How to install Reaver on Ubuntu 17.04

To install Reaver on Ubuntu 17.04

Reaver is a penetration testing tool which implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 pass-phrases. It is to be noted that Reaver has been tested against a wide variety of access points and WPS implementations. You can easily install Reaver on your Ubuntu 17.04 machine and this article will guide you through that.

Installing Reaver

It is important to add the necessary repositories before you begin with the installation procedure. 

root@linuxhelp1:~# add-apt-repository ppa:eugenesan/ppa
 This repository contains collection of customized, updated, ported and backported
packages for two last LTS releases and latest pre-LTS release.
Packages for older releases relocated to ppa:eugenesan/archive or deleted.

+-------------------------------------------------------------------------------------+
| Disclaimer:
+-------------------------------------------------------------------------------------+
* Packages in this a nd related PPAs are for personal use only.
  They developed specifically for several custom environments and may not work for you.
* Usage of packages in this PPA, in some forms, might contradict licenses of software
  packaged in this and related PPAs. End users and administrator are responsible for
  runtime licensing and possible legal consequences.
* Some packages provided with their dependencies while some might require additional
  Ubuntu repositories and external PPAs. Below is the list of
.
.
.
Press [ENTER] to continue or ctrl-c to cancel adding it

gpg: keybox ' /tmp/tmp58gcy2yp/pubring.gpg'  created
gpg: /tmp/tmp58gcy2yp/trustdb.gpg: trustdb created
gpg: key E61380B28313A596: public key " Launchpad synergy+"  imported
gpg: Total number processed: 1
gpg:               imported: 1
OK


Once it is done, update the newly added repositories as follows. 

root@linuxhelp1:~# apt-get update
Get:1 http://ppa.launchpad.net/eugenesan/ppa/ubuntu zesty InRelease [15.4 kB]                                                       
Hit:2 http://in.archive.ubuntu.com/ubuntu zesty InRelease                                                                           
Hit:3 http://security.ubuntu.com/ubuntu zesty-security InRelease                                          
Hit:4 http://in.archive.ubuntu.com/ubuntu zesty-updates InRelease                                         
Hit:5 http://in.archive.ubuntu.com/ubuntu zesty-backports InRelease
Get:6 http://ppa.launchpad.net/eugenesan/ppa/ubuntu zesty/main amd64 Packages [1,100 B]
Get:7 http://ppa.launchpad.net/eugenesan/ppa/ubuntu zesty/main i386 Packages [1,108 B]
Get:8 http://ppa.launchpad.net/eugenesan/ppa/ubuntu zesty/main Translation-en [1,288 B]
Fetched 18.9 kB in 1s (12.3 kB/s)
Reading package lists... Done

Now is the time to install the Reaver package by invoking the following command. 

root@linuxhelp1:~# apt-get install reaver -y
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  reaver
0 upgraded, 1 newly installed, 0 to remove and 117 not upgraded.
Need to get 236 kB of archives.
After this operation, 714 kB of additional disk space will be used.
Get:1 http://in.archive.ubuntu.com/ubuntu zesty/universe amd64 reaver amd64 1.4-2 [236 kB]
Fetched 236 kB in 1s (185 kB/s) 
Selecting previously unselected package reaver.
(Reading database ... 168833 files and directories currently installed.)
Preparing to unpack .../reaver_1.4-2_amd64.deb ...
Unpacking reaver (1.4-2) ...
Setting up reaver (1.4-2) ...
Processing triggers for man-db (2.7.6.1-2) ...

Run the following command in order to know more about Reaver. 

root@linuxhelp1:~# reaver --help
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner < cheffner@tacnetsol.com> 
Required Arguments:
    -i, --interface=< wlan>           Name of the monitor-mode interface to use
    -b, --bssid=< mac>                BSSID of the target AP
Optional Arguments:
    -m, --mac=< mac>                  MAC of the host system
    -e, --essid=< ssid>               ESSID of the target AP
    -c, --channel=< channel>          Set the 802.11 channel for the interface (implies -f)
    -o, --out-file=< file>            Send output to a log file [stdout]
    -s, --session=< file>             Restore a previous session file
    -C, --exec=< command>             Execute the supplied command upon successful pin recovery
    -D, --daemonize                 Daemonize reaver
    -a, --auto                      Auto detect the best advanced options for the target AP
    -f, --fixed                     Disable channel hopping
    -5, --5ghz                      Use 5GHz 802.11 channels
    -v, --verbose                   Display non-critical warnings (-vv for more)
    -q, --quiet                     Only display critical messages
    -h, --help                      Show help

Advanced Options:
    -p, --pin=< wps pin>              Use the specified 4 or 8 digit WPS pin
    -d, --delay=< seconds>            Set the delay between pin attempts [1]
    -l, --lock-delay=< seconds>       Set the time to wait if the AP locks WPS pin attempts [60]
    -g, --max-attempts=< num>         Quit after num pin attempts
    -x, --fail-wait=< seconds>        Set the time to sleep after 10 unexpected failures [0]
    -r, --recurring-delay=< x:y>      Sleep for y seconds every x pin attempts
    -t, --timeout=< seconds>          Set the receive timeout period [5]
    -T, --m57-timeout=< seconds>      Set the M5/M7 timeout period [0.20]
    -A, --no-associate              Do not associate with the AP (association must be done by another application)
    -N, --no-nacks                  Do not send NACK messages when out of order packets are received
    -S, --dh-small                  Use small DH keys to improve crack speed
    -L, --ignore-locks              Ignore locked state reported by the target AP
    -E, --eap-terminate             Terminate each WPS session with an EAP FAIL packet
    -n, --nack                      Target AP always sends a NACK [Auto]
    -w, --win7                      Mimic a Windows 7 registrar [False]

That was it. Reaver is very simple to install and to work with.

Tag : Ubuntu
FAQ
Q
What does Reaver tool?
A
This tool has been designed to be a robust and practical tool to hack WPS Pin WiFi Networks using WiFi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases. It has been tested against a wide variety of access points and WPS implementations.
Q
What is reaver in Ubuntu?
A
Reaver is a penetration testing tool which implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 pass-phrases. It is to be noted that Reaver has been tested against a wide variety of access points and WPS implementations
Q
What can I do when Reaver reports "AP rate limiting detected"?
A
Wait until the Access Point re-enables WPS or try to reboot the Access Point remotely. Reaver does not have an option to unlock routers with rate limiting. If you find a way to remotely reboot a router or to remotely revert the WPS open an issue to share your method and we will be very glad to introduce it in reaver.
Q
Can I run more than one instance of Reaver against an AP?
A
Technically yes, but this is ultimately a flawed approach to increase attack speed. The primary limitation on attack speed is the low resources (memory, CPU, etc) of the AP, so having two simultaneous attackers will result in twice the CPU load.

It is better to use Reaver's advanced options to help speed up the attack.
Q
What is WPS attack?
A
Pixie Dust attack is an offline attack which exploits a WPS vulnerability. The tool, Pixiewps, is written in C and works with a modified version of Reaver. When a wireless router is vulnerable for this attack retrieving the passphrase can be done in seconds.