As we saw yesterday, WEP encryption standards are next to shit when it comes to any form of protection. The next step up in the encryption food chain would be WPA and WPA2 encryption, which is far, FAR superior.
However, as millions of people were trying to figure out router settings, IP configurations, and running out of time to cook dinner for the night, they increasingly became frustrated (assuming sexually frustrated too as their connection to mass amounts of internet porn was being thwarted). Router companies started adding a feature called WPS (WiFi Protected Setup) which, with the press of a button (literally!), you could connect your device instantaneously to the wireless network and alleviate the "problem" of having to use an increasingly long (read: secure) password.
Sounds great, right? Wrong. The feature that saves you from having to think, remember, and type in that long password is the same reason for your network's inevitable downfall. Most newer routers have protection features from brute-force attacks that I'll talk about on the video. Nevertheless, let's take a look at how easy it is to crack a router with the WPS feature enabled.
What You Will Need
- Kali Linux (either a bootable LiveCD or bootable USB image)
- Network card capable of monitor mode ("promiscuous mode") and packet injections. My recommendation is: Alfa AWUS036H
- Latest version of Reaver (included in Kali Linux)
- Few minutes to set up; A LOT of patience while it cracks the code.
Cracking WPS Encryption
Again, for legal purposes make sure you're are doing this on a router that you own or have permission to crack. Unlike WEP cracking, this does take some time to process since this is a brute-force (trying every possible combination) attack rather than decrypting. Luckily for us, there are only 11,000 possible combinations.
Now, let's get to the hack: