Friday, June 15, 2012
Unknown
So whats Reaver-
Reaver performs a brute force attack
against an access point's WiFi Protected Setup pin number. Once the WPS
pin is found, the WPA PSK can be recovered and alternately the AP's
wireless settings can be reconfigured. While Reaver does not support
reconfiguring the AP, this can be accomplished with wpa_supplicant once
the WPS pin is known.
Reaver performs a brute force attack
against the AP, attempting every possible combination in order to guess
the AP's 8 digit pin number. Since the pin numbers are all numeric,
there are 10^8 (100,000,000) possible values for any given pin number.
However, because the last digit of the pin is a check sum value which can
be calculated based on the previous 7 digits, that key space is reduced
to 10^7 (10,000,000) possible values.
The key space is reduced even further
due to the fact that the WPS authentication protocol cuts the pin in
half and validates each half individually. That means that there are
10^4 (10,000) possible values for the first half of the pin and 10^3
(1,000) possible values for the second half of the pin, with the last
digit of the pin being a check sum.
Reaver brute forces the first half of
the pin and then the second half of the pin, meaning that the entire
key space for the WPS pin number can be exhausted in 11,000 attempts.
The speed at which Reaver can test pin numbers is entirely limited by
the speed at which the AP can process WPS requests. Some APs are fast
enough that one pin can be tested every second; others are slower and
only allow one pin every ten seconds. Statistically, it will only take
half of that time in order to guess the correct pin number.
Lets Begin-
First Download Reaver & it is only supported on the Linux
platform, requires the libpcap and libsqlite3 libraries, and can be
built and installed by running:
$ ./configure$ make# make installTo remove everything installed/created by Reaver:# make distclean
USAGE-
Usually, the only required arguments to Reaver are the interface name and the BSSID of the target AP:
# reaver -i mon0 -b 00:01:02:03:04:05
The channel and SSID (provided that
the SSID is not cloaked) of the target AP will be automatically
identified by Reaver, unless explicitly specified on the command line:
# reaver -i mon0 -b 00:01:02:03:04:05 -c 11 -e linksys
By default, if the AP switches
channels, Reaver will also change its channel accordingly. However, this
feature may be disabled by fixing the interface's channel:
# reaver -i mon0 -b 00:01:02:03:04:05 --fixed
The default receive timeout period is
5 seconds. This timeout period can be set manually if necessary
(minimum timeout period is 1 second):
# reaver -i mon0 -b 00:01:02:03:04:05 -t 2
The default delay period between pin
attempts is 1 second. This value can be increased or decreased to any
non-negative integer value. A value of zero means no delay:
# reaver -i mon0 -b 00:01:02:03:04:05 -d 0
Some APs will temporarily lock their
WPS state, typically for five minutes or less, when "suspicious"
activity is detected. By default when a locked state is detected, Reaver
will check the state every 315 seconds (5 minutes and 15 seconds) and
not continue brute forcing pins until the WPS state is unlocked. This
check can be increased or decreased to any non-negative integer value:
# reaver -i mon0 -b 00:01:02:03:04:05 --lock-delay=250
For additional output, the verbose
option may be provided. Providing the verbose option twice will increase
verbosity and display each pin number as it is attempted:
# reaver -i mon0 -b 00:01:02:03:04:05 -vv
The default timeout period for
receiving the M5 and M7 WPS response messages is .1 seconds. This
timeout period can be set manually if necessary (max timeout period is 1
second):
# reaver -i mon0 -b 00:01:02:03:04:05 -T .5
Some poor WPS implementations will
drop a connection on the floor when an invalid pin is supplied instead
of responding with a NACK message as the specs dictate. To account for
this, if an M5/M7 timeout is reached, it is treated the same as a NACK
by default. However, if it is known that the target AP sends NACKS (most
do), this feature can be disabled to ensure better reliability. This
option is largely useless as Reaver will auto-detect if an AP properly
responds with NACKs or not:
# reaver -i mon0 -b 00:01:02:03:04:05 --nack
While
most APs don't care, sending an EAP FAIL message to close out a WPS
session is sometimes necessary. By default this feature is disabled, but
can be enabled for those APs that need it:
# reaver -i mon0 -b 00:01:02:03:04:05 --eap-terminate
When 10 consecutive unexpected WPS
errors are encountered, a warning message will be displayed. Since this
may be a sign that the AP is rate limiting pin attempts or simply being
overloaded, a sleep can be put in place that will occur whenever these
warning messages appear:
# reaver -i mon0 -b 00:01:02:03:04:05 --fail-wait=360
Drop your Comments... Don't Forget to join our blog..
Posted in: Learn Hacking
7 comments:
Very good..
Great one..
WORLD CLASS PEDIGREE HACKERS
times come when one seriously and urgently needs the services of a world class pedigree hacker
our research showed more than 70% end up in the hands of scammers,
25% gets tired of the search and give up while just less than 2% truely meet REAL HACKERS..
visit the link below would be of help to you....
hireverifiedhacker . wordpress . com/hire-a-hacker/
To my latest surprise, After been ripped off so many times out of desperation of finding urgent help until my Best friend finally introduced me to a reliable hacker who she said helped in hacking her her husbands social media in order to find out if her husband has been faithful, and he did a perfect job,So i decided to give him a try, He didn't charge me for the job i gave him since then i made him my permanent hacker,his prices are so reasonable and considerate, I'm so thankful that's the reason i choose to recommend him to anyone who needs hacking services, you can contact him whitehats (@) cyber-wizard . com, Just let him know Mrs Anne referred you and make sure you patronize him.
My credit score moved from below 500 to over 780 across all credit bureaus. Not just that, he also helped me take down some major debts. This is not a joke, he handled this within 7 working days. If you need a good hacker, you just found one. EMAIL- Quickarturhack@gmail.com WHATSAPP- +7025301177 OR Kik- Arturquickhack
He just helped a colleague of mine at the office hack an entire cellphone and 3 different websites. He offers a long list of services you should contact him.
My life was falling apart, I was being cheated and abused, I had to know the truth and needed proof. I contacted a private investigator that linked me with onlineghost who took care of the hack job. He hacked his iPhone,Facebook,Instagram, Whats app, twitter and email account. I got all I wanted as proof . I”m glad i had a proven truth he was cheating . Contact him for any hack job. Tell him i referred you to him, he will surely meet your hack need. Contact: onlineghosthacker247@ gmail .com
I had really bad records that brought my credit score to low 400s. Now I have my credit all fixed and my score over 780 and this happened within 5 working days all thanks to this pro Russian hacker Arthur Vitali. I can't tell how he did it, but I have a home of my own now and I'm grateful. You can reach him on
EMAIL- Quickarturhack@gmail.com or WHATSAPP +17025301177.He also helped my cousin hack an entire cellphone with just a phone number.
Post a Comment