.

WIFI WPS brute forace attack Faster than cracking WPA/WPA2

<<

millwalll

Post Fri Dec 30, 2011 9:39 am

WIFI WPS brute forace attack Faster than cracking WPA/WPA2

<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Fri Dec 30, 2011 9:58 am

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

Yeah I saw it yesterday.  I kinda want to try it out and see how easy it is to crack, but will have to wait until people leave the house in case I break their Internet!
Sec+, eCPPT
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Dec 30, 2011 10:11 am

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

Seen wrote:Yeah I saw it yesterday.  I kinda want to try it out and see how easy it is to crack, but will have to wait until people leave the house in case I break their Internet!


LOL!  At least you're going to be ethical and test on your own systems.  <props  ;)>
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Seen

User avatar

Full Member
Full Member

Posts: 137

Joined: Mon Aug 30, 2010 1:05 am

Post Fri Dec 30, 2011 2:16 pm

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

Yeah, not a fan of jail hayabusa!
Sec+, eCPPT
<<

dbest

Jr. Member
Jr. Member

Posts: 79

Joined: Thu Jun 23, 2011 1:14 pm

Post Tue Jan 10, 2012 11:12 am

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

Tested reaver at home and it worked well.
Tested at a client and didnt succeed.. :(
CISM, CEH, CISA, ISO 27001 LA
<<

DragonGorge

User avatar

Jr. Member
Jr. Member

Posts: 86

Joined: Wed Feb 08, 2012 6:30 pm

Post Thu Mar 15, 2012 1:49 pm

Re: WIFI WPS brute force attack Faster than cracking WPA/WPA2

I tried this at home with a spare Linksys router - it was scarily easy. What made it worse was that the Linksys lets you think you've turned WPS without really doing so. That is, I turned WPS off, ran Reaver, and it still cracked my WPS PIN and WPA2 password in under 3 hours.

In my limited experience, Reaver is easier to use and more successful than cracking WEP with no client attached (which I've been unsuccessful in even though my target router is just in the next room.) And Reaver v1.4 comes with a tool called wash that allows you to scan your local area for WPS enabled routers. There wasn't a single router in my local area with WPS off.

One thing I found though was running Reaver caused a DoS on my primary wi-fi router, even though I'd turned the txpower way down. The significant other was not pleased.
<<

Deadpool614

Newbie
Newbie

Posts: 27

Joined: Sun Apr 01, 2012 7:59 am

Location: 'Merica

Post Wed Apr 04, 2012 3:36 pm

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

I think that this is the most exciting part about security, well for me anyways. Stuff like this gives people like us a reason to think outside of the box to overcome these security shortcuts. I'm looking forward to trying to find a way to patch this flaw. But even after you shut one door another opens. Nothing is ever stopped, only hindered.
CIO/G-6 C|EH ....Taking the first steps down a long path.
<<

DragonGorge

User avatar

Jr. Member
Jr. Member

Posts: 86

Joined: Wed Feb 08, 2012 6:30 pm

Post Wed Apr 04, 2012 5:09 pm

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

AFAIK, Linksys/Cisco are the only ones that don't actually turn WPS off (while letting you think you did). And they've been really slow in coming out with patches. The other brands (e.g. Netgear) actually do turn it off (confirmed). Another plus is that it takes a pretty strong signal to succeed. I asked my neighbor two houses over to plug in my router and Reaver failed in that case.

The sad fact is less than 10% of the routers in my neighborhood use WPA/2 in the first place. Most use WEP and one or two have no authentication at all. Still, for smaller companies the WPS vulnerability could be exploited and cause serious harm.
<<

rocketscientist

Newbie
Newbie

Posts: 1

Joined: Mon Apr 09, 2012 3:18 am

Post Mon Apr 09, 2012 3:25 am

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

the fastest one i cracked was in 3 seconds. lol. reaver is just absolutely awesome. but if there is mac filtering don't forget to use --mac= or -A
<<

kerpap

User avatar

Newbie
Newbie

Posts: 8

Joined: Tue Jul 08, 2008 2:55 pm

Post Fri Jun 15, 2012 5:06 am

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

I love reaver.
absolutly love it.

WPS enabled routers will be around for a while. a bad person could really make use of it.
<<

JTD121

User avatar

Newbie
Newbie

Posts: 16

Joined: Thu Sep 06, 2012 12:11 pm

Location: 01832

Post Mon Oct 01, 2012 7:15 am

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

I am really surprised this hasn't caught more attention for such a huge vulnerability across the world.

I mean, I have used Reaver when no one was home (got into a neighbors' WiFi with it). Just looked around their router, saw it was an ISP-provided NetGear router.

If I remember correctly, once I got the commands down, it took a matter a minutes to get the WPS key correct, and therefore the WPA2 key. WPA2, yo! That's quite the black eye on such a secure encryption for WiFi, no?

My router is WPS-incapable, being that it runs Tomato; most Linksys-based WRT routers do not implement WPS in any way, shape, or form, so that vulnerability is right out the window for those of us running alternative firmware on Linksys gear.

So far, I've only used it when no one was home, and didn't do anything malicious, like setting new passwords, or changing settings. I just wanted to see how it worked, and if it worked. Surprisingly it did, and quickly.
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Mon Oct 01, 2012 7:40 am

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

Wireless is notoriously insecure. Even if there isn't an inherent vulnerability, such as this Reaver attack or WEP, the majority of people will continue to secure their devices poorly. More often than not, you just need to capture the WPA-handshake and have a few decent wordlists. Having a powerful GPU on-hand makes this attacking increasingly trivial.

As always, ensure you have written permission before attacking equipment that isn't yours. Something as innocuous as testing the exploit on your neighbors equipment can unnecessarily land you in hot water.
The day you stop learning is the day you start becoming obsolete.
<<

JTD121

User avatar

Newbie
Newbie

Posts: 16

Joined: Thu Sep 06, 2012 12:11 pm

Location: 01832

Post Mon Oct 01, 2012 10:27 am

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

ajohnson, you are definitely right, but there was only one WiFi network around that might have been vulnerable, and that was the neighbors' network. Like I explained, I did nothing when I got in, just looked to see if it was one of the ones that doesn't turn WPS off, and then logged off.
<<

superkojiman

User avatar

Jr. Member
Jr. Member

Posts: 81

Joined: Thu Sep 20, 2012 9:42 pm

Post Mon Oct 01, 2012 11:26 am

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

JTD121 wrote:ajohnson, you are definitely right, but there was only one WiFi network around that might have been vulnerable, and that was the neighbors' network. Like I explained, I did nothing when I got in, just looked to see if it was one of the ones that doesn't turn WPS off, and then logged off.


Unfortunately these days, that's all it takes to land in hot water. That's like saying "The only lock I could try to pick was my neighbors, so I did it, but I didn't go in the house". Your neighbor is still not going to be pleased about it if they find out, even if you were just curious and meant no harm.
OSCP + OSCE
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Mon Oct 01, 2012 11:41 am

Re: WIFI WPS brute forace attack Faster than cracking WPA/WPA2

wow that's a really old post under my own username. Its good to see it resurface and still usable for others members.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
Next

Return to Wireless

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software