Wps attacks
Replies: 2   Views: 1800  Subscribers: 0

Posted by luc · 26-03-2012 - 01:07

Edited by luc · 12-11-2012 - 02:49
Project Title:­
WPS Attack Range-finding

­Problem Domain:­
Tactical Network Solutions ­[1]­ recently produced a piece of software that enacts an active attack on the Wi-Fi Protected Setup (WPS) that enables the recovery of passphrases and in some cases router configuration. This is detailed fully in ­[2]­.

As an active attack this causes issues of being within range of the target access point, and so this exercise is to see, on a budget, if an active attack can be performed and what are the range limits of this.

­Initial Progress:­
For this purpose a simple wireless adaptor, an ALFA AWUS036H 1000mW ­[3]­, a Raspberry Pi ­[4]­ (still in procurement) and a 25dBi yagi antenna ­[5]­ is to be used. Then, further experimentation with variant wireless adaptors, and modifications of the antenna are to be used.

As an aside battery options will be tested, given the intent of leaving the device for an unattended attack therefore reducing contact time in the vicinity of the target.

­ToDo:­
1. Finalise procurement of Raspberry Pi
2. Begin testing ranges with the ALFA wireless adaptor
3. Consider modifications, such as pringle-cans and a parabolic dish ­[6]­[7]­