06-14-2015, 12:22 PM
Thanks. No doubt WPS is the weakest link... PIN cracking or MAC based algorithm. The latter is easy enough to try on all AP since there are only a few algorithms to test to see if they happen to an affected model without even going off the AP name or narrowing down based on the MAC's vendor. In terms of strictly a WPS brute force (ie: reaver) I find that APs are rarely as exploitable as they once were... at least not in a short time frame. Not to say one was focusing on single WPS enabled AP with a lot of time and persistence it can't be done, but it seems like most either have it turned off, are not allowing you to work in halves, or have rate limiting or MAC banning.
I've got some new ideas based on those stats and I'm going to build some new wordlists and see if I can get some better results tested against the darkircop handshakes available.
I've got some new ideas based on those stats and I'm going to build some new wordlists and see if I can get some better results tested against the darkircop handshakes available.