The only unfortunate thing about WPS is that 95% of all consumer grade routers ship with this option enabled. Most routers that you receive from your ISP have WPS enabled and all use the same WPS pin of 12345670. This make's it very easy to get the WPA key knowing the WPS pin. I found that all Cisco Based routers here in Eastern Michigan all use the same WPS pin.
@unrealn3t Even with MAC address filtering on a network router, you can still use tcpdump to pull the MAC Address table of white listed MAC Addresses off the router then spoof your MAC Address. It's an extra step or two but takes about a minute.
@unrealn3t Thanks for watching the video. In addition to your comment, at the time of this recording, any vendor who wanted a device to be WPS certified actually had to the WPS turn on by default. I can see how this made sense from a UX perspective but it's a little scary now that WPS is so badly broken.
@schvollguad Agreed. It's a very useful tool. I actually made a video tutorial of wash back when it was called walsh. Anyone interested can find that video in my channel.
Excellent, worked perfectly. Thankyou. My advice to others is, before you waste hours trying passphrase hacking (gl with that waste of time), try this first, and if the router being stalked is set up poorly regarding WPS, you'll be in, no problem. Takes time, but at least it works, unlike trying to aircrack-ng passphrases... Nice job SimplyWiFi :D
@nnngggiii Some routers have brute-force defences that will impose time penalties for failed attempts. Some routers will actually just fail under the pressure and kick everyone off the network or reset the wlan. It is technically possible to see an attack happening but it's really too involved for the average SOHO user who required WPS to exist in the first place.
@nnngggiii Depends on the platform you are running it on. If you are using BackTrack then you should be able to use apt to update it. Or, you could just download the latest version from the Google code page directly.
@conspiritor2 Technically, yes. However, you do not need to test millions of combinations. The implementation has weaknesses which break the 8 digit PIN into two, smaller, 4-digit PINs. Also, the last digit is a checksum so it's really a 4 digit PIN + a 3 digit PIN. So the math works out to 10000 combinations + 1000 combinations. Statistically, it'll take you about half on average so it's really closer to 5500 attempts in practice.
@SimplyWiFi Monitor mode? What's that? Is that that something that OS must have in order to have quality network tools or it's all about development community?
@conspiritor2 Monitor mode is what allows the wireless interface to capture 'everything' it sees instead of just the stuff sent directly to it. Think of it as something similar to 'promiscuous' mode on wired interfaces.
@conspiritor2 It needs to be a feature of whichever platform you are doing your attack from. Most likely you'll be doing it from a laptop, so it needs to be a feature of the drivers used in whichever OS you happen to be running. Windows drivers are sorely lacking in monitor mode. There are some commercial Windows products that can do it but they cost quite a bit. Easier, and cheaper, just to use linux.
When I try to crack my router I get a WPS PIN but no wpa key. How would I get the key if I know the PIN. On my other router I get a PIN and a wpa key.
@OrionHumphrey That's an odd one. I haven't run into that before but perhaps your router has some kind or protection mechanism, or is running a draft-WPS implementation that works differently. What kind or router and which firmware are you running?
@lukespurs4life It is possible the router doesn't support WPS. Did you run Walsh to see if WPS is enabled first? Aside from that, there could be any number of issues: poor SNR, MAC filtering.
@allnaturalkid87 Hi, that could be anything from interference to low signal strength, to a driver issue on your card. I'd start by checking the official reaver wiki on support drivers, and then look through their FAQ.
@darkblad1986 The documentation provided by the reaver dev team is quite good and you simply need to follow it to compile and run the tool.
code.google.com/p/reaver-wps/wiki/README <- They also have a wiki to help answer questions.
That said, if you're new to linux, I would suggest maybe reading up on linux fundamentals before jumping right into security assessment tools. It's not enough to simply run tools, you should aim to understand how they work, and what they are doing as well.
@2000napoleon At 1:00 I clearly point out the PIN on the wireless router's admin page and state that it will come in handy in a few minutes. At 3:48 I clearly explain that I am going to just tell reaver the PIN (which I pointed out at 1:00) in the interest of skipping to end just to see the results would look like. Rewatch the video and pay attention, it is all there.
The only unfortunate thing about WPS is that 95% of all consumer grade routers ship with this option enabled. Most routers that you receive from your ISP have WPS enabled and all use the same WPS pin of 12345670. This make's it very easy to get the WPA key knowing the WPS pin. I found that all Cisco Based routers here in Eastern Michigan all use the same WPS pin.
unrealn3t 3 days ago
@unrealn3t Even with MAC address filtering on a network router, you can still use tcpdump to pull the MAC Address table of white listed MAC Addresses off the router then spoof your MAC Address. It's an extra step or two but takes about a minute.
unrealn3t 3 days ago
@unrealn3t Thanks for watching the video. In addition to your comment, at the time of this recording, any vendor who wanted a device to be WPS certified actually had to the WPS turn on by default. I can see how this made sense from a UX perspective but it's a little scary now that WPS is so badly broken.
SimplyWiFi 3 days ago
wash -i mon0 -C -> will show if routers have wps enabled, easier then using wireshark
schvollguad 4 days ago
@schvollguad Agreed. It's a very useful tool. I actually made a video tutorial of wash back when it was called walsh. Anyone interested can find that video in my channel.
SimplyWiFi 3 days ago
Excellent, worked perfectly. Thankyou. My advice to others is, before you waste hours trying passphrase hacking (gl with that waste of time), try this first, and if the router being stalked is set up poorly regarding WPS, you'll be in, no problem. Takes time, but at least it works, unlike trying to aircrack-ng passphrases... Nice job SimplyWiFi :D
geddylee501 4 days ago
@geddylee501 Thanks for the feedback. Glad you liked the video and found it useful.
SimplyWiFi 3 days ago
hahha! it will choke up... funny. :-) great job !
Dpaz2009 2 weeks ago
@Dpaz2009 That is the term though lol Its really funny "router will choke on packets"
DjAdam16 1 week ago
10 hour? does it make router to choke? or disconnect client who connected to that router.,and can client find out someones cracking there router?
thanks
nnngggiii 3 weeks ago
@nnngggiii Some routers have brute-force defences that will impose time penalties for failed attempts. Some routers will actually just fail under the pressure and kick everyone off the network or reset the wlan. It is technically possible to see an attack happening but it's really too involved for the average SOHO user who required WPS to exist in the first place.
SimplyWiFi 3 weeks ago
how to update reaver?
thanks
nnngggiii 3 weeks ago
@nnngggiii Depends on the platform you are running it on. If you are using BackTrack then you should be able to use apt to update it. Or, you could just download the latest version from the Google code page directly.
SimplyWiFi 3 weeks ago
I thought it's impossible to do that? How it can test millions combinations of passwords for just few hours?
conspiritor2 1 month ago
@conspiritor2 Technically, yes. However, you do not need to test millions of combinations. The implementation has weaknesses which break the 8 digit PIN into two, smaller, 4-digit PINs. Also, the last digit is a checksum so it's really a 4 digit PIN + a 3 digit PIN. So the math works out to 10000 combinations + 1000 combinations. Statistically, it'll take you about half on average so it's really closer to 5500 attempts in practice.
SimplyWiFi 1 month ago
@SimplyWiFi Is there a version for windows?
conspiritor2 1 month ago
@conspiritor2 Afraid not. Windows generally has very poor support for monitor mode which is required for reaver to run.
SimplyWiFi 1 month ago
@SimplyWiFi Monitor mode? What's that? Is that that something that OS must have in order to have quality network tools or it's all about development community?
conspiritor2 4 weeks ago
@conspiritor2 Monitor mode is what allows the wireless interface to capture 'everything' it sees instead of just the stuff sent directly to it. Think of it as something similar to 'promiscuous' mode on wired interfaces.
SimplyWiFi 3 weeks ago
@SimplyWiFi Shouldn't that be feature of router and not OS?
conspiritor2 3 weeks ago
@conspiritor2 It needs to be a feature of whichever platform you are doing your attack from. Most likely you'll be doing it from a laptop, so it needs to be a feature of the drivers used in whichever OS you happen to be running. Windows drivers are sorely lacking in monitor mode. There are some commercial Windows products that can do it but they cost quite a bit. Easier, and cheaper, just to use linux.
SimplyWiFi 3 weeks ago
@SimplyWiFi OK thanks man, subbed to ya....
conspiritor2 3 weeks ago
When I try to crack my router I get a WPS PIN but no wpa key. How would I get the key if I know the PIN. On my other router I get a PIN and a wpa key.
OrionHumphrey 1 month ago
@OrionHumphrey That's an odd one. I haven't run into that before but perhaps your router has some kind or protection mechanism, or is running a draft-WPS implementation that works differently. What kind or router and which firmware are you running?
SimplyWiFi 1 month ago
@SimplyWiFi To be perfectly honest its not my router so I don't know that information.
OrionHumphrey 1 month ago
[!] WARNING: Failed to associate with XX:XX:XX:XX:XX:XX (ESSID: XXXXXXX) Doesn't get any further... Any pointers?
lukespurs4life 1 month ago
@lukespurs4life It is possible the router doesn't support WPS. Did you run Walsh to see if WPS is enabled first? Aside from that, there could be any number of issues: poor SNR, MAC filtering.
SimplyWiFi 1 month ago
I always get stuck at "unable to associate"
any suggestions?
allnaturalkid87 1 month ago
@allnaturalkid87 Hi, that could be anything from interference to low signal strength, to a driver issue on your card. I'd start by checking the official reaver wiki on support drivers, and then look through their FAQ.
SimplyWiFi 1 month ago
@SimplyWiFi and how do i compile that code to bt5
darkblad1986 1 month ago
@darkblad1986 The documentation provided by the reaver dev team is quite good and you simply need to follow it to compile and run the tool.
code.google.com/p/reaver-wps/wiki/README <- They also have a wiki to help answer questions.
That said, if you're new to linux, I would suggest maybe reading up on linux fundamentals before jumping right into security assessment tools. It's not enough to simply run tools, you should aim to understand how they work, and what they are doing as well.
SimplyWiFi 1 month ago
new to this.,,sorry..says comand not found...i need to transfer reaver to bt5 right...how?
darkblad1986 1 month ago
@darkblad1986 Hi. You don't necessarily need to use BT5 but, yes, you do need to download and compile the reaver code first.
code.google.com/p/reaver-wps/downloads/list
SimplyWiFi 1 month ago
really helpful and great site. thanks
metalmasterlp 1 month ago
@metalmasterlp Thanks for the feedback. Glad you found it useful.
SimplyWiFi 1 month ago
THIS VIDEO SUCKS! HOW THE ... YOU FOUND THIS PIN? GOD TOLD U?
2000napoleon 1 month ago
@2000napoleon At 1:00 I clearly point out the PIN on the wireless router's admin page and state that it will come in handy in a few minutes. At 3:48 I clearly explain that I am going to just tell reaver the PIN (which I pointed out at 1:00) in the interest of skipping to end just to see the results would look like. Rewatch the video and pay attention, it is all there.
SimplyWiFi 1 month ago