two questions- is reaver "dead" because of wps locking?

[Aegonii]

hello all, my first question is in the title, and my second question is how EXACTLY does getting the wps pin give you the wpa key? i am just curious of how that actually works. is the wpa key bundled in the same packet as the wps pin? so if you get one you get the other? just curious to learn.

also to elaborate on my first question, i know that many routers now lock down wps if there is too many failed attempts. i read somewhere that reaver is pretty much dead because of that. Is this true in your opinion? what are some ways around a wps lock and does this mean in order to crack wpa2, you must go back to getting a handshake and using a wordlist?

just wanting to learn so any input is appreciated!

[Nick_the_Greek]

Hi there!

1st question : in my opinion yes
and 2nd:
http://www.netstumbler.com/2013/01/1...d-fall-of-wps/

[Aegonii]

thanks for your response nick. so since wps is no longer a viable option is there any other ways out there to crack wpa2? also do you know of any places to get a good wordlist. for example wpa keys such as aa3456dd. mixes of numbers and letters?

thanks

[Alia717]

Yes Reaver is near enough dead. To my knowledge the only way currently to attack WPA2 is to capture the handshake and run an offline bruteforce with something like hashcat. It is a fairly slow and laborious process though (made only slightly better by having a powerful GPU) so if anyone has any other methods I would be interested in hearing them.

[slim76]

WPS:
---------
Reaver is still able to obtain the pin and passkey for many WPS enabled access points.
There's a few default wps pin generators that can be used in conjunction with Reaver too, these will help you to obtain the passkey very quickly.
I think it's also possible to make Reaver start from a specific pin by modifying it's output file.

WPA/WPA2:
------------------
1) Try using a default passkey generator, if this fails then move to step 2).

2) Capture a handshake and then:

a) Assume the acces point is still using it's default passkey and build a wordlist that contains the required characters/patterns, if this fails then move to step b).
b) Assume the default passkey has been changed, create a wordlist that contains actual words, names, places, and symbols, if this fails then move to step c).
c) Try a bruteforce attack (Use the passthrough method and not a wordlist).

[ccunlimited]

hi,
i have some experience about breaking network encryption mm i can say the type of wps attack it more efficient because the wpa encryption sent during negociation in a clear text for the handshakes its easy to get the 4way handshakes the probleme is the dictionary word because not all ISP using the same characters ,i tryed to google about soulation about using crunch but the probleme with crunch when you start to create your customaization dictionary word the crunch terminal start with par example alphabet A the crunch make repetation for A 12 time and i want maximum 2 time repetation i found some echo commands and some script to create but i dont know what is wrong i did every thing well to prevent repetation but the crunch start to repetation agaien so my consiel to create wps script to hace the network encryption keys its more easy