Probably most of you already heard about weakness in Wifi Protected Setup discovered recently.
Using it you can reduce PIN authentication probes from 100000000 to only 11000 making brute force attack possible and reveal password to network in about 4 hours (usually even sooner).
Most AccessPoints are vulnerable thus with this attack you can brute-force almost any network around. Doesn’t matter if it uses WPA/WPA2 nor which method PSK/Radius. It only needs to be WPS enabled and most of APs are.
I’ve just packaged reaver-wps tool for Debian (I’m also an author of its ArchLinux PKGBUILD) and it’s now waiting in new queue.
If you want to try it before it enters unstable I put it also on my people.debian.org account.
After installing it all you have to do is enable monitor mode in your wifi card (you need aircrack-ng package for that):
airmon-ng start wlan0
Then start attack:
reaver -i mon0 -b xx:xx:xx:xx:xx:xx -vv
Of course name of interfaces may differ as their depend on your wifi driver. After -b switch you have to enter BSSID of the target AP.
That’s all. Happy ha^Wcracking
I wonder if it really enter Debian archive, cause it’s shipped with several libraries already included in Debian. Mainly Linux Wireless Extensions library, and some part of wpa-supplicant package (this are at least slightly modified).
In fact there are chances that reaver will became the part of the aircrack-ng suite (they discuss it already), but that won’t happen soon, so it still would be great to have this package in Debian.