Forums » Wireless Hacking and Security

WPS lockout

    • 9 posts
    June 27, 2016 6:46 PM EDT

    I think Reaver and Bully are becoming obsolete because of this WPS lockout that occurs after too many PIN attempts. I'm aware of trying to write scripts that changes your MAC address between PIN attempts, but I am pretty sure that this tactic is old now too. Aside from the pixie dust attack, is bruteforcing the WPS pin becoming totally obsolete or does anyone know of anything new in regards to that?

    • 47 posts
    July 16, 2016 9:32 PM EDT
    i heard wifi phisher is good
    But i havent tried it.
    • 9 posts
    July 17, 2016 2:29 AM EDT

    COOL!! I over appreciate your reply, it's hard to get a reply lol. Wifiphisher? It appears to be a fake access point automator that sets up a fake wifi network in hopes of having someone connect such that you may be able to route the wifi network into another or a wired networkk that is connected to the internet. Then when they connect to it, it has internet access and they are none the wiser that their internet session is being eavesdropped on. Yeah, I'm pretty sure this is an eavesdropping tool. I am interested in something that is able to crack or gain access to WPA networks without having to actually crack a hash from a handshake or use a dictionary. There is another pretty nicely crafted tool that also creates a fake (but duplicate of target), network and tries to have the clients connect to you instead of their own network. by bombing the network with deauthentication packets and preventing them from authenticating to thier network and hoping they connect to you thinking that it their own. but first it gets a handshake to compare a password to that they will provide because once they connect to you, any and all requests from the client are directed by a DNS server to point to a fake router security check page which is hosted on a temporary HTTP server that this tool also sets up for you. And this router page has them enter their wpa passwrd and what they enter is checked against the handshake hash the tool aquired earlier to check if it matches, and if it does not, it can look like it knows what the password is already and say "sorry try again: which sorta adds to the appearance of it being legitimate and makes it more relyable. and if they do enter the right passphrase it simply thanks them and cuts the connection allowing them to reconnect to their own network so they are none the wiser and the code they enter is saved into a database by a little php script in the fake webpage. It is called LINSET which stands for LINSET IS NOT A SOCIAL ENGINEERING TOOL. Okay thats enough to read i'm sure, but I havent got it to work yet because all the handshakes ii get, it says are corrupt which prevents me from continueing, and when i am able to sometimes, i think you need to be very very close to have the clients actually connect to you. and finally it relies on tricking people. i would like to find something more concrete that doesnt rely on something as inconsistant as being able to fool someone or not.okay this is way too long, i have way too much time on my hands here haha.

    • 47 posts
    July 21, 2016 10:47 PM EDT

    The idea here is to create an evil twin AP, then de-authenticate or DoS the user from their real AP. When they re-authenticate to your fake AP with the same SSID, they will see a legitimate-looking webpage that requests their password because of a "firmware upgrade." When they provide their password, you capture it and then allow them to use the evil twin as their AP, so they don't suspect a thing This saves a lots of time cracking the WPS, WPA, WPA2 its more like phishing rather than eavesdropping


    This post was edited by justallen at July 22, 2016 7:41 AM EDT
    • 9 posts
    July 24, 2016 4:34 PM EDT

    cool, have you ever used this in a real world scenario? I have tried so many times with some kind of evil twin attack but can never get the clients to connect to me. I am not sure but I think it's just because I might be too far away from them. Do you know if distance or signal strength has anything or even everything to do with the whole "getting them to connect to you instead" part?

    • 1 posts
    December 13, 2016 1:00 AM EST

    you need to increase you're own TX power, and keep sending the deauthentication packets.