The Ethical Hacker Network - WIFI WPS brute forace attack Faster than cracking WPA/WPA2

millwalll

Guest

WIFI WPS brute forace attack Faster than cracking WPA/WPA2

« on: December 30, 2011, 08:39:06 AM »

Hi all did anyone else see this .

http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/


	Logged

Seen

Full Member

Offline

Posts: 134

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

« Reply #1 on: December 30, 2011, 08:58:24 AM »

Yeah I saw it yesterday. I kinda want to try it out and see how easy it is to crack, but will have to wait until people leave the house in case I break their Internet!


	Logged

Sec+, eCPPT

hayabusa

Hero Member

Offline

Posts: 1630

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

« Reply #2 on: December 30, 2011, 09:11:43 AM »

Quote from: Seen on December 30, 2011, 08:58:24 AM

Yeah I saw it yesterday. I kinda want to try it out and see how easy it is to crack, but will have to wait until people leave the house in case I break their Internet!

LOL! At least you're going to be ethical and test on your own systems. <props Wink


	Logged

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH

Seen

Full Member

Offline

Posts: 134

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

« Reply #3 on: December 30, 2011, 01:16:38 PM »

Yeah, not a fan of jail hayabusa!


	Logged

Sec+, eCPPT

dbest

Jr. Member

Offline

Posts: 79

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

« Reply #4 on: January 10, 2012, 10:12:57 AM »

Tested reaver at home and it worked well.
Tested at a client and didnt succeed.. Sad


	Logged

CISM, CEH, CISA, ISO 27001 LA

DragonGorge

Jr. Member

Offline

Posts: 83

Re: WIFI WPS brute force attack Faster than cracking WPA/WPA2

« Reply #5 on: March 15, 2012, 01:49:47 PM »

I tried this at home with a spare Linksys router - it was scarily easy. What made it worse was that the Linksys lets you think you've turned WPS without really doing so. That is, I turned WPS off, ran Reaver, and it still cracked my WPS PIN and WPA2 password in under 3 hours.

In my limited experience, Reaver is easier to use and more successful than cracking WEP with no client attached (which I've been unsuccessful in even though my target router is just in the next room.) And Reaver v1.4 comes with a tool called wash that allows you to scan your local area for WPS enabled routers. There wasn't a single router in my local area with WPS off.

One thing I found though was running Reaver caused a DoS on my primary wi-fi router, even though I'd turned the txpower way down. The significant other was not pleased.


	Logged

Deadpool614

Newbie

Offline

Posts: 27

He who dares, wins

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

« Reply #6 on: April 04, 2012, 03:36:30 PM »

I think that this is the most exciting part about security, well for me anyways. Stuff like this gives people like us a reason to think outside of the box to overcome these security shortcuts. I'm looking forward to trying to find a way to patch this flaw. But even after you shut one door another opens. Nothing is ever stopped, only hindered.


	Logged

CIO/G-6 C|EH ....Taking the first steps down a long path.

DragonGorge

Jr. Member

Offline

Posts: 83

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

« Reply #7 on: April 04, 2012, 05:09:48 PM »

AFAIK, Linksys/Cisco are the only ones that don't actually turn WPS off (while letting you think you did). And they've been really slow in coming out with patches. The other brands (e.g. Netgear) actually do turn it off (confirmed). Another plus is that it takes a pretty strong signal to succeed. I asked my neighbor two houses over to plug in my router and Reaver failed in that case.

The sad fact is less than 10% of the routers in my neighborhood use WPA/2 in the first place. Most use WEP and one or two have no authentication at all. Still, for smaller companies the WPS vulnerability could be exploited and cause serious harm.


	Logged

rocketscientist

Newbie

Offline

Posts: 1

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

« Reply #8 on: April 09, 2012, 03:25:46 AM »

the fastest one i cracked was in 3 seconds. lol. reaver is just absolutely awesome. but if there is mac filtering don't forget to use --mac= or -A


	Logged

kerpap

Newbie

Offline

Posts: 8

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

« Reply #9 on: June 15, 2012, 05:06:55 AM »

I love reaver.
absolutly love it.

WPS enabled routers will be around for a while. a bad person could really make use of it.


	Logged

JTD121

Newbie

Offline

Posts: 16

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

« Reply #10 on: October 01, 2012, 07:15:00 AM »

I am really surprised this hasn't caught more attention for such a huge vulnerability across the world.

I mean, I have used Reaver when no one was home (got into a neighbors' WiFi with it). Just looked around their router, saw it was an ISP-provided NetGear router.

If I remember correctly, once I got the commands down, it took a matter a minutes to get the WPS key correct, and therefore the WPA2 key. WPA2, yo! That's quite the black eye on such a secure encryption for WiFi, no?

My router is WPS-incapable, being that it runs Tomato; most Linksys-based WRT routers do not implement WPS in any way, shape, or form, so that vulnerability is right out the window for those of us running alternative firmware on Linksys gear.

So far, I've only used it when no one was home, and didn't do anything malicious, like setting new passwords, or changing settings. I just wanted to see how it worked, and if it worked. Surprisingly it did, and quickly.


	Logged

ajohnson

Recruiters
Hero Member

Offline

Posts: 1056

aka dynamik

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

« Reply #11 on: October 01, 2012, 07:40:10 AM »

Wireless is notoriously insecure. Even if there isn't an inherent vulnerability, such as this Reaver attack or WEP, the majority of people will continue to secure their devices poorly. More often than not, you just need to capture the WPA-handshake and have a few decent wordlists. Having a powerful GPU on-hand makes this attacking increasingly trivial.

As always, ensure you have written permission before attacking equipment that isn't yours. Something as innocuous as testing the exploit on your neighbors equipment can unnecessarily land you in hot water.


	Logged

WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.

JTD121

Newbie

Offline

Posts: 16

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

« Reply #12 on: October 01, 2012, 10:27:33 AM »

ajohnson, you are definitely right, but there was only one WiFi network around that might have been vulnerable, and that was the neighbors' network. Like I explained, I did nothing when I got in, just looked to see if it was one of the ones that doesn't turn WPS off, and then logged off.


	Logged

superkojiman

Jr. Member

Offline

Posts: 59

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

« Reply #13 on: October 01, 2012, 11:26:14 AM »

Quote from: JTD121 on October 01, 2012, 10:27:33 AM

Unfortunately these days, that's all it takes to land in hot water. That's like saying "The only lock I could try to pick was my neighbors, so I did it, but I didn't go in the house". Your neighbor is still not going to be pleased about it if they find out, even if you were just curious and meant no harm.


	Logged

OSCP, GSEC

Jamie.R

Sr. Member

Offline

Posts: 429

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

« Reply #14 on: October 01, 2012, 11:41:01 AM »

wow that's a really old post under my own username. Its good to see it resurface and still usable for others members.


	Logged

OSWP | Hackingdojo Nidan | eCPPT

Pages: [1] 2 Go Up

« previous next »