What do you want to steal from your neighbours?

Nope, it's pretty illegal. It also depends on whether the router running WPS or not. (There's a good chance it is). Read on for a crash course on 'breaking in'.

Basically when you connect to a Wi-Fi network (with WPA/WPA2 security or similar), you enter a password typically between 8-128 characters in length. This can be a pain in the ass especially if the key is something like a6d4dfaec13... You get the idea.

So, to avoid this problem and allow someone to easily connect a device to the router, a simpler way of authenticating (while supposedly maintaining network security) was invented. They called it WPS. On most home routers, it runs alongside the traditional methods to authenticate and connect.

The basic principle of WPS is that instead of entering a massive password, you can enter an 8 digit PIN code that's hard coded to the router and connect, completely bypassing the big password.

Sounds a bit dodgy, right? It gets worse. Not only does having an 8 digit PIN code reduce the total possible password combinations by billions upon billions, the protocol has a flaw that can be used to tell of the first 4 digits of an attempted PIN are correct. So now, it's not a game of guessing an 8 digit number, it's effectively down to 4 digits with a little more work after guessing them.

Now we know we can use brute force effectively (ie. Not take 50 years to break in), we can make some tools to make the process faster. That's what kali linux is for (among many, many other things). It has hundreds of tools to so many evil things.

Using the aircrack suite included with kali to produce a list of wireless networks in the local area, we can check if they're running WPS and get their MAC address. For the networks that are running WPS, we stand a chance of breaking in.

Using the MAC assess we obtained, we can use a handy program called reaver that will do the dirty work for us.

Set Reaver to work on a wireless network and within hours, maybe days, it'll produce the passphrase to the network, along with it's WPS PIN.

the kicker

Some router manufacturers are dumb shits and set the key to 01234567 or something similar instead of randomizing them for each router

protect yourself

If you've got a Wi-Fi network at home, chances are it's running WPS. In most cases, the router will have a option buried in it's user management section to disable WPS. If not, consider installing tomato (custom firmware) or buy a new router.

the good news

Because WPS was proven to be an utterly useless protocol back in 2011, router manufacturers have started either excluding it from their products or providing extra protections, such as lockout periods for X number of wrong PINS, total lockouts (requiring the router owner to log in and reset the warning) and even (on corporate setups I think) send email alerts if the router thinks someone's fucking around with it.

/r/AskReddit Thread Parent