The BackTrack 5 Live DVD. BackTrack is a bootable Linux distribution that s filled to the brim with network testing tools, and while it s not strictly required to use Reaver, it s the easiest approach for most users. Download the Live DVD from BackTrack s download page and burn it to a DVD. You can alternately download a virtual machine image if you re using VMware, but if you don t know what VMware is, just stick with the Live DVD. As of this writing, that means you should select BackTrack 5 R3 from the Release drop-down, select Gnome, 32- or 64-bit depending on your CPU if you don t know which you have, 32 is a safe bet, ISO for image, and then download the ISO.A computer with Wi-Fi and a DVD drive. BackTrack will work with the wireless card on most laptops, so chances are your laptop will work fine. However, BackTrack doesn t have a full compatibility list, so no guarantees. You ll also need a DVD drive, since that s how you ll boot into BackTrack. I used a six-year-old MacBook Pro.A nearby WPA-secured Wi-Fi network. Technically, it will need to be a network using WPA security with the WPS feature enabled. I ll explain in more detail in the How Reaver Works section how WPS creates the security hole that makes WPA cracking possible.A little patience. This is a 4-step process, and while it s not terribly difficult to crack a WPA password with Reaver, it s a brute-force attack, which means your computer will be testing a number of different combinations of cracks on your router before it finds the right one. When I tested it, Reaver took roughly 2.5 hours to successfully crack my password. The Reaver home page suggests it can take anywhere from 4-10 hours. Your mileage may vary.
In a phone conversation, Craig Heffner said that the inability to shut this vulnerability down is widespread. He and others have found it to occur with every Linksys and Cisco Valet wireless access point they ve tested. On all of the Linksys routers, you cannot manually disable WPS, he said. While the Web interface has a radio button that allegedly turns off WPS configuration, it s still on and still vulnerable.
You could also get a message like the one below, I meet that situation several times in the past, unfortunately I haven t tested to see if the trick works also for this particular situation, I guess/hope it does: 153554b96e