![Page 1: Brute Force Attack Against Wi-Fi Protected Setup](https://reader036.vdocument.in/reader036/viewer/2022062301/56813baa550346895da4dc48/html5/thumbnails/1.jpg)
Reaver is the Linux tool used to implement a Brute Force Attack against Wi-Fi Protected Setup registrar PINs in order to recover WPA/WPA2 passphrases.
![Page 2: Brute Force Attack Against Wi-Fi Protected Setup](https://reader036.vdocument.in/reader036/viewer/2022062301/56813baa550346895da4dc48/html5/thumbnails/2.jpg)
Since 2007 the Wi-Fi Alliance provided industry wide setup solutions for home and small business environments.
Allows for typical users with little knowledge of wireless configurations and security settings to configure a new wireless network.
![Page 3: Brute Force Attack Against Wi-Fi Protected Setup](https://reader036.vdocument.in/reader036/viewer/2022062301/56813baa550346895da4dc48/html5/thumbnails/3.jpg)
By default (out-of-the-box) WPS is always active on all devices.
WPS is marketed as being secure, however newly discovered design and implementation flaws allow attackers to gain access.
Allows users to enter an 8 digit PIN to connect to a secured network without having to enter a passphrase.
When the user supplies the correct PIN the access point essentially gives the user the WPA/WPA2 PSK that is needed to connect to the network.
![Page 4: Brute Force Attack Against Wi-Fi Protected Setup](https://reader036.vdocument.in/reader036/viewer/2022062301/56813baa550346895da4dc48/html5/thumbnails/4.jpg)
User pushes a button on both the Access Point and new wireless device (e.g. printer, PC, NIC)
![Page 5: Brute Force Attack Against Wi-Fi Protected Setup](https://reader036.vdocument.in/reader036/viewer/2022062301/56813baa550346895da4dc48/html5/thumbnails/5.jpg)
Internal Registrar User enters WPS PIN of the Wi-Fi
adapter into the web interface of the Access Point.
External Registrar User enters WPS PIN of the Access
Point into the client device (e.g. PC, laptop)
![Page 6: Brute Force Attack Against Wi-Fi Protected Setup](https://reader036.vdocument.in/reader036/viewer/2022062301/56813baa550346895da4dc48/html5/thumbnails/6.jpg)
Is a WPA attack tool developed by Tactical Network Solutions that exploits a protocol flaw in the Wi-Fi Protected Setup (WPS).
This vulnerability exposes a side-channel attack against Wi-Fi Protected Access (WPA) versions 1 and 2 allowing the extraction of the Pre-Shared Key (PSK) used to secure the network.
Determine an Access Point's PIN and then extract the PSK and give it to the attacker.
![Page 7: Brute Force Attack Against Wi-Fi Protected Setup](https://reader036.vdocument.in/reader036/viewer/2022062301/56813baa550346895da4dc48/html5/thumbnails/7.jpg)
An authentication attempt can take between 0.5 and 3 seconds to complete.
Once the PIN of the Access Point has been discovered the Access Point then hands the requesting device the passphrase.
![Page 8: Brute Force Attack Against Wi-Fi Protected Setup](https://reader036.vdocument.in/reader036/viewer/2022062301/56813baa550346895da4dc48/html5/thumbnails/8.jpg)
Cisco/Linksys
Netgear
D-Link
Belkin
Buffalo
ZyXEL
Technicolor
![Page 9: Brute Force Attack Against Wi-Fi Protected Setup](https://reader036.vdocument.in/reader036/viewer/2022062301/56813baa550346895da4dc48/html5/thumbnails/9.jpg)
Disable WPS, however this may not be available on all devices.
![Page 10: Brute Force Attack Against Wi-Fi Protected Setup](https://reader036.vdocument.in/reader036/viewer/2022062301/56813baa550346895da4dc48/html5/thumbnails/10.jpg)
Tactical network solutions. (2011). Retrieved from http://www.tacnetsol.com/products