I just updated the firmware on my home Cisco E3200 access point/router to address the WPS security hole that's made even WPA/WPA2 vulnerable. Being paranoid enough to care about that, I also decided to take a look at Reaver and Wash, the tools that let you try to crack WPS or see if you have a vulnerable AP, respectively. First, though, as I mentioned, I had to update to the latest firmware and disable WPS, which I show below.


Updating E3200

Firmware installed:

Go to Wireless -> Basic Wireless Settings and click on Wi-Fi Protected Setup. Click Disabled and then click on Manual again. Make sure the manual settings are all correct and then click Save Settings at the bottom. If you click back to Wi-Fi Protected Setup, it should still show Disabled.

 

On to Backtrack 5

I started out looking at running Backtrack 5 as a VM, but that honestly didn't get me very far, although I will admit that I didn't put a lot of effort into it. I downloaded the VM, ran it in Vmware Player on my Win7 laptop, and it just never saw my wlan0 interface even after I twiddled with the settings. Figuring that running directly on the hardware is a better bet anyway, I downloaded the ISO and burned a DVD.

From there, I'll say that this Lifehacker article helped quite a bit on what to run regarding reaver, but didn't mention wash, which is what I really needed, at least to start. You see, wash tests to see if your AP is actually vulnerable to this attack by seeing if WPS is enabled. After I changed my settings in my E3200 to disable WPS (which required upgrading to the new firmware), my AP didn't show up in wash's tests and didn't respond to reaver. I will say, though, that more than a dozen APs showed up in the wash report in my neighborhood. I didn't run reaver against any of them, but it's interesting to know that somebody could.