Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 38

Thread: WPS Vulnerability

  1. #21
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: WPS Vulnerability

    Has anyone successfully cracked WPS with AWUS036H? I'm trying it with a Speedtouch 585i and a Thomson TG787 (both mine, in the same room I am) and nothing is working. I am receiving lots of timeouts and it just keeps sending the same PIN. Even if I input the right PIN, it doesn't work...

  2. #22
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: WPS Vulnerability

    I did some experimenting with the 3 routers that I have readily available. Yes they are mine and not my neighbors so I was able to test both the default configs and other options. My test did confirm that with my linksys router WPS was enabled regardless of what the web interface settings said. Here are my tests and results.

    1. DDWRT router- WPS not enabled by defualt. I couldn't find any options to enabled it.

    2. Linksys WRT120N- WPS enabled by default. After changing WPS to off in interface it was still enabled.

    3. Verizon Fios Actiontec ml424-WR- WPS not enabled by default. Also no way to enabled it in the we interface. WEP was on by default however...

    Did you see what changes mac filtering with mac spoofing had, if any on the WPS enabled router ?
    Last edited by TAPE; 01-20-2012 at 01:46 AM.

  3. #23
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default Re: WPS Vulnerability

    I have been using AWUS036H for all of my testing and I have been able to successfully crack the keys.

    No i didn't do any MAC spoofing testing. I did read this on reavers FAQ

    Why doesn't MAC spoofing work?
    It does, but you have to make sure you are spoofing the MAC on the physical card's interface. See the wiki.
    If I get some time tonight I'll try to do some testing with my linksys router.
    Last edited by Dudeman02379; 01-20-2012 at 05:09 PM. Reason: noticed tapes question!

  4. #24
    Member melissabubble's Avatar
    Join Date
    Aug 2011
    Location
    c:\
    Posts
    85

    Default Re: WPS Vulnerability

    I thought it was just me..lol. I'm having the same problem Snayler is having. And I'm using the awus036h card as well. But I read many people said the card works. weird!!

  5. #25
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default Re: WPS Vulnerability

    melissabubble,
    Are you using the card in a vmware virtual machine? I've had nothing but trouble with the card in vmware but it has been working great for me in virtualbox.

    tape,
    I had alot of trouble but I did get reaver working again my linksys wrt150n with wps 'disabled' and mac filtering enabled. Here is what I needed to do to get it working
    1. enabled mac filtering on the router allowed mac address 11:11:11:11:11:11 (obviously not really the mac I used just an example)
    2. ifconfig wlan0 down
    3. macchannger -m 11:11:11:11:11:11 wlan0
    4. ifconfig wlan0 up
    5. airmon-ng start wlan0
    6. ifconfig mon0 down
    7. macchannger -m 11:11:11:11:11:11 mon0
    8. ifconfig mon0 up
    9. reaver -b {my routers bssid} -c {my routers channel} -i mon0 -vv

    It took me a lot of troubleshooting to figure out that both the wireless adapter and it's monitor mode interface needed to spoof the same mac address!
    NOTE: the commands above are by memory so there could be a typo. It's getting late...
    Last edited by Dudeman02379; 01-21-2012 at 03:01 AM.

  6. #26
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: WPS Vulnerability

    Quote Originally Posted by melissabubble View Post
    I thought it was just me..lol. I'm having the same problem Snayler is having. And I'm using the awus036h card as well. But I read many people said the card works. weird!!
    Ok, I tried it with that same card, but on a different laptop. Now it's working, no timeouts. Which leads me to believe that the problem was hardware related. I'll try it with VMWare and VirtualBox in the computer I tried first, see if it can run trough virtualization software.

  7. #27
    Just burned his ISO
    Join Date
    Jan 2012
    Posts
    1

    Default Re: WPS Vulnerability

    Older versions of AWUS036H comes a small cache, when requests are made the AWUS036H crash.

    When the AWUS036H crash, you get to have the problem of "WARNING: Failed to associate with"

    Now just look at the monitor interface down.


    Problems such as timeout can be several things.

    1 - Low signal (a signal good 40 - 50)
    2 - AP with low count (low count of attempted access)


    Some APs have counter few attempts in this case is not what to do, have to go slowly.

    We must remember that even some APs with WPS enabled, have the activation button, this button can be virtual or physical, in this case, the AP will respond to requests but will return early timeouts because of the lack of necessary flag.


    And bear in mind, most APs simply turn off access to the Internet when a connection attempt via WPS, then try the wps when there is nobody on the network.


    Sorry english, brazillian here.


    Cya

  8. #28
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: WPS Vulnerability

    tape,
    I had alot of trouble but I did get reaver working again my linksys wrt150n with wps 'disabled' and mac filtering enabled. Here is what I needed to do to get it working
    1. enabled mac filtering on the router allowed mac address 11:11:11:11:11:11 (obviously not really the mac I used just an example)
    2. ifconfig wlan0 down
    3. macchannger -m 11:11:11:11:11:11 wlan0
    4. ifconfig wlan0 up
    5. airmon-ng start wlan0
    6. ifconfig mon0 down
    7. macchannger -m 11:11:11:11:11:11 mon0
    8. ifconfig mon0 up
    9. reaver -b {my routers bssid} -c {my routers channel} -i mon0 -vv

    It took me a lot of troubleshooting to figure out that both the wireless adapter and it's monitor mode interface needed to spoof the same mac address!
    NOTE: the commands above are by memory so there could be a typo. It's getting late...

    Hey Dudeman, thanks for the reply, for some reason I missed that mention in the Wiki :|

    Could have sworn I had tested that, but in any case have just verified that it works in
    my case as well by changing the mac on the physical interface and then creating monitor interface
    and changing the MAC on that as well.


    Thanks for the reply

  9. #29
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default Re: WPS Vulnerability

    It's more than a little scary that currently there is no way to secure the wireless on these routers without completely turning it off. I haven't checked for a new firmware version yet so I suppose that will be my next test.

  10. #30
    Very good friend of the forum TAPE's Avatar
    Join Date
    Jan 2010
    Location
    Europe
    Posts
    599

    Default Re: WPS Vulnerability

    Just out of interest, has anyone tried the latest version v1.4 of reaver ?

    I have been trying to get it going but for some reason am experiencing a lot more issues on
    getting it to associate / run.
    For me v1.3 worked better .. :|


    'wash' does look much nicer now with channels / signal strength etc.

Page 3 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. Vulnerability scanners?
    By cRaZylilmuffin in forum OLD Newbie Area
    Replies: 5
    Last Post: 12-24-2009, 09:34 PM
  2. Help with where to start looking in to a vulnerability
    By watcher_60 in forum OLD Newbie Area
    Replies: 2
    Last Post: 11-20-2009, 02:31 PM
  3. WPA (tkip) vulnerability
    By B@Rz- in forum Angolo Wireless
    Replies: 9
    Last Post: 11-07-2009, 12:57 PM
  4. vulnerability scanning
    By ycpc55 in forum OLD Newbie Area
    Replies: 11
    Last Post: 05-06-2009, 07:45 AM
  5. About the famous DNS vulnerability.
    By imported_demente in forum OLD Specialist Topics
    Replies: 5
    Last Post: 08-31-2008, 09:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •