The WiFi Protected Setup protocol is vulnerable to a brute force attack that allows an attacker to recover an access point’s WPS pin, and subsequently the WPA/WPA2 passphrase, in just a matter of hours.
Reaver is a WPA attack tool developed by Tactical Network Solutions that exploits a protocol design flaw in WiFi Protected Setup (WPS). This vulnerability exposes a side-channel attack against Wi-Fi Protected Access (WPA) versions 1 and 2 allowing the extraction of the Pre-Shared Key (PSK) used to secure the network. With a well-chosen PSK, the WPA and WPA2 security protocols are assumed to be secure by a majority of the 802.11 security community.
Usage is simple just specify the target BSSID and the monitor mode interface to use:
# reaver -i mon0 -b 00:01:02:03:04:05
Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations.On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.
WPS allows users to enter an 8 digit PIN to connect to a secured network without having to enter a passphrase. When a user supplies the correct PIN the access point essentially gives the user the WPA/WPA2 PSK that is needed to connect to the network. Reaver will determine an access point's PIN and then extract the PSK and give it to the attacker.
2011 has been labeled the "Year of the Hack” or “Epic #Fail 2011”. Hacking has become much easier over the years, which is why 2011 had a lot of hacking for good and for bad. Hackers are coming up with tools as well as finding new methods for hacking faster then companies can increase their security. Every year there are always forward advancements in the tools and programs that can be used by the hackers.
Cracking password protected archive files with rarcrack
There are a large number of password cracking (or to word it in a nice fashion, password recovery) programs available to crack passwords of any number of file type.
Here I will be looking at cracking password protected archive files with rarcrack which is included in the back|track 4 distro.
