Crack WPS with Reaver
Many routers and IoT devices support WPS, which is supposedly a quick and easy way to connect to devices. In practice it’s a security nightmare because connections are only secured by an eight-digit PIN. And the default PINS for certain devices can be found online!
If at all possible, try to persuade the network owner to disable WPS altogether. If this isn’t possible (some routers don’t support disabling WPS) you can at least see how easy they are to bruteforce using Reaver. Open the terminal in Kali and run apt-get
install reaver to get started. If you haven’t done so already place your wireless card into monitoring mode with airmon-ng start <interface> . Next run wash -i <interface> to view all devices in range which support WPS. Next, run the command reaver -i <interface> -b <bssid> -c <channel> -vv , for example, reaver -i wlan1mon -b 00:19:70:70:15:2C -c 6 -vv to begin cracking the PIN. Provided the device doesn’t limit the number of attempts, it should take no more than 24 hours to access a device in this way by simply trying every combination. You can use Ctrl+C to stop the process, then resume from where you left off if you wish.
Reaver will attempt to bruteforce the PIN for clients using WPS. Typically, this takes around 10 hours.