In this video, learn how to use Reaver with its Pixiedust option to recover keys from vulnerable devices.
- While the WPS brute force attack … has largely been defeated by rate-limiting, … we can use a tool called Pixie-Dust, … to attempt offline extraction of the pin … after recovering just one handshake … from the WPS negotiation. … This is possible where the implementation of WPS … has used a low-quality random number generator. … And this includes a range of current router … and extender models from Asus, Belkin, Linksys, … Netgear, TP-Link and Zexal. … In some cases, the nonces used to generate the pin … are set to 0, a very poor implementation decision. … We don't need to use the Pixie-Dust tool itself, … because the Pixie-Dust attack … has been integrated into Reaver. … We can invoke this by using the -K option. … I've got a current model Linksys N300 range extender, … which I'll use for this test. … To run the test, I first need to set … the external antenna into monitoring mode. … I then need to get the BSSID of the access point, … so I'll run wash again. … I can see two entries for my TPG-83NJ access point, …
Note: This course is part of our test prep series for the Certified Ethical Hacker exam. Review the complete exam objectives at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Selecting an antenna
- Configuring security
- Extracting WEP and network passwords
- Testing passwords
- Harvesting connections from rogue access points
- Attacking networks via Bluetooth
- Capturing wireless packets with Acrylic Wi-Fi
- Heat mapping with Ekahau
- Wi-Fi sniffing with Wireshark
- Testing the Internet of Things