This script scans and detects the metworks that were vulnerables to the WPS scurity breach described here: https://github.com/t6x/reaver-wps-fork-t6x/wiki/Introducing-a-new-way-to-crack-WPS:-Option--p-with-an-Arbitrary-String
It is focused on the French situation and comes as a pedsagogical tool for this full disclosure: http://www.crack-wifi.com/forum/topic-12166-0day-crack-box-sfr-nb6v-en-deux-secondes-par-pin-null.html
Edit: - SFR customers are invited by their ISP to change (for free) their box for a last generation one that is not affected by this security breach.
- WPS (should) has been disabled remotely by SFR around 25th of august
Wash from reaver 1.6.1
(or any superior version) and its dependencies. To install reaver 1.6.1
(and other versions) visit: https://github.com/t6x/reaver-wps-fork-t6x
- Clone this repository
git clone https://github.com/kcdtv/boxon.git
- Locate your shell in the downloaded branch
cd boxon
- Launch the script invoking bash with administrator privileges
sudo bash boxon.sh
User will be asked to choose one interface if severals are detected
The scan can be done in both 2.4GHz and 5GHz frecuencies and vulnerables targets are detected live.
Follow the evolution here http://www.crack-wifi.com/forum/topic-12166-0day-crack-box-sfr-nb6v-en-deux-secondes-par-pin-null.html
- NEUF box
NB4-SER-r2
NB4-FXC-r2 - Numéricable (Castlenet)
CBV38Z4EN - SFR box
NB4-FXC-r1
NB6V-FXC-r0
NB6V-FXC-r1
NB6V-FXC-r2 NB6V-SER-r0 - Livebox (Orange)
SagemcomFast3965_LB2.8
Thanks and greetings to www.crack-wifi.com community