TheReaver! Automate WPS PIN Cracking tool

networking
hacking
bash
wpa2

#1

TheReaver it’s a tool written in bash born to execute WPS attacks and based on the output of pins of 3wifi stascorp com service testing with the famous software reaver. 3wifi.stascorp.com is an html page that has javascript code also working offline (already on github) to calculate in a precise way all possibles WPS PINS of BSSID typed in input.

After that you can save the results in a txt, then you have to indicate the path to TheReaver Program when it asks “Insert Pin File (DEFAULT Pins in db):”.

Program will automatically recognize the format of the input and will begin to try all PINS and if attack ends succesfully you will get all infos about the attack with the password in clear format! (It accept also only PIN or whetever kind of format except for text before the PIN number).

There is also a local database with known common pins based on airgeddon project. To proceed with this method you have to leave blank the previous question => “Insert Pin File (DEFAULT Pins in db):”. Warning! Try this at last chance Because Default Router’s PIN are few and the attack could fail.

More info and project on GitHub check out:

Summary

https://github.com/Virgula0/TheReaver


(Security Architect & Founder) #2

Do you find that WPS Pin cracking still works?

I’ve not had success with this since 2013. What devices are you using this against?


#4

Yeah it works, alghorithms are solid and valid. pm me to get all info and pictures about an example of a vulnerable NETGEAR router near my house.


(chaos knight) #6

Never had a luck with it tbh.I found simple things like FakeAP or EvilTwin lot more efficient for some real wardriving.


#7

EvilTwin Attack is an attack completely different from WPS Attack. That is a social engineering attack. To explore it you can use some scripts such as Fluxion Linset or wifiphisher. Your comment is off topic


#8

@chaos_knight’s answer is far for being pointless. Indeed, whatever the method used, WPS Pin Cracking or social engineering, the end goal is still the same. Moreover, such SE attacks have a better chance to succeed in the wild. As @pry0cc said, and according to my own experience, it’s been a while since this method is obsolete on modern AP.

P.S: Do not see any animosity in my answer :slight_smile:

Best,
Nitrax


#9

I’m using only WPS attack and I have an high success rate in attacks especially in Pixie Dust attack that TheReaver already have… Social Engineering attacks are completely different from WPS attacks and in IMHO completely useless… you can’t compare them man…


(ronin) #10

I thought the same as pry0cc, but I realized that if you travel to other countries like some in latin america they still use routers with more than 10 years so this is totally plausible, but the reality is that this type of attack is obsolete in face the new routers.


#11

some modern routers are still affected by these vulnerabilities… trust me… if you have a WPS PIN you can crack whatever password of whatever router, you have to get only the wps pin except for router that only uses button for WPS. How can I say this? Read this example: my neighbor didn’t have wifi till 2 weeks ago… So he has installed a router recently, the router is a new type of NETGEAR router and it’s vulnerable both to PixieDust and 3wifi.stascorp.com pin generator.
The real problem of modern routers is the AP rate limiting, a security option implemented to avoid attacks like this, but the program stop itself if ap rate limiting is detected warning the user before exiting. Then you can delete by yourself pins already checked before leaving the remaining in order to test them when WPS will be unlocked


(system) #12

This topic was automatically closed after 30 days. New replies are no longer allowed.