshakes: ./ -all –dict /pentest/passwords/wordlists/darkc0de.lst
  • to attack all WPA access points, but do not try to crack — any captured handshakes are saved automatically: ./ -all -wpa –dict none
  • to crack all WEP access points greater than 50dB in strength, giving 5 minutes for each WEP attack method, and send packets at 600 packets/sec:/ –pow 50-wept 300-pps 600

Source :

1 comment:

  1. Thanks for the article, I like your style. Waiting for some review on vdr data room some day from you. It is a very actual theme nowadays.