Skip to main content

Wi‐Fi Protected Setup

 Wi‐Fi Protected Setup (WPS) is a wireless standard that enables simple connectivity to “secure” wireless APs. The problem with WPS is that its implementation of registrar PINs make it easy to connect to wireless and can facilitate attacks on the very WPA/WPA2 pre‐shared keys used to lock down the overall system. As we’ve seen over the years with security, everything’s a tradeoff!

WPS is intended for consumer use in home wireless networks. If your wireless environment is like most others that I see, it probably contains consumer‐grade wireless APs (routers) that are vulnerable to this attack.

The WPS attack is relatively straightforward using an open source tool called Reaver (https://code.google.com/p/reaver‐wps). Reaver works by executing a brute‐force attack against the WPS PIN. I use the commercial ver sion, Reaver Pro (www.reaversystems.com), which is a device that you connect your testing system to over Ethernet or USB. Reaver Pro’s interface, as shown in Figure 1, is pretty straightforward.
Running Reaver Pro is easy. You simply follow these steps:

      1.  Connect to the Reaver Pro device by plugging your testing system into the PoE LAN network connection. You should get an IP address from the Reaver Pro device via DHCP.

      2.  Load a web browser and browse to http://10.9.8.1 and log in with reaver/foo as the username and password.

      3.  On the home screen, press the Menu button and a list of wireless networks should appear.
      4.  Select your wireless network from the list and then click Analyze.
     
      5.  Let Reaver Pro run and do its thing.
        This process is shown in Figure 2.

Fig. 1 : The Reaver Pro Startup Window
Also read : Top 10 WiFi Penetration Testing Tools
Fig. 2: Using Reaver Pro to Determine That Wi-Fi Protected Setup is Enabled
If you wish to have Reaver Pro automatically start cracking your WPS PIN, you’ll need to click Configure and set the WPS Pin setting to On. WPS PIN cracking can take anywhere from a few minutes to a few hours, but if success ful, Reaver Pro will return the WPA pre‐shared key or will tell you that the wireless network is too far away or that intruder lockout is enabled.

I’ve had mixed results with Reaver Pro depending on the computer I’m run ning it on and the wireless AP that I’m testing. It’s still a worthy attack you should pursue if you’re looking to find and fix the wireless flaws that matter.



Countermeasures against the WPS PIN flaw

It’s rare to come across a security fix as straightforward as this one: Disable WPS. If you need to leave WPS enabled, at least set up MAC address controls on your AP(s). It’s not foolproof, but it’s better than nothing! More recent consumer‐grade wireless routers also have intruder lockout for the WPS PIN. If the system detects WPS PIN cracking attempts, it will lock out those attempts for a certain period of time. The best things to do to prevent WPS attacks in the enterprise is to not use low‐end wireless routers in the first place.

like us on facebook : Grey Hat Hackers

NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader. 

Comments

Popular posts from this blog

Social Engineering Toolkit (SET)

Social Engineering Toolkit  (SET) is an advanced,  multifunctional, and easy-to-use computer-assisted social engineering toolset, created by the founders of  TrustedSec (https://www.trustedsec.com/). It helps you prepare the most effective way to exploit client-side application vulnerabilities and makes a fascinating attempt to capture the target's confidential information (for example, e-mail passwords). Some of the most efficient and useful attack methods employed by SET include targeted phishing e-mails with a malicious file attachment, Java applet attacks, browser-based exploitation, gathering website credentials, creating infectious portable media (USB/ DVD/CD), mass-mailer attacks, and other similar multiattack web vectors. This combination of attack methods provides you with a powerful platform to utilize and select the most persuasive technique that could perform an advanced attack against the human element.

 To start SET, navigate to  Applications  |  Kali Linux  |  Expl…

Cracking Wifi Using :Fern(GUI)

Fern(GUI)

As a part of Kali linux , fern can be directly used from kali linux , i would be recommending the use of kali because while using other linux environments it could be a trouble because while using fern it automatically detects the path of aircrack-ng and python installed , while in other environments it is needed to set it manually...so follow the following steps :-->

1.) Download kali linux iso and make a bootable pendrive .....if you dont know how to make bootable pendrive  then follow the steps given in blog of trinity rescue kit

Kali linux iso (amd64) recommended -->here
Link to trinity rescue kit blog --> here


 2.)Open Kali linux Goto Applications-->Wireless Attack--> Fern

3.)Select Interface card wlan0

4.)Double click any where in GUI

5.)Select enable x-terms ...so that you can view that happening ...while through a automated program...

6.)Click on select network

7.)Choose the type of network that is WEP/WPA

8.)I would recommend to add dictonary file ..…

Deep Web - Part 1

What is deep web ?

Deep web Aka Invisible web Aka Hidden web are parts of the world wide web whose contents are not indexed by standard search engines.
LEVELS OF WORLD WIDE WEB :
SURFACE WEBBERGIE WEBDEEP WEBCHARTER WEBMARIANAS WEB SURFACE WEB :
The surface web also known as Visible web , Clearnet , Indexed web or Lightnet is that portion of the world wide web that is readily available to the general public and searchable with standard web search engines. Level of web where vast majority of internet users are connected to and which is accessible in any nation that does not block internet access.E.g: Social media sites like Facebook, informational websites like Wikipedia, general websites, etc

BERGIE WEB :

It is the part of world wide web that is not indexed by search-engines,which is directly accessible and no proxy required. E.g: Google locked results, recently web crawled old content, pirated media, pornography etc
DEEP WEB:
Deep web Aka Invisible web Aka Hidden web are parts of the wo…