flat assembler
Message board for the users of flat assembler.

Index > Heap > disable your router WPS feature before reaver pwned you

Author
Thread Post new topic Reply to topic
sleepsleep



Joined: 05 Oct 2006
Posts: 8904
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
Laughing i know it sounds weird,
but maybe you got personal cloud for WPA handshake bruteforce cracker?

wonder what would happen when we got crazy quantum cpu that probably million time faster than current GPU speed,

https? Laughing
windows SMB share, truecrypt,


Last edited by sleepsleep on 14 Nov 2012, 15:13; edited 2 times in total
Post 12 Nov 2012, 10:02
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
Who's WPA password are you trying to break?

There are publicly available sites you can use.
Post 12 Nov 2012, 10:11
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8904
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
i tried the public cracker, no luck,
it seems that i need a dictionary of 13 passphrase, a-z, 0-9, A-Z combination, and that is probably crazy huge dictionary that only supercomputer could run.
Post 12 Nov 2012, 10:19
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
sleepsleep wrote:
wonder what would happen when we got crazy quantum cpu that probably million time faster than current GPU speed,
If it is only a million times faster then it is not good enough. I would hope that a QC would be exponentially faster. Anything less is not going to be worth the effort.
Post 12 Nov 2012, 19:40
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8904
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
it seems, to hack the router wps function is more easier than to hack the wpa2 wireless protected network

http://code.google.com/p/reaver-wps/

gonna try this later night Smile

*update
doing 4 seconds/pin, let see would reaver solves the mystery later Laughing

revolution wrote:

If it is only a million times faster then it is not good enough. I would hope that a QC would be exponentially faster. Anything less is not going to be worth the effort.

cross fingers and hope, we could create own matrix soon... Smile
Post 13 Nov 2012, 14:21
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8904
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
ok,
the result is,

it works, after around 9 hours of slow pin hack,

somehow people need to buy wireless router that without WPS or router that capable to disable WPS.
Post 14 Nov 2012, 01:30
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
sleepsleep wrote:
somehow people need to buy wireless router that without WPS or router that capable to disable WPS.
Some routers have a button that you need to press to enable the WPS for 60 seconds. This stops the reaver attack since you have to be physically present and keep pressing the button.
Post 14 Nov 2012, 07:42
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8904
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
revolution wrote:
sleepsleep wrote:
somehow people need to buy wireless router that without WPS or router that capable to disable WPS.
Some routers have a button that you need to press to enable the WPS for 60 seconds. This stops the reaver attack since you have to be physically present and keep pressing the button.


http://krebsonsecurity.com/2011/12/new-tools-bypass-wireless-router-security/
Quote:

The important thing to keep in mind with this flaw is that devices with WPS built-in are vulnerable whether or not users take advantage of the WPS capability in setting up their router. Also, routers that include WPS functionality are likely to have this feature turned on by default.

First the good news: Blocking this attack may be as simple as disabling the WPS feature on your router. The bad news is that it may not be possible in all cases to do this.


http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
Quote:

WPS has been shown to easily fall to brute-force attacks.[2] A major security flaw was revealed in December 2011 that affects wireless routers with the WPS feature, which most recent models have enabled by default. The flaw allows a remote attacker to recover the WPS PIN in a few hours and, with it, the network's WPA/WPA2 pre-shared key.[3] Users have been urged to turn off the WPS feature,[4] although this may not be possible on some router models.


Quote:

In December 2011 researcher Stefan Viehböck reported a design and implementation flaw that makes brute-force attacks against PIN-based WPS feasible to perform on WPS-enabled Wi-Fi networks. A successful attack on WPS allows unauthorized parties to gain access to the network. The only effective workaround is to disable WPS


maybe user need to update their firmware to disable WPS feature totally.
Post 14 Nov 2012, 14:54
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
Indeed. Many routers are useless against the reaver attack. I would suggest that you buy one with the button. And also check reviews about whether the router actually implements the code properly to support the button.
Post 14 Nov 2012, 15:21
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8904
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
imagine the local banks using WPA2, ouch, ouch!!!
Post 14 Nov 2012, 15:37
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
sleepsleep wrote:
imagine the local banks using WPA2, ouch, ouch!!!
Not much of a problem if they have proper networking gear that requires a valid client certificate before allowing any traffic from a device. That's normal in corporate setups Smile

_________________
Image - carpe noctem
Post 15 Nov 2012, 00:26
View user's profile Send private message Visit poster's website Reply with quote
matefkr



Joined: 02 Sep 2007
Posts: 1291
Location: Ukraine, Beregovo
matefkr
say you got 100 Mbit network and 2048 bit key the network is the bottle neck not quantum cpu. you have to try the key, see if it works.
Post 15 Nov 2012, 17:50
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
There is also downloadable firmware that doesn't have WPS capability and can be flashed into many compatible routers. I think the only way to properly protect against the WPS flaw is to not have the code in your router.

I had my office routers pen tested after disabling WPS in the configuration.

On one router it had no effect, the router still answered to WPS, and eventually revealed the key and password. It took five days though because at least it did implement time based locking after each three failed attempts thus slowing the attack down.

On another router it completely killed all WPS connections after 10 attempts with no way to reset it that I could find without a full factory reset. So, in a sense, that is a good thing since it was my desire to disable WPS in the setup, but it is the wrong way to achieve it IMO.

On a third router it crashed everything after each few hundred attempts and had to be power cycled to get it working again. But once it is up again it still responds to WPS requests and was eventually cracked. But crashing the router is definitely not a way to protect anything and exposes you to DoS attacks.

If you are cracking someone else's router then such effects like crashing and locking out can alert the user to potential attacks. That might be a good thing, but there is generally nothing the user can do to stop it except re-flash or buy a better router to stop such things happening.
Post 13 Nov 2013, 04:47
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8904
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
=)
recently i encountered two new unit, TP-LINK access point, with broken CLIENT AP function, kinda headache, it doesn't work as advertised,

revolution,
glad you identify those issues, maybe need to flash openwrt or ddwrt into them, but not all routers are compatible & supported.
Post 13 Nov 2013, 08:21
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8904
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
care to list out your routers brand and firmware?
Post 13 Nov 2013, 16:00
View user's profile Send private message Reply with quote
matefkr



Joined: 02 Sep 2007
Posts: 1291
Location: Ukraine, Beregovo
matefkr
i would like to look at it much more from a psychological perspective.
lets look at the name. "reaver" why would a person give a name to a virus? to me it sounds much like military style nicknaming. Someone who makes these or in tight cnnection is in connection with military and secret service. they make the viruses more then likely (considering all the other cool virus names). we all know in reality u can make an operating system secure. some people spend the time to crack code to find exploits, so not onlysecret shit uses it.
Post 13 Nov 2013, 17:21
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
matefkr: reaver is not a virus.
Post 13 Nov 2013, 22:12
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17287
Location: In your JS exploiting you and your system
revolution
sleepsleep wrote:
care to list out your routers brand and firmware?
After discussing with all the parties involved it was decided not to publicly state the brands.

This is probably security by obscurity (and thus not security at all) but sometimes people (non-technical people like owners and CEOs) don't really understand how security works.
Post 20 Nov 2013, 06:29
View user's profile Send private message Visit poster's website Reply with quote
matefkr



Joined: 02 Sep 2007
Posts: 1291
Location: Ukraine, Beregovo
matefkr
well it doesnt make my statement any less true.
Post 20 Nov 2013, 07:12
View user's profile Send private message Reply with quote
matefkr



Joined: 02 Sep 2007
Posts: 1291
Location: Ukraine, Beregovo
matefkr
well all the consumer electronics allow the software to be vulnerable at least and the software is indeed usually made vulnerable but login and human interaction software parts like these are made more and more bulky (perhaps without notice), so the security flaw can be hidden in it, and with each update one would have to find it. eh. basicly.. corrupt things.. all fall for just for the same reason as thousands of years: separation into not trusting masses because masses were made seamingly not caring (or actually), and many let elitist bastards to control however, many (another many perhaps) think they are not effected by the corruption of elitists but blame much obvious things (they dont think in terms of "change this, then reason about what would be changed, and then find it for others and bring about the most efficient change" they reason about how cool and fun it is to have a reason to blame and troture someone, and this is then based on some emotion related education).
Post 20 Nov 2013, 07:18
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.