Okay so I am finally getting around to the pen test post. Please note this post is for educational purposes only and the information contained herein should not be used against routers for which you are not authorized to access, it is intended to show how somebody may attack your access point.
What is needed at the base of this is a copy of Backtrack, a compatible wireless card, reaver and a machine you don't mind using for this operation. Theoretically the attack can be run from a live CD though I would suggest against this as a cut in power or a crash will cost you all the progress you have made. I would instead suggest installing this either on a spare machine or into a virtual machine. I personally prefer the virtual machine option as this allows you to continue using the machine whilst the attack is in progress.
I will assume that you have now installed the operating system into a virtual machine or into a spare box (this is done by clicking install on the desktop of the Backtrack live CD). Next we need reaver this can either be downloaded ahead of time and transferred to the virtual machine or downloaded. Once the compressed file is on the machine we need to open a console window and type the following tar xvfz filename.tar.gz. Next we navigate to the directory where this unzipped (usually in the place it was copied/downloaded). We type ./configure then make and finally make install. If there has been no problems we can now start.
As we are only hitting our own routers then the need to use macchanger is not required as we are not attempting to cover our tracks if you fancy a bit of extra reading just Google macchanger.
Now we shall make sure that our network card is recognised. We type again in the console window airmon-ng if we see our network card then we type airmon-ng start wlan0 or airmon-ng start wlan1. Next we have to find the list of routers in range so we type airodump-ng mon0. Once you see your router hold down Ctrl and C at the same time. now we type reaver -i mon0 -b 00:00:00:00:00 -vv where 00:00:00:00:00 is the bssid of your router. Now just sit back and wait. The attack may time out after every 10 pins if the router has this feature but 5 minutes later it will continue. This can take anywhere between a few seconds and a week or two depending on the connection, lock outs, etc.
This attack basically outlines a WPS attack which compromises routers regardless of how strong the WPA key is. There are ways to speed up the attack but I am just outlining the basic premise of the attack. The best bet is to disable this in the settings of the router. There are other methods of cracking a WIFI connection but we do not wish to make it easy for them.
Again I reiterate that this is for your information on how people may crack your router and not a hacking guide.
