About: I have previously discussed how easily a router that has WPS enabled can be hacked. You can check out my post on how to perform a Pixie Dust Attack and attempt to grab a WPS pin from a unsecured router. The attack takes a matter of seconds not days and will expose your WiFi password. It doesn’t matter if you are using WPA or WPA2 security since the WPS pin completely bypasses this security. Since you already have the WPS Pin you should be able to connect to the users SSID but you will not know their network password. The method I will show you today will expose their SSID password. If you have their SSID password, they may be using the same password for Facebook or Google or any other website.
A little knowledge about WPS. WPS stands for Wi-Fi Protected Setup and it is a wireless networking standard that tries to make connections between a router and your wireless devices faster and easier. It only works for wireless networks that have WPA/WPA2 security. It is suppose to make it easier to connect devices without a keyboard, like a TV, to your home network. Most routers come with WPS enabled and work by pushing the WPS button on your router and connecting your device. I personally have never heard or WPS before doing this research and have never used it in my personal life.
Objective: To demonstrate how to retrieve the PSK (password) of a WiFi network if you have the WPS Pin
Material: You will need the following:
- Raspberry Pi (I have PwnPi 3.0 running on mine)
- USB WiFi Adapter – I used the Panda USB WiFi adapter in this tutorial
- PwnPi or Kali Linux distro on your Raspberry Pi or Linux machine
- WPS Pin for the Network you are attempting to steal the PSK (Password)
Instructions: I am using PwnPi distro on my Raspberry Pi which has the tools I will need to get the PSK of the victims WiFi. You will pretty much need ‘WPA_Supplicant’ and ‘WPA Cli’ installed on your distro to expose the PSK so using PwnPi or Kali isn’t really necessary if you want to install those packages separately.