December 14, 2017, 07:18:56 AM
Welcome, Guest. Please login or register.

Feds Seize KickassTorrents Domains, Arrest Alleged Owner -- https://goo.gl/FRHbEJ

Author Topic: BELKIN WIRELESS DUAL-BAND N+ ROUTER N600 DB & WPS  (Read 5228 times)

Offline R4v3N

  • Administrator
  • Super Elite
  • *****
  • Posts: 3693
  • Internets: +160/-1
  • The googles and the metasploits...
    • Top-Hat-Sec
BELKIN WIRELESS DUAL-BAND N+ ROUTER N600 DB & WPS
« on: March 14, 2012, 11:27:49 AM »
After the release of Reaver and the WPS vuln., I decided to pick up another router. I paid about $80.00 dollars for this one:

http://www.belkin.com/IWCatProductPage.process?Product_Id=543387

The router was super easy to set up as they all are.

The default IP to access the settings (192.168.2.1)

I began setting up the security further by adding a login password. To access the router, no password was required. Then I set up to broadcast both SSID's, one for the main 2.4GHZ and the "Guest" access 5GHZ.

I password protected them both and ran a wash -i mon0 command.

Both SSID's appeared as being vulnerable to Reaver.

I went back into the router settings and disabled WPS on both the main SSID and the "Guest" SSID.

I ran another wash -i mon0 and my main SSID is no longer appears in the wash scan. However my "Guest" SSID still appears, even after being disabled.

Dual Band allows you to dedicate (in my case) 300mbps on my 2.4GHZ broadcast and another 300mbps on my 5GHZ broadcast. I can run a good amount of Top-Hat-Sec video uploading, downloading, and other business operations on its own broadcast. I can then run other things like gaming, netflix, hulu, and anything else that requires internet activity for personal use on the other broadcast.

The router is nice and works great however, if it cannot truly disable the WPS feature for both broadcasts, then it is NOT going to function as a dual band router. I will have to disable the 2nd broadcast, therefore making the dual band feature unusable.

Offline jroy08

  • Elite
  • *****
  • Posts: 518
  • Internets: +3/-0
  • Soaking it up!!
Re: BELKIN WIRELESS DUAL-BAND N+ ROUTER N600 DB & WPS
« Reply #1 on: March 14, 2012, 11:36:07 AM »
Thanks for this post. I have been thinking in the last couple days that in order for me to really have a functional lab environment I am going to have to add another router. That is where I get unsure about what would be best. I am thinking it should not matter too much.

The netgear router I have now is easy enough to consider, but when I am in the internal and disable WPS, reaver still shows it as wps enabled. So, this means I cannot disable it?? I thought you could disable all routers. Could it be that reaver is showing a false positive? Because when I have it disabled reaver generally has an extremely hard time associating with it, and even then does not have success trying pins against it (just retries same pin over and over and over).
J_roy08

Offline R4v3N

  • Administrator
  • Super Elite
  • *****
  • Posts: 3693
  • Internets: +160/-1
  • The googles and the metasploits...
    • Top-Hat-Sec
Re: BELKIN WIRELESS DUAL-BAND N+ ROUTER N600 DB & WPS
« Reply #2 on: March 14, 2012, 11:48:13 AM »
jroy,

  You know this stuff is still all pretty recent subject. There really are no official report releases or anything at this time. I think it would be great for us, TEAM TOP-HAT-SEC to get a leg up on it. No heresay results, all our own testing and see what happens. At the end, then we can put together a report, or I will put it together with all of our findings....more like a study report I guess. But it comes from first hand experience, testing, and knowledge. If you guys would be interested in doing a project like this, please let me know. I could use the help. All I would ask from other team members is screenshots of the internals of the router settings, screenshots of before and after wash commands, and screenshots of the attacks and if they were successful or not and at what distance etc.

I am not asking for anyone to spend any money, or any resources including time that they cannot afford. If you simply have a router that you can test with WPS capability, can you test it?

Offline jroy08

  • Elite
  • *****
  • Posts: 518
  • Internets: +3/-0
  • Soaking it up!!
Re: BELKIN WIRELESS DUAL-BAND N+ ROUTER N600 DB & WPS
« Reply #3 on: March 14, 2012, 11:51:28 AM »
I absolutely can/will do this and I think it is a great idea.
J_roy08

Offline n1tr0g3n

  • Super Elite
  • ******
  • Posts: 4734
  • Internets: +63/-2
  • MCSA, MCP, MCTS, DCSE, CE/H, ACSP, N+,A+, CWSP
    • n1tr0g3n Information Security Blog
Re: BELKIN WIRELESS DUAL-BAND N+ ROUTER N600 DB & WPS
« Reply #4 on: March 14, 2012, 11:53:14 AM »
I'm in, I'll take some screenshots before and after the enabling of WPS which of coarse is not enabled on my router lol  So your saying you want to make a list of routers that are still vunerable to the attack even with WPS disabled? Sounds like a good idea and might bring some traffic to the site. Someone like lifehacker.com may do a write up on it and show the vunerable routers to protect the user from buying a POS.
"It's mind over matter, If you don't have a mind then it doesn't matter

Youtube  Channnel
http://www.youtube.com/user/n1tr0g3n0x1d3
Twitter  https://twitter.com/n1tr0g3n_com
http://www.n1tr0g3n.com  
http://teamctfu.weebly.com/

Offline R4v3N

  • Administrator
  • Super Elite
  • *****
  • Posts: 3693
  • Internets: +160/-1
  • The googles and the metasploits...
    • Top-Hat-Sec
Re: BELKIN WIRELESS DUAL-BAND N+ ROUTER N600 DB & WPS
« Reply #5 on: March 14, 2012, 11:58:04 AM »
I'm in, I'll take some screenshots before and after the enabling of WPS which of coarse is not enabled on my router lol  So your saying you want to make a list of routers that are still vunerable to the attack even with WPS disabled? Sounds like a good idea and might bring some traffic to the site. Someone like lifehacker.com may do a write up on it and show the vunerable routers to protect the user from buying a POS.

Well yes, before and after disabling WPS, what does the wash command show. and then take it a step farther, before and after, what happens during the reaver attack? Can it authenticate, does it timeout even with good signal quality, etc or does it attack successfully? Also in my case, I bought this dual band router....WPS seems to be disabled only on 1 broadcast and not both for whatever reason. So then what happens?

Offline jroy08

  • Elite
  • *****
  • Posts: 518
  • Internets: +3/-0
  • Soaking it up!!
Re: BELKIN WIRELESS DUAL-BAND N+ ROUTER N600 DB & WPS
« Reply #6 on: March 14, 2012, 12:04:30 PM »
Right! all good questions, and because the vulnerability was exposed somewhat recently, we can be a part of figuring it all out from first hand experience.
J_roy08

Offline em3rgency

  • Elite
  • *****
  • Posts: 744
  • Internets: +36/-3
  • OSWP SQLi N+
    • Security Research
Re: BELKIN WIRELESS DUAL-BAND N+ ROUTER N600 DB & WPS
« Reply #7 on: October 03, 2012, 06:05:15 PM »
I have the 6300+ ac router. disabling WPS will make in invunerable to reaver attacks.
Website: http://www.em3rgency.com

My other computer is your computer.

Offline corr.x86

  • Top Hat Member
  • Elite
  • ********
  • Posts: 1111
  • Internets: +10/-0
  • ^That's a lie
Re: BELKIN WIRELESS DUAL-BAND N+ ROUTER N600 DB & WPS
« Reply #8 on: October 03, 2012, 06:34:09 PM »
create a new Projects sections then, where you post up several crowd projects and requirements you need for each and step by step kinda thing? it's just a mere suggestion
"I have this assignment bla bla bla, can you give me teh codez?"

"www.adoptamalware.com would be a nice website to run."

Offline XvX

  • Enthusiast
  • **
  • Posts: 53
  • Internets: +1/-0
Re: BELKIN WIRELESS DUAL-BAND N+ ROUTER N600 DB & WPS
« Reply #9 on: October 03, 2012, 08:52:10 PM »
I can confirm a variety of false-positives with "wash". I've tested it with a buddy on a variety of cisco-linksys, buffalo, and netgear WAP's. Disabling it, doesn't always exclude it from wash's scan.

Perhaps wash is just detecting that some routers do indeed have WPS capability, even thought its disabled?


Offline em3rgency

  • Elite
  • *****
  • Posts: 744
  • Internets: +36/-3
  • OSWP SQLi N+
    • Security Research
Re: BELKIN WIRELESS DUAL-BAND N+ ROUTER N600 DB & WPS
« Reply #10 on: October 05, 2012, 06:05:34 AM »
If it is disabled properly. It will show in wash and locked! yes
Website: http://www.em3rgency.com

My other computer is your computer.

Offline writtosam

  • Experienced
  • ***
  • Posts: 110
  • Internets: +0/-0

dognayr

  • Guest
Re: BELKIN WIRELESS DUAL-BAND N+ ROUTER N600 DB & WPS
« Reply #12 on: October 05, 2012, 10:03:29 PM »
I run wash and it says many router with WEP on it is susceptible to a reaver attack... i fire up reaver and it failed