NEW: security/reaver

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

NEW: security/reaver

Sebastian Reitenbach
Hi,

attached a port of reaver, online WPS PIN cracker.

Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as described in Brute forcing Wi-Fi Protected Setup When poor design meets poor implementation. by Stefan Viehböck.
Reaver has been designed to be a robust and practical attack against Wi-Fi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases and has been tested against a wide variety of access points and WPS implementations.
Depending on the target's Access Point (AP), to recover the plain text WPA/WPA2 passphrase the average amount of time for the transitional online brute force method is between 4-10 hours. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase. When using the offline attack, if the AP is vulnerable, it may take only a matter of seconds to minutes.

tested and works for me on i386, with athn(4) interface.

any comments, concerns, test or even OKs welcome.

reaver.tar.gz (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: NEW: security/reaver

Stuart Henderson
On 2019/03/20 00:05, Sebastian Reitenbach wrote:

> Hi,
>
> attached a port of reaver, online WPS PIN cracker.
>
> Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as described in Brute forcing Wi-Fi Protected Setup When poor design meets poor implementation. by Stefan Viehböck.
> Reaver has been designed to be a robust and practical attack against Wi-Fi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases and has been tested against a wide variety of access points and WPS implementations.
> Depending on the target's Access Point (AP), to recover the plain text WPA/WPA2 passphrase the average amount of time for the transitional online brute force method is between 4-10 hours. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase. When using the offline attack, if the AP is vulnerable, it may take only a matter of seconds to minutes.
>
> tested and works for me on i386, with athn(4) interface.
>
> any comments, concerns, test or even OKs welcome.

@sample /var/reaver/

probably missing some @extra or @extraunexec?

Reply | Threaded
Open this post in threaded view
|

Re: NEW: security/reaver

Sebastian Reitenbach
HI Stuart,
Am Mittwoch, März 20, 2019 12:33 CET, Stuart Henderson <[hidden email]> schrieb:

> On 2019/03/20 00:05, Sebastian Reitenbach wrote:
> > Hi,
> >
> > attached a port of reaver, online WPS PIN cracker.
> >
> > Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as described in Brute forcing Wi-Fi Protected Setup When poor design meets poor implementation. by Stefan Viehböck.
> > Reaver has been designed to be a robust and practical attack against Wi-Fi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases and has been tested against a wide variety of access points and WPS implementations.
> > Depending on the target's Access Point (AP), to recover the plain text WPA/WPA2 passphrase the average amount of time for the transitional online brute force method is between 4-10 hours. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase. When using the offline attack, if the AP is vulnerable, it may take only a matter of seconds to minutes.
> >
> > tested and works for me on i386, with athn(4) interface.
> >
> > any comments, concerns, test or even OKs welcome.
>
> @sample /var/reaver/
>
> probably missing some @extra or @extraunexec?
>
updated version attached, replaced the @sample with @extra and @extraunexec
as you pointed out.

OK?
cheers,
Sebastian

reaver.tar.gz (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: NEW: security/reaver

Gonzalo L. Rodriguez-2
On Wed, 20 Mar 2019 at 23:07:23 +0100, Sebastian Reitenbach wrote:

> HI Stuart,
> Am Mittwoch, März 20, 2019 12:33 CET, Stuart Henderson <[hidden email]> schrieb:
>
> > On 2019/03/20 00:05, Sebastian Reitenbach wrote:
> > > Hi,
> > >
> > > attached a port of reaver, online WPS PIN cracker.
> > >
> > > Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as described in Brute forcing Wi-Fi Protected Setup When poor design meets poor implementation. by Stefan Viehböck.
> > > Reaver has been designed to be a robust and practical attack against Wi-Fi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases and has been tested against a wide variety of access points and WPS implementations.
> > > Depending on the target's Access Point (AP), to recover the plain text WPA/WPA2 passphrase the average amount of time for the transitional online brute force method is between 4-10 hours. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase. When using the offline attack, if the AP is vulnerable, it may take only a matter of seconds to minutes.
> > >
> > > tested and works for me on i386, with athn(4) interface.
> > >
> > > any comments, concerns, test or even OKs welcome.
> >
> > @sample /var/reaver/
> >
> > probably missing some @extra or @extraunexec?
> >
> updated version attached, replaced the @sample with @extra and @extraunexec
> as you pointed out.
>
> OK?
> cheers,
> Sebastian

OK gonzalo@

--
Sending from my toaster.

Reply | Threaded
Open this post in threaded view
|

Re: NEW: security/reaver

Stuart Henderson
In reply to this post by Sebastian Reitenbach
On 2019/03/20 23:07, Sebastian Reitenbach wrote:

> HI Stuart,
> Am Mittwoch, März 20, 2019 12:33 CET, Stuart Henderson <[hidden email]> schrieb:
>
> > On 2019/03/20 00:05, Sebastian Reitenbach wrote:
> > > Hi,
> > >
> > > attached a port of reaver, online WPS PIN cracker.
> > >
> > > Reaver implements a brute force attack against Wifi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as described in Brute forcing Wi-Fi Protected Setup When poor design meets poor implementation. by Stefan Viehböck.
> > > Reaver has been designed to be a robust and practical attack against Wi-Fi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases and has been tested against a wide variety of access points and WPS implementations.
> > > Depending on the target's Access Point (AP), to recover the plain text WPA/WPA2 passphrase the average amount of time for the transitional online brute force method is between 4-10 hours. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase. When using the offline attack, if the AP is vulnerable, it may take only a matter of seconds to minutes.
> > >
> > > tested and works for me on i386, with athn(4) interface.
> > >
> > > any comments, concerns, test or even OKs welcome.
> >
> > @sample /var/reaver/
> >
> > probably missing some @extra or @extraunexec?
> >
> updated version attached, replaced the @sample with @extra and @extraunexec
> as you pointed out.
>
> OK?
> cheers,
> Sebastian

ok with the diff below added.

diff --git Makefile Makefile
index 4b0cba1..26e842b 100644
--- Makefile
+++ Makefile
@@ -24,4 +24,7 @@ CONFIGURE_STYLE = gnu
 
 WRKSRC= ${WRKDIST}/src
 
+post-install:
+ ${INSTALL_MAN} ${WRKDIST}/docs/reaver.1 ${PREFIX}/man/man1/
+
 .include <bsd.port.mk>
diff --git pkg/PLIST pkg/PLIST
index 0830397..1896024 100644
--- pkg/PLIST
+++ pkg/PLIST
@@ -1,5 +1,6 @@
 @comment $OpenBSD: PLIST,v$
 @bin bin/reaver
 @bin bin/wash
-@extra /var/reaver/
-@extraunexec rm -rf /var/reaver/
+@extraunexec rm -f ${LOCALSTATEDIR}/reaver/*
+@man man/man1/reaver.1
+@sample ${LOCALSTATEDIR}/reaver/