Jump to content

Recommended Posts

Posted

I have a couple questions about the following demo:

http://partners.immunityinc.com/movies/SILICA-WPS.mov

So basically, Silica has a tab to get more information from the WAP which they are interested in. This includes the make, model and series of WPS pins that have been seen.

This allows a user to fine tune the attack.

I am interested in if anyone knows how they get the exact make and model off of an unconnected Wireless router and if anyone else has WPS pin-lists to help narrow down the range of pins. I have looked into MAC address lookups, but they identify the make and don't provide much information on the model.

Is there any way of analyzing either packets or banners off of an unconnected router to identify it? If anyone here works for Immunity, big ups on Canvas, the Debugger and Silica. If you have a $3400 off coupon, toss it my way.

Has anyone else started a WPS Pin list? I could see this being incredibly useful for pattern matching.

Posted (edited)

I have a couple questions about the following demo:

http://partners.immunityinc.com/movies/SILICA-WPS.mov

So basically, Silica has a tab to get more information from the WAP which they are interested in. This includes the make, model and series of WPS pins that have been seen.

This allows a user to fine tune the attack.

I am interested in if anyone knows how they get the exact make and model off of an unconnected Wireless router and if anyone else has WPS pin-lists to help narrow down the range of pins. I have looked into MAC address lookups, but they identify the make and don't provide much information on the model.

Is there any way of analyzing either packets or banners off of an unconnected router to identify it? If anyone here works for Immunity, big ups on Canvas, the Debugger and Silica. If you have a $3400 off coupon, toss it my way.

Has anyone else started a WPS Pin list? I could see this being incredibly useful for pattern matching.

Have you looked at reaver?

and use this to dertirmin make http://www.coffer.com/mac_find/

Edited by mreidiv
Posted

I have used Reaver.

The reason I was asking was so that I could fine tune the reaver settings. The MAC address gives the Manufacturer, but not the model.

I started looking through an airodump of the Reaver working and found that I could actually find the Make, Model and firmware version of the router in the pcap file. I was using vi, but I bet if you fired up Wireshark, you could find a lot more info.

With this, I can start looking up WPS pin prefixes and the Reaver settings. I would highly recommend this as a step to fine tuning the Reaver attack.

Posted

I have used Reaver.

The reason I was asking was so that I could fine tune the reaver settings. The MAC address gives the Manufacturer, but not the model.

I started looking through an airodump of the Reaver working and found that I could actually find the Make, Model and firmware version of the router in the pcap file. I was using vi, but I bet if you fired up Wireshark, you could find a lot more info.

With this, I can start looking up WPS pin prefixes and the Reaver settings. I would highly recommend this as a step to fine tuning the Reaver attack.

On the reaver code page there is a data base that users are contributing to that stores the best settings for reaver for that particular router. It wont get you the info you want but should help.

https://docs.google.com/spreadsheet/ccc?key=0Ags-JmeLMFP2dFp2dkhJZGIxTTFkdFpEUDNSSHZEN3c#gid=0

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...