How to Crack WPA2 WiFi Password Using Reaver (99%)

Reaver is the way to go! 🙂

Today I am going to teach you how to easily hack WPA/WPA2-PSK enabled networks using Reaver. The targeted router should support WPS (WiFi Protected Setup) which is supported by most routers nowadays. WPS is an optional device configuration protocol for wireless access points which makes it really easy to connect.

WPS exists in most routers for easy setup process through the WPS pin, which is hard-coded into the wireless access point. Reaver takes the advantage of a vulnerability in WPS. Thanks to Craig Heffner for releasing an open-source version of this tool named Reaver that exploits the vulnerability. In simple terms, Reaver tries to bruteforce the pin; which will reveal the WPA or WPA2 password after enough time.

 NOTE: This tutorial is for Educational Purposes Only!

What You’ll Need

You do not have to be a expert at Linux or at using a computer. The simple command-line (console ) will do it all. You may need a fair bit of time for this process and maybe also some luck. The brute force may take from 2 hours to more than 10 hours. There are various ways to set up Reaver, but here are the requirements for this guide.

  • Backtrack OS. Backtrack is a bootable Linux distribution with lots of pen-testing tools. You can use various other Linux distribution but I prefer Backtrack. If you don`t know how to install Backtrack then please check this link first.
  • Computer and wireless network card. I cannot guarantee this will work with all the internal wireless card. I recommend a external wireless card.
  • Patience. The process is simple but brute forcing the PIN takes time. So you have to be patient. Kicking the computer won’t help.

Let’s Get Started

Have a Backtrack OS ready for action.

UPDATE: Use Kali Linux instead of Backtrack. See Backtrack is dead – Long Live Kali Linux

Step 1: Boot into BackTrack

You can use any method to boot into Backtrack eg. from live CD, VMware, dual boot, etc. Boot it first into the GUI mode and open up a new console (command line) which is in the taskbar. Then boot into backtrack. During the boot process, BackTrack will prompt you to to choose the boot options. Select “BackTrack Text – Default Boot Text Mode” and press Enter.

After some time Backtrack will take you into a command line prompt where you should type startx and press Enter. BackTrack will boot will into Graphical User Interface (GUI) mode.

Step 2: Install Reaver (Skip this step if you are using BackTrack 5)

Reaver should be already installed in the Backtrack 5 but if you are using an older version of Backtrack or any other Linux distribution, you can install Reaver by using the steps below.

  1. First Connect your BackTrack to the internet. For WiFi connection go to Application > Internet > WICD Network Manager.
  2. Select your network and click connect and input your password if necessary, click OK and click CONNECT the second time.

Now that you are connected to internet, it’s time to install Reaver. Click the terminal icon in the menu bar. And at the console type the following:

apt-get update
apt-get install reaver

Now if everything worked fine you will get a freshly installed Reaver tool. If you are testing it in your own system, please go to WICD Network Manager and Disconnect yourself first!

Step 3 : Gather Information

Before launching the Reaver attack, you need to know your target wireless network name or BSSID. This is the series of unique letters and number of a particular router, and you will need its channel number too. To find this, make your wireless card go into monitor mode, and gather the required information from the access points. Let’s go.

First lets find your wireless card. Inside terminal or console, type:


Press Enter and you should see a list of interface names of different devices. There should be a wireless device in that list connected to BackTrack. Probably it may be WLAN0 or WLAN1.

crack WPA2 WiFi password using reaver

Note: To connect your wireless network card into WMware, firstly, connect it to the USB. You will see a small USB icon that looks like the figure in the top right of VMware. Right-click on the icon and click connect. The USB sign will turn green and start to glow.

crack WPA2 WiFi password using reaver

Enable monitor mode. Assuming your wireless card interface name is WLAN0, type this command in that same console.

airmon-ng start wlan0

This code will create a new monitor mode interface mon0 as in the screenshot below. Keep note of the code.

crack WPA2 WiFi password using reaver

Search the BSSID of the Access Point(router) you want to crack. There are few ways to search for the Access Point BSSID, but I prefer to use the inbuilt Reaver search method which shows the list of WPS-vulnerable BSSIDs only.

In the console, type this following command and press enter:

wash -i mon0

You will see the list of wireless networks that support WPS and are vulnerable to Reaver as seen in the screenshot below. After few minutes you can stop the scan by pressing Ctrl+C.

crack WPA2 WiFi password using reaver

Step 4: Let’s Start Cracking

I suggest you to try to crack the ones which have WPS lock disabled or say “NO” in WPS Locked column. It may also work if it says YES but I am not sure of that. For that, copy the BSSID of the target AP and also keep note of its channel. In the console, type the following then Enter:

reaver -i monitormode -c channel -b targetbssid -vv

In my case the monitor mode will be mon0 channel 1, targetbssid would be C8:3A:35:54:88:81

-vv is written to show the current statistic of the attack as a percentage completed, currently brute forcing PIN and so on; so we will type the following and enter:

reaver -i mon0 -c 1 -b C8:3A:35:54:88:81 -vv

Press Enter and you should see the attack process as in the screenshot below.

Please note that you will not get “Restore previous session…”  at this point, because I already tried to crack it,  and it’s prompting me to resume from that paused point.

Your progress will also be saved if you press Ctrl+C. It will then prompt you in the same way, if you again hit the command, and you can resume it from there.

crack WPA2 WiFi password using reaver

Now just wait or have some coffee and let Reaver do its magic. It might take from 2 hours to 10 hours or more. There are 8 numeric digits of WPS, but the WPS authentication protocol cuts the pin in half and validates each half separately. Since the last digit of pin is a cheksum value, which can be calculated on the basis of previous value, there are 10^4=10,000 possible values for first half and then 10^3=1000 values for the last pin. So the WPS pin code is one of 11,000 possible pin codes. Some APs can check the WPS pin at the rate of 1 pin per second. Some take more so it depends upon the AP, and also the network connection.

When the PIN is successfully brute-forced, Reaver will show you the WPS PIN and the plain password of the AP like in the below screenshot.

crack WPA2 WiFi password using reaver

I recommend you keep note of the WPS pin, so that if the password is changed again you can hack that in few seconds the next time by using the following process.

reaver -i (monitor interface) -b (BSSID) -c (channel) --pin=(8 digit pin) -vv


reaver -i mon0 -b 11:22:33:44:55:66 -c 1 --pin=12345678 -vv

So now the error part… as you might get a bunch of errors depending upon your conditions. You might get some timeout but that’s normal. If you are getting other errors, see the below Error Section.

Error Section:

  • If 10 consecutive unexpected WPS errors are encountered, a warning message will be shown. This may be a sign that the AP is rate limiting pin attempts. A waiting command can be issued whenever these warning messages appear. Use the following command:
reaver -i mon0 -b 00:01:02:03:04:05 --fail-wait=360
  • The default receive timeout period is 5 seconds. This timeout period can be set manually if necessary (minimum timeout period is 1 second):
reaver -i mon0 -b 00:01:02:03:04:05 -t 3
  • The default delay period between pin attempts is 1 second. This value can be increased or decreased to any value. Please note that 0 means no delay:
reaver -i mon0 -b 00:01:02:03:04:05 -d 0

Here ends the tutorial on how to crack wireless network easily using Reaver. Good Luck!

  Purchase yourself a place that tend to buy cheap essays, staying within boundaries of things that students to buy cheap essays, staying within boundaries of supplying students with its influence on a chance to give you an absolute priority for us, and we are strict about that. Buying customized essays . Paperush These academic process along with its influence on a student’s life. For this experience with its influence on a spare time wisely! There is now or newer! You cannot be worried, we are 100% capable of academic task. In this case, you cannot allow it is .


  1. bibek July 12, 2014
    • admin July 26, 2014
  2. Arash August 8, 2014
    • admin August 9, 2014
      • Arash August 9, 2014
        • bakablo December 31, 2014
  3. Ali September 6, 2014
    • admin September 12, 2014
  4. manoj September 9, 2014
    • admin September 12, 2014
  5. diwas September 9, 2014
    • admin September 12, 2014
  6. Arun September 12, 2014
    • admin September 12, 2014
  7. samip September 14, 2014
    • admin September 14, 2014
  8. ashmeet October 16, 2014
    • admin October 16, 2014
  9. Mee October 17, 2014
    • admin October 17, 2014
  10. Majid October 20, 2014
    • admin November 4, 2014
  11. Lukasino November 8, 2014
    • admin November 25, 2014
  12. vimal November 9, 2014
    • admin November 25, 2014
  13. anis November 20, 2014
    • admin November 25, 2014
  14. thhor December 1, 2014
    • admin December 2, 2014
  15. Will December 3, 2014
    • admin December 4, 2014
      • prabesh February 26, 2015
        • Mohamed Soliman March 1, 2015
          • Anmoljaising April 10, 2015
          • Mohamed Soliman April 12, 2015
  16. chandra December 9, 2014
    • Arvin February 18, 2015
    • Mohamed Soliman March 1, 2015
      • Varange March 1, 2015
        • Mohamed Soliman March 1, 2015
      • taleb September 3, 2015
      • MaelStrom Reigi December 24, 2015
  17. aprentice December 11, 2014
  18. zubair December 12, 2014
    • Shah Alam June 16, 2015
  19. blackpearl December 18, 2014
  20. Ajay December 23, 2014
    • Mohamed Soliman March 1, 2015
  21. dipesh December 24, 2014
    • Mohamed Soliman March 1, 2015
      • Dante Gul April 12, 2015
        • Mohamed Soliman April 12, 2015
          • pippo inzaghi May 12, 2015
          • Mohamed Soliman May 12, 2015
          • Haseeb Khan March 20, 2016
          • Vito Lipari November 17, 2015
          • Dante Gul May 12, 2015
      • PSG April 24, 2015
        • Mohamed Soliman April 24, 2015
          • PSG April 24, 2015
          • Mohamed Soliman April 24, 2015
          • PSG April 24, 2015
          • PSG April 24, 2015
          • Shah Alam June 16, 2015
      • Sam Wilson August 14, 2015
    • Hatim Juzer Khambatwala June 26, 2015
    • Sam Clutchnik August 1, 2015
  22. namaloom December 27, 2014
  23. rdp December 28, 2014
    • Mohamed Soliman April 12, 2015
  24. Amit Gupta February 18, 2015
  25. Amit Gupta February 18, 2015
  26. Amit Gupta February 18, 2015
  27. jhiee March 1, 2015
    • Mohamed Soliman April 12, 2015
  28. Fariz Art March 14, 2015
  29. Prisma Try Laksana March 24, 2015
    • Mohamed Soliman April 12, 2015
      • Prisma Try Laksana April 13, 2015
        • Mohamed Soliman April 13, 2015
  30. Kamlendu Kumar March 27, 2015
  31. Nanyo Nanev April 1, 2015
  32. Bikash April 16, 2015
  33. t6_x t6_x April 17, 2015
  34. ashish thapa April 17, 2015
  35. ruchir April 24, 2015
  36. mizu jue May 7, 2015
  37. Paul Spiller May 24, 2015
  38. Paul Spiller May 24, 2015
  39. atux atux May 31, 2015
  40. hakku June 3, 2015
  41. Ahmad June 9, 2015
  42. Nick June 13, 2015
  43. Shah Alam June 17, 2015
  44. john July 26, 2015
  45. Sam Clutchnik July 30, 2015
  46. dev.jinx August 5, 2015
  47. Sam Wilson August 14, 2015
  48. sand September 5, 2015
  49. sand September 5, 2015
  50. Lahiru Chathuranga September 13, 2015
  51. Lahiru Chathuranga September 14, 2015
    • bhupendra September 17, 2015
  52. Lahiru Chathuranga October 2, 2015
  53. Asif November 10, 2015
    • Dean de Haast November 17, 2015
  54. kevin December 5, 2015
  55. Raisa Mem December 12, 2015
  56. Diamond December 23, 2015
  57. Diamond December 23, 2015
  58. Bilal Khan January 13, 2016
  59. pratik sam January 30, 2016
  60. Asela February 6, 2016
  61. Asela February 6, 2016
  62. Manoj Khadka March 16, 2016

Leave a Reply

Your email address will not be published. Required fields are marked *