Closed GoogleCodeExporter closed 9 years ago
how do you expect to reboot a device that is not under your administrative
control remotely?
apart from DoS I don't see it happening
Original comment by jcdento...@gmail.com
on 4 Jan 2012 at 3:46
Yeah...I don't know of any way of doing a remote reboot without administrative
control either. Just wanted to see if anybody out there knew if there was a
way. Reaver is a great tool for brute-forcing WPS, but unless there is a way to
work around lock downs, it won't be of much use with AP's that permanently
shutdown WPS when there are too many failed attempts. That said, I don't know
how many AP manufacturers have that function built into their devices, but I
know there are at least a couple.
Original comment by brloz...@comcast.net
on 4 Jan 2012 at 4:02
There are only a couple that I have run into that permanently lock WPS. This
appears to be specific to a certain model, not to a certain vendor (for
example, I have several D-Links here that do not implement any type of WPS lock
downs).
Have you tried playing with the timing options in Reaver? Sometimes APs will
only lock if X number of failed attempts are made within a given time period.
For example, if your AP is locking after 16 attempts within 5 minutes, you can
tell reaver to do 10 or 15 attempts at a time, and sleep for 6 minutes in
between. Not all APs do this though, and you'll have to experiment, so YMMV.
The only way I can think of that would work for forcing an AP to reboot would
be some type of wireless DoS against the AP that would cause it to crash and
reboot. This is not pretty, but it would work, and such DoS vulnerabilities
have been found in APs before. But this would obviously be very specific to the
AP and is likely not something that will be implemented in Reaver.
Original comment by cheff...@tacnetsol.com
on 4 Jan 2012 at 4:11
Ok, thanks cheff. I'll do some experimenting with my AP as you suggested, and
I'll report back if I find anything that could be useful.
I appreciate your great work and tremendous effort!
Original comment by brloz...@comcast.net
on 4 Jan 2012 at 4:22
Just a Thought...
Is lock down triggered by multiple attacks from a specific MAC and does it the
lock out everyone? If not, Reaver could spoof a different random MAC before
each attempt.
Original comment by julian.g...@gmail.com
on 22 Apr 2012 at 9:00
a possible solution is in the application known as mdk3.
If you use the "w" option to scramble router security systems, It will take
much longer for wps to lock. It will still happen but will take longer. This
same application can be used to reset the router if that pesky wps lock happens
again.
Original comment by metaltu...@gmail.com
on 6 Aug 2013 at 8:28
I have found an effective way to flood Access Point rate limit pins by flooding
it for 10-20 seconds.
Check the following links to see how i carried out the attacks!
https://www.youtube.com/watch?v=hHVPSJn4Fqo
https://www.youtube.com/watch?v=_uVvi8qf7JY
Original comment by repzerow...@gmail.com
on 18 Apr 2014 at 4:10
Original issue reported on code.google.com by
brloz...@comcast.net
on 4 Jan 2012 at 3:36