Learn how to use the WPS protocol to collect information and extract the network key.
- WPS can be attacked using a brute force attack on the PIN…which has only about 11,000 valid combinations.…One of the popular tools for testing WPS is reaver.…So, let's have a look at that.…I'll be running this against…my technicolor TG582N home router.…Okay, I have a terminal window open.…So, I'll set my wireless adapter to monitoring mode,…and run a tool called wash to identify…candidate WPS enabled networks,…so that I can see the BSS ID which I need for reaver.…
Okay, my router is called telecom05,…and I can see the BSS ID is 9C972655D1DF,…it's operating on channel 1,…which reaver also needs to know.…I'll now run reaver to do a a WPS attack.…Okay, we can see reaver trying to connect to WPS…using the keys it's generating,…it quickly identifies the type of device,…and extracts its manufacturer, technicolor,…its model, technicolor TG,…its model number, 582N and its serial number.…
We can also see reaver managing the M1 and M2,…and M3 and M4 messages.…It's now trying to attempt,…and its been locked out with rate limiting.…
Note: This course is part of our test prep series for the Certified Ethical Hacker exam. Review the complete exam objectives at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Selecting an antenna
- Configuring security
- Extracting WEP and network passwords
- Testing passwords
- Harvesting connections from rogue access points
- Attacking networks via Bluetooth
- Capturing wireless packets with Acrylic WiFi
- Heat mapping with Ekahau
- Wi-Fi sniffing with Wireshark
- Testing the Internet of Things