Diggs Posted February 16, 2012 Posted February 16, 2012 I have a couple questions about the following demo: http://partners.immunityinc.com/movies/SILICA-WPS.mov So basically, Silica has a tab to get more information from the WAP which they are interested in. This includes the make, model and series of WPS pins that have been seen. This allows a user to fine tune the attack. I am interested in if anyone knows how they get the exact make and model off of an unconnected Wireless router and if anyone else has WPS pin-lists to help narrow down the range of pins. I have looked into MAC address lookups, but they identify the make and don't provide much information on the model. Is there any way of analyzing either packets or banners off of an unconnected router to identify it? If anyone here works for Immunity, big ups on Canvas, the Debugger and Silica. If you have a $3400 off coupon, toss it my way. Has anyone else started a WPS Pin list? I could see this being incredibly useful for pattern matching. Quote
mreidiv Posted February 24, 2012 Posted February 24, 2012 (edited) I have a couple questions about the following demo: http://partners.immunityinc.com/movies/SILICA-WPS.mov So basically, Silica has a tab to get more information from the WAP which they are interested in. This includes the make, model and series of WPS pins that have been seen. This allows a user to fine tune the attack. I am interested in if anyone knows how they get the exact make and model off of an unconnected Wireless router and if anyone else has WPS pin-lists to help narrow down the range of pins. I have looked into MAC address lookups, but they identify the make and don't provide much information on the model. Is there any way of analyzing either packets or banners off of an unconnected router to identify it? If anyone here works for Immunity, big ups on Canvas, the Debugger and Silica. If you have a $3400 off coupon, toss it my way. Has anyone else started a WPS Pin list? I could see this being incredibly useful for pattern matching. Have you looked at reaver? and use this to dertirmin make http://www.coffer.com/mac_find/ Edited February 24, 2012 by mreidiv Quote
Diggs Posted February 27, 2012 Author Posted February 27, 2012 I have used Reaver. The reason I was asking was so that I could fine tune the reaver settings. The MAC address gives the Manufacturer, but not the model. I started looking through an airodump of the Reaver working and found that I could actually find the Make, Model and firmware version of the router in the pcap file. I was using vi, but I bet if you fired up Wireshark, you could find a lot more info. With this, I can start looking up WPS pin prefixes and the Reaver settings. I would highly recommend this as a step to fine tuning the Reaver attack. Quote
mreidiv Posted February 27, 2012 Posted February 27, 2012 I have used Reaver. The reason I was asking was so that I could fine tune the reaver settings. The MAC address gives the Manufacturer, but not the model. I started looking through an airodump of the Reaver working and found that I could actually find the Make, Model and firmware version of the router in the pcap file. I was using vi, but I bet if you fired up Wireshark, you could find a lot more info. With this, I can start looking up WPS pin prefixes and the Reaver settings. I would highly recommend this as a step to fine tuning the Reaver attack. On the reaver code page there is a data base that users are contributing to that stores the best settings for reaver for that particular router. It wont get you the info you want but should help. https://docs.google.com/spreadsheet/ccc?key=0Ags-JmeLMFP2dFp2dkhJZGIxTTFkdFpEUDNSSHZEN3c#gid=0 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.