Time for action – WPS attack
Follow the given instructions to get started:
- Before we attack a WPS-enabled access point, we need to create one. The TP-Link we use has this feature turned on by default, which is worrying but handy. To double-check this, we can log onto our router and click on WPS. It should look like the following:
- Now we've confirmed that it's ready. We need to set up our target. We need to set up our testing environment. We're going to use the Wash tool, and Wash requires a monitoring interface to function. As we have done many times before, we need to set up one with the following command:
airmon-ng start wlan0
The output will be as follows:
- We have a monitoring interface set up as
wlan0mon
, and we can call Wash with the following command:wash -i wlan0mon
- Wash will display all the nearby devices that support WPS as well as whether they have WPS active or unlocked and what version is running:
- We can see the
Wireless Lab
network supports WPS. It uses version...